

camomille
Membres-
Compteur de contenus
15 -
Inscription
-
Dernière visite
camomille's Achievements

Junior Member (3/12)
0
Réputation sur la communauté
-
Trojan key logger
camomille a répondu à un(e) sujet de camomille dans Analyses et éradication malwares
[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\Combofix.txt: trouvé ! C:\lopR.txt: trouvé ! C:\Lop SD: trouvé ! C:\Qoobox: trouvé ! C:\Documents and Settings\Amodali\Bureau\ComboFix.exe: trouvé ! C:\Documents and Settings\Amodali\Bureau\HijackThis.exe: trouvé ! C:\Documents and Settings\Amodali\Bureau\hijackthis.log: trouvé ! C:\Documents and Settings\Amodali\Bureau\SmitFraudfix: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\Amodali\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !! C:\Documents and Settings\Amodali\Bureau\HijackThis.exe: supprimé ! C:\Combofix.txt: supprimé ! C:\lopR.txt: supprimé ! C:\Documents and Settings\Amodali\Bureau\hijackthis.log: supprimé ! C:\Lop SD: supprimé ! C:\Qoobox: supprimé ! C:\Documents and Settings\Amodali\Bureau\SmitFraudfix: supprimé ! -
Trojan key logger
camomille a répondu à un(e) sujet de camomille dans Analyses et éradication malwares
comment puis je enlever les fichiers? -
Trojan key logger
camomille a répondu à un(e) sujet de camomille dans Analyses et éradication malwares
je n avais pas enregsitrer le log de cette nuit, j ai du refaire le scan donc voilà, 7h plus tard Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1230 Windows 5.1.2600 Service Pack 3 06/10/2008 21:54:07 mbam-log-2008-10-06 (21-53-59).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 123047 Temps écoulé: 7 hour(s), 9 minute(s), 40 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\System Volume Information\_restore{6B771448-E7E2-4A70-BFD4-E6E3B9C88C54}\RP148\A0013607.exe (Trojan.Downloader) -> No action taken. C:\System Volume Information\_restore{6B771448-E7E2-4A70-BFD4-E6E3B9C88C54}\RP92\A0009584.exe (Rogue.Fake!emule.exe) -> No action taken. -
Trojan key logger
camomille a répondu à un(e) sujet de camomille dans Analyses et éradication malwares
J étais en train de tester et visibement, plus rien de fait irruption... je fais le dernier check -
Trojan key logger
camomille a répondu à un(e) sujet de camomille dans Analyses et éradication malwares
ComboFix 08-10-04.07 - Amodali 2008-10-05 21:14:58.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.706 [GMT 2:00] Lancé depuis: C:\Documents and Settings\Amodali\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\Amodali\Bureau\CFScript.txt * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\Documents and Settings\All Users\Application Data\pwnmvixu\xifyrqpc.exe C:\Program Files\uqbjlwd\AplWin.dll C:\WINDOWS\system32\dgtyhuxq.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\pwnmvixu C:\Documents and Settings\All Users\Application Data\pwnmvixu\xifyrqpc.exe C:\Program Files\uqbjlwd C:\Program Files\uqbjlwd\AplWin.dll C:\WINDOWS\system32\dgtyhuxq.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 )))))))))))))))))))))))))))))))))))) . 2008-10-05 19:33 . 2008-10-05 20:01 2,820 --a------ C:\WINDOWS\system32\tmp.reg 2008-10-05 18:12 . 2008-10-05 18:54 <REP> d-------- C:\Lop SD 2008-10-05 17:42 . 2008-10-05 17:42 <REP> d-------- C:\rsit 2008-10-05 16:59 . 2008-10-05 17:16 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-05 16:58 . 2008-10-05 16:58 <REP> d-------- C:\Program Files\Enigma Software Group 2008-10-05 16:35 . 2008-10-05 16:35 1,152 --a------ C:\WINDOWS\system32\windrv.sys 2008-10-05 16:30 . 2008-10-05 16:32 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-10-05 16:25 . 2008-10-05 16:25 <REP> d-------- C:\Program Files\Sophos 2008-10-05 16:23 . 2008-06-23 18:28 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-10-05 16:23 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-10-05 16:23 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-10-05 16:23 . 2008-06-23 18:28 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-10-05 16:23 . 2008-06-23 18:28 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-10-05 16:23 . 2008-05-01 16:36 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-10-05 16:23 . 2008-06-23 18:28 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-10-05 16:23 . 2008-06-23 18:28 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-10-05 16:23 . 2008-06-23 18:28 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-10-05 16:23 . 2008-06-23 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-10-05 16:22 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-10-05 16:14 . 2008-07-18 22:09 29,896 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-10-05 15:15 . 2008-10-05 15:15 91 --a------ C:\WINDOWS\wininit.ini 2008-10-05 14:48 . 2008-10-05 17:26 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-10-05 14:48 . 2008-10-05 17:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-05 13:41 . 2008-10-05 13:41 <REP> d-------- C:\Program Files\Lavasoft 2008-10-05 13:41 . 2008-10-05 13:41 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-10-05 13:41 . 2008-10-05 13:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-10-02 21:34 . 2008-10-02 21:34 <REP> d-------- C:\Program Files\iTunes 2008-10-02 21:34 . 2008-10-02 21:34 <REP> d-------- C:\Program Files\iPod 2008-10-02 21:34 . 2008-10-02 21:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-02 21:33 . 2008-10-02 21:33 <REP> d-------- C:\Program Files\Bonjour 2008-10-02 21:32 . 2008-10-02 21:32 <REP> d-------- C:\Program Files\QuickTime 2008-09-23 17:38 . 2008-09-23 17:58 <REP> d-------- C:\Program Files\Sonic Foundry Noise Reduction Plug-In 2008-09-23 17:38 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-09-18 12:18 . 2008-09-19 16:28 <REP> d-------- C:\Documents and Settings\Amodali\Application Data\vlc 2008-09-17 11:40 . 2008-09-17 11:40 <REP> d-------- C:\Program Files\Western Digital 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-05 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-05 14:17 --------- d-----w C:\Program Files\Java 2008-10-05 10:36 --------- d-----w C:\Documents and Settings\Amodali\Application Data\uTorrent 2008-10-04 21:30 --------- d-----w C:\Documents and Settings\Amodali\Application Data\FileZilla 2008-10-02 19:46 --------- d-----w C:\Program Files\Apple Software Update 2008-09-23 15:36 --------- d-----w C:\Program Files\Sony 2008-08-17 09:36 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-09 19:21 --------- d-----w C:\Program Files\eMule . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-15 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-15 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-15 118784] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "MagicKeyboard"="C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 151552] "DMHotKey"="C:\Program Files\Samsung\DisplayManager\DMLoader.exe" [2005-11-23 356352] "DisplayManager"="C:\Program Files\Samsung\DisplayManager\DisplayManager.exe" [2006-05-03 413696] "AVStation Premium 3.75"="C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe" [2006-07-14 159744] "BatteryManager"="C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2006-06-20 2764800] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-20 185896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 C:\WINDOWS\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-20 110592] BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2005-09-19 581693] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=MsgPlusLoader.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys [2006-06-23 10112] R2 DOSMEMIO;MEMIO;C:\WINDOWS\system32\MEMIO.SYS [2005-12-22 4300] R2 SNM WLAN Service;SNM WLAN Service;C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe [2005-05-28 36864] R2 SRS_PostInstaller;SRS PostInstaller Service;C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [2005-11-28 31744] R3 wowfilter;WOW XT Filter Driver;C:\WINDOWS\system32\drivers\wowfilter.sys [2005-11-28 19456] S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\B4.tmp [ ] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93e56292-849c-11dd-ae95-00137727a8d6}] \Shell\AutoRun\command - E:\wdsync.exe . Contenu du dossier 'Tâches planifiées' 2008-10-02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-10-05 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FC634178-57F0-4696-B194-1C5BA9867D50}.job - C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-05 21:18:11 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\C:\WINDOWS\system32\B4.tmp" . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Samsung\MagicKBD\MagicKBD.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTStackServer.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\ComboFix\pv.cfexe . ************************************************************************** . Heure de fin: 2008-10-05 21:21:41 - La machine a redémarré ComboFix-quarantined-files.txt 2008-10-05 19:21:37 ComboFix2.txt 2008-10-05 18:10:58 Avant-CF: 20 070 273 024 octets libres Après-CF: 20,204,724,224 octets libres 177 --- E O F --- 2008-07-23 17:26:17 -
Trojan key logger
camomille a répondu à un(e) sujet de camomille dans Analyses et éradication malwares
ComboFix 08-10-04.07 - Amodali 2008-10-05 20:04:40.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.645 [GMT 2:00] Lancé depuis: C:\Documents and Settings\Amodali\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Amodali\Cookies\amodali@aniscartujo[1].txt C:\Documents and Settings\Amodali\Cookies\amodali@edt02[3].txt C:\Documents and Settings\Amodali\Cookies\amodali@esearchvision[2].txt C:\Documents and Settings\Amodali\Cookies\amodali@revsci[3].txt C:\Documents and Settings\Amodali\Cookies\amodali@serving-sys[1].txt C:\Documents and Settings\Amodali\Cookies\amodali@specificclick[3].txt C:\Documents and Settings\Amodali\Cookies\amodali@trafiz[2].txt C:\Documents and Settings\Amodali\Cookies\amodali@www.etam[2].txt C:\Documents and Settings\Amodali\Cookies\amodali@www.pixmania[2].txt C:\Documents and Settings\Amodali\Cookies\amodali@wysistat[2].txt . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MCHINJDRV ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 )))))))))))))))))))))))))))))))))))) . 2008-10-05 19:33 . 2008-10-05 20:01 2,820 --a------ C:\WINDOWS\system32\tmp.reg 2008-10-05 18:12 . 2008-10-05 18:54 <REP> d-------- C:\Lop SD 2008-10-05 17:42 . 2008-10-05 17:42 <REP> d-------- C:\rsit 2008-10-05 16:59 . 2008-10-05 17:16 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-05 16:58 . 2008-10-05 16:58 <REP> d-------- C:\Program Files\Enigma Software Group 2008-10-05 16:35 . 2008-10-05 16:35 1,152 --a------ C:\WINDOWS\system32\windrv.sys 2008-10-05 16:30 . 2008-10-05 16:32 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-10-05 16:25 . 2008-10-05 16:25 <REP> d-------- C:\Program Files\Sophos 2008-10-05 16:23 . 2008-06-23 18:28 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-10-05 16:23 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-10-05 16:23 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-10-05 16:23 . 2008-06-23 18:28 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-10-05 16:23 . 2008-06-23 18:28 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-10-05 16:23 . 2008-05-01 16:36 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-10-05 16:23 . 2008-06-23 18:28 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-10-05 16:23 . 2008-06-23 18:28 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-10-05 16:23 . 2008-06-23 18:28 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-10-05 16:23 . 2008-06-23 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-10-05 16:22 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-10-05 16:14 . 2008-07-18 22:09 29,896 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-10-05 15:15 . 2008-10-05 15:15 91 --a------ C:\WINDOWS\wininit.ini 2008-10-05 14:48 . 2008-10-05 17:26 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-10-05 14:48 . 2008-10-05 17:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-05 13:41 . 2008-10-05 13:41 <REP> d-------- C:\Program Files\Lavasoft 2008-10-05 13:41 . 2008-10-05 13:41 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-10-05 13:41 . 2008-10-05 13:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-10-05 12:31 . 2008-10-05 12:31 <REP> d-------- C:\Program Files\uqbjlwd 2008-10-05 12:31 . 2008-10-05 12:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\pwnmvixu 2008-10-05 12:31 . 2008-10-05 12:31 94,208 --a------ C:\WINDOWS\system32\dgtyhuxq.exe 2008-10-02 21:34 . 2008-10-02 21:34 <REP> d-------- C:\Program Files\iTunes 2008-10-02 21:34 . 2008-10-02 21:34 <REP> d-------- C:\Program Files\iPod 2008-10-02 21:34 . 2008-10-02 21:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-02 21:33 . 2008-10-02 21:33 <REP> d-------- C:\Program Files\Bonjour 2008-10-02 21:32 . 2008-10-02 21:32 <REP> d-------- C:\Program Files\QuickTime 2008-09-23 17:38 . 2008-09-23 17:58 <REP> d-------- C:\Program Files\Sonic Foundry Noise Reduction Plug-In 2008-09-23 17:38 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-09-18 12:18 . 2008-09-19 16:28 <REP> d-------- C:\Documents and Settings\Amodali\Application Data\vlc 2008-09-17 11:40 . 