Aide requis pour Spywares, Virus
SmitFraudFix v2.248
Rapport fait à 21:08:44,98, 04/11/2007
Executé à partir de C:\BFU\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S00IC
2.EXE
C:\Program
Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go
ogleToolbarNotifier.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Documents and
Settings\GRAFF\Bureau\Ultimatezip2\UltimateZip\uzq
kst.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\ace16win.dll PRESENT !
C:\WINDOWS\system32\msole32.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\GRAFF
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\GRAFF\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GRAFF\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="
http://i3.woopic.com/I/Header/Identifica
tion/logo.gif"
"SubscribedURL"="
http://i3.woopic.com/I/Header/Ide
ntification/logo.gif"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d´accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!! !Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler´s .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!! !Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!! !Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 81.253.149.9
DNS Server Search Order: 80.10.246.3
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E067322B-B28B-4
76F-93CB-53500E6F43B1}: NameServer=81.253.149.9 80.10.246.3
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D39A492E-40B5-4
160-BA44-FFBD77601F32}: DhcpNameServer=192.168.123.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E067322B-B28B-4
76F-93CB-53500E6F43B1}: NameServer=81.253.149.9 80.10.246.3
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:55, on 04/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S00IC
2.EXE
C:\Program
Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go
ogleToolbarNotifier.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Documents and
Settings\GRAFF\Bureau\Ultimatezip2\UltimateZip\uzq
kst.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDO
WS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {911C4A8E-0F75-4B83-BEB9-02BDDF29D11E} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - (no file)
O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\Dico TV5\MDTV5TB.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AdBlocker] C:\Program Files\3B Software\3B Ad Blocker Pro\AdBlocker.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\
PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\
AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo 890]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S00IC
2.EXE /A "C:\WINDOWS\system32\E_SA6B.tmp"
O4 - HKCU\..\Run: [Livecom]
"C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\C
ommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go
ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User ´SYSTEM´)
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User ´SYSTEM´)
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User ´SYSTEM´)
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User ´Default user´)
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User ´Default user´)
O4 - S-1-5-18 Startup: UltimateZip Quick Start.lnk = C:\Documents and
Settings\GRAFF\Bureau\Ultimatezip2\UltimateZip\uzq
kst.exe (User ´SYSTEM´)
O4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User ´SYSTEM´)
O4 - S-1-5-18 Startup: Xinek.lnk = ? (User ´SYSTEM´)
O4 - .DEFAULT Startup: UltimateZip Quick Start.lnk = C:\Documents and
Settings\GRAFF\Bureau\Ultimatezip2\UltimateZip\uzq
kst.exe (User ´Default user´)
O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User ´Default user´)
O4 - .DEFAULT Startup: Xinek.lnk = ? (User ´Default user´)
O4 - Startup: UltimateZip Quick Start.lnk = C:\Documents and
Settings\GRAFF\Bureau\Ultimatezip2\UltimateZip\uzq
kst.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Xinek.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0
2.EXE
O4 - Global Startup: Lancement rapide d´Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ´Tools´ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ´Tools´ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra ´Tools´ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: Groom - {66F83792-DAE1-4823-8F20-ADA94B33A4FF} - C:\Program Files\Toox\Groom\Groom.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 -
HKLM\System\CCS\Services\Tcpip\..\{E067322B-B28B-4
76F-93CB-53500E6F43B1}: NameServer = 81.253.149.9 80.10.246.132
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\
PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 13517 bytes
SmitFraudFix v2.248
Rapport fait à 21:41:06,35, 04/11/2007
Executé à partir de C:\BFU\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!! !Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler´s .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri´s WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\system32\ace16win.dll supprimé
C:\WINDOWS\system32\msole32.exe supprimé
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D39A492E-40B5-4
160-BA44-FFBD77601F32}: DhcpNameServer=192.168.123.254
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!! !Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!! !Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler´s .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Rapport Navipromo.bat 0.73 effectué le 04/11/2007 à 21:20:25,54
C:\Documents and Settings\GRAFF\Bureau
L´opération se déroule en mode sans échec sous le compte "GRAFF"
- Recherche...
