sveta50

Membres

Afficher le profil Afficher son activité

Compteur de contenus
2
Inscription
le 3 mars 2008
Dernière visite
le 5 mars 2008

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par sveta50

Trojan.Popuper, FTPCatcher, Generic

sveta50 a répondu à un(e) sujet de sveta50 dans Analyses et éradication malwares

Bonjour et merci pour ton aide. Voici les rapports : ComboFix 08-03-03.12 - isabelle 2008-03-05 0:06:44.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.228 [GMT 1:00] Endroit: C:\Documents and Settings\isabelle\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\isabelle\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\Program Files\tmp2014296.exe C:\Program Files\tmp2014390.exe C:\Program Files\tmp2014421.exe C:\Program Files\tmp2014484.exe C:\Program Files\tmp2015093.exe C:\Program Files\tmp2017062.exe C:\Program Files\tmp2033578.exe C:\Program Files\tmp2047812.exe C:\Program Files\tmp2048687.exe C:\Program Files\tmp2048734.exe C:\Program Files\tmp2048921.exe C:\Program Files\tmp2049328.exe C:\Program Files\tmp2051562.exe C:\Program Files\tmp260000.exe C:\Program Files\tmp264781.exe C:\Program Files\tmp264812.exe C:\Program Files\tmp264828.exe C:\Program Files\tmp264921.exe C:\Program Files\tmp266000.exe C:\Program Files\tmp273625.exe C:\Program Files\tmp274500.exe C:\Program Files\tmp274531.exe C:\Program Files\tmp274546.exe C:\Program Files\tmp283531.exe C:\Program Files\tmp283546.exe C:\Program Files\tmp283593.exe C:\Program Files\tmp287218.exe C:\Program Files\tmp287843.exe C:\Program Files\tmp311546.exe C:\Program Files\tmp312625.exe C:\Program Files\tmp312671.exe C:\Program Files\tmp312890.exe C:\Program Files\tmp313578.exe C:\Program Files\tmp314656.exe C:\Program Files\tmp363859.exe C:\Program Files\tmp561468.exe C:\WINDOWS\Installer\{ce139da9-56b5-4f4c-b6b0-aca7a8fbae54}\CDSetup.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Fichiers communs\System\ntsvc32k.exe C:\Program Files\Fichiers communs\System\RDPsvc2.exe C:\Program Files\Fichiers communs\System\sysvideo32.dll C:\Program Files\Fichiers communs\System\winmgt32k.dll C:\Program Files\tmp2014296.exe C:\Program Files\tmp2014390.exe C:\Program Files\tmp2014421.exe C:\Program Files\tmp2014484.exe C:\Program Files\tmp2015093.exe C:\Program Files\tmp2017062.exe C:\Program Files\tmp2033578.exe C:\Program Files\tmp2047812.exe C:\Program Files\tmp2048687.exe C:\Program Files\tmp2048734.exe C:\Program Files\tmp2048921.exe C:\Program Files\tmp2049328.exe C:\Program Files\tmp2051562.exe C:\Program Files\tmp260000.exe C:\Program Files\tmp264781.exe C:\Program Files\tmp264812.exe C:\Program Files\tmp264828.exe C:\Program Files\tmp264921.exe C:\Program Files\tmp266000.exe C:\Program Files\tmp273625.exe C:\Program Files\tmp274500.exe C:\Program Files\tmp274531.exe C:\Program Files\tmp274546.exe C:\Program Files\tmp283531.exe C:\Program Files\tmp283546.exe C:\Program Files\tmp283593.exe C:\Program Files\tmp287218.exe C:\Program Files\tmp287843.exe C:\Program Files\tmp311546.exe C:\Program Files\tmp312625.exe C:\Program Files\tmp312671.exe C:\Program Files\tmp312890.exe C:\Program Files\tmp313578.exe C:\Program Files\tmp314656.exe C:\Program Files\tmp363859.exe C:\Program Files\tmp561468.exe C:\WINDOWS\Installer\{ce139da9-56b5-4f4c-b6b0-aca7a8fbae54}\CDSetup.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NTSVC32K -------\LEGACY_RDPSVC2 -------\LEGACY_WINMGT32K -------\ntsvc32k -------\RDPsvc2 -------\sysvideo32 -------\winmgt32k ((((((((((((((((((((((((((((( Fichiers créés 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))))))) . 2008-03-04 16:52 . 2008-03-04 16:52 933 --a------ C:\Program Files\tmp4041921.exe 2008-03-04 11:51 . 2008-03-04 11:51 36,324 --a------ C:\Program Files\tmp5817593.exe 2008-03-04 11:51 . 2008-03-04 11:51 16,532 --a------ C:\Program Files\tmp5802343.exe 2008-03-04 11:51 . 2008-03-04 11:51 13,448 --a------ C:\Program Files\tmp5802609.exe 2008-03-04 11:50 . 2008-03-04 11:50 16,576 --a------ C:\Program Files\tmp5802296.exe 2008-03-04 11:50 . 2008-03-04 11:50 16,548 --a------ C:\Program Files\tmp5802328.exe 2008-03-04 11:50 . 2008-03-04 11:51 13,444 --a------ C:\Program Files\tmp5802406.exe 2008-03-04 09:56 . 2008-03-04 09:56 36,344 --a------ C:\Program Files\tmp359000.exe 2008-03-04 09:56 . 2008-03-04 09:56 36,224 --a------ C:\Program Files\tmp357734.exe 2008-03-04 09:56 . 2008-03-04 09:56 16,508 --a------ C:\Program Files\tmp336406.exe 2008-03-04 09:56 . 2008-03-04 09:56 16,480 --a------ C:\Program Files\tmp336421.exe 2008-03-04 09:56 . 2008-03-04 09:56 13,524 --a------ C:\Program Files\tmp392703.exe 2008-03-04 09:56 . 2008-03-04 09:56 13,424 --a------ C:\Program Files\tmp336578.exe 2008-03-03 12:42 . 2008-03-03 12:42 <REP> d-------- C:\ComboFix[1] 2008-03-01 13:36 . 2008-03-01 13:36 <REP> d-------- C:\Program Files\CCleaner 2008-02-29 22:06 . 2008-02-29 22:06 <REP> d-------- C:\Program Files\Trend Micro 2008-02-29 21:32 . 2008-03-03 12:04 <REP> d-------- C:\Program Files\Spyware Doctor 2008-02-29 21:32 . 2008-02-29 21:32 <REP> d-------- C:\Documents and Settings\isabelle\Application Data\PC Tools 2008-02-29 21:32 . 2008-03-05 00:04 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-02-29 21:32 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-02-29 21:32 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-02-29 21:32 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-02-29 21:32 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-02-29 20:58 . 2008-02-29 20:58 <REP> d-------- C:\Program Files\CleanUp! 2008-02-29 18:35 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-02-29 18:35 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-02-29 18:35 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-02-29 18:34 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-02-29 18:34 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-02-29 18:23 . 2008-02-29 18:23 <REP> d--h----- C:\WINDOWS\PIF 2008-02-29 11:27 . 