patougetup

Membres

Afficher le profil Afficher son activité

Compteur de contenus
4
Inscription
le 9 novembre 2007
Dernière visite
le 12 novembre 2007

Autres informations

Mes langues
Francais Anglais Espagnol

patougetup's Achievements

Junior Member (3/12)

Réputation sur la communauté

Malaware que j'arrive pas à eliminer

patougetup a répondu à un(e) sujet de patougetup dans Analyses et éradication malwares

C'est bon, j'ai fait ce que tu m'as dit. Je m'étais permis d'utiliser avenger.exe car on moins j'avais plus une bulle et la page internet qui s'ouvraient. voici mes derniers rapports ComboFix 07-11-08.1 - Administrateur 2007-11-10 9:25:56.5 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1651 [GMT 1:00] Running from: C:\Documents and Settings\Administrateur\Mes documents\Applics\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\dfejgngb.dll C:\WINDOWS\system32\hrmudsky.dll C:\WINDOWS\system32\isxfnnmx.dll C:\WINDOWS\system32\jconikxu.dll C:\WINDOWS\system32\myvgxprp.dll C:\WINDOWS\system32\nmmgesxt.dll C:\WINDOWS\system32\qsbymdlh.dll C:\WINDOWS\system32\uxkinocj.ini2 . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk C:\WINDOWS\system32\dfejgngb.dll C:\WINDOWS\system32\hrmudsky.dllbox C:\WINDOWS\system32\isxfnnmx.dll C:\WINDOWS\system32\jconikxu.dll C:\WINDOWS\system32\myvgxprp.dll C:\WINDOWS\system32\nmmgesxt.dll C:\WINDOWS\system32\qsbymdlh.dll C:\WINDOWS\system32\uxkinocj.ini2 . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))))))) . 2007-11-09 13:36 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-09 11:51 <REP> d-------- C:\Program Files\SpywareBlaster 2007-11-09 11:39 <REP> d-------- C:\WINDOWS\pss 2007-11-09 11:33 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-11-09 10:23 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-11-09 10:23 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-11-09 10:23 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-09 10:23 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-09 10:23 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-09 10:23 2,868 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-09 09:34 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-11-08 19:00 <REP> d-------- C:\Program Files\Kaspersky Lab 2007-11-08 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-11-08 19:00 4,356,384 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-08 19:00 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-11-08 19:00 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-11-08 19:00 35,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-08 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-11-07 23:02 <REP> d-------- C:\Program Files\Vidal 2007-11-07 23:02 2,707,456 --a------ C:\WINDOWS\system32\Mvsmpl32.dll 2007-11-07 23:02 99,840 --a------ C:\WINDOWS\system32\VIDAL32envir.dll 2007-11-07 23:02 36,864 --a------ C:\WINDOWS\system32\Mvcdql32.dll 2007-11-06 09:30 <REP> d--hs---- C:\Documents and Settings\06112007\txt 2007-11-06 09:30 <REP> d--hs---- C:\Documents and Settings\06112007\image 2007-11-06 09:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\rkfree 2007-11-05 15:04 <REP> d-------- C:\Program Files\Real Alternative 2007-11-05 14:53 1,208 --a------ C:\WINDOWS\mozver.dat 2007-11-05 11:24 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2007-11-05 10:36 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-05 10:36 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-05 10:36 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-05 10:36 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-05 10:36 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-05 10:36 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-05 10:36 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-05 10:36 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-05 10:35 <REP> d-------- C:\WINDOWS\system32\fr-fr 2007-11-05 09:56 <REP> d-------- C:\Program Files\Microsoft Works 2007-11-05 09:53 <REP> d-------- C:\WINDOWS\SHELLNEW 2007-11-05 09:53 <REP> d-------- C:\Microsoft Office 2007-11-05 09:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-11-05 09:52 <REP> dr-h----- C:\MSOCache 2007-11-05 09:48 364,160 --a------ C:\WINDOWS\system32\drivers\update.sys 2007-11-05 09:48 364,160 --a--c--- C:\WINDOWS\system32\dllcache\update.sys 2007-11-05 03:10 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic 2007-11-05 03:06 <REP> d-------- C:\Program Files\Fichiers communs\Ahead 2007-11-05 02:59 <REP> d-------- C:\Nero 7 2007-11-05 02:57 <REP> d-------- C:\MeuhMeuhTV 2007-11-05 02:56 <REP> d-------- C:\Program Files\Fichiers communs\Adobe 2007-11-05 02:53 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2007-11-05 02:49 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData 2007-11-05 02:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\XnView 2007-11-05 00:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-05 00:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft 2007-11-05 00:49 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-05 00:36 <REP> d-------- C:\Program Files\uTorrent 2007-11-05 00:36 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\uTorrent 2007-11-05 00:22 <REP> d-------- C:\Daemon Tools 2007-11-04 23:51 <REP> d-------- C:\Program Files\Windows Media Connect 2 2007-11-04 23:49 <REP> d-------- C:\WINDOWS\system32\LogFiles 2007-11-04 23:49 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-11-04 23:49 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-11-04 23:26 <REP> d-------- C:\Webteh 2007-11-04 23:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\BSplayer Pro 2007-11-04 23:19 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-11-04 23:19 