1/ pasucb trouvé, recherche de pasucb*
C:\WINDOWS\system32\pasucb.dat
C:\WINDOWS\system32\pasucb_nav.dat
C:\WINDOWS\system32\pasucb_navps.dat
------------------
Fin du rapport de recherche
Adware Navipromo trouvé 1 fois avec cette méthode
- #############################################
- Nettoyage...
1/ Déplacement de pasucb* vers C:\Navipromo\Backups...
C:\WINDOWS\System32\pasucb* déplacé avec succès !
------------------
Aucune entrée de registre n´a été trouvée
- Backups :
C:\Navipromo\Backups\ARPCache.reg
C:\Navipromo\Backups\HKCURun.reg
C:\Navipromo\Backups\HKLMRun.reg
C:\Navipromo\Backups\pack.epk
C:\Navipromo\Backups\pasucb.dat
C:\Navipromo\Backups\pasucb_nav.dat
C:\Navipromo\Backups\pasucb_navps.dat
C:\Navipromo\Backups\Uninstall.reg
Ajout d´extension .off aux backups
- Fin du rapport de Suppression
-------------
Rapport Navipromo.bat 0.73 effectué le 04/11/2007 à 21:21:24,42
L´opération se déroule en mode sans échec sous le compte "GRAFF"
- Suppression Heuristique
- Backups :
C:\Navipromo\Backups\Heuristic\yxuzfejqs.dat
Ajout d´extension .off aux backups
Backups dat renommés avec succès
- Fin du rapport Heuristique
-------------
Rapport Navipromo.bat 0.73 effectué le 04/11/2007 à 21:31:20,60
C:\Documents and Settings\GRAFF\Bureau
L´opération se déroule en mode sans échec sous le compte "GRAFF"
- Recherche...
Fin du rapport de recherche
Adware Navipromo non trouvé avec cette méthode
Engagement de la méthode Heuristique
Rapport Navipromo.bat 0.73 effectué le 04/11/2007 à 21:31:21,89
L´opération se déroule en mode sans échec sous le compte "GRAFF"
- Suppression Heuristique
- Backups :
C:\Navipromo\Backups\Heuristic\yxuzfejqs.dat.off
Aucun résultat par la recherche heuristique
- Fin du rapport Heuristique
Voila voila, j´ai tout fait, mais le truc c´est que le problème de départ est toujours là :/
Même si je me doute qu´il y a eu une évolution, je l´ai pas encore sentie.
Mais on a pas fini !
Relance Hijackthis et coche les lignes suivantes :
F2 -
REG:system.ini:UserInit=C:\WINDOWS\system32\vvgeow
bv.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {911C4A8E-0F75-4B83-BEB9-02BDDF29D11E} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O3 - Toolbar: (no name) - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User ´SYSTEM´)
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User ´Default user´)
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra ´Tools´ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
CLIQUE SUR FIX CHECKED APRES AVOIR FERME TOUTES LES FENÊTRES (SAUF HIJACKTHIS).
Télécharge OTMoveIt (de Old_Timer) sur ton bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
- Double-clique sur OTMoveIt.exe
- Vérifie que la case "Unregister Dll´s and Ocx´s" soit bien cochée.
- Copie le texte ci-dessous, et colle le dans le cadre dans OTMoveIt appelé "Paste List of Files/Folders to be moved".
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\system32\aivskurq.dll
- Clique sur MoveIt!.
- Quand le résultat apparaît dans le cadre Results, clique sur Exit.
- Puis redémarre le PC.
- Enfin, envoie le rapport de OTMoveIt situé dans C:\_OTMoveIt\MovedFiles.
Tu Avast d´installé et des restes de Norton, ça ne fait pas bon ménage, les deux sont pourris donc on va les remplacer 
- Désinstalle Norton avec ça :
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/e1422b2508cec946882568c70062bbf8/1168d30686f6fdb080256fe3003757be?OpenDocument
-- Puis Avast avec ceci :
http://www.avast.com/fre/e/avast-uninstall-utility.html
--- Ensuite utilise Ccleaner, clique sur l´onglet "Erreurs", clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l´opération autant de fois qu´il le faut jusqu´à qu´il ne trouve plus d´erreurs.
---- Enfin, installe Antivir de Avira.
http://www.clubic.com/telecharger-fiche10821-antivir-personal-edition-7.html
Le Tuto (pour t´aider) :
http://www.malekal.com/tutorial_antivir.php
- Après l´installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
- Assure toi qu´Antivir est bien à jour, vérifie la date d´update.