2008-09-17 11:40 <REP> d-------- C:\Program Files\Western Digital 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-05 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-05 14:17 --------- d-----w C:\Program Files\Java 2008-10-05 10:36 --------- d-----w C:\Documents and Settings\Amodali\Application Data\uTorrent 2008-10-04 21:30 --------- d-----w C:\Documents and Settings\Amodali\Application Data\FileZilla 2008-10-02 19:46 --------- d-----w C:\Program Files\Apple Software Update 2008-09-23 15:36 --------- d-----w C:\Program Files\Sony 2008-08-17 09:36 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-09 19:21 --------- d-----w C:\Program Files\eMule . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "HlpChk"="C:\WINDOWS\system32\dgtyhuxq.exe" [2008-10-05 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-15 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-15 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-15 118784] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "MagicKeyboard"="C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 151552] "DMHotKey"="C:\Program Files\Samsung\DisplayManager\DMLoader.exe" [2005-11-23 356352] "DisplayManager"="C:\Program Files\Samsung\DisplayManager\DisplayManager.exe" [2006-05-03 413696] "AVStation Premium 3.75"="C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe" [2006-07-14 159744] "BatteryManager"="C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2006-06-20 2764800] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-20 185896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 C:\WINDOWS\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-20 110592] BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2005-09-19 581693] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "AplWin"= {2E5A65BB-B055-C0DD-0118-09975F2EE086} - C:\Program Files\uqbjlwd\AplWin.dll [2008-10-05 147456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=MsgPlusLoader.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys [2006-06-23 10112] R2 DOSMEMIO;MEMIO;C:\WINDOWS\system32\MEMIO.SYS [2005-12-22 4300] R2 SNM WLAN Service;SNM WLAN Service;C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe [2005-05-28 36864] R2 SRS_PostInstaller;SRS PostInstaller Service;C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [2005-11-28 31744] R3 wowfilter;WOW XT Filter Driver;C:\WINDOWS\system32\drivers\wowfilter.sys [2005-11-28 19456] S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\B4.tmp [ ] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93e56292-849c-11dd-ae95-00137727a8d6}] \Shell\AutoRun\command - E:\wdsync.exe . Contenu du dossier 'Tâches planifiées' 2008-10-02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-10-05 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FC634178-57F0-4696-B194-1C5BA9867D50}.job - C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36] . . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\Amodali\Application Data\Mozilla\Firefox\Profiles\j537nf9w.default\ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-05 20:07:20 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... C:\Documents and Settings\Amodali\Local Settings\Application Data\Microsoft\Messenger\melle_amodali@hotmail.fr\SharingMetadata\Working\database_F0D8_7F98_D87F_5BB2\fsrtmp.log 131072 bytes Scan terminé avec succès Fichiers cachés: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\C:\WINDOWS\system32\B4.tmp" . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Samsung\MagicKBD\MagicKBD.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTStackServer.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\ehome\ehmsas.exe C:\ComboFix\pv.cfexe . ************************************************************************** . Heure de fin: 2008-10-05 20:10:57 - La machine a redémarré ComboFix-quarantined-files.txt 2008-10-05 18:10:54 Avant-CF: 20 191 768 576 octets libres Après-CF: 20,229,410,816 octets libres 194 --- E O F --- 2008-07-23 17:26:17 -
Trojan key logger
camomille a répondu à un(e) sujet de camomille dans Analyses et éradication malwares
SmitFraudFix v2.356 Rapport fait à 20:00:54,82, 05/10/2008 Executé à partir de C:\Documents and Settings\Amodali\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel® PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets DNS Server Search Order: 212.27.40.241 DNS Server Search Order: 212.27.40.240 HKLM\SYSTEM\CCS\Services\Tcpip\..\{EFCF2662-F4E6-4A81-B069-E38571D0141A}: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS1\Services\Tcpip\..\{EFCF2662-F4E6-4A81-B069-E38571D0141A}: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS3\Services\Tcpip\..\{EFCF2662-F4E6-4A81-B069-E38571D0141A}: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin -
Trojan key logger
camomille a répondu à un(e) sujet de camomille dans Analyses et éradication malwares
SmitFraudFix v2.356 Rapport fait à 19:33:12,84, 05/10/2008 Executé à partir de C:\Documents and Settings\Amodali\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Samsung\DisplayManager\DisplayManager.exe C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\dgtyhuxq.exe C:\Program Files\Samsung\DisplayManager\dmhkcore.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\Amodali\Bureau\SmitfraudFix\Policies.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Amodali »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Amodali\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Amodali\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="MsgPlusLoader.dll" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel® PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets DNS Server Search Order: 212.27.40.241 DNS Server Search Order: 212.27.40.240 HKLM\SYSTEM\CCS\Services\Tcpip\..\{EFCF2662-F4E6-4A81-B069-E38571D0141A}: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS1\Services\Tcpip\..\{EFCF2662-F4E6-4A81-B069-E38571D0141A}: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS3\Services\Tcpip\..\{EFCF2662-F4E6-4A81-B069-E38571D0141A}: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin -
Trojan key logger
camomille a répondu à un(e) sujet de camomille dans Analyses et éradication malwares
C:\Program Files\uqbjlwd\AplWin.dll bingo http://www.virustotal.com/fr/analisis/818b...61dc44c27fe3952 C:\Documents and Settings\Amodali\Bureau\Amodali.exe http://www.virustotal.com/fr/analisis/b67f...63450c094918ac7 C:\WINDOWS\system32\dgtyhuxq.exe bingo http://www.virustotal.com/fr/analisis/fe8b...300c05a6202e58f C:\Documents and Settings\All Users\Application Data\pwnmvixu\xifyrqpc.exe bingo http://www.virustotal.com/fr/analisis/7b74...b66c6e02a3b4c89 carton plein -
Trojan key logger
camomille a répondu à un(e) sujet de camomille dans Analyses et éradication malwares
