Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

vtsqo.dll

athars

Par athars
dans Analyses et éradication malwares

 Partager

Messages recommandés

athars Member

athars

Posté(e)
Posté(e)

bjr, mon pc tout neuf, n'arrete pas de chopper des aliens, je ne visite pas des sites de cul, pas de trorrente pas d'emule, comprends pas, j'ai entre autre cette dll: vtsqo.dll, dont le site virustotal.com me dit dangereuse et que je n'arrive pas a eradiquer et hijackthis ne peut pas effacer. Dell inspiron Win xp, McAfee security center plus: Asquared, Avg antispyware, Vundo fix; smithfraud.fix,combofix, spybot etc

je vous colle ici 2 logs si vous voulez bien m'aider:

Logfile of HijackThis v1.99.1

Scan saved at 13:25:52, on 06/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\McAfee\MSK\MskAgent.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\ZapNotes\zapNotesfr.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\wdfmgr.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6071126

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {95F696CA-EA7C-42A5-B957-3A728AB6A8BB} - C:\WINDOWS\system32\vtsqo.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [ZapNotes] C:\Program Files\ZapNotes\zapNotesfr.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

 

2 log

ComboFix 07-12-02.6 - giallurussu 2007-12-06 13:33:58.3 - NTFSx86 MINIMAL

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1780 [GMT 1:00]

Running from: C:\Documents and Settings\giallurussu\Bureau\ComboFix.exe

.

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-06 to 2007-12-06 ))))))))))))))))))))))))))))))))))))

.

 

2007-12-06 10:57 . 2007-12-06 10:57 <REP> d-a------ C:\WINDOWS\system32\vcmgcd32.dll

2007-12-06 10:57 . 2007-12-06 10:57 <REP> d-a------ C:\WINDOWS\system32\iifgfgf.dll

2007-12-06 10:57 . 2007-12-06 10:57 <REP> d-a------ C:\WINDOWS\rundll16.exe

2007-12-06 10:57 . 2007-12-06 10:57 <REP> d-a------ C:\WINDOWS\rundl132.dll

2007-12-06 10:57 . 2007-12-06 10:57 <REP> d-a------ C:\WINDOWS\logo1_.exe

2007-12-06 10:57 . 2007-12-06 10:57 50 --a------ C:\WINDOWS\Lic.xxx

2007-12-06 10:56 . 2004-08-05 13:00 153,088 --a------ C:\WINDOWS\R.COM

2007-12-06 10:56 . 2004-08-05 13:00 143,360 --a------ C:\WINDOWS\system32\T.COM

2007-12-06 10:32 . 2007-12-06 10:32 39,886,277 --a------ C:\WINDOWS\VPTNFILE.865

2007-12-06 10:32 . 2007-12-06 10:32 39,886,277 --a------ C:\WINDOWS\LPT$VPN.865

2007-12-06 10:31 . 2007-12-06 10:32 <REP> d-------- C:\WINDOWS\AU_Temp

2007-12-06 10:08 . 2007-12-06 13:38 16,727 --ahs---- C:\WINDOWS\system32\oqstv.ini

2007-12-06 10:08 . 2007-12-06 13:37 16,625 --ahs---- C:\WINDOWS\system32\oqstv.ini2

2007-12-05 10:05 . 2007-12-06 08:55 <REP> d-------- C:\Program Files\WinClamAVShield

2007-12-05 09:57 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2007-12-04 22:45 . 2007-12-06 09:51 <REP> d-------- C:\Program Files\Spyware Terminator

2007-12-04 22:45 . 2007-12-06 09:51 <REP> d-------- C:\Documents and Settings\giallurussu\Application Data\Spyware Terminator

2007-12-04 22:45 . 2007-12-06 09:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator

2007-12-04 19:02 . 2007-12-06 10:10 2,266 --a------ C:\WINDOWS\system32\tmp.reg

2007-12-04 18:54 . 2007-12-04 18:54 <REP> d-------- C:\WINDOWS\system32\fr-FR

2007-12-04 18:52 . 2007-12-04 18:52 <REP> d-------- C:\Program Files\MSBuild

2007-12-04 18:50 . 2007-12-04 18:54 <REP> d-------- C:\WINDOWS\system32\XPSViewer

2007-12-04 18:49 . 2007-12-04 18:49 <REP> d-------- C:\Program Files\Reference Assemblies