Télécharge clean.zip (malekal)dézippe le et c´est tout :
http://www.malekal.com/download/clean.zip
Redémarre en mode sans échec :
http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_securite/redemarrer_en_mode_sans_echec_pourquoi_et_comment-387297/messages-1.html
Double clic sur clean, dans le menu choisis l´option 2 en appuyant sur la touche 2 de ton clavier. Sauvegarde le rapport sur le bureau.
Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l´onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport sur le bureau.
Redémarre en mode normal.
Poste le rapport de :
- Clean
- Antivir
- Hijackthis.
Bon courage
++
Dans mon profil j´ai une adresse pour les forums
Resalut et reremerci, c´est clair que c´est déjà beaucou beacuoup mieux, je t´aime (sérieux).
C:\WINDOWS\system32\vvgeowbv.exe moved successfully.
File/Folder C:\WINDOWS\system32\aivskurq.dll not found.
Created on 11/04/2007 22:57:06
Au fait j´ai juste une dernier problème moins grave mais qui peut saouler :
Quand je lance internet des fois tout le PC freeze 5 bonnes minutes (voir plus) et après tout se lance normal. Est-ce que y´a un moyen de réctifier ça ? C´est pas plus génant que ça vu qu´en général je lance internet qu´une fois par jour mais bon c´est histoire d´avoir la cerise sur le gateau ;)
Ca va peut être beaucoup mieux mais on a pas fini, alors fais tout ce que je dis sérieux.
On verra ensuite pour ton autre problème.
ok, voila le résultat :
Script execute en mode sans echec
Rapport clean par Malekal_morte -
http://www.malekal.com
Script execute en mode sans echec 04/11/2007 a 23:40:16,43
Microsoft Windows XP [version 5.1.2600]
- Suppression des fichiers dans C:
- Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\764.exe
tentative de suppression de C:\WINDOWS\System32\wml.exe
tentative de suppression de C:\WINDOWS\System32\vxddsk.exe
tentative de suppression de C:\WINDOWS\pbar.dll
tentative de suppression de C:\WINDOWS\flt.dll
tentative de suppression de C:\WINDOWS\7search.dll
tentative de suppression de C:\WINDOWS\System32\stfv.bin
- Suppression des fichiers dans C:\Program Files
tentative de suppression de C:\PROGRA~1\PERFEC~1\
tentative de suppression de "C:\Program Files\3721\"
tentative de suppression de "C:\Program Files\Accoona\"
tentative de suppression de "C:\Program Files\Altnet\"
tentative de suppression de "C:\Program Files\Bug Doctor\"
tentative de suppression de "C:\Program Files\Everest Poker\"
tentative de suppression de "C:\Program Files\NavExcel\"
tentative de suppression de "C:\Program Files\NavExcel Search Toolbar\"
tentative de suppression de "C:\Program Files\p2pnetworks\"
tentative de suppression de "C:\Program Files\PokerStars\"
- Suppression des clefs du registre effectuee..
- Fin du rapport !
AntiVir PersonalEdition Classic
Report file date: dimanche 4 novembre 2007 23:50
Scanning for 915436 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: GRAFF
Computer name: GRAFF-XP
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.140 940544 Bytes 26/10/2007 22:33:01
ANTIVIR3.VDF : 7.0.0.167 151552 Bytes 04/11/2007 22:33:01
AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 04/11/2007 22:33:01
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 4 novembre 2007 23:50
The scan of running processes will be started
Scan process ´avscan.exe´ - ´1´ Module(s) have been scanned
Scan process ´avcenter.exe´ - ´1´ Module(s) have been scanned
Scan process ´notepad.exe´ - ´1´ Module(s) have been scanned
Scan process ´explorer.exe´ - ´1´ Module(s) have been scanned
Scan process ´svchost.exe´ - ´1´ Module(s) have been scanned
Scan process ´svchost.exe´ - ´1´ Module(s) have been scanned
Scan process ´svchost.exe´ - ´1´ Module(s) have been scanned
Scan process ´lsass.exe´ - ´1´ Module(s) have been scanned
Scan process ´services.exe´ - ´1´ Module(s) have been scanned
Scan process ´winlogon.exe´ - ´1´ Module(s) have been scanned
Scan process ´csrss.exe´ - ´1´ Module(s) have been scanned
Scan process ´smss.exe´ - ´1´ Module(s) have been scanned
12 processes with 12 modules were scanned
Start scanning boot sectors:
Boot sector ´C:\´
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( ´54´ files ).