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-11-04 23:19 739,840 --a------ C:\WINDOWS\system32\divx.dll 2007-11-04 23:19 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-11-04 23:19 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-11-04 23:19 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2007-11-04 23:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2007-11-04 23:19 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-11-04 23:18 <REP> d-------- C:\Program Files\K-Lite Codec Pack 2007-11-04 23:18 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-11-04 23:03 <REP> d-------- C:\Winamp 2007-11-04 23:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Winamp 2007-11-04 22:57 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-04 22:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback 2007-11-04 22:47 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-04 22:43 <REP> d-------- C:\XnView 2007-11-04 22:40 <REP> d-------- C:\eMule 2007-11-04 22:37 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-11-04 22:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2007-11-04 22:34 <REP> d-------- C:\Spybot - Search & Destroy 2007-11-04 22:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-04 22:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-11-04 22:26 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-11-04 22:25 <REP> d-------- C:\WINDOWS\Internet Logs 2007-11-04 22:22 <REP> d-------- C:\WinRAR 2007-11-04 22:21 <REP> d-------- C:\Mozilla Firefox 2007-11-04 22:20 299,392 --a------ C:\WINDOWS\system32\imon.dll 2007-11-04 22:13 <REP> d-------- C:\WINDOWS\Alice 2007-11-04 22:13 <REP> d-------- C:\Program Files\Alice_Triway_WiFi 2007-11-04 22:13 94,208 --a------ C:\WINDOWS\system32\W32N50.DLL 2007-11-04 22:13 48,128 --a------ C:\WINDOWS\system32\SMMSCRPT.DLL 2007-11-04 22:13 16,128 --a------ C:\WINDOWS\system32\PCANDIS5.SYS 2007-11-04 22:13 9,728 --a------ C:\WINDOWS\system32\RNAPH.DLL 2007-11-04 22:07 <REP> d-------- C:\Program Files\ZyDAS Technology Corporation 2007-11-04 22:07 259,584 --a------ C:\WINDOWS\system32\drivers\ZD1211U.sys 2007-11-04 22:07 81,920 --a------ C:\WINDOWS\system32\ZDPN50.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-10 08:28 9,536 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-10 08:28 68,768 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-04 14:12 --------- d-----w C:\Program Files\Fichiers communs\ODBC 2007-11-04 13:24 --------- d-----w C:\Program Files\Fichiers communs\MSSoap 2007-08-26 19:03 1,548,288 ----a-w C:\WINDOWS\system32\sfcfiles.dll 2007-08-26 19:01 8,192 ----a-w C:\WINDOWS\system32\streamci.dll 2007-08-26 19:01 72,192 ----a-w C:\WINDOWS\system32\sprio800.dll 2007-08-26 19:01 70,656 ----a-w C:\WINDOWS\system32\sprio600.dll 2007-08-26 19:01 69,632 ----a-w C:\WINDOWS\system32\spnike.dll 2007-08-26 19:01 59,392 ----a-w C:\WINDOWS\system32\dvdplay.exe 2007-08-26 19:01 58,880 ----a-w C:\WINDOWS\system32\dmutil.dll 2007-08-26 19:01 51,712 ----a-w C:\WINDOWS\system32\wzcsapi.dll 2007-08-26 19:01 359,936 ----a-w C:\WINDOWS\system32\wzcsvc.dll 2007-08-26 19:01 35,328 ----a-w C:\WINDOWS\system32\pid.dll 2007-08-26 19:01 20,992 ----a-w C:\WINDOWS\system32\hid.dll 2007-08-26 19:01 2,019,328 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2007-08-26 19:01 157,696 ----a-w C:\WINDOWS\system32\paqsp.dll 2007-08-26 19:01 147,968 ----a-w C:\WINDOWS\system32\mdwmdmsp.dll 2007-08-26 18:57 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-08-26 18:57 1,005,056 ----a-w C:\WINDOWS\system32\syssetup.dll 2007-08-26 18:56 2,139,648 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2007-08-26 18:56 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-08-26 18:56 1,844,096 ----a-w C:\WINDOWS\system32\win32k.sys 2007-08-26 18:56 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll 2007-08-26 18:55 716,800 ----a-w C:\WINDOWS\system32\sxs.dll 2007-08-26 18:55 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-08-26 18:55 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-08-26 18:55 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-08-26 18:55 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-08-26 18:55 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll 2007-08-26 18:55 124,928 ----a-w C:\WINDOWS\system32\oledlg.dll 2007-08-26 18:54 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll 2007-08-26 18:54 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll 2007-08-26 18:54 733,184 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-08-26 18:54 72,704 ----a-w C:\WINDOWS\system32\hlink.dll 2007-08-26 18:54 617,472 ----a-w C:\WINDOWS\system32\comctl32.dll 2007-08-26 18:54 549,888 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-08-26 18:54 500,278 ----a-w C:\WINDOWS\system32\dxmasf.dll 2007-08-26 18:54 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll 2007-08-26 18:54 145,920 ----a-w C:\WINDOWS\system32\nwprovau.dll 2007-08-26 18:54 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll 2007-08-26 18:54 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll 2007-08-26 18:54 1,440,768 ----a-w C:\WINDOWS\system32\query.dll 2007-08-26 18:53 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll 2007-08-26 18:53 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll 2007-08-26 18:53 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll 2007-08-26 18:53 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll 2007-08-26 18:53 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll 2007-08-26 18:53 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll 2007-08-26 18:50 97,792 ----a-w C:\WINDOWS\system32\comrepl.dll 2007-08-26 18:50 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll 2007-08-26 