2007-12-04 18:49 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2007-12-04 18:41 . 2007-12-04 18:41 3,692 --a------ C:\WINDOWS\system32\OEMINFO.PNF

2007-12-04 18:41 . 2006-01-12 21:52 1,904 --------- C:\WINDOWS\system32\SetupBD.din

2007-12-04 18:40 . 2007-12-04 18:42 <REP> d-------- C:\Program Files\Intel

2007-12-04 18:40 . 2007-12-04 18:40 <REP> d-------- C:\Program Files\DellSupport

2007-12-04 18:40 . 2007-12-04 18:41 <REP> d--h----- C:\Documents and Settings\giallurussu\Application Data\GTek

2007-12-04 18:40 . 2007-12-04 18:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Gtek

2007-12-04 18:39 . 2007-12-04 18:39 <REP> d-------- C:\Intel

2007-12-04 15:22 . 2004-08-20 11:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau

2007-12-04 15:22 . 2004-08-20 11:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2007-12-04 15:22 . 2004-08-20 11:30 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles

2007-12-04 15:22 . 2007-11-26 16:24 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents

2007-12-04 15:22 . 2004-08-20 11:30 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer

2007-12-04 15:22 . 2004-08-20 11:42 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris

2007-12-04 15:22 . 2004-08-20 11:30 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2007-12-04 15:22 . 2007-11-26 16:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Roxio

2007-12-04 15:22 . 2007-11-26 16:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InstallShield

2007-12-04 15:14 . 2007-12-04 15:14 1,010 --a------ C:\delIndexDat.bat

2007-12-04 15:03 . 2007-12-06 13:28 331,872 --a------ C:\WINDOWS\system32\vtsqo.dll

2007-12-04 13:54 . 2007-12-06 10:32 <REP> d-------- C:\WINDOWS\report

2007-12-04 13:54 . 2007-12-06 10:32 <REP> d-------- C:\WINDOWS\AU_Backup

2007-12-04 13:54 . 2007-12-06 10:32 1,902,547 --a------ C:\WINDOWS\tsc.ptn

2007-12-04 13:54 . 2007-12-06 10:32 1,163,344 --a------ C:\WINDOWS\vsapi32.dll

2007-12-04 13:54 . 2007-12-06 10:32 267,845 --a------ C:\WINDOWS\tsc.exe

2007-12-04 13:54 . 2007-12-06 10:32 86,094 --a------ C:\WINDOWS\BPMNT.dll

2007-12-04 13:54 . 2007-12-06 10:32 71,749 --a------ C:\WINDOWS\hcextoutput.dll

2007-12-04 13:54 . 2007-12-06 10:32 823 --a------ C:\WINDOWS\tsc.ini

2007-12-04 13:52 . 2007-12-04 13:52 <REP> d-------- C:\WINDOWS\AU_Log

2007-12-04 13:52 . 2007-12-06 10:31 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL

2007-12-04 13:52 . 2007-12-06 10:31 286,720 --a------ C:\WINDOWS\PATCH.EXE

2007-12-04 13:52 . 2007-12-06 10:31 69,689 --a------ C:\WINDOWS\UNZIP.DLL

2007-12-04 13:52 . 2007-12-06 10:31 170 --a------ C:\WINDOWS\GetServer.ini

2007-12-04 12:36 . 2007-12-04 14:58 534 ---hs---- C:\WINDOWS\system32\kjphunky.ini

2007-12-04 10:08 . 2007-12-04 10:08 <REP> d-------- C:\Documents and Settings\giallurussu\Application Data\Grisoft

2007-12-04 10:08 . 2007-12-04 10:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2007-12-04 10:08 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-12-04 10:08 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2007-12-04 10:06 . 2007-12-04 17:49 <REP> d-------- C:\VundoFix Backups

2007-12-04 01:09 . 2007-12-04 01:09 <REP> d-------- C:\Program Files\Lavasoft

2007-12-04 01:09 . 2007-12-04 01:09 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2007-12-04 01:09 . 2007-12-04 01:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-04 00:37 . 2007-12-04 00:37 294 ---hs---- C:\WINDOWS\system32\xigcccod.ini

2007-12-03 17:49 . 2007-12-03 17:49 <REP> d-------- C:\Fraps

2007-12-03 17:49 . 2007-12-03 17:49 3,120 --a------ C:\WINDOWS\system32\CB4CPW8G.ocx