2008-02-29 11:28 <REP> d-------- C:\Program Files\a-squared Anti-Dialer 2008-02-29 11:22 . 2008-03-01 16:35 <REP> d-------- C:\Program Files\a-squared Free 2008-02-29 11:03 . 2008-02-29 11:27 <REP> d-------- C:\Program Files\a-squared Anti-Malware 2008-02-29 00:46 . 2008-02-29 00:46 <REP> d-------- C:\Documents and Settings\isabelle\Application Data\Uniblue 2008-02-28 23:50 . 2008-02-28 23:50 0 --a------ C:\WINDOWS\system32\lich.dat 2008-02-28 23:04 . 2008-02-28 23:04 <REP> d-------- C:\Program Files\NetProject 2008-02-27 17:44 . 2008-02-27 17:44 <REP> d-------- C:\Documents and Settings\isabelle\Application Data\AdobeUM 2008-02-14 15:45 . 2008-02-14 15:45 <REP> d-------- C:\Program Files\LexarMedia 2008-02-04 12:29 . 2008-02-04 12:29 <REP> d-------- C:\Documents and Settings\isabelle\Application Data\Camfrog 2008-02-04 12:27 . 2008-02-04 13:36 <REP> d-------- C:\Program Files\Camfrog . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-04 23:04 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2008-03-04 19:50 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater 2008-03-04 17:40 --------- d-----w C:\Program Files\Abacalc 2008-02-29 20:01 --------- d-----w C:\Program Files\eMule 2008-02-26 17:34 --------- d-----w C:\Documents and Settings\isabelle\Application Data\StarOffice8 2008-02-24 17:34 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-10 16:18 --------- d-----w C:\Documents and Settings\isabelle\Application Data\Skype 2008-02-02 19:36 29,017,528 ----a-w C:\FileFormatConverters.exe 2008-02-02 19:36 --------- d-----w C:\Program Files\MSECache 2008-02-02 18:41 --------- d-----w C:\Documents and Settings\isabelle\Application Data\OpenOffice.org2 2008-01-12 17:53 --------- d-----w C:\Program Files\AxBx 2008-01-11 16:46 --------- d-----w C:\Program Files\Abalect 2008-01-08 10:29 --------- d-----w C:\Program Files\Fichiers communs\snp2std 2008-01-08 10:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-26 09:28 20 ---h--w C:\DOCUME~1\ALLUSE~1\APPLIC~1\PKP_DLec.DAT 2007-12-26 09:28 20 ---h--w C:\DOCUME~1\ALLUSE~1\APPLIC~1\PKP_DLds.DAT 2007-12-12 18:20 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2007-12-12 18:20 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2007-12-07 10:36 48 ----a-w C:\Program Files\AbalectRécents.dat 2007-12-04 20:34 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-12-04 20:34 253,952 ------w C:\WINDOWS\Setup1.exe 2007-10-03 16:53 24,536,608 ----a-w C:\Program Files\adberdr810_fr_fr.exe . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\Program Files\Fichiers communs\System ---- 2008-03-04 15:47 2688 --a------ C:\Program Files\Fichiers communs\System\winmgt32k.dll 2008-03-04 15:47 2688 --a------ C:\Program Files\Fichiers communs\System\sysvideo32.dll 2008-02-28 23:49 31728 --a------ C:\Program Files\Fichiers communs\System\RDPsvc2.exe 2008-02-28 23:48 14032 --a------ C:\Program Files\Fichiers communs\System\ntsvc32k.exe 2004-08-05 13:00 9975 --a------ C:\Program Files\Fichiers communs\System\Ole DB\oledbvbs.inc 2004-08-05 13:00 9804 --a------ C:\Program Files\Fichiers communs\System\Ole DB\oledbjvs.inc 2004-08-05 13:00 94208 --a------ C:\Program Files\Fichiers communs\System\Ole DB\msdatl3.dll 2004-08-05 13:00 81920 --a------ C:\Program Files\Fichiers communs\System\ado\msado27.tlb 2004-08-05 13:00 81920 --a------ C:\Program Files\Fichiers communs\System\ado\msado26.tlb 2004-08-05 13:00 81920 --a------ C:\Program Files\Fichiers communs\System\ado\msado25.tlb 2004-08-05 13:00 81408 --a------ C:\Program Files\Fichiers communs\System\directdb.dll 2004-08-05 13:00 77824 --a------ C:\Program Files\Fichiers communs\System\Ole DB\oledb32r.dll 2004-08-05 13:00 77824 --a------ C:\Program Files\Fichiers communs\System\Ole DB\msdaosp.dll 2004-08-05 13:00 65536 --a------ C:\Program Files\Fichiers communs\System\Ole DB\sqloledb.rll 2004-08-05 13:00 629 --a------ C:\Program Files\Fichiers communs\System\msadc\adcjavas.inc 2004-08-05 13:00 622 --a------ C:\Program Files\Fichiers communs\System\msadc\adcvbs.inc 2004-08-05 13:00 61440 --a------ C:\Program Files\Fichiers communs\System\msadc\msadcf.dll 2004-08-05 13:00 61440 --a------ C:\Program Files\Fichiers communs\System\ado\msado21.tlb 2004-08-05 13:00 61440 --a------ C:\Program Files\Fichiers communs\System\ado\msado20.tlb 2004-08-05 13:00 588 --a------ C:\Program Files\Fichiers communs\System\msadc\handsafe.reg 2004-08-05 13:00 57344 --a------ C:\Program Files\Fichiers communs\System\ado\msadrh15.dll 2004-08-05 13:00 57344 --a------ C:\Program Files\Fichiers communs\System\ado\msador15.dll 2004-08-05 13:00 536576 --a------ C:\Program Files\Fichiers communs\System\ado\msado15.dll 2004-08-05 13:00 53248 --a------ C:\Program Files\Fichiers communs\System\msadc\msadcs.dll 2004-08-05 13:00 528384 --a------ C:\Program Files\Fichiers communs\System\Ole DB\sqloledb.dll 2004-08-05 13:00 518 --a------ C:\Program Files\Fichiers communs\System\msadc\handler.reg 2004-08-05 13:00 504832 --a------ C:\Program Files\Fichiers communs\System\wab32.dll 2004-08-05 13:00 487424 --a------ C:\Program Files\Fichiers communs\System\Ole DB\oledb32.dll 2004-08-05 13:00 424 --a------ C:\Program Files\Fichiers communs\System\ado\MDACReadme.htm 2004-08-05 13:00 4096 --a------ C:\Program Files\Fichiers communs\System\Ole DB\msdaurl.dll 2004-08-05 13:00 4096 --a------ C:\Program Files\Fichiers communs\System\Ole DB\msdasc.dll 2004-08-05 13:00 4096 --a------ C:\Program Files\Fichiers communs\System\Ole DB\msdaer.dll 2004-08-05 13:00 4096 --a------ C:\Program Files\Fichiers communs\System\Ole DB\msdaenum.dll 2004-08-05 13:00 4096 --a------ C:\Program Files\Fichiers communs\System\Ole DB\msdadc.dll 2004-08-05 13:00 37148 --a------ C:\Program Files\Fichiers communs\System\Ole DB\sqlsoldb.chm 2004-08-05 13:00 36864 --a------ C:\Program Files\Fichiers communs\System\msadc\msdfmap.dll 2004-08-05 13:00 331776 --a------ C:\Program Files\Fichiers communs\System\msadc\msadce.dll 2004-08-05 13:00 315392 --a------ C:\Program Files\Fichiers communs\System\Ole DB\msdasql.dll 