18:50 75,264 ----a-w C:\WINDOWS\system32\olecli32.dll 2007-08-26 18:50 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll 2007-08-26 18:50 625,152 ----a-w C:\WINDOWS\system32\catsrvut.dll 2007-08-26 18:50 60,416 ----a-w C:\WINDOWS\system32\colbact.dll 2007-08-26 18:50 59,392 ----a-w C:\WINDOWS\system32\stclient.dll 2007-08-26 18:50 539,648 ----a-w C:\WINDOWS\system32\comuid.dll 2007-08-26 18:50 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll 2007-08-26 18:50 398,848 ----a-w C:\WINDOWS\system32\rpcss.dll 2007-08-26 18:50 37,376 ----a-w C:\WINDOWS\system32\olecnv32.dll 2007-08-26 18:50 28,672 ----a-w C:\WINDOWS\system32\verclsid.exe 2007-08-26 18:50 243,200 ----a-w C:\WINDOWS\system32\es.dll 2007-08-26 18:50 225,792 ----a-w C:\WINDOWS\system32\catsrv.dll 2007-08-26 18:50 117,760 ----a-w C:\WINDOWS\system32\t2embed.dll 2007-08-26 18:50 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll 2007-08-26 18:50 101,376 ----a-w C:\WINDOWS\system32\txflog.dll 2007-08-26 18:50 1,286,144 ----a-w C:\WINDOWS\system32\ole32.dll 2007-08-26 18:50 1,267,712 ----a-w C:\WINDOWS\system32\comsvcs.dll 2007-08-26 18:50 1,097,728 ----a-w C:\WINDOWS\system32\esent.dll 2007-08-26 18:49 73,728 ----a-w C:\WINDOWS\system32\mscms.dll 2007-08-26 18:49 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe 2007-08-26 18:49 41,472 ----a-w C:\WINDOWS\system32\hhsetup.dll 2007-08-26 18:49 297,984 ----a-w C:\WINDOWS\system32\kerberos.dll 2007-08-26 18:49 254,976 ----a-w C:\WINDOWS\system32\icm32.dll 2007-08-26 18:49 249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll 2007-08-26 18:49 197,632 ----a-w C:\WINDOWS\system32\netman.dll 2007-08-26 18:49 19,968 ----a-w C:\WINDOWS\system32\linkinfo.dll 2007-08-26 18:49 155,136 ----a-w C:\WINDOWS\system32\itircl.dll 2007-08-26 18:49 137,216 ----a-w C:\WINDOWS\system32\itss.dll 2007-08-26 18:49 124,928 ----a-w C:\WINDOWS\system32\umpnpmgr.dll 2007-08-26 18:49 10,752 ----a-w C:\WINDOWS\hh.exe 2007-08-26 18:49 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-08-26 18:48 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll 2007-08-26 18:48 62,464 ----a-w C:\WINDOWS\system32\authz.dll 2007-08-13 17:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll 2007-08-13 17:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll 2007-08-13 17:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll 2007-08-13 17:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll 2007-08-13 17:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll 2007-08-13 17:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll 2007-08-13 17:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll 2007-08-13 17:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe 2007-08-13 17:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57] "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15] "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37] "NvMediaCenter"="NvMCTray.dll" [2006-06-01 10:22 C:\WINDOWS\system32\nvmctray.dll] "LabtecKB"="C:\Labtec Keyboard\DsiMmKbd.EXE" [2003-04-08 14:29] "C-Media Mixer"="Mixer.exe" [2001-11-15 19:08 C:\WINDOWS\mixer.exe] "!AVG Anti-Spyware"="C:\AVG Anti-Spyware 7.5\avgas.exe" [2007-11-05 02:45] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 19:11] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 10:22] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09] "TVAgent WiFi"="C:\Program Files\Alice_Triway_WiFi\Wizard\Agent_WiFi.exe" [2005-06-10 13:41] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDesktopCleanupWizard"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) "NoSMConfigurePrograms"=1 (0x1) "ForceStartMenuLogoff"=0 (0x0) "NoUserNameInStartMenu"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoRecentDocsHistory"=1 (0x1) "NoStartMenuPinnedList"=1 (0x1) "NoResolveTrack"=1 (0x1) "NoResolveSearch"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) "NoSMConfigurePrograms"=1 (0x1) "StartMenuLogoff"=1 (0x1) "ForceStartMenuLogoff"=0 (0x0) "NoUserNameInStartMenu"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoRecentDocsHistory"=1 (0x1) "NoStartMenuPinnedList"=1 (0x1) "NoResolveTrack"=1 (0x1) "NoResolveSearch"=1 (0x1) R0 SiSRaid;SiSRaid;C:\WINDOWS\system32\DRIVERS\SiSRaid.sys R0 SiSRaid1;SiSRaid1;C:\WINDOWS\system32\DRIVERS\SiSRaid1.sys R3 3xHybrid;Pinnacle PCTV Stereo service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys R3 DKbFltr;Dritek HotKey Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\MSI Nvidia 7300 gs\NTGLM7X.sys S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService Alerter WebClient LmHosts upnphost SSDPSRV . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-10 09:30:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-10 9:32:15 - machine was rebooted . --- E O F --- logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:36:22, on 10/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\system32\RunDLL32.exe C:\Labtec Keyboard\DsiMmKbd.EXE C:\WINDOWS\Mixer.exe C:\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Alice_Triway_WiFi\Wizard\Agent_WiFi.exe C:\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Mes documents\Applics\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aliceadsl.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LabtecKB] C:\Labtec Keyboard\DsiMmKbd.EXE O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\Alice_Triway_WiFi\Wizard\Agent_WiFi.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194227490109 O17 - HKLM\System\CCS\Services\Tcpip\..\{5B5CB436-A3C9-4482-9D49-DF72BE1984A1}: NameServer = 212.216.212.112,212.216.172.62 O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 4949 bytes
- le 10 novembre 2007
- 6 réponses
Malaware que j'arrive pas à eliminer