2007-12-03 17:46 . 2007-12-03 17:46 <REP> d-------- C:\Program Files\Planetwide Games

2007-12-03 17:45 . 2007-12-03 17:45 <REP> d-------- C:\Program Files\gs

2007-12-03 17:44 . 2007-12-03 17:44 40 --a------ C:\WINDOWS\NAVIGMA.INI

2007-12-03 17:33 . 2007-12-03 17:33 385 --a------ C:\WINDOWS\ODBC.INI

2007-12-03 17:31 . 2007-12-03 17:31 <REP> d-------- C:\WINDOWS\ShellNew

2007-12-03 14:48 . 2007-12-03 14:48 <REP> d-------- C:\Program Files\VideoLAN

2007-12-03 14:48 . 2007-12-03 14:48 <REP> d-------- C:\Documents and Settings\giallurussu\Application Data\vlc

2007-12-03 12:23 . 2007-12-05 12:04 <REP> d-------- C:\Program Files\QuickTime Alternative

2007-12-03 12:23 . 2007-12-03 12:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2007-12-03 12:23 . 2007-10-19 20:16 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2007-12-03 12:23 . 2007-10-19 20:16 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

2007-12-03 12:14 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2007-12-03 12:11 . 2007-12-03 12:11 <REP> d-------- C:\Program Files\Yamicsoft

2007-12-03 12:09 . 2007-12-03 12:09 <REP> d-------- C:\Documents and Settings\giallurussu\Application Data\Media Player Classic

2007-12-03 12:04 . 2007-12-04 14:58 <REP> d-------- C:\MDT

2007-12-03 12:04 . 2006-12-05 19:52 505 --a------ C:\unPDVDDX.iss

2007-12-03 11:55 . 2007-12-03 11:55 <REP> d-------- C:\Documents and Settings\giallurussu\Application Data\CyberLink

2007-12-03 11:55 . 2007-12-03 11:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink

2007-12-03 11:53 . 2007-12-03 11:53 <REP> d-------- C:\WINDOWS\Downloaded Installations

2007-12-03 11:38 . 2007-12-03 11:38 <REP> dr-h----- C:\MSOCache

2007-12-03 00:31 . 2007-12-03 00:31 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared

2007-12-03 00:16 . 2007-12-03 00:16 40,448 --a------ C:\WINDOWS\system32\opnnlii.dll

2007-12-03 00:02 . 2007-12-03 00:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP

2007-12-02 16:59 . 2007-12-02 16:59 <REP> d-------- C:\WINDOWS\Sun

2007-12-02 14:42 . 2004-05-27 16:46 872,448 --a------ C:\WINDOWS\system32\libgfl211.dll

2007-12-02 14:42 . 2004-05-19 10:01 364,544 --a------ C:\WINDOWS\system32\Xfpx.dll

2007-12-02 14:42 . 2004-02-04 06:33 307,200 --a------ C:\WINDOWS\system32\libmng.dll

2007-12-02 14:42 . 2004-05-19 10:02 225,280 --a------ C:\WINDOWS\system32\Xjp2.dll

2007-12-02 14:42 . 2004-05-19 10:02 114,688 --a------ C:\WINDOWS\system32\Xjpegls.dll

2007-12-02 14:42 . 2004-05-19 10:01 81,920 --a------ C:\WINDOWS\system32\Xjbig.dll

2007-12-02 14:42 . 2004-05-19 10:02 49,152 --a------ C:\WINDOWS\system32\Xsusie.dll

2007-12-02 14:42 . 2004-05-19 10:01 49,152 --a------ C:\WINDOWS\system32\Xjng.dll

2007-12-02 14:17 . 2007-12-02 14:17 45 ---h----- C:\WINDOWS\dsez3021.dat

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-06 12:32 --------- d-----w C:\Program Files\Hijackthis Version Française

2007-11-26 14:56 6,246 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_INS_530.mrk

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A7A1F2A-61B3-4E8C-98CB-F90A32102F07}]

2007-12-06 13:28 331872 --a------ C:\WINDOWS\system32\vtsqo.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 19:56]

"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45]

"ZapNotes"="C:\Program Files\ZapNotes\zapNotesfr.exe" [2007-12-01 18:41]

"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 13:00 C:\WINDOWS\system32\rundll32.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35]

"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30]

"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 08:03]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 19:57]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsHistory"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtsqo.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