2004-08-05 13:00 28672 --a------ C:\Program Files\Fichiers communs\System\Ole DB\sqlxmlx.rll 2004-08-05 13:00 28672 --a------ C:\Program Files\Fichiers communs\System\ado\msader15.dll 2004-08-05 13:00 263168 --a------ C:\Program Files\Fichiers communs\System\wab32res.dll 2004-08-05 13:00 24576 --a------ C:\Program Files\Fichiers communs\System\Ole DB\msxactps.dll 2004-08-05 13:00 24576 --a------ C:\Program Files\Fichiers communs\System\msadc\msaddsr.dll 2004-08-05 13:00 233472 --a------ C:\Program Files\Fichiers communs\System\Ole DB\msdaora.dll 2004-08-05 13:00 217088 --a------ C:\Program Files\Fichiers communs\System\Ole DB\sqlxmlx.dll 2004-08-05 13:00 204800 --a------ C:\Program Files\Fichiers communs\System\Ole DB\msdaps.dll 2004-08-05 13:00 20480 --a------ C:\Program Files\Fichiers communs\System\Ole DB\msdatt.dll 2004-08-05 13:00 20480 --a------ C:\Program Files\Fichiers communs\System\msadc\msadcer.dll 2004-08-05 13:00 200704 --a------ C:\Program Files\Fichiers communs\System\msadc\msdaprst.dll 2004-08-05 13:00 200704 --a------ C:\Program Files\Fichiers communs\System\ado\msadox.dll 2004-08-05 13:00 180224 --a------ C:\Program Files\Fichiers communs\System\ado\msadomd.dll 2004-08-05 13:00 16384 --a------ C:\Program Files\Fichiers communs\System\Ole DB\msdasqlr.dll 2004-08-05 13:00 16384 --a------ C:\Program Files\Fichiers communs\System\Ole DB\msdaorar.dll 2004-08-05 13:00 16384 --a------ C:\Program Files\Fichiers communs\System\msadc\msdaremr.dll 2004-08-05 13:00 16384 --a------ C:\Program Files\Fichiers communs\System\msadc\msdaprsr.dll 2004-08-05 13:00 16384 --a------ C:\Program Files\Fichiers communs\System\msadc\msadcor.dll 2004-08-05 13:00 16384 --a------ C:\Program Files\Fichiers communs\System\msadc\msadcfr.dll 2004-08-05 13:00 155648 --a------ C:\Program Files\Fichiers communs\System\msadc\msadds.dll 2004-08-05 13:00 14951 --a------ C:\Program Files\Fichiers communs\System\ado\adovbs.inc 2004-08-05 13:00 14610 --a------ C:\Program Files\Fichiers communs\System\ado\adojavas.inc 2004-08-05 13:00 143360 --a------ C:\Program Files\Fichiers communs\System\msadc\msadco.dll 2004-08-05 13:00 118784 --a------ C:\Program Files\Fichiers communs\System\msadc\msdarem.dll 2004-08-05 13:00 102400 --a------ C:\Program Files\Fichiers communs\System\ado\msjro.dll 2003-08-06 20:28 710200 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\MSPST32.DLL 2003-08-06 20:28 701504 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\EMSMDB32.DLL 2003-08-06 20:27 240704 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\SCNPST64.DLL 2003-08-06 20:27 232000 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\SCNPST32.DLL 2003-08-03 17:51 1354816 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\MSMAPI32.DLL 2003-07-31 22:20 843864 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\MAPIR.DLL 2003-07-31 22:20 80472 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\GAPI32.DLL 2003-07-31 22:20 51800 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\SCANOST.EXE 2003-07-31 22:20 44120 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\SCANPST.EXE 2003-07-31 22:20 130648 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\CNFNOT32.EXE 2003-07-31 22:20 103512 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\MLCFG32.CPL 2003-07-29 13:38 16324 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\MAPISVC.INF 2003-07-28 19:28 651320 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\OUTEX.DLL 2003-07-28 19:27 278592 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\PSTPRX32.DLL 2003-07-22 11:46 145984 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\MAPI32.DLL 2003-07-15 05:46 212032 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\EMSABP32.DLL 2003-07-15 05:44 131128 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\EMSUI32.DLL 2003-07-15 05:43 115776 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\CONTAB32.DLL 2003-07-15 05:43 106048 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\EMABLT32.DLL 2003-07-15 05:42 31296 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\DUMPSTER.DLL 2003-07-15 05:41 12352 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\BJABLR32.DLL 2003-07-11 01:25 842816 --a------ C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL 2003-07-11 01:25 160320 --a------ C:\Program Files\Fichiers communs\System\Ole DB\MSDAPML.DLL 2003-06-20 15:29 78592 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\EXCHNG.HLP 2003-06-14 00:22 120216 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\ESCONF.DLL 2002-12-18 07:03 64192 --a------ C:\Program Files\Fichiers communs\System\Ole DB\resources\1036\MSDMINE.RLL 2002-12-18 07:03 256696 --a------ C:\Program Files\Fichiers communs\System\Ole DB\resources\1036\MSOLAP80.RLL 2002-12-18 02:09 224416 --a------ C:\Program Files\Fichiers communs\System\Ole DB\MSMDCB80.DLL 2002-12-18 02:09 219832 --a------ C:\Program Files\Fichiers communs\System\Ole DB\resources\1033\MSOLAP80.RLL 2002-12-18 02:09 2071752 --a------ C:\Program Files\Fichiers communs\System\Ole DB\MSOLAP80.DLL 2002-12-18 02:09 1031336 --a------ C:\Program Files\Fichiers communs\System\Ole DB\MSMDGD80.DLL 2002-12-18 02:08 56000 --a------ C:\Program Files\Fichiers communs\System\Ole DB\resources\1033\MSDMINE.RLL 2002-12-18 02:08 359600 --a------ C:\Program Files\Fichiers communs\System\Ole DB\MSDMENG.DLL 2002-12-18 02:08 1383592 --a------ C:\Program Files\Fichiers communs\System\Ole DB\MSDMINE.DLL 2002-07-23 15:59 67264 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\SCRPTXTN.DLL 2002-04-10 03:14 187560 --a------ C:\Program Files\Fichiers communs\System\Ole DB\MSMDUN80.DLL 2001-11-19 22:25 228016 --a------ C:\Program Files\Fichiers communs\System\Ole DB\MSOLUI80.DLL 2001-05-09 09:38 22960 --a------ C:\Program Files\Fichiers communs\System\Ole DB\resources\1036\OLAPUIR.RLL 2001-04-18 08:41 23216 --a------ C:\Program Files\Fichiers communs\System\Ole DB\resources\1033\OLAPUIR.RLL 1998-04-20 20:16 17942 --a------ C:\Program Files\Fichiers communs\System\MSMAPI\1036\EMABLT.HLP ---- Directory of C:\WINDOWS\Installer\{ce139da9-56b5-4f4c-b6b0-aca7a8fbae54} ---- 2008-02-28 23:54 19066 ---hs---- C:\WINDOWS\Installer\{ce139da9-56b5-4f4c-b6b0-aca7a8fbae54}\CDSetup.dll ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040] "MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 08:56 278528] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:07 1667584] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 13:52 868352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTrayp"="VTtrayp.exe" [2005-11-04 05:15 163840 C:\WINDOWS\system32\VTTrayp.exe] "VTTimer"="VTTimer.exe" [2005-03-11 04:33 53248 C:\WINDOWS\system32\VTTimer.