patougetup a répondu à un(e) sujet de patougetup dans Analyses et éradication malwares

Merci pour tout bruce lee. Grace à vundofix j'ai pu identifier le fichier responsable, à savoir c:\windows\system32\hrmudsky.dll mais vundofix meme en rebootant n'arrivait à le detruire ou si il le faisait, un nouveau fichier 2 min après, était crée Le malaware n'avait pas disparu car un fichier existait tjs. Probleme resolu grace à avenger.exe qui en 1 seul reboot à eliminer definitivement le fichier et donc plus de malawre Encore Merci pour tout, je n'y serais pas arriver sans ton aide. Si tu peux jeter un coup d'oeil à mon dernier rapport hijackthis pour voir si tout est réglé comme je le crois. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:18:08, on 09/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Labtec Keyboard\DsiMmKbd.EXE C:\WINDOWS\Mixer.exe C:\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alice_Triway_WiFi\Wizard\Agent_WiFi.exe C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe C:\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Mes documents\Applics\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aliceadsl.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: {dd2bbe05-ed25-7c49-c454-33a1a8b2a7d0} - {0d7a2b8a-1a33-454c-94c7-52de50ebb2dd} - C:\WINDOWS\system32\isxfnnmx.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\hrmudsky.dll (file missing) O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hrmudsky.dll (file missing) O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LabtecKB] C:\Labtec Keyboard\DsiMmKbd.EXE O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [9c4b89bf] rundll32.exe "C:\WINDOWS\system32\jconikxu.dll",b O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\Alice_Triway_WiFi\Wizard\Agent_WiFi.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194227490109 O17 - HKLM\System\CCS\Services\Tcpip\..\{5B5CB436-A3C9-4482-9D49-DF72BE1984A1}: NameServer = 212.216.212.112,212.216.172.62 O20 - Winlogon Notify: hrmudsky - hrmudsky.dll (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 5419 bytes
- le 9 novembre 2007
- 6 réponses
Malaware que j'arrive pas à eliminer

patougetup a répondu à un(e) sujet de patougetup dans Analyses et éradication malwares