2006-08-17 10:00 1116920 --a------ C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2006-11-05 12:22 221184 --a------ C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Spooler"=3 (0x3)

"RoxWatch9"=2 (0x2)

"RoxMediaDB9"=3 (0x3)

"gusvc"=3 (0x3)

"Fax"=2 (0x2)

"Adobe LM Service"=3 (0x3)

"stllssvr"=3 (0x3)

 

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

S2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2007-11-26 15:18:10 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe'

"2007-12-01 00:00:01 C:\WINDOWS\Tasks\McQcTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-06 13:38:31

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-06 13:39:27 - machine was rebooted

C:\ComboFix2.txt ... 2007-12-06 11:56

C:\ComboFix3.txt ... 2007-12-06 10:04

.

--- E O F ---

merci

speedera Member

speedera

Posté(e)
Posté(e)
bjr, mon pc tout neuf, n'arrete pas de chopper des aliens, je ne visite pas des sites de cul, pas de trorrente pas d'emule, comprends pas, j'ai entre autre cette dll: vtsqo.dll, dont le site virustotal.com me dit dangereuse et que je n'arrive pas a eradiquer et hijackthis ne peut pas effacer. Dell inspiron Win xp, McAfee security center plus: Asquared, Avg antispyware, Vundo fix; smithfraud.fix,combofix, spybot etc

je vous colle ici 2 logs si vous voulez bien m'aider:

Logfile of HijackThis v1.99.1

Scan saved at 13:25:52, on 06/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\McAfee\MSK\MskAgent.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\ZapNotes\zapNotesfr.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\wdfmgr.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6071126

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {95F696CA-EA7C-42A5-B957-3A728AB6A8BB} - C:\WINDOWS\system32\vtsqo.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [ZapNotes] C:\Program Files\ZapNotes\zapNotesfr.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

 

2 log

ComboFix 07-12-02.6 - giallurussu 2007-12-06 13:33:58.3 - NTFSx86 MINIMAL

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1780 [GMT 1:00]

Running from: C:\Documents and Settings\giallurussu\Bureau\ComboFix.exe

.

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-06 to 2007-12-06 ))))))))))))))))))))))))))))))))))))

.

 

2007-12-06 10:57 . 2007-12-06 10:57 <REP> d-a------ C:\WINDOWS\system32\vcmgcd32.dll

2007-12-06 10:57 . 2007-12-06 10:57 <REP> d-a------ C:\WINDOWS\system32\iifgfgf.dll

2007-12-06 10:57 . 2007-12-06 10:57 <REP> d-a------ C:\WINDOWS\rundll16.exe

2007-12-06 10:57 . 2007-12-06 10:57 <REP> d-a------ C:\WINDOWS\rundl132.dll

2007-12-06 10:57 . 2007-12-06 10:57 <REP> d-a------ C:\WINDOWS\logo1_.exe

2007-12-06 10:57 . 2007-12-06 10:57 50 --a------ C:\WINDOWS\Lic.xxx

2007-12-06 10:56 . 2004-08-05 13:00 153,088 --a------ C:\WINDOWS\R.COM

2007-12-06 10:56 . 2004-08-05 13:00 143,360 --a------ C:\WINDOWS\system32\T.COM

2007-12-06 10:32 . 2007-12-06 10:32 39,886,277 --a------ C:\WINDOWS\VPTNFILE.865

2007-12-06 10:32 . 2007-12-06 10:32 39,886,277 --a------ C:\WINDOWS\LPT$VPN.865

2007-12-06 10:31 . 2007-12-06 10:32 <REP> d-------- C:\WINDOWS\AU_Temp

2007-12-06 10:08 . 2007-12-06 13:38 16,727 --ahs---- C:\WINDOWS\system32\oqstv.ini

2007-12-06 10:08 . 2007-12-06 13:37 16,625 --ahs---- C:\WINDOWS\system32\oqstv.ini2

2007-12-05 10:05 . 2007-12-06 08:55 <REP> d-------- C:\Program Files\WinClamAVShield

2007-12-05 09:57 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2007-12-04 22:45 . 2007-12-06 09:51 <REP> d-------- C:\Program Files\Spyware Terminator

2007-12-04 22:45 . 2007-12-06 09:51 <REP> d-------- C:\Documents and Settings\giallurussu\Application Data\Spyware Terminator

2007-12-04 22:45 . 2007-12-06 09:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator

2007-12-04 19:02 . 2007-12-06 10:10 2,266 --a------ C:\WINDOWS\system32\tmp.reg

2007-12-04 18:54 . 2007-12-04 18:54 <REP> d-------- C:\WINDOWS\system32\fr-FR

2007-12-04 18:52 . 2007-12-04 18:52 <REP> d-------- C:\Program Files\MSBuild

2007-12-04 18:50 . 2007-12-04 18:54 <REP> d-------- C:\WINDOWS\system32\XPSViewer

2007-12-04 18:49 . 2007-12-04 18:49 <REP> d-------- C:\Program Files\Reference Assemblies

2007-12-04 18:49 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2007-12-04 18:41 . 2007-12-04 18:41 3,692 --a------ C:\WINDOWS\system32\OEMINFO.PNF

2007-12-04 18:41 . 2006-01-12 21:52 1,904 --------- C:\WINDOWS\system32\SetupBD.din

2007-12-04 18:40 . 2007-12-04 18:42 <REP> d-------- C:\Program Files\Intel

2007-12-04 18:40 . 2007-12-04 18:40 <REP> d-------- C:\Program Files\DellSupport

2007-12-04 18:40 . 2007-12-04 18:41 <REP> d--h----- C:\Documents and Settings\giallurussu\Application Data\GTek

2007-12-04 18:40 . 2007-12-04 18:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Gtek

2007-12-04 18:39 . 2007-12-04 18:39 <REP> d-------- C:\Intel

2007-12-04 15:22 . 2004-08-20 11:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau

2007-12-04 15:22 . 2004-08-20 11:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2007-12-04 15:22 . 2004-08-20 11:30 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles

2007-12-04 15:22 . 2007-11-26 16:24 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents

2007-12-04 15:22 . 2004-08-20 11:30 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer

2007-12-04 15:22 . 2004-08-20 11:42 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris

2007-12-04 15:22 . 2004-08-20 11:30 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2007-12-04 15:22 . 2007-11-26 16:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Roxio

2007-12-04 15:22 . 2007-11-26 16:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InstallShield

2007-12-04 15:14 . 2007-12-04 15:14 1,010 --a------ C:\delIndexDat.bat

2007-12-04 15:03 . 2007-12-06 13:28 331,872 --a------ C:\WINDOWS\system32\vtsqo.dll

2007-12-04 13:54 . 2007-12-06 10:32 <REP> d-------- C:\WINDOWS\report

2007-12-04 13:54 . 2007-12-06 10:32 <REP> d-------- C:\WINDOWS\AU_Backup

2007-12-04 13:54 . 2007-12-06 10:32 1,902,547 --a------ C:\WINDOWS\tsc.ptn

2007-12-04 13:54 . 2007-12-06 10:32 1,163,344 --a------ C:\WINDOWS\vsapi32.dll

2007-12-04 13:54 . 2007-12-06 10:32 267,845 --a------ C:\WINDOWS\tsc.exe

2007-12-04 13:54 . 2007-12-06 10:32 86,094 --a------ C:\WINDOWS\BPMNT.dll

2007-12-04 13:54 . 2007-12-06 10:32 71,749 --a------ C:\WINDOWS\hcextoutput.dll

2007-12-04 13:54 . 2007-12-06 10:32 823 --a------ C:\WINDOWS\tsc.ini

2007-12-04 13:52 . 2007-12-04 13:52 <REP> d-------- C:\WINDOWS\AU_Log

2007-12-04 13:52 . 2007-12-06 10:31 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL

2007-12-04 13:52 . 2007-12-06 10:31 286,720 --a------ C:\WINDOWS\PATCH.EXE

2007-12-04 13:52 . 2007-12-06 10:31 69,689 --a------ C:\WINDOWS\UNZIP.DLL

2007-12-04 13:52 . 2007-12-06 10:31 170 --a------ C:\WINDOWS\GetServer.ini

2007-12-04 12:36 . 2007-12-04 14:58 534 ---hs---- C:\WINDOWS\system32\kjphunky.ini

2007-12-04 10:08 . 2007-12-04 10:08 <REP> d-------- C:\Documents and Settings\giallurussu\Application Data\Grisoft

2007-12-04 10:08 . 2007-12-04 10:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2007-12-04 10:08 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-12-04 10:08 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2007-12-04 10:06 . 2007-12-04 17:49 <REP> d-------- C:\VundoFix Backups