--------------------\\ Lop S&D 4.2.4-5 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Core2 CPU T5500 @ 1.66GHz ) BIOS : Phoenix FirstBIOS Notebook Pro Version 2.0 05SD USER : Amodali ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total : 101 Go Free : 18 Go D:\ (CD or DVD) "C:\Lop SD" ( MAJ : 02-10-2008|23:42 ) Option : [2] ( 05/10/2008|18:53 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION Supprime! - C:\DOCUME~1\Amodali\Cookies\amodali@advertstream[1].txt Supprime! - C:\DOCUME~1\Amodali\Cookies\amodali@adultfriendfinder[2].txt Supprime! - C:\DOCUME~1\Amodali\Cookies\amodali@advertising[2].txt Supprime! - C:\DOCUME~1\Amodali\Cookies\amodali@advertising[3].txt Supprime! - C:\DOCUME~1\Amodali\Cookies\amodali@advertising[4].txt Supprime! - C:\DOCUME~1\Amodali\Cookies\amodali@adopt.euroclick[1].txt Supprime! - C:\DOCUME~1\Amodali\Cookies\amodali@adopt.euroclick[2].txt Supprime! - C:\DOCUME~1\Amodali\Cookies\amodali@adopt.euroclick[3].txt Supprime! - C:\DOCUME~1\Amodali\Cookies\amodali@partypoker[2].txt Supprime! - C:\DOCUME~1\Amodali\Cookies\amodali@2xmoinscher[2].txt Supprime! - C:\DOCUME~1\Amodali\Cookies\amodali@cc.2xmoinscher[1].txt Supprime! - C:\DOCUME~1\Amodali\Cookies\amodali@www.2xmoinscher[2].txt Supprime! - C:\DOCUME~1\Amodali\Cookies\amodali@888[1].txt \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [02/10/2008|21:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [20/07/2008|17:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [20/07/2008|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [20/07/2008|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [21/07/2008|20:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [20/07/2008|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [05/10/2008|13:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [20/07/2008|18:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia [20/07/2008|20:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [21/07/2008|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [05/10/2008|16:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [21/07/2008|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage [05/10/2008|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pwnmvixu [05/10/2008|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [20/07/2008|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [05/10/2008|17:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [20/07/2008|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [20/07/2008|20:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [27/07/2008|12:48] C:\DOCUME~1\Amodali\APPLIC~1\Adobe [23/07/2008|12:30] C:\DOCUME~1\Amodali\APPLIC~1\AdobeUM [26/07/2008|18:14] C:\DOCUME~1\Amodali\APPLIC~1\Apple Computer [27/07/2008|20:06] C:\DOCUME~1\Amodali\APPLIC~1\Arcsoft [21/07/2008|20:26] C:\DOCUME~1\Amodali\APPLIC~1\CyberLink [04/10/2008|23:30] C:\DOCUME~1\Amodali\APPLIC~1\FileZilla [25/07/2008|13:19] C:\DOCUME~1\Amodali\APPLIC~1\Google [05/10/2008|16:38] C:\DOCUME~1\Amodali\APPLIC~1\Help [20/07/2008|17:09] C:\DOCUME~1\Amodali\APPLIC~1\Identities [26/07/2008|18:57] C:\DOCUME~1\Amodali\APPLIC~1\Macromedia [02/08/2008|19:33] C:\DOCUME~1\Amodali\APPLIC~1\Microsoft [26/08/2008|14:25] C:\DOCUME~1\Amodali\APPLIC~1\Mozilla [21/07/2008|17:39] C:\DOCUME~1\Amodali\APPLIC~1\OpenOffice.org2 [20/07/2008|20:50] C:\DOCUME~1\Amodali\APPLIC~1\Publish Providers [19/08/2008|19:43] C:\DOCUME~1\Amodali\APPLIC~1\Real [20/07/2008|20:50] C:\DOCUME~1\Amodali\APPLIC~1\Sony [21/07/2008|10:54] C:\DOCUME~1\Amodali\APPLIC~1\Sun [20/07/2008|17:40] C:\DOCUME~1\Amodali\APPLIC~1\Symantec [05/10/2008|12:36] C:\DOCUME~1\Amodali\APPLIC~1\uTorrent [19/09/2008|16:28] C:\DOCUME~1\Amodali\APPLIC~1\vlc [20/07/2008|18:47] C:\DOCUME~1\Amodali\APPLIC~1\WinRAR [20/07/2008|16:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [20/07/2008|17:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [20/07/2008|17:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [20/07/2008|17:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [04/10/2008 19:49][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{FC634178-57F0-4696-B194-1C5BA9867D50}.job [02/10/2008 21:35][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [05/10/2008 17:28][--ah-----] C:\WINDOWS\tasks\SA.DAT [10/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [20/07/2008|19:24] C:\Program Files\Adobe [20/07/2008|17:14] C:\Program Files\Analog Devices [02/10/2008|21:46] C:\Program Files\Apple Software Update [20/07/2008|19:28] C:\Program Files\ArcSoft [02/10/2008|21:33] C:\Program Files\Bonjour [21/07/2008|18:09] C:\Program Files\CCleaner [20/07/2008|16:52] C:\Program Files\ComPlus Applications [21/07/2008|20:34] C:\Program Files\CopyLock2 [22/07/2008|10:16] C:\Program Files\CyberLink [09/08/2008|21:21] C:\Program Files\eMule [05/10/2008|16:58] C:\Program Files\Enigma Software Group [05/10/2008|13:41] C:\Program Files\Fichiers communs [20/07/2008|18:51] C:\Program Files\FileZilla FTP Client [25/07/2008|13:19] C:\Program Files\Google [21/07/2008|20:31] C:\Program Files\InstallShield Installation Information [20/07/2008|17:15] C:\Program Files\Intel [05/10/2008|17:24] C:\Program Files\Internet Explorer [02/10/2008|21:34] C:\Program Files\iPod [02/10/2008|21:34] C:\Program Files\iTunes [05/10/2008|16:17] C:\Program Files\Java [05/10/2008|13:41] C:\Program Files\Lavasoft [20/07/2008|18:49] C:\Program Files\Macromedia [05/10/2008|16:31] C:\Program Files\Messenger [20/07/2008|21:03] C:\Program Files\Messenger Plus! Live [20/07/2008|20:36] C:\Program Files\MessengerPlus! 3 [20/07/2008|18:37] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [20/07/2008|16:57] C:\Program Files\microsoft frontpage [21/07/2008|12:30] C:\Program Files\Microsoft Office [17/08/2008|11:36] C:\Program Files\Microsoft Silverlight [21/07/2008|12:30] C:\Program Files\Microsoft Visual Studio [21/07/2008|12:31] C:\Program Files\Microsoft Works [21/07/2008|12:29] C:\Program Files\Microsoft.NET [26/07/2008|20:47] C:\Program Files\MIKSOFT [20/07/2008|18:25] C:\Program Files\Movie Maker [01/09/2008|12:20] C:\Program Files\Mozilla Firefox [20/07/2008|16:49] C:\Program Files\MSN [20/07/2008|16:49] C:\Program Files\MSN Gaming Zone [20/07/2008|17:27] C:\Program Files\MSXML 4.0 [20/07/2008|18:23] C:\Program Files\NetMeeting [20/07/2008|16:52] C:\Program Files\Online Services [20/07/2008|18:23] C:\Program Files\Outlook Express [20/07/2008|17:29] C:\Program Files\PIC [20/07/2008|18:50] C:\Program Files\prog amo [02/10/2008|21:32] C:\Program Files\QuickTime [20/07/2008|19:35] C:\Program Files\Real [20/07/2008|17:29] C:\Program Files\Samsung [20/07/2008|16:54] C:\Program Files\Services en ligne [23/09/2008|17:58] C:\Program Files\Sonic Foundry Noise Reduction Plug-In [23/09/2008|17:36] C:\Program