Merci Bruce Lee pour la rapidité de reponse. J'ai fait ce que tu me disais, j'ai un peu trainé car il me manquait un .dll mais c'est bon VundoFix V6.5.11 Checking Java version... Sun Java not detected Scan started at 13:22:44 09/11/2007 Listing files found while scanning.... C:\WINDOWS\system32\hrmudsky.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\hrmudsky.dll C:\WINDOWS\system32\hrmudsky.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\hrmudsky.dll C:\WINDOWS\system32\hrmudsky.dll Could not be deleted. Performing Repairs to the registry. Done! ComboFix 07-11-08.1 - Administrateur 2007-11-09 13:51:41.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1615 [GMT 1:00] Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrateur\Bureau\Live Safety Center.lnk C:\Documents and Settings\Administrateur\Bureau\Online Security Guide.lnk C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk C:\Documents and Settings\Administrateur\Mes documents\ECURIT~1 C:\Documents and Settings\Administrateur\Mes documents\ECURIT~1\?ecurity\ C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk C:\Program Files\outerinfo C:\Program Files\outerinfo\outerinfo.ico C:\WINDOWS\system32\hrmudsky.dllbox C:\WINDOWS\system32\winsys.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-09 to 2007-11-09 )))))))))))))))))))))))))))))))))))) . 2007-11-09 13:36 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-09 13:22 <REP> d-------- C:\VundoFix Backups 2007-11-09 11:51 <REP> d-------- C:\Program Files\SpywareBlaster 2007-11-09 11:39 <REP> d-------- C:\WINDOWS\pss 2007-11-09 11:33 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-11-09 10:23 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-11-09 10:23 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-11-09 10:23 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-09 10:23 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-09 10:23 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-09 10:23 2,868 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-09 09:34 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-11-08 19:00 <REP> d-------- C:\Program Files\Kaspersky Lab 2007-11-08 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-11-08 19:00 4,114,464 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-08 19:00 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-11-08 19:00 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-11-08 19:00 20,768 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-08 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-11-08 00:31 145,984 --------- C:\WINDOWS\system32\hrmudsky.dll 2007-11-08 00:31 145,984 --a------ C:\WINDOWS\system32\dfejgngb.dll 2007-11-07 23:02 <REP> d-------- C:\Program Files\Vidal 2007-11-07 23:02 2,707,456 --a------ C:\WINDOWS\system32\Mvsmpl32.dll 2007-11-07 23:02 99,840 --a------ C:\WINDOWS\system32\VIDAL32envir.dll 2007-11-07 23:02 36,864 --a------ C:\WINDOWS\system32\Mvcdql32.dll 2007-11-06 09:47 564,996 ---hs---- C:\WINDOWS\system32\uxkinocj.ini2 2007-11-06 09:47 87,104 --a------ C:\WINDOWS\system32\jconikxu.dll 2007-11-06 09:47 81,472 --a------ C:\WINDOWS\system32\isxfnnmx.dll 2007-11-06 09:30 <REP> d--hs---- C:\Documents and Settings\06112007\txt 2007-11-06 09:30 <REP> d--hs---- C:\Documents and Settings\06112007\image 2007-11-06 09:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\rkfree 2007-11-06 09:12 87,104 --------- C:\WINDOWS\system32\myvgxprp.dll 2007-11-06 09:09 81,472 --a------ C:\WINDOWS\system32\nmmgesxt.dll 2007-11-05 15:04 <REP> d-------- C:\Program Files\Real Alternative 2007-11-05 14:53 1,208 --a------ C:\WINDOWS\mozver.dat 2007-11-05 11:24 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2007-11-05 10:36 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-05 10:36 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-05 10:36 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-05 10:36 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-05 10:36 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-05 10:36 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-05 10:36 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-05 10:36 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-05 10:35 <REP> d-------- C:\WINDOWS\system32\fr-fr 2007-11-05 10:23 85,568 --------- C:\WINDOWS\system32\qsbymdlh.dll 2007-11-05 09:56 <REP> d-------- C:\Program Files\Microsoft Works 2007-11-05 09:53 <REP> d-------- C:\WINDOWS\SHELLNEW 2007-11-05 09:53 <REP> d-------- C:\Microsoft Office 2007-11-05 09:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-11-05 09:52 <REP> dr-h----- C:\MSOCache 2007-11-05 09:48 364,160 --a------ C:\WINDOWS\system32\drivers\update.sys 2007-11-05 09:48 364,160 --a--c--- C:\WINDOWS\system32\dllcache\update.sys 2007-11-05 03:10 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic 2007-11-05 03:06 <REP> d-------- C:\Program Files\Fichiers communs\Ahead 2007-11-05 02:59 <REP> d-------- C:\Nero 7 2007-11-05 02:57 <REP> d-------- C:\MeuhMeuhTV 2007-11-05 02:56 <REP> d-------- C:\Program Files\Fichiers communs\Adobe 2007-11-05 02:53 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2007-11-05 02:49 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData 2007-11-05 02:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\XnView 2007-11-05 00:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-05 00:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft 2007-11-05 00:49 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-05 00:36 <REP> d-------- C:\Program Files\uTorrent 2007-11-05 00:36 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\uTorrent 2007-11-05 00:22 <REP> d-------- C:\Daemon Tools 2007-11-04 23:51 <REP> d-------- C:\Program Files\Windows Media Connect 2 2007-11-04 23:49 <REP> d-------- C:\WINDOWS\system32\LogFiles 2007-11-04 23:49 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-11-04 23:49 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-11-04 23:26 <REP> d-------- C:\Webteh 2007-11-04 23:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\BSplayer Pro 2007-11-04 23:19 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-11-04 