2007-12-04 01:09 . 2007-12-04 01:09 <REP> d-------- C:\Program Files\Lavasoft

2007-12-04 01:09 . 2007-12-04 01:09 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2007-12-04 01:09 . 2007-12-04 01:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-04 00:37 . 2007-12-04 00:37 294 ---hs---- C:\WINDOWS\system32\xigcccod.ini

2007-12-03 17:49 . 2007-12-03 17:49 <REP> d-------- C:\Fraps

2007-12-03 17:49 . 2007-12-03 17:49 3,120 --a------ C:\WINDOWS\system32\CB4CPW8G.ocx

2007-12-03 17:46 . 2007-12-03 17:46 <REP> d-------- C:\Program Files\Planetwide Games

2007-12-03 17:45 . 2007-12-03 17:45 <REP> d-------- C:\Program Files\gs

2007-12-03 17:44 . 2007-12-03 17:44 40 --a------ C:\WINDOWS\NAVIGMA.INI

2007-12-03 17:33 . 2007-12-03 17:33 385 --a------ C:\WINDOWS\ODBC.INI

2007-12-03 17:31 . 2007-12-03 17:31 <REP> d-------- C:\WINDOWS\ShellNew

2007-12-03 14:48 . 2007-12-03 14:48 <REP> d-------- C:\Program Files\VideoLAN

2007-12-03 14:48 . 2007-12-03 14:48 <REP> d-------- C:\Documents and Settings\giallurussu\Application Data\vlc

2007-12-03 12:23 . 2007-12-05 12:04 <REP> d-------- C:\Program Files\QuickTime Alternative

2007-12-03 12:23 . 2007-12-03 12:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2007-12-03 12:23 . 2007-10-19 20:16 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2007-12-03 12:23 . 2007-10-19 20:16 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

2007-12-03 12:14 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2007-12-03 12:11 . 2007-12-03 12:11 <REP> d-------- C:\Program Files\Yamicsoft

2007-12-03 12:09 . 2007-12-03 12:09 <REP> d-------- C:\Documents and Settings\giallurussu\Application Data\Media Player Classic

2007-12-03 12:04 . 2007-12-04 14:58 <REP> d-------- C:\MDT

2007-12-03 12:04 . 2006-12-05 19:52 505 --a------ C:\unPDVDDX.iss

2007-12-03 11:55 . 2007-12-03 11:55 <REP> d-------- C:\Documents and Settings\giallurussu\Application Data\CyberLink

2007-12-03 11:55 . 2007-12-03 11:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink

2007-12-03 11:53 . 2007-12-03 11:53 <REP> d-------- C:\WINDOWS\Downloaded Installations

2007-12-03 11:38 . 2007-12-03 11:38 <REP> dr-h----- C:\MSOCache

2007-12-03 00:31 . 2007-12-03 00:31 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared

2007-12-03 00:16 . 2007-12-03 00:16 40,448 --a------ C:\WINDOWS\system32\opnnlii.dll

2007-12-03 00:02 . 2007-12-03 00:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP

2007-12-02 16:59 . 2007-12-02 16:59 <REP> d-------- C:\WINDOWS\Sun

2007-12-02 14:42 . 2004-05-27 16:46 872,448 --a------ C:\WINDOWS\system32\libgfl211.dll

2007-12-02 14:42 . 2004-05-19 10:01 364,544 --a------ C:\WINDOWS\system32\Xfpx.dll

2007-12-02 14:42 . 2004-02-04 06:33 307,200 --a------ C:\WINDOWS\system32\libmng.dll

2007-12-02 14:42 . 2004-05-19 10:02 225,280 --a------ C:\WINDOWS\system32\Xjp2.dll

2007-12-02 14:42 . 2004-05-19 10:02 114,688 --a------ C:\WINDOWS\system32\Xjpegls.dll

2007-12-02 14:42 . 2004-05-19 10:01 81,920 --a------ C:\WINDOWS\system32\Xjbig.dll

2007-12-02 14:42 . 2004-05-19 10:02 49,152 --a------ C:\WINDOWS\system32\Xsusie.dll

2007-12-02 14:42 . 2004-05-19 10:01 49,152 --a------ C:\WINDOWS\system32\Xjng.dll

2007-12-02 14:17 . 2007-12-02 14:17 45 ---h----- C:\WINDOWS\dsez3021.dat

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-06 12:32 --------- d-----w C:\Program Files\Hijackthis Version Française