Files\Sony [20/07/2008|20:48] C:\Program Files\Sony Setup [05/10/2008|16:25] C:\Program Files\Sophos [05/10/2008|17:26] C:\Program Files\Spybot - Search & Destroy [20/07/2008|17:15] C:\Program Files\SRS Labs [20/07/2008|17:18] C:\Program Files\Synaptics [20/07/2008|17:09] C:\Program Files\Uninstall Information [05/10/2008|12:31] C:\Program Files\uqbjlwd [20/07/2008|20:32] C:\Program Files\uTorrent [21/07/2008|17:46] C:\Program Files\VideoLAN [20/07/2008|20:51] C:\Program Files\VSTplugins [17/09/2008|11:40] C:\Program Files\Western Digital [20/07/2008|17:16] C:\Program Files\WIDCOMM [20/07/2008|20:56] C:\Program Files\Windows Live [20/07/2008|17:30] C:\Program Files\Windows Media Player [20/07/2008|18:23] C:\Program Files\Windows NT [20/07/2008|16:51] C:\Program Files\Windows Plus [20/07/2008|16:55] C:\Program Files\WindowsUpdate [20/07/2008|18:47] C:\Program Files\WinRAR [20/07/2008|16:57] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [27/07/2008|12:49] C:\Program Files\Fichiers communs\Adobe [20/07/2008|19:13] C:\Program Files\Fichiers communs\Apple [20/07/2008|19:30] C:\Program Files\Fichiers communs\ArcSoft [21/07/2008|12:30] C:\Program Files\Fichiers communs\DESIGNER [20/07/2008|17:26] C:\Program Files\Fichiers communs\InstallShield [20/07/2008|17:02] C:\Program Files\Fichiers communs\Java [20/07/2008|17:18] C:\Program Files\Fichiers communs\LightScribe [20/07/2008|18:50] C:\Program Files\Fichiers communs\Macromedia [21/07/2008|12:30] C:\Program Files\Fichiers communs\Microsoft Shared [20/07/2008|16:54] C:\Program Files\Fichiers communs\MSSoap [20/07/2008|18:44] C:\Program Files\Fichiers communs\ODBC [20/07/2008|19:37] C:\Program Files\Fichiers communs\Real [20/07/2008|16:54] C:\Program Files\Fichiers communs\Services [20/07/2008|18:44] C:\Program Files\Fichiers communs\SpeechEngines [21/07/2008|12:27] C:\Program Files\Fichiers communs\System [20/07/2008|20:55] C:\Program Files\Fichiers communs\WindowsLiveInstaller [05/10/2008|13:41] C:\Program Files\Fichiers communs\Wise Installation Wizard [20/07/2008|19:37] C:\Program Files\Fichiers communs\xing shared --------------------\\ Process ( 59 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-05 18:54:00 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\Amodali\Cookies\amodali@downloadrapidsharecrackserial[1].txt C:\DOCUME~1\Amodali\Mes documents\Ma musique\div filles … passer\mars\covers\Marc_Almond_Sarah_Cracknell-I_Close_My_Eyes_And_Count_To_Ten_dustyspringfield.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\div filles … passer\these_are_powers_-_terrific_seasons_self-released_2007\these are powers - terrific seasons [self-released 2007]\03 cracks in the lifeline.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\div filles … passer\white_williams\white williams\09-white_williams-fleetwood_crack.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\A Sucked Orange-NWW\16 Crack Up.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\A Sucked Orange-NWW\20 Fade Crack Down.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\01 24-24.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\02 In the Shadows.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\03 Talking Time.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\04 Animation.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\05 Over and Over.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\06 Just Fascination.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\07 Why Kill Time (When You Can Kill Yourself).mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\08 Haiti.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\09 Crackdown.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\10 Diskono.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\11 Double Vision.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\12 Badge of Evil.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\13 Moscow.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\AlbumArtSmall.jpg C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\AlbumArt_{12D7F7B6-1C5E-407D-A256-CB091CFA37B2}_Large.jpg C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\AlbumArt_{12D7F7B6-1C5E-407D-A256-CB091CFA37B2}_Small.jpg C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\desktop.ini C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\Folder.jpg [F:135][D:8]-> C:\DOCUME~1\Amodali\LOCALS~1\Temp [F:2521][D:0]-> C:\DOCUME~1\Amodali\Cookies [F:4050][D:12]-> C:\DOCUME~1\Amodali\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 05/10/2008|18:14 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 05/10/2008|18:54 - Option : [2] --------------------\\ Fin du rapport a 18:54:38 h -
Trojan key logger
camomille a répondu à un(e) sujet de camomille dans Analyses et éradication malwares
tu peux me dire précisément lesquels? parce que les "crack" là Cracks & Keygens .. C:\DOCUME~1\Amodali\Cookies\amodali@downloadrapidsharecrackserial[1].txt C:\DOCUME~1\Amodali\Mes documents\Ma musique\div filles … passer\mars\covers\Marc_Almond_Sarah_Cracknell-I_Close_My_Eyes_And_Count_To_Ten_dustyspringfield.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\div filles … passer\these_are_powers_-_terrific_seasons_self-released_2007\these are powers - terrific seasons [self-released 2007]\03 cracks in the lifeline.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\div filles … passer\white_williams\white williams\09-white_williams-fleetwood_crack.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\A Sucked Orange-NWW\16 Crack Up.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\A Sucked Orange-NWW\20 Fade Crack Down.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\01 24-24.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\02 In the Shadows.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\03 Talking Time.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\04 Animation.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\05 Over and Over.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\06 Just Fascination.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\07 Why Kill Time (When You Can Kill Yourself).mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\08 Haiti.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\09 Crackdown.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\10 Diskono.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\11 Double Vision.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\12 Badge of Evil.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\13 Moscow.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\AlbumArtSmall.jpg C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\AlbumArt_{12D7F7B6-1C5E-407D-A256-CB091CFA37B2}_Large.jpg C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\AlbumArt_{12D7F7B6-1C5E-407D-A256-CB091CFA37B2}_Small.jpg C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\desktop.ini C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\Folder.jpg je n y vois que des fichier sons contenant l"crack" et qui ne ont que des titre d album, morceaux... Documents and Settings\Amodali\Bureau\Amodali.exe en fait a la gueule de l exe hijack mais a changé de nom... je vais suivre la procédure que tu m as indiquée -