23:19 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-11-04 23:19 739,840 --a------ C:\WINDOWS\system32\divx.dll 2007-11-04 23:19 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-11-04 23:19 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-11-04 23:19 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2007-11-04 23:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2007-11-04 23:19 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-11-04 23:18 <REP> d-------- C:\Program Files\K-Lite Codec Pack 2007-11-04 23:18 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-11-04 23:03 <REP> d-------- C:\Winamp 2007-11-04 23:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Winamp 2007-11-04 22:57 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-04 22:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback 2007-11-04 22:47 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-04 22:43 <REP> d-------- C:\XnView 2007-11-04 22:40 <REP> d-------- C:\eMule 2007-11-04 22:37 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-11-04 22:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2007-11-04 22:34 <REP> d-------- C:\Spybot - Search & Destroy 2007-11-04 22:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-04 22:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-11-04 22:26 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-11-04 22:25 <REP> d-------- C:\WINDOWS\Internet Logs 2007-11-04 22:22 <REP> d-------- C:\WinRAR 2007-11-04 22:21 <REP> d-------- C:\Mozilla Firefox 2007-11-04 22:20 299,392 --a------ C:\WINDOWS\system32\imon.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-09 13:00 65,432 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-09 13:00 6,104 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-04 14:12 --------- d-----w C:\Program Files\Fichiers communs\ODBC 2007-11-04 13:24 --------- d-----w C:\Program Files\Fichiers communs\MSSoap 2007-08-26 19:03 1,548,288 ----a-w C:\WINDOWS\system32\sfcfiles.dll 2007-08-26 19:01 8,192 ----a-w C:\WINDOWS\system32\streamci.dll 2007-08-26 19:01 72,192 ----a-w C:\WINDOWS\system32\sprio800.dll 2007-08-26 19:01 70,656 ----a-w C:\WINDOWS\system32\sprio600.dll 2007-08-26 19:01 69,632 ----a-w C:\WINDOWS\system32\spnike.dll 2007-08-26 19:01 59,392 ----a-w C:\WINDOWS\system32\dvdplay.exe 2007-08-26 19:01 58,880 ----a-w C:\WINDOWS\system32\dmutil.dll 2007-08-26 19:01 51,712 ----a-w C:\WINDOWS\system32\wzcsapi.dll 2007-08-26 19:01 359,936 ----a-w C:\WINDOWS\system32\wzcsvc.dll 2007-08-26 19:01 35,328 ----a-w C:\WINDOWS\system32\pid.dll 2007-08-26 19:01 20,992 ----a-w C:\WINDOWS\system32\hid.dll 2007-08-26 19:01 2,019,328 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2007-08-26 19:01 157,696 ----a-w C:\WINDOWS\system32\paqsp.dll 2007-08-26 19:01 147,968 ----a-w C:\WINDOWS\system32\mdwmdmsp.dll 2007-08-26 18:57 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-08-26 18:57 1,005,056 ----a-w C:\WINDOWS\system32\syssetup.dll 2007-08-26 18:56 2,139,648 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2007-08-26 18:56 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-08-26 18:56 1,844,096 ----a-w C:\WINDOWS\system32\win32k.sys 2007-08-26 18:56 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll 2007-08-26 18:55 716,800 ----a-w C:\WINDOWS\system32\sxs.dll 2007-08-26 18:55 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-08-26 18:55 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-08-26 18:55 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-08-26 18:55 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-08-26 18:55 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll 2007-08-26 18:55 124,928 ----a-w C:\WINDOWS\system32\oledlg.dll 2007-08-26 18:54 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll 2007-08-26 18:54 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll 2007-08-26 18:54 733,184 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-08-26 18:54 72,704 ----a-w C:\WINDOWS\system32\hlink.dll 2007-08-26 18:54 617,472 ----a-w C:\WINDOWS\system32\comctl32.dll 2007-08-26 18:54 549,888 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-08-26 18:54 500,278 ----a-w C:\WINDOWS\system32\dxmasf.dll 2007-08-26 18:54 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll 2007-08-26 18:54 145,920 ----a-w C:\WINDOWS\system32\nwprovau.dll 2007-08-26 18:54 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll 2007-08-26 18:54 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll 2007-08-26 18:54 1,440,768 ----a-w C:\WINDOWS\system32\query.dll 2007-08-26 18:53 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll 2007-08-26 18:53 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll 2007-08-26 18:53 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll 2007-08-26 18:53 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll 2007-08-26 18:53 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll 2007-08-26 18:53 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll 2007-08-26 18:50 97,792 ----a-w C:\WINDOWS\system32\comrepl.dll 2007-08-26 18:50 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll 2007-08-26 18:50 75,264 ----a-w C:\WINDOWS\system32\olecli32.dll 2007-08-26 18:50 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll 2007-08-26 18:50 625,152 ----a-w C:\WINDOWS\system32\catsrvut.dll 2007-08-26 18:50 60,416 ----a-w C:\WINDOWS\system32\colbact.dll 2007-08-26 18:50 59,392 ----a-w C:\WINDOWS\system32\stclient.dll 2007-08-26 18:50 539,648 ----a-w C:\WINDOWS\system32\comuid.dll 2007-08-26 18:50 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll 2007-08-26 18:50 398,848 ----a-w C:\WINDOWS\system32\rpcss.dll 2007-08-26 18:50 37,376 ----a-w C:\WINDOWS\system32\olecnv32.dll 2007-08-26 18:50 28,672 ----a-w C:\WINDOWS\system32\verclsid.exe 2007-08-26 18:50 243,200 ----a-w C:\WINDOWS\system32\es.dll 2007-08-26 18:50 225,792 ----a-w C:\WINDOWS\system32\catsrv.dll 2007-08-26 18:50 117,760 ----a-w C:\WINDOWS\system32\t2embed.dll 2007-08-26 18:50 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll 2007-08-26 18:50 101,376 ----a-w C:\WINDOWS\system32\txflog.dll 2007-08-26 18:50 