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496] "RTHDCPL"="RTHDCPL.EXE" [2006-09-12 02:58 16264192 C:\WINDOWS\RTHDCPL.exe] "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 15:20 22528] "InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [1998-07-07 15:04 37376] "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-09-20 22:45 290816] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 14:49 69632] "SkyTel"="SkyTel.EXE" [2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048] "a-squared"="C:\Program Files\a-squared Anti-Dialer\a2adguard.exe" [2007-07-16 21:48 1334272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 15:20 22528] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696] msn_0802_upd232001.exe [2008-03-03 11:57:33 933] NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-09-21 14:47:20 118784] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-10 20:28:26 126136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "zip"= {81874533-d0f1-4258-903e-e7597c310ba2} - C:\WINDOWS\Installer\{81874533-d0f1-4258-903e-e7597c310ba2}\zip.dll [2008-03-04 11:51 23286] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "%windir%\\system32\\winav.exe"= R1 bdftdif;BitDefender Firewall TDI Filter;C:\Program Files\Fichiers communs\Softwin\BitDefender Firewall\bdftdif.sys [2007-02-02 16:41] R2 a2AntiDialer;a-squared Anti-Dialer Service;"C:\Program Files\a-squared Anti-Dialer\a2service.exe" [2007-08-31 20:24] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-02-02 16:40] S3 P1001VID;Creative WebCam (WDM);C:\WINDOWS\system32\DRIVERS\P1001Vid.sys [2002-01-30 03:25] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-12-23 18:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83eec3c1-67a5-11dc-a6ae-806d6172696f}] \Shell\AutoRun\command - D:\Autorun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-05 00:19:29 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\sockspy.dll PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\WINDOWS\system32\sockspy.dll . Temps d'accomplissement: 2008-03-05 0:26:20 ComboFix-quarantined-files.txt 2008-03-04 23:26:03 ComboFix2.txt 2008-03-03 18:33:38 ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, March 05, 2008 2:18:20 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 4/03/2008 Kaspersky Anti-Virus database records: 597127 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 61116 Number of viruses found: 9 Number of infected objects: 136 Number of suspicious objects: 0 Duration of the scan process: 00:54:47 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\isabelle\Application Data\Bitdefender\Desktop\Profiles\asdict.dat Object is locked skipped C:\Documents and Settings\isabelle\Application Data\Creative\Media Database\PCML_1.dpm Object is locked skipped C:\Documents and Settings\isabelle\Application Data\Creative\Media Database\PCML_1.ldb Object is locked skipped C:\Documents and Settings\isabelle\Application Data\Skype\quinquins\call256.dbb Object is locked skipped C:\Documents and Settings\isabelle\Application Data\Skype\quinquins\callmember256.dbb Object is locked skipped C:\Documents and Settings\isabelle\Application Data\Skype\quinquins\chat512.dbb Object is locked skipped C:\Documents and Settings\isabelle\Application Data\Skype\quinquins\chatmember256.dbb Object is locked skipped C:\Documents and Settings\isabelle\Application Data\Skype\quinquins\chatmsg256.dbb Object is locked skipped C:\Documents and Settings\isabelle\Application Data\Skype\quinquins\chatmsg512.dbb Object is locked skipped C:\Documents and Settings\isabelle\Application Data\Skype\quinquins\contactgroup256.dbb Object is locked skipped C:\Documents and Settings\isabelle\Application Data\Skype\quinquins\dyncontent\bundle.dat Object is locked skipped C:\Documents and Settings\isabelle\Application Data\Skype\quinquins\index2.dat Object is locked skipped C:\Documents and Settings\isabelle\Application Data\Skype\quinquins\profile16384.dbb Object is locked skipped C:\Documents and Settings\isabelle\Application Data\Skype\quinquins\user1024.dbb Object is locked skipped C:\Documents and Settings\isabelle\Application Data\Skype\quinquins\user256.dbb Object is locked skipped C:\Documents and Settings\isabelle\Application Data\Skype\quinquins\user4096.dbb Object is locked skipped C:\Documents and Settings\isabelle\Application Data\Skype\quinquins\voicemail256.dbb Object is locked skipped C:\Documents and Settings\isabelle\Cookies\index.dat Object is locked skipped C:\Documents and Settings\isabelle\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\isabelle\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\isabelle\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\isabelle\Local Settings\Temp\JET92CA.tmp Object is locked skipped C:\Documents and Settings\isabelle\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\isabelle\NTUSER.DAT Object is locked skipped C:\Documents and Settings\isabelle\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Softwin\BitDefender10\aspdict.dat Object is locked skipped C:\Program Files\tmp336406.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\Program Files\tmp336421.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\Program Files\tmp336578.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\Program Files\tmp357734.