Trojan key logger
camomille a répondu à un(e) sujet de camomille dans Analyses et éradication malwares
--------------------\\ Lop S&D 4.2.4-5 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Core2 CPU T5500 @ 1.66GHz ) BIOS : Phoenix FirstBIOS Notebook Pro Version 2.0 05SD USER : Amodali ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total : 101 Go Free : 18 Go D:\ (CD or DVD) "C:\Lop SD" ( MAJ : 02-10-2008|23:42 ) Option : [1] ( 05/10/2008|18:13 ) --------------------\\ Listing des dossiers dans APPLIC~1 [02/10/2008|21:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [20/07/2008|17:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [20/07/2008|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [20/07/2008|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [21/07/2008|20:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [20/07/2008|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [05/10/2008|13:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [20/07/2008|18:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia [20/07/2008|20:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [21/07/2008|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [05/10/2008|16:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [21/07/2008|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage [05/10/2008|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pwnmvixu [05/10/2008|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [20/07/2008|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [05/10/2008|17:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [20/07/2008|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [20/07/2008|20:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [27/07/2008|12:48] C:\DOCUME~1\Amodali\APPLIC~1\Adobe [23/07/2008|12:30] C:\DOCUME~1\Amodali\APPLIC~1\AdobeUM [26/07/2008|18:14] C:\DOCUME~1\Amodali\APPLIC~1\Apple Computer [27/07/2008|20:06] C:\DOCUME~1\Amodali\APPLIC~1\Arcsoft [21/07/2008|20:26] C:\DOCUME~1\Amodali\APPLIC~1\CyberLink [04/10/2008|23:30] C:\DOCUME~1\Amodali\APPLIC~1\FileZilla [25/07/2008|13:19] C:\DOCUME~1\Amodali\APPLIC~1\Google [05/10/2008|16:38] C:\DOCUME~1\Amodali\APPLIC~1\Help [20/07/2008|17:09] C:\DOCUME~1\Amodali\APPLIC~1\Identities [26/07/2008|18:57] C:\DOCUME~1\Amodali\APPLIC~1\Macromedia [02/08/2008|19:33] C:\DOCUME~1\Amodali\APPLIC~1\Microsoft [26/08/2008|14:25] C:\DOCUME~1\Amodali\APPLIC~1\Mozilla [21/07/2008|17:39] C:\DOCUME~1\Amodali\APPLIC~1\OpenOffice.org2 [20/07/2008|20:50] C:\DOCUME~1\Amodali\APPLIC~1\Publish Providers [19/08/2008|19:43] C:\DOCUME~1\Amodali\APPLIC~1\Real [20/07/2008|20:50] C:\DOCUME~1\Amodali\APPLIC~1\Sony [21/07/2008|10:54] C:\DOCUME~1\Amodali\APPLIC~1\Sun [20/07/2008|17:40] C:\DOCUME~1\Amodali\APPLIC~1\Symantec [05/10/2008|12:36] C:\DOCUME~1\Amodali\APPLIC~1\uTorrent [19/09/2008|16:28] C:\DOCUME~1\Amodali\APPLIC~1\vlc [20/07/2008|18:47] C:\DOCUME~1\Amodali\APPLIC~1\WinRAR [20/07/2008|16:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [20/07/2008|17:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [20/07/2008|17:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [20/07/2008|17:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [04/10/2008 19:49][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{FC634178-57F0-4696-B194-1C5BA9867D50}.job [02/10/2008 21:35][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [05/10/2008 17:28][--ah-----] C:\WINDOWS\tasks\SA.DAT [10/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [20/07/2008|19:24] C:\Program Files\Adobe [20/07/2008|17:14] C:\Program Files\Analog Devices [02/10/2008|21:46] C:\Program Files\Apple Software Update [20/07/2008|19:28] C:\Program Files\ArcSoft [02/10/2008|21:33] C:\Program Files\Bonjour [21/07/2008|18:09] C:\Program Files\CCleaner [20/07/2008|16:52] C:\Program Files\ComPlus Applications [21/07/2008|20:34] C:\Program Files\CopyLock2 [22/07/2008|10:16] C:\Program Files\CyberLink [09/08/2008|21:21] C:\Program Files\eMule [05/10/2008|16:58] C:\Program Files\Enigma Software Group [05/10/2008|13:41] C:\Program Files\Fichiers communs [20/07/2008|18:51] C:\Program Files\FileZilla FTP Client [25/07/2008|13:19] C:\Program Files\Google [21/07/2008|20:31] C:\Program Files\InstallShield Installation Information [20/07/2008|17:15] C:\Program Files\Intel [05/10/2008|17:24] C:\Program Files\Internet Explorer [02/10/2008|21:34] C:\Program Files\iPod [02/10/2008|21:34] C:\Program Files\iTunes [05/10/2008|16:17] C:\Program Files\Java [05/10/2008|13:41] C:\Program Files\Lavasoft [20/07/2008|18:49] C:\Program Files\Macromedia [05/10/2008|16:31] C:\Program Files\Messenger [20/07/2008|21:03] C:\Program Files\Messenger Plus! Live [20/07/2008|20:36] C:\Program Files\MessengerPlus! 3 [20/07/2008|18:37] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [20/07/2008|16:57] C:\Program Files\microsoft frontpage [21/07/2008|12:30] C:\Program Files\Microsoft Office [17/08/2008|11:36] C:\Program Files\Microsoft Silverlight [21/07/2008|12:30] C:\Program Files\Microsoft Visual Studio [21/07/2008|12:31] C:\Program Files\Microsoft Works [21/07/2008|12:29] C:\Program Files\Microsoft.NET [26/07/2008|20:47] C:\Program Files\MIKSOFT [20/07/2008|18:25] C:\Program Files\Movie Maker [01/09/2008|12:20] C:\Program Files\Mozilla Firefox [20/07/2008|16:49] C:\Program Files\MSN [20/07/2008|16:49] C:\Program Files\MSN Gaming Zone [20/07/2008|17:27] C:\Program Files\MSXML 4.0 [20/07/2008|18:23] C:\Program Files\NetMeeting [20/07/2008|16:52] C:\Program Files\Online Services [20/07/2008|18:23] C:\Program Files\Outlook Express [20/07/2008|17:29] C:\Program Files\PIC [20/07/2008|18:50] C:\Program Files\prog amo [02/10/2008|21:32] C:\Program Files\QuickTime [20/07/2008|19:35] C:\Program Files\Real [20/07/2008|17:29] C:\Program Files\Samsung [20/07/2008|16:54] C:\Program Files\Services en ligne [23/09/2008|17:58] C:\Program Files\Sonic Foundry Noise Reduction Plug-In [23/09/2008|17:36] C:\Program Files\Sony [20/07/2008|20:48] C:\Program Files\Sony Setup [05/10/2008|16:25] C:\Program Files\Sophos [05/10/2008|17:26] C:\Program Files\Spybot - Search & Destroy [20/07/2008|17:15] C:\Program