Starting the file scan:
Begin scan in ´C:\´
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Trend
Micro\HijackThis\backups\backup-20071104-225520-65
6.dll
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to ´47916df1.qua´!
C:\WINDOWS\system32\.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to ´479379d0.qua´!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd2141.sys
[WARNING] The file could not be opened!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\vvgeowbv.
exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to ´47957c5e.qua´!
End of the scan: lundi 5 novembre 2007 03:11
Used time: 3:21:55 min
The scan has been done completely.
8081 Scanning directories
316026 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
316023 Files not concerned
2351 Archives were scanned
4 Warnings
7 Notes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:20:38, on 05/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S00IC
2.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program
Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go
ogleToolbarNotifier.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Documents and
Settings\GRAFF\Bureau\Ultimatezip2\UltimateZip\uzq
kst.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\Dico TV5\MDTV5TB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [EPSON Stylus Photo 890]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S00IC
2.EXE /A "C:\WINDOWS\system32\E_SA6B.tmp"
O4 - HKCU\..\Run: [Livecom]
"C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\C
ommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go
ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User ´SYSTEM´)
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User ´SYSTEM´)
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User ´Default user´)
O4 - S-1-5-18 Startup: UltimateZip Quick Start.lnk = C:\Documents and
Settings\GRAFF\Bureau\Ultimatezip2\UltimateZip\uzq
kst.exe (User ´SYSTEM´)
O4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User ´SYSTEM´)
O4 - S-1-5-18 Startup: Xinek.lnk = ? (User ´SYSTEM´)
O4 - .DEFAULT Startup: UltimateZip Quick Start.lnk = C:\Documents and
Settings\GRAFF\Bureau\Ultimatezip2\UltimateZip\uzq
kst.exe (User ´Default user´)
O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User ´Default user´)
O4 - .DEFAULT Startup: Xinek.lnk = ? (User ´Default user´)
O4 - Startup: UltimateZip Quick Start.lnk = C:\Documents and
Settings\GRAFF\Bureau\Ultimatezip2\UltimateZip\uzq
kst.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Xinek.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0
2.EXE
O4 - Global Startup: Lancement rapide d´Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ´Tools´ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ´Tools´ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Groom - {66F83792-DAE1-4823-8F20-ADA94B33A4FF} - C:\Program Files\Toox\Groom\Groom.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 -
HKLM\System\CCS\Services\Tcpip\..\{E067322B-B28B-4
76F-93CB-53500E6F43B1}: NameServer = 81.253.149.9 80.10.246.3
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10839 bytes
En tout cas merci pour déjà ce qui a été fait et bonne nuit !
Yop,
Va falloir recocher toutes les lignes O2 :
"O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {911C4A8E-0F75-4B83-BEB9-02BDDF29D11E} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O3 - Toolbar: (no name) - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - (no file) "
Ensuite,
Télécharge SDFix (par AndyManchesta) et sauvegarde le sur ton bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
- Double clique sur SDFix.exe et choisis Install pour l´extraire dans son dossier sur le bureau.
- Redémarre le PC en mode sans échec en appuyant sur F8 au démarrage du BIOS.
- Choisis ton compte.
Déroule la liste des instructions ci-dessous :
- Ouvre le dossier SDFix qui vient d´être créé sur le bureau et double clique sur RunThis.bat pour lancer le script.
- Appuie sur Y pour commencer le nettoyage.
- Quand il te le demandera, appuie sur une touche pour redémarrer le PC.
- Ton système sera plus long à redémarrer car l´outil va continuer à s´exécuter et supprimer des fichiers.
- Après le chargement du bureau, l´outil aura terminé et affichera Finished.
- Appuie sur une touche pour finir l´exécution du script et charger les icônes de ton bureau.
- Le rapport SDFix s´ouvrira et il sera enregistré dans le dossier SDFix sous le nom Report.txt.
- Enfin, copie/colle le rapport du fichier Report.txt.