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\Program Files\tmp359000.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\Program Files\tmp392703.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\Program Files\tmp5802296.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\Program Files\tmp5802328.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\Program Files\tmp5802343.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\Program Files\tmp5802406.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\Program Files\tmp5802609.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\Program Files\tmp5817593.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\QooBox\Quarantine\C\Program Files\tmp2014296.exe.vir Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\QooBox\Quarantine\C\Program Files\tmp2014390.exe.vir Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\QooBox\Quarantine\C\Program Files\tmp2014421.exe.vir Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\QooBox\Quarantine\C\Program Files\tmp2014484.exe.vir Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\QooBox\Quarantine\C\Program Files\tmp2015093.exe.vir Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\QooBox\Quarantine\C\Program Files\tmp2017062.exe.vir Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\QooBox\Quarantine\C\Program Files\tmp264781.exe.vir Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\QooBox\Quarantine\C\Program Files\tmp264812.exe.vir Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\QooBox\Quarantine\C\Program Files\tmp264828.exe.vir Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\QooBox\Quarantine\C\Program Files\tmp264921.exe.vir Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\QooBox\Quarantine\C\Program Files\tmp273625.exe.vir Infected: Backdoor.Win32.Small.cwc skipped C:\QooBox\Quarantine\C\Program Files\tmp274500.exe.vir Infected: Backdoor.Win32.Small.cwc skipped C:\QooBox\Quarantine\C\Program Files\tmp274531.exe.vir Infected: Backdoor.Win32.Small.cwc skipped C:\QooBox\Quarantine\C\Program Files\tmp274546.exe.vir Infected: Backdoor.Win32.Small.cwc skipped C:\QooBox\Quarantine\C\Program Files\tmp287843.exe.vir Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\QooBox\Quarantine\C\WINDOWS\Installer\{ce139da9-56b5-4f4c-b6b0-aca7a8fbae54}\CDSetup.dll.vir Infected: Trojan-Dropper.Win32.Agent.eya skipped C:\QooBox\Quarantine\catchme2008-03-05_ 01852.81.zip/sysvideo32.dll Infected: Rootkit.Win32.Agent.adj skipped C:\QooBox\Quarantine\catchme2008-03-05_ 01852.81.zip/winmgt32k.dll Infected: Rootkit.Win32.Agent.adj skipped C:\QooBox\Quarantine\catchme2008-03-05_ 01852.81.zip ZIP: infected - 2 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0000011.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0000013.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0000014.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0001011.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0001013.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0001014.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0001037.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0001039.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0001040.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002036.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002038.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002039.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002053.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002055.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002063.exe Infected: Trojan-Spy.Win32.Zbot.alg skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002071.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002073.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002074.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002096.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002098.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002099.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002111.exe Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002112.exe Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002113.exe Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002114.exe Infected: Trojan-Dropper.Win32.Agent.eya skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002115.exe Infected: Trojan-Dropper.Win32.Agent.eya skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002116.exe Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002117.exe Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002118.exe Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002119.exe Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002120.exe Infected: Trojan-Dropper.Win32.Agent.eya skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002121.exe Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002122.exe Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002123.exe Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002124.exe Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002125.exe Infected: Trojan-Dropper.Win32.Agent.eya skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002142.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002143.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP1\A0002145.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0002169.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0002171.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0002172.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0002218.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0002219.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0002221.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0003218.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0003220.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0003221.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0003239.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0003241.