Files\SRS Labs [20/07/2008|17:18] C:\Program Files\Synaptics [20/07/2008|17:09] C:\Program Files\Uninstall Information [05/10/2008|12:31] C:\Program Files\uqbjlwd [20/07/2008|20:32] C:\Program Files\uTorrent [21/07/2008|17:46] C:\Program Files\VideoLAN [20/07/2008|20:51] C:\Program Files\VSTplugins [17/09/2008|11:40] C:\Program Files\Western Digital [20/07/2008|17:16] C:\Program Files\WIDCOMM [20/07/2008|20:56] C:\Program Files\Windows Live [20/07/2008|17:30] C:\Program Files\Windows Media Player [20/07/2008|18:23] C:\Program Files\Windows NT [20/07/2008|16:51] C:\Program Files\Windows Plus [20/07/2008|16:55] C:\Program Files\WindowsUpdate [20/07/2008|18:47] C:\Program Files\WinRAR [20/07/2008|16:57] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [27/07/2008|12:49] C:\Program Files\Fichiers communs\Adobe [20/07/2008|19:13] C:\Program Files\Fichiers communs\Apple [20/07/2008|19:30] C:\Program Files\Fichiers communs\ArcSoft [21/07/2008|12:30] C:\Program Files\Fichiers communs\DESIGNER [20/07/2008|17:26] C:\Program Files\Fichiers communs\InstallShield [20/07/2008|17:02] C:\Program Files\Fichiers communs\Java [20/07/2008|17:18] C:\Program Files\Fichiers communs\LightScribe [20/07/2008|18:50] C:\Program Files\Fichiers communs\Macromedia [21/07/2008|12:30] C:\Program Files\Fichiers communs\Microsoft Shared [20/07/2008|16:54] C:\Program Files\Fichiers communs\MSSoap [20/07/2008|18:44] C:\Program Files\Fichiers communs\ODBC [20/07/2008|19:37] C:\Program Files\Fichiers communs\Real [20/07/2008|16:54] C:\Program Files\Fichiers communs\Services [20/07/2008|18:44] C:\Program Files\Fichiers communs\SpeechEngines [21/07/2008|12:27] C:\Program Files\Fichiers communs\System [20/07/2008|20:55] C:\Program Files\Fichiers communs\WindowsLiveInstaller [05/10/2008|13:41] C:\Program Files\Fichiers communs\Wise Installation Wizard [20/07/2008|19:37] C:\Program Files\Fichiers communs\xing shared --------------------\\ Process ( 63 Processes ) iexplore.exe ~ [PID:1620] --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\Amodali\Cookies\amodali@advertstream[1].txt C:\DOCUME~1\Amodali\Cookies\amodali@adultfriendfinder[2].txt C:\DOCUME~1\Amodali\Cookies\amodali@advertising[2].txt C:\DOCUME~1\Amodali\Cookies\amodali@advertising[3].txt C:\DOCUME~1\Amodali\Cookies\amodali@advertising[4].txt C:\DOCUME~1\Amodali\Cookies\amodali@adopt.euroclick[1].txt C:\DOCUME~1\Amodali\Cookies\amodali@adopt.euroclick[2].txt C:\DOCUME~1\Amodali\Cookies\amodali@adopt.euroclick[3].txt C:\DOCUME~1\Amodali\Cookies\amodali@partypoker[2].txt C:\DOCUME~1\Amodali\Cookies\amodali@2xmoinscher[2].txt C:\DOCUME~1\Amodali\Cookies\amodali@cc.2xmoinscher[1].txt C:\DOCUME~1\Amodali\Cookies\amodali@www.2xmoinscher[2].txt C:\DOCUME~1\Amodali\Cookies\amodali@888[1].txt --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-05 18:13:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\Amodali\Cookies\amodali@downloadrapidsharecrackserial[1].txt C:\DOCUME~1\Amodali\Mes documents\Ma musique\div filles … passer\mars\covers\Marc_Almond_Sarah_Cracknell-I_Close_My_Eyes_And_Count_To_Ten_dustyspringfield.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\div filles … passer\these_are_powers_-_terrific_seasons_self-released_2007\these are powers - terrific seasons [self-released 2007]\03 cracks in the lifeline.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\div filles … passer\white_williams\white williams\09-white_williams-fleetwood_crack.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\A Sucked Orange-NWW\16 Crack Up.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\A Sucked Orange-NWW\20 Fade Crack Down.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\01 24-24.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\02 In the Shadows.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\03 Talking Time.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\04 Animation.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\05 Over and Over.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\06 Just Fascination.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\07 Why Kill Time (When You Can Kill Yourself).mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\08 Haiti.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\09 Crackdown.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\10 Diskono.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\11 Double Vision.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\12 Badge of Evil.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\13 Moscow.mp3 C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\AlbumArtSmall.jpg C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\AlbumArt_{12D7F7B6-1C5E-407D-A256-CB091CFA37B2}_Large.jpg C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\AlbumArt_{12D7F7B6-1C5E-407D-A256-CB091CFA37B2}_Small.jpg C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\desktop.ini C:\DOCUME~1\Amodali\Mes documents\Ma musique\divers\slsk\cabaret voltaire\the crackdown\Folder.jpg [F:136][D:8]-> C:\DOCUME~1\Amodali\LOCALS~1\Temp [F:2518][D:0]-> C:\DOCUME~1\Amodali\Cookies [F:2753][D:12]-> C:\DOCUME~1\Amodali\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 05/10/2008|18:14 - Option : [1] --------------------\\ Fin du rapport a 18:14:57 -
Trojan key logger
camomille a répondu à un(e) sujet de camomille dans Analyses et éradication malwares
c est parti -
Trojan key logger
camomille a répondu à un(e) sujet de camomille dans Analyses et éradication malwares
info.txt logfile of random's system information tool 1.04 2008-10-05 17:42:06 ======Uninstall list====== -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x40c anything -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop 6.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll" Adobe Reader 7.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000} Adobe SVG Viewer-->C:\WINDOWS\IsUn040c.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu" Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}\setup.exe" -l0x40c Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} AVStation Premium 3.75-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{BA7AF70A-F81B-40EF-9268-741A7DE3D608} /l1036 Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Correctif n° 2 pour Windows XP Édition Media Center 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" DisplayManager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -l0x9 -removeonly EasyBox-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A999CE76-D054-4684-80C7-53FC9243E019}\Setup.exe" -l0x40c Remove FileZilla Client 3.0.11.