PS: Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l´outil.
- Andy fait plusieurs mises à jour, souvent plus d´une par jour... N´hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l´outil ne semble pas tout voir.
Poste aussi un nouveau log Hijackthis.
++ 
Salut 
Tous ces logs n´étaient pas présent dans hijackthis je n´ai donc pas pu les cocher :
O2 - BHO: (no name) - {911C4A8E-0F75-4B83-BEB9-02BDDF29D11E} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O3 - Toolbar: (no name) - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - (no file) "
SDFix: Version 1.113
Run by GRAFF on 05/11/2007 at 12:03
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\GRAFF\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\VDM22.TMP - Deleted
C:\VDM23.TMP - Deleted
C:\VDMA3.TMP - Deleted
C:\VDMA4.TMP - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-05 12:16:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg]
"s0"=dword:1a4b7e5a
"s1"=dword:4c98ad7a
"s2"=dword:aad23833
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2a,b9,36,d7,e4,09,b8,d3,7d,d5,c3,46,05
,49,78,78,5f,ee,97,a4,6f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0000
0001]
"a0"=hex:20,01,00,00,d4,a4,ce,eb,45,af,d0,ec,24,f4
,67,5c,a8,b1,38,0d,ba,..
"khjeh"=hex:3a,30,86,27,07,6c,40,ba,8b,59,95,17,14
,a3,a0,5e,69,3f,f6,c7,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
ces\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0000
0001\0Jf40]
"khjeh"=hex:7f,cc,77,e7,2c,24,25,ed,86,ea,03,c4,db
,ee,8c,bc,96,8b,fd,1e,93,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2a,b9,36,d7,e4,09,b8,d3,7d,d5,c3,46,05
,49,78,78,5f,ee,97,a4,6f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
]
"a0"=hex:20,01,00,00,d4,a4,ce,eb,45,af,d0,ec,24,f4
,67,5c,a8,b1,38,0d,ba,..
"khjeh"=hex:3a,30,86,27,07,6c,40,ba,8b,59,95,17,14
,a3,a0,5e,69,3f,f6,c7,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\
sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
\0Jf40]
"khjeh"=hex:7f,cc,77,e7,2c,24,25,ed,86,ea,03,c4,db
,ee,8c,bc,96,8b,fd,1e,93,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servi
ces\sharedaccess\parameters\firewallpolicy\standar
dprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste
m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\GRAFF\\Local Settings\\Temporary Internet
Files\\Content.IE5\\QLMBC7EL\\incredimail_install[
1].exe"="C:\\Documents and Settings\\GRAFF\\Local Settings\\Temporary Internet
Files\\Content.IE5\\QLMBC7EL\\incredimail_install[
1].exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\GRAFF\\Local Settings\\Temporary Internet
Files\\Content.IE5\\OBC9WA1P\\incredimail_install[
1].exe"="C:\\Documents and Settings\\GRAFF\\Local Settings\\Temporary Internet
Files\\Content.IE5\\OBC9WA1P\\incredimail_install[
1].exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\GRAFF\\Local
Settings\\Temp\\ImInstaller\\IncrediMail\\incredim
ail_install[1].exe"="C:\\Documents and Settings\\GRAFF\\Local
Settings\\Temp\\ImInstaller\\IncrediMail\\incredim
ail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe
"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.e
xe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4
\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\
Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"C:\\Program
Files\\Livecom\\Application\\eConfv4\\livecomp.exe
"="C:\\Program
Files\\Livecom\\Application\\eConfv4\\livecomp.exe
:*:Disabled:Livecom Player"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,
-20000"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program
Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:Incre
diMail"
"C:\\Program
Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program
Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:Inc
rediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program
Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:Incr
ediMail"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program
Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servi
ces\sharedaccess\parameters\firewallpolicy\domainp
rofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste
m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe
"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.e
xe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4
\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\
Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,
-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: -
C:\DOCUME~1\GRAFF\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sun 4 Nov 2007 70,144 ..SHR --- "C:\Program Files\01-mp3search\Setup.exe"
Tue 8 Mar 2005 16,384 A.SHR --- "C:\Program Files\01-mp3search\_Setup.dll"
Sun 19 Mar 2006 262,144 A.SH. --- "C:\Program Files\MessengerDiscovery\SpellCHK.exe"
Sun 10 Jun 2007 61,440 A..H. --- "C:\Program Files\MSN Messenger\winmm.dll"