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0003242.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0003251.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0003253.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0003254.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0003294.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0003299.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0003301.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP2\A0003302.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0003409.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0003410.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0003412.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0003514.exe:httpcomm:$DATA Infected: Backdoor.Win32.Agent.cjh skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0003514.exe:mian.nest:$DATA Infected: Backdoor.Win32.Agent.cjh skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0008409.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0008411.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0008412.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0008431.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0008433.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0008434.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0009431.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0009433.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0009434.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0009449.dll Infected: Trojan.Win32.Qhost.abh skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0010430.exe Infected: Trojan.Win32.Qhost.aes skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0010431.exe Infected: Trojan.Win32.Qhost.aes skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0010433.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0010435.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0010436.dll Infected: Rootkit.Win32.Agent.adj skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0010444.exe Infected: Trojan.Win32.Qhost.aes skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0010445.exe Infected: Trojan.Win32.Qhost.aes skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0010446.dll Infected: Trojan-Dropper.Win32.Agent.eya skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0010447.dll Infected: Trojan-Dropper.Win32.Agent.eya skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0010448.dll Infected: Trojan-Dropper.Win32.Agent.eya skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0010449.exe Infected: Trojan.Win32.Qhost.aes skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0010450.exe Infected: Trojan.Win32.Qhost.aes skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP3\A0010451.exe Infected: Trojan.Win32.Qhost.aes skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP5\A0010506.exe Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP5\A0010507.exe Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP5\A0010508.exe Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP5\A0010509.exe Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP5\A0010510.exe Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP5\A0010511.exe Infected: Trojan-Downloader.Win32.Agent.keu skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP5\A0010520.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP5\A0010521.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP5\A0010522.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP5\A0010523.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP5\A0010525.exe Infected: Backdoor.Win32.Small.cwc skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP5\A0010526.exe Infected: Backdoor.Win32.Small.cwc skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP5\A0010527.exe Infected: Backdoor.Win32.Small.cwc skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP5\A0010528.exe Infected: Backdoor.Win32.Small.cwc skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP5\A0010533.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP5\A0010542.dll Infected: Trojan-Dropper.Win32.Agent.eya skipped C:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP5\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Installer\{5f3375f9-2be4-46ee-9ba0-86cfc40849bb}\zip.dll Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\WINDOWS\Installer\{81874533-d0f1-4258-903e-e7597c310ba2}\zip.dll Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\WINDOWS\Installer\{ceaf9cf8-9264-45c1-a569-aa4e7e85121a}\zip.dll Infected: Trojan-Dropper.Win32.Agent.fbe skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\bdss.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\tmp00001c49\tmp00000000 Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped E:\System Volume Information\_restore{86548279-7754-4CD7-B7FA-C9045D6B8445}\RP5\change.log Object is locked skipped Scan process completed. WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP ?dition familiale" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:26:09, on 05/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Anti-Dialer\a2service.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [instantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe" O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: msn_0802_upd232001.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1204303190437 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://inthemix-gwen.spaces.live.com/Photo...ad/MsnPUpld.cab O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://www.bobtv.fr/download/cfweb_www.bob..._instmodule.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{43FAAE42-E5FA-4E3E-B1DE-19BC22080894}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O21 - SSODL: zip - {81874533-d0f1-4258-903e-e7597c310ba2} - C:\WINDOWS\Installer\{81874533-d0f1-4258-903e-e7597c310ba2}\zip.dll O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 9495 bytes
- le 5 mars 2008
- 2 réponses
Trojan.Popuper, FTPCatcher, Generic