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Documents and Settings\Amodali\Bureau\HijackThis.exe" /uninstall Hotfix for Windows Media Format SDK (KB923198)-->"C:\WINDOWS\$NtUninstallKB923198$\spuninst\spuninst.exe" Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe" inook-v4-3 Screen Saver-->C:\WINDOWS\system32\inook-v4-3.scr /u Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2 iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634} J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000} Java 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Logiciel Intel® PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA} Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76} Magic Doctor-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}\Setup.exe" -l0x40c Remove Magic Keyboard-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD723E53-A42C-4702-AA04-1D74A0311590}\Setup.exe" -l0x9 Remove mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} MIKSOFT Mobile 3GP converter-->"C:\Program Files\MIKSOFT\Mobile 3GP converter\unins000.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour pour Lecteur Windows Media 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Samsung Battery Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}\Setup.exe" -l0x9 Remove Samsung Network Manager 2.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735} /l1036 Samsung Update Plus-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{685707A4-911C-468D-BFC4-64A50E5E3A0C} /l1036 Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Publisher 2007 (KB936646)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF} Security Update for the 2007 Microsoft Office System (KB936960)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86} SENS LT56ADW Modem-->agrsmdel Sonic Foundry Noise Reduction Plug-In 2.0a-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sonic Foundry Noise Reduction Plug-In\Uninst.isu" -c"C:\Program Files\Sonic Foundry Noise Reduction Plug-In\sfnrun.dll" -z"Noise Reduction Plug-In 2.0" Sony Sound Forge 8.0-->MsiExec.exe /X{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37} Sophos Anti-Rootkit 1.3.1-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Update for Office 2007 (KB932080)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7} Update for Office 2007 (KB934393)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15} Update for Outlook 2007 (KB937608)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E} Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456} Update for Word 2007 (KB934173)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475} User's Guide-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF99C14B-17C2-4994-B5C1-EB204A343A6F}\Setup.exe" Remove VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679} Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows XP Media Center Edition 2005 KB919803-->"C:\WINDOWS\$NtUninstallKB919803$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WOW XT and TSXT Filter Driver-->MsiExec.exe /X{A48A8684-A104-44DA-B3DF-0178A125D8D9} =====HijackThis Backups===== O4 - HKLM\..\Policies\Explorer\Run: [uIb70AyGOO] C:\Documents and Settings\All Users\Application Data\pwnmvixu\xifyrqpc.exe ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0f06 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip -----------------EOF----------------- Logfile of random's system information tool 1.04 (written by random/random) Run by Amodali at 2008-10-05 17:42:01 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 19 GB (19%) free of 104 GB Total RAM: 1014 MB (58% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:42:04, on 05/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Samsung\DisplayManager\DisplayManager.exe C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\dgtyhuxq.exe C:\Program Files\Samsung\DisplayManager\dmhkcore.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Documents and Settings\Amodali\Bureau\RSIT.exe C:\Documents and Settings\Amodali\Bureau\Amodali.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\DisplayManager\DMLoader.exe O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DisplayManager.exe O4 - HKLM\..\Run: [AVStation Premium 3.75] C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe O4 - HKLM\..\Run: [batteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [HlpChk] C:\WINDOWS\system32\dgtyhuxq.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1223216428890 O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://assets.photobox.com/assets/aurigma/...?20080814071732 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O21 - SSODL: AplWin - {2E5A65BB-B055-C0DD-0118-09975F2EE086} - C:\Program Files\uqbjlwd\AplWin.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing) O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:%5 -
bonjour à tous rien de bien original, j ai une fenêtre trojankeylogger blabla qui s ouvre intempestivement, me demandant de cliquer pour aller télécharger un antivirus... voilà mon log hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:59:35, on 05/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Samsung\DisplayManager\DisplayManager.exe C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Samsung\DisplayManager\dmhkcore.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\dgtyhuxq.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\WINDOWS\system32\igfxext.exe C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\Amodali\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myspace.com/index.cfm?fuseaction=user R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\DisplayManager\DMLoader.exe O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DisplayManager.exe O4 - HKLM\..\Run: [AVStation Premium 3.75] C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe O4 - HKLM\..\Run: [batteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [spybotDeletingA9857] command /c del "C:\WINDOWS\system32\smp\msrc.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC3984] cmd /c del "C:\WINDOWS\system32\smp\msrc.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [HlpChk] C:\WINDOWS\system32\dgtyhuxq.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [spybotDeletingB5577] command /c del "C:\WINDOWS\system32\smp\msrc.exe" O4 - HKCU\..\RunOnce: [spybotDeletingD26] cmd /c del "C:\WINDOWS\system32\smp\msrc.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://assets.photobox.com/assets/aurigma/...?20080814071732 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O21 - SSODL: AplWin - {2E5A65BB-B055-C0DD-0118-09975F2EE086} - C:\Program Files\uqbjlwd\AplWin.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing) O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe -- End of file - 10234 bytes