1,286,144 ----a-w C:\WINDOWS\system32\ole32.dll 2007-08-26 18:50 1,267,712 ----a-w C:\WINDOWS\system32\comsvcs.dll 2007-08-26 18:50 1,097,728 ----a-w C:\WINDOWS\system32\esent.dll 2007-08-26 18:49 73,728 ----a-w C:\WINDOWS\system32\mscms.dll 2007-08-26 18:49 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe 2007-08-26 18:49 41,472 ----a-w C:\WINDOWS\system32\hhsetup.dll 2007-08-26 18:49 297,984 ----a-w C:\WINDOWS\system32\kerberos.dll 2007-08-26 18:49 254,976 ----a-w C:\WINDOWS\system32\icm32.dll 2007-08-26 18:49 249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll 2007-08-26 18:49 197,632 ----a-w C:\WINDOWS\system32\netman.dll 2007-08-26 18:49 19,968 ----a-w C:\WINDOWS\system32\linkinfo.dll 2007-08-26 18:49 155,136 ----a-w C:\WINDOWS\system32\itircl.dll 2007-08-26 18:49 137,216 ----a-w C:\WINDOWS\system32\itss.dll 2007-08-26 18:49 124,928 ----a-w C:\WINDOWS\system32\umpnpmgr.dll 2007-08-26 18:49 10,752 ----a-w C:\WINDOWS\hh.exe 2007-08-26 18:49 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-08-26 18:48 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll 2007-08-26 18:48 62,464 ----a-w C:\WINDOWS\system32\authz.dll 2007-08-13 17:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll 2007-08-13 17:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll 2007-08-13 17:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll 2007-08-13 17:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll 2007-08-13 17:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll 2007-08-13 17:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll 2007-08-13 17:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll 2007-08-13 17:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe 2007-08-13 17:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0d7a2b8a-1a33-454c-94c7-52de50ebb2dd}] 2007-11-06 09:47 81472 --a------ C:\WINDOWS\system32\isxfnnmx.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-08 00:31 145984 --------- C:\WINDOWS\system32\hrmudsky.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\hrmudsky.dll [2007-11-08 00:31 145984] [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57] "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15] "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37] "NvMediaCenter"="NvMCTray.dll" [2006-06-01 10:22 C:\WINDOWS\system32\nvmctray.dll] "LabtecKB"="C:\Labtec Keyboard\DsiMmKbd.EXE" [2003-04-08 14:29] "C-Media Mixer"="Mixer.exe" [2001-11-15 19:08 C:\WINDOWS\mixer.exe] "!AVG Anti-Spyware"="C:\AVG Anti-Spyware 7.5\avgas.exe" [2007-11-05 02:45] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 19:11] "9c4b89bf"="C:\WINDOWS\system32\jconikxu.dll" [2007-11-06 09:47] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 10:22] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09] "TVAgent WiFi"="C:\Program Files\Alice_Triway_WiFi\Wizard\Agent_WiFi.exe" [2005-06-10 13:41] "DAEMON Tools"="C:\DAEMON Tools\daemon.exe" [2007-08-16 12:24] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDesktopCleanupWizard"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) "NoSMConfigurePrograms"=1 (0x1) "ForceStartMenuLogoff"=0 (0x0) "NoUserNameInStartMenu"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoRecentDocsHistory"=1 (0x1) "NoStartMenuPinnedList"=1 (0x1) "NoResolveTrack"=1 (0x1) "NoResolveSearch"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"=1 (0x1) "NoSMConfigurePrograms"=1 (0x1) "StartMenuLogoff"=1 (0x1) "ForceStartMenuLogoff"=0 (0x0) "NoUserNameInStartMenu"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoRecentDocsHistory"=1 (0x1) "NoStartMenuPinnedList"=1 (0x1) "NoResolveTrack"=1 (0x1) "NoResolveSearch"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hrmudsky] hrmudsky.dll 2007-11-08 00:31 145984 C:\WINDOWS\system32\hrmudsky.dll R0 SiSRaid;SiSRaid;C:\WINDOWS\system32\DRIVERS\SiSRaid.sys R0 SiSRaid1;SiSRaid1;C:\WINDOWS\system32\DRIVERS\SiSRaid1.sys R3 3xHybrid;Pinnacle PCTV Stereo service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys R3 DKbFltr;Dritek HotKey Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\MSI Nvidia 7300 gs\NTGLM7X.sys S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService Alerter WebClient LmHosts upnphost SSDPSRV *Newly Created Service* - PCANDIS5 . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-09 14:03:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-09 14:08:31 - machine was rebooted . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:12:42, on 09/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\system32\RunDLL32.exe C:\Labtec Keyboard\DsiMmKbd.EXE C:\WINDOWS\Mixer.exe C:\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alice_Triway_WiFi\Wizard\Agent_WiFi.exe C:\DAEMON Tools\daemon.exe C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe C:\WINDOWS\system32\wscntfy.exe C:\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Administrateur\Mes documents\Applics\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aliceadsl.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: {dd2bbe05-ed25-7c49-c454-33a1a8b2a7d0} - {0d7a2b8a-1a33-454c-94c7-52de50ebb2dd} - C:\WINDOWS\system32\isxfnnmx.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\hrmudsky.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hrmudsky.dll O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LabtecKB] C:\Labtec Keyboard\DsiMmKbd.EXE O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [9c4b89bf] rundll32.exe "C:\WINDOWS\system32\jconikxu.dll",b O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\Alice_Triway_WiFi\Wizard\Agent_WiFi.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033 O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194227490109 O17 - HKLM\System\CCS\Services\Tcpip\..\{5B5CB436-A3C9-4482-9D49-DF72BE1984A1}: NameServer = 212.216.212.112,212.216.172.62 O20 - Winlogon Notify: hrmudsky - C:\WINDOWS\SYSTEM32\hrmudsky.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 5303 bytes Merci de ta reponse, voila les 3 rapports. Mais la bulle et la fenetre qui me proposent de telecharger un antispyware n'a pas disparu..
- le 9 novembre 2007
- 6 réponses
Malaware que j'arrive pas à eliminer