sveta50 a posté un sujet dans Analyses et éradication malwares

Bonjour mon antivirus me détecte plsusieurs Trojan dont je n'arrive pas à me débarasser. Rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:16:31, on 03/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\a-squared Anti-Dialer\a2adguard.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\a-squared Anti-Dialer\a2service.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [instantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: msn_0802_upd232001.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1204303190437 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://inthemix-gwen.spaces.live.com/Photo...ad/MsnPUpld.cab O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://www.bobtv.fr/download/cfweb_www.bob..._instmodule.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{43FAAE42-E5FA-4E3E-B1DE-19BC22080894}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O21 - SSODL: CDSetup - {ce139da9-56b5-4f4c-b6b0-aca7a8fbae54} - C:\WINDOWS\Installer\{ce139da9-56b5-4f4c-b6b0-aca7a8fbae54}\CDSetup.dll O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: ntsvc32k - Unknown owner - C:\Program Files\Fichiers communs\System\ntsvc32k.exe O23 - Service: RDPsvc2 - Unknown owner - C:\Program Files\Fichiers communs\System\RDPsvc2.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 9831 bytes Rapport Combofix : ComboFix 08-03-03.12 - isabelle 2008-03-03 19:30:31.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.104 [GMT 1:00] Endroit: C:\Documents and Settings\isabelle\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\wsnpoem . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))))))) . 2008-03-03 17:59 . 2008-03-03 17:59 933 --a------ C:\Program Files\tmp561468.exe 2008-03-03 17:54 . 2008-03-03 17:54 16,600 --a------ C:\Program Files\tmp264921.exe 2008-03-03 17:54 . 2008-03-03 17:54 16,572 --a------ C:\Program Files\tmp264812.exe 2008-03-03 17:54 . 2008-03-03 17:54 16,472 --a------ C:\Program Files\tmp264828.exe 2008-03-03 17:54 . 2008-03-03 17:54 13,508 --a------ C:\Program Files\tmp287843.exe 2008-03-03 17:54 . 2008-03-03 17:54 13,428 --a------ C:\Program Files\tmp264781.exe 2008-03-03 12:42 . 2008-03-03 12:42 <REP> d-------- C:\ComboFix[1] 2008-03-03 11:56 . 2008-03-03 11:56 933 --a------ C:\Program Files\tmp363859.exe 2008-03-03 11:46 . 2008-03-03 11:46 933 --a------ C:\Program Files\tmp314656.exe 2008-03-03 11:45 . 2008-03-03 11:45 16,604 --a------ C:\Program Files\tmp311546.exe 2008-03-03 11:45 . 2008-03-03 11:45 13,524 --a------ C:\Program Files\tmp312625.exe 2008-03-03 11:45 . 2008-03-03 11:45 13,508 --a------ C:\Program Files\tmp312671.exe 2008-03-03 11:45 . 2008-03-03 11:45 13,496 --a------ C:\Program Files\tmp312890.exe 2008-03-03 11:45 . 2008-03-03 11:45 933 --a------ C:\Program Files\tmp313578.exe 2008-03-02 15:40 . 2008-03-02 15:40 16,480 --a------ C:\Program Files\tmp2017062.exe 2008-03-02 15:39 . 2008-03-02 15:39 16,648 --a------ C:\Program Files\tmp2014484.exe 2008-03-02 15:39 . 2008-03-02 15:39 16,532 --a------ C:\Program Files\tmp2014421.exe 2008-03-02 15:39 . 2008-03-02 15:39 13,512 --a------ C:\Program Files\tmp2014390.exe 2008-03-02 15:39 . 2008-03-02 15:39 13,432 --a------ C:\Program Files\tmp2014296.exe 2008-03-02 15:39 . 2008-03-02 15:39 13,420 --a------ C:\Program Files\tmp2015093.exe 2008-03-01 15:19 . 2008-03-01 15:19 933 --a------ C:\Program Files\tmp2051562.exe 2008-03-01 15:19 . 2008-03-01 15:19 933 --a------ C:\Program Files\tmp2049328.exe 2008-03-01 15:19 . 2008-03-01 15:19 933 --a------ C:\Program Files\tmp2048921.exe 2008-03-01 15:19 . 2008-03-01 15:19 933 --a------ C:\Program Files\tmp2048734.exe 2008-03-01 15:19 . 2008-03-01 15:19 933 --a------ C:\Program Files\tmp2048687.exe 2008-03-01 15:19 . 2008-03-01 15:19 933 --a------ C:\Program Files\tmp2047812.exe 2008-03-01 15:19 . 2008-03-01 15:19 933 --a------ C:\Program Files\tmp2033578.exe 2008-03-01 13:36 . 2008-03-01 13:36 <REP> d-------- C:\Program Files\CCleaner 2008-02-29 22:06 . 2008-02-29 22:06 <REP> d-------- C:\Program Files\Trend Micro 2008-02-29 21:32 . 2008-03-03 12:04 <REP> d-------- C:\Program Files\Spyware Doctor 2008-02-29 21:32 . 2008-02-29 21:32 <REP> d-------- C:\Documents and Settings\isabelle\Application Data\PC Tools 2008-02-29 21:32 . 2008-03-03 18:45 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-02-29 21:32 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-02-29 21:32 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-02-29 21:32 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-02-29 21:32 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-02-29 21:12 . 2008-02-29 21:12 933 --a------ C:\Program Files\tmp287218.exe 2008-02-29 20:58 . 2008-02-29 20:58 <REP> d-------- C:\Program Files\CleanUp! 2008-02-29 20:55 . 2008-02-29 20:55 933 --a------ C:\Program Files\tmp266000.exe 2008-02-29 19:12 . 2008-02-29 19:12 933 --a------ C:\Program Files\tmp260000.exe 2008-02-29 18:35 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-02-29 18:35 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-02-29 18:35 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-02-29 18:34 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-02-29 18:34 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-02-29 18:23 . 2008-02-29 18:23 <REP> d--h----- C:\WINDOWS\PIF 2008-02-29 17:06 . 2008-02-29 17:06 933 --a------ C:\Program Files\tmp283593.exe 2008-02-29 17:06 . 2008-02-29 17:06 933 --a------ C:\Program Files\tmp283546.exe 2008-02-29 17:06 . 2008-02-29 17:06 933 --a------ C:\Program Files\tmp283531.exe 2008-02-29 11:27 . 2008-02-29 11:28 <REP> d-------- C:\Program Files\a-squared Anti-Dialer 2008-02-29 11:22 . 2008-03-01 16:35 <REP> d-------- C:\Program Files\a-squared Free 2008-02-29 11:03 . 