2007-11-26 14:56 6,246 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_INS_530.mrk

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A7A1F2A-61B3-4E8C-98CB-F90A32102F07}]

2007-12-06 13:28 331872 --a------ C:\WINDOWS\system32\vtsqo.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 19:56]

"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45]

"ZapNotes"="C:\Program Files\ZapNotes\zapNotesfr.exe" [2007-12-01 18:41]

"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 13:00 C:\WINDOWS\system32\rundll32.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35]

"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30]

"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 08:03]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 19:57]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsHistory"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtsqo.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

2006-08-17 10:00 1116920 --a------ C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2006-11-05 12:22 221184 --a------ C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Spooler"=3 (0x3)

"RoxWatch9"=2 (0x2)

"RoxMediaDB9"=3 (0x3)

"gusvc"=3 (0x3)

"Fax"=2 (0x2)

"Adobe LM Service"=3 (0x3)

"stllssvr"=3 (0x3)

 

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

S2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2007-11-26 15:18:10 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe'

"2007-12-01 00:00:01 C:\WINDOWS\Tasks\McQcTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe

.

**************************************************************************

 

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-06 13:38:31

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-06 13:39:27 - machine was rebooted

C:\ComboFix2.txt ... 2007-12-06 11:56

C:\ComboFix3.txt ... 2007-12-06 10:04

.

--- E O F ---

merci

bonsoir athars voila ce que j'ai trouver sur un site

A l'avenir veuillez respecter cette règle : http://forum.telecharger.com/telecharger/s...s/obligato(...)

---

 

Préparation :

 

- Télécharge VundoFix.exe

- Double-click sur VundoFix.exe pour l'extraire.

- Clique sur le bouton "Install", celà va créer un dossier VundoFix sur ton bureau

---

 

-Redémarre en mode sans échec, (en tapotant F8 au démarrage). Si tu ne comprend pas, >>regarde ici<<.

 

Si tu as un programme de protection en temps réel, qui te détectecte un script potentiellement malicieux, merci de l'autoriser, c'est nécéssaire pour le fix.

 

- Ouvre le dossier VundoFix et double-click sur KillVundo.bat et presse "entrer"

- Tape très exactement ceci dans la fenêtre :

 

C:\WINDOWS\System32\vtsqo.dll

 

- Presse "Entrer" pour continuer le fix

- A ce moment, tu vois ceci :

Please type in the second filepath as instructed by the forum staff

and then Press Enter.

 

- Assures-toi de taper exactement ceci : C:\WINDOWS\System32\oqstv.*

- Presse "Entrer" pour continuer.

---

 

Après le Fix, lance HijackThis -> Do a System scan only -> coche ces lignes :

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

c:\secure32.html

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\System32\vtsqo.dll

O20 - Winlogon Notify: vtsqo - C:\WINDOWS\System32\vtsqo.dll

O23 - Service: Plug-n-Play SP2 Fix (sp2pnpfix) - Unknown owner - C:\WINDOWS\system32\pnpsp2fix.exe (file missing)

 

 

Clique sur Fix Checked.

---

 

Crées un fichier texte (avec le bloc-note) et copie/colle ce texte dedans :

 

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B313D637-F405-4052-AC37-E2119AB3C8F8}]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFDAC3FE-F44A-4030-8589-1E23BC6573D5}]

 

[-HKEY_CLASSES_ROOT\CLSID\{B313D637-F405-4052-AC37-E2119AB3C8F8}]

 

[-HKEY_CLASSES_ROOT\CLSID\{B8B55274-0F9A-41E5-9067-A3539BD9E860}]

 

[-HKEY_CLASSES_ROOT\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}]

 

[-HKEY_CLASSES_ROOT\MSEvents.MSEvents]

 

[-HKEY_CLASSES_ROOT\MSEvents.MSEvents.1]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEvents]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEvents.1]

 

 

- Assures-toi de laisser une ligne vide à la fin du fichier

- Enregistre-le sous le nom de vundo.reg

- Et indique tout type de fichier

- Double-clic sur Vundo.reg et accepte la fusion à ton registre.

---

 

Supprime ce fichier :

 

 

C:\WINDOWS\system32\pnpsp2fix.exe <-fichier

 

Vide ta corbeille.

---

 

Redémarre ton pc.

copie/colle le contenu de vundofix.txt se trouvant dans le dossier VundoFix

colle un nouveau log HijackThis.

---

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...