patougetup a posté un sujet dans Analyses et éradication malwares

Bonjour, j'ai un virus ou spyware que j'arrive pas à degager. Toutes les 2 min une bulle de la barre de lancement rapide s'ouvre, mon firewall bloque l'ouverture d'internet explorer vers le site www.saveyourinformation.com un truc comme çà. J'ai NOD32 et Zonealarm, avec Spybot - Search & Destroy,AVG antispyware tout est mise à jour, j'ai essayé Kaspersky complet en évaluation mais rien n'y fait... je m'en sors pas J'ai fait un premier tri avec Hijackthis, avec le tutorial j'ai viré qq lignes superflues, mais j'ai toujours le malaware. Si qq'un peut m'aider et m'indiquer quoi faire... Voici mon dernier rapport hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:14:45, on 09/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Labtec Keyboard\DsiMmKbd.EXE C:\WINDOWS\Mixer.exe C:\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alice_Triway_WiFi\Wizard\Agent_WiFi.exe C:\DAEMON Tools\daemon.exe C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Administrateur\Mes documents\Applics\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aliceadsl.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: {dd2bbe05-ed25-7c49-c454-33a1a8b2a7d0} - {0d7a2b8a-1a33-454c-94c7-52de50ebb2dd} - C:\WINDOWS\system32\isxfnnmx.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\hrmudsky.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hrmudsky.dll O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LabtecKB] C:\Labtec Keyboard\DsiMmKbd.EXE O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [9c4b89bf] rundll32.exe "C:\WINDOWS\system32\jconikxu.dll",b O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\Alice_Triway_WiFi\Wizard\Agent_WiFi.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033 O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194227490109 O17 - HKLM\System\CCS\Services\Tcpip\..\{5B5CB436-A3C9-4482-9D49-DF72BE1984A1}: NameServer = 212.216.212.112,212.216.172.62 O20 - Winlogon Notify: hrmudsky - C:\WINDOWS\SYSTEM32\hrmudsky.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 5580 bytes
- le 9 novembre 2007
- 6 réponses

Connexion

patougetup

Compteur de contenus

Inscription

Dernière visite

Autres informations

patougetup's Achievements

Junior Member (3/12)

Réputation sur la communauté

Malaware que j'arrive pas à eliminer

Malaware que j'arrive pas à eliminer

Malaware que j'arrive pas à eliminer

Malaware que j'arrive pas à eliminer

Zebulon

Outils en ligne

Naviguer