2008-02-29 11:27 <REP> d-------- C:\Program Files\a-squared Anti-Malware 2008-02-29 00:46 . 2008-02-29 00:46 <REP> d-------- C:\Documents and Settings\isabelle\Application Data\Uniblue 2008-02-28 23:59 . 2008-02-28 23:59 35,845 --a------ C:\Program Files\tmp274546.exe 2008-02-28 23:59 . 2008-02-28 23:59 35,845 --a------ C:\Program Files\tmp274531.exe 2008-02-28 23:59 . 2008-02-28 23:59 35,845 --a------ C:\Program Files\tmp274500.exe 2008-02-28 23:59 . 2008-02-28 23:59 35,845 --a------ C:\Program Files\tmp273625.exe 2008-02-28 23:50 . 2008-02-28 23:50 0 --a------ C:\WINDOWS\system32\lich.dat 2008-02-28 23:04 . 2008-02-28 23:04 <REP> d-------- C:\Program Files\NetProject 2008-02-27 17:44 . 2008-02-27 17:44 <REP> d-------- C:\Documents and Settings\isabelle\Application Data\AdobeUM 2008-02-14 15:45 . 2008-02-14 15:45 <REP> d-------- C:\Program Files\LexarMedia 2008-02-04 12:29 . 2008-02-04 12:29 <REP> d-------- C:\Documents and Settings\isabelle\Application Data\Camfrog 2008-02-04 12:27 . 2008-02-04 13:36 <REP> d-------- C:\Program Files\Camfrog . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-03 18:31 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2008-03-02 17:41 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater 2008-02-29 20:01 --------- d-----w C:\Program Files\eMule 2008-02-26 17:34 --------- d-----w C:\Documents and Settings\isabelle\Application Data\StarOffice8 2008-02-24 17:34 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-10 16:18 --------- d-----w C:\Documents and Settings\isabelle\Application Data\Skype 2008-02-02 19:36 29,017,528 ----a-w C:\FileFormatConverters.exe 2008-02-02 19:36 --------- d-----w C:\Program Files\MSECache 2008-02-02 18:41 --------- d-----w C:\Documents and Settings\isabelle\Application Data\OpenOffice.org2 2008-01-31 16:57 --------- d-----w C:\Program Files\Abacalc 2008-01-12 17:53 --------- d-----w C:\Program Files\AxBx 2008-01-11 16:46 --------- d-----w C:\Program Files\Abalect 2008-01-08 10:29 --------- d-----w C:\Program Files\Fichiers communs\snp2std 2008-01-08 10:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-26 09:28 20 ---h--w C:\DOCUME~1\ALLUSE~1\APPLIC~1\PKP_DLec.DAT 2007-12-26 09:28 20 ---h--w C:\DOCUME~1\ALLUSE~1\APPLIC~1\PKP_DLds.DAT 2007-12-12 18:20 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2007-12-12 18:20 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2007-12-07 10:36 48 ----a-w C:\Program Files\AbalectRécents.dat 2007-12-04 20:34 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-12-04 20:34 253,952 ------w C:\WINDOWS\Setup1.exe 2007-10-03 16:53 24,536,608 ----a-w C:\Program Files\adberdr810_fr_fr.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040] "MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 08:56 278528] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:07 1667584] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 13:52 868352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTrayp"="VTtrayp.exe" [2005-11-04 05:15 163840 C:\WINDOWS\system32\VTTrayp.exe] "VTTimer"="VTTimer.exe" [2005-03-11 04:33 53248 C:\WINDOWS\system32\VTTimer.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496] "RTHDCPL"="RTHDCPL.EXE" [2006-09-12 02:58 16264192 C:\WINDOWS\RTHDCPL.exe] "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 15:20 22528] "InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [1998-07-07 15:04 37376] "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-09-20 22:45 290816] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 14:49 69632] "SkyTel"="SkyTel.EXE" [2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048] "a-squared"="C:\Program Files\a-squared Anti-Dialer\a2adguard.exe" [2007-07-16 21:48 1334272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 15:20 22528] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696] msn_0802_upd232001.exe [2008-03-03 11:57:33 933] NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-09-21 14:47:20 118784] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-10 20:28:26 126136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "CDSetup"= {ce139da9-56b5-4f4c-b6b0-aca7a8fbae54} - C:\WINDOWS\Installer\{ce139da9-56b5-4f4c-b6b0-aca7a8fbae54}\CDSetup.dll [2008-02-28 23:54 19066] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 bdftdif;BitDefender Firewall TDI Filter;C:\Program Files\Fichiers communs\Softwin\BitDefender Firewall\bdftdif.sys [2007-02-02 16:41] R2 a2AntiDialer;a-squared Anti-Dialer Service;"C:\Program Files\a-squared Anti-Dialer\a2service.exe" [2007-08-31 20:24] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-02-02 16:40] R3 winmgt32k;winmgt32k;C:\Program Files\Fichiers communs\System\winmgt32k.dll [2008-03-03 19:26] S2 ntsvc32k;ntsvc32k;C:\Program Files\Fichiers communs\System\ntsvc32k.exe [2008-02-28 23:48] S2 RDPsvc2;RDPsvc2;C:\Program Files\Fichiers communs\System\RDPsvc2.exe [2008-02-28 23:49] S3 P1001VID;Creative WebCam (WDM);C:\WINDOWS\system32\DRIVERS\P1001Vid.sys [2002-01-30 03:25] S3 sysvideo32;sysvideo32;C:\Program Files\Fichiers communs\System\sysvideo32.dll [2008-03-03 19:26] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-12-23 18:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83eec3c1-67a5-11dc-a6ae-806d6172696f}] \Shell\AutoRun\command - D:\Autorun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-03 19:32:30 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\sockspy.dll PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\WINDOWS\system32\sockspy.dll . Temps d'accomplissement: 2008-03-03 19:33:37 ComboFix-quarantined-files.txt 2008-03-03 18:33:35 Merci pour votre aide
- le 3 mars 2008
- 2 réponses

Connexion

sveta50

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par sveta50

Trojan.Popuper, FTPCatcher, Generic

Trojan.Popuper, FTPCatcher, Generic

Zebulon

Outils en ligne

Naviguer