Sun 22 Jul 2007 5,388,088 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sat 4 Mar 2006 56 ..SHR --- "C:\WINDOWS\system32\5FD4205C67.sys"
Mon 13 Mar 2006 88 ..SHR --- "C:\WINDOWS\system32\675C20D45F.sys"
Mon 13 Mar 2006 5,852 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 10 Jun 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 6 Aug 2004 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv10.bak"
Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Mon 4 Sep 2006 72 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti41.tmp"
Sun 10 Jun 2007 61,440 A..H. --- "C:\Program Files\Windows Live\Messenger\winmm.dll"
Tue 5 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 15 Nov 2006 0 A..H. ---
"C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18
\5a0d771158cfd69be5ddd26d8f58c73b\BIT5.tmp"
Finished!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:36, on 05/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S00IC
2.EXE
C:\Program
Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go
ogleToolbarNotifier.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Documents and
Settings\GRAFF\Bureau\Ultimatezip2\UltimateZip\uzq
kst.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\Dico TV5\MDTV5TB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [EPSON Stylus Photo 890]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S00IC
2.EXE /A "C:\WINDOWS\system32\E_SA6B.tmp"
O4 - HKCU\..\Run: [Livecom]
"C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\C
ommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go
ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User ´SYSTEM´)
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User ´SYSTEM´)
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User ´Default user´)
O4 - S-1-5-18 Startup: UltimateZip Quick Start.lnk = C:\Documents and
Settings\GRAFF\Bureau\Ultimatezip2\UltimateZip\uzq
kst.exe (User ´SYSTEM´)
O4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User ´SYSTEM´)
O4 - S-1-5-18 Startup: Xinek.lnk = ? (User ´SYSTEM´)
O4 - .DEFAULT Startup: UltimateZip Quick Start.lnk = C:\Documents and
Settings\GRAFF\Bureau\Ultimatezip2\UltimateZip\uzq
kst.exe (User ´Default user´)
O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User ´Default user´)
O4 - .DEFAULT Startup: Xinek.lnk = ? (User ´Default user´)
O4 - Startup: UltimateZip Quick Start.lnk = C:\Documents and
Settings\GRAFF\Bureau\Ultimatezip2\UltimateZip\uzq
kst.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Xinek.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0
2.EXE
O4 - Global Startup: Lancement rapide d´Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ´Tools´ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ´Tools´ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Groom - {66F83792-DAE1-4823-8F20-ADA94B33A4FF} - C:\Program Files\Toox\Groom\Groom.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 -
HKLM\System\CCS\Services\Tcpip\..\{E067322B-B28B-4
76F-93CB-53500E6F43B1}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 9845 bytes
Y a un truc que je ne comprends pas ...
Télécharge combofix (par sUBs) puis redémarre en mode sans échec.
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
- Double clique sur combofix.exe.
- Appuie sur Y (Yes) pour lancer le scan.
- Quand le scan sera terminé, copie/colle le rapport ici ainsi qu´un nouveau rapport Hijackthis.
ps: Si le rapport ne s´ouvre pas, tu peux le trouver ici: C:\Combofix.txt
Recoche les lignes O2 puis clique sur "Fix Checked".
Supprime tout les fichiers/dossiers que je t´ai fait téléchargé, sauf Hijackthis.
Poste un nouveau log HJC.
ComboFix 07-11-05.1 - GRAFF 2007-11-05 12:44:06.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.347 [GMT 1:00]
Running from: C:\Documents and Settings\GRAFF\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\GRAFF\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\GRAFF\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\GRAFF\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\GRAFF\Bureau\internet.lnk
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.g
if
C:\WINDOWS\system32\drivers\header_red_free_scan_b
g.gif
C:\WINDOWS\system32\drivers\header_red_protect_you
r_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jp
g
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.g
if
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.g
if
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.g
if
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services
)))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((((((( Fichiers créés 2007-10-05 to 2007-11-05 ))))))))))))))))))))))))))))))))))))
.
2007-11-05 12:43 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-05 12:01 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-04 23:31 <REP> d-------- C:\Program Files\Avira
2007-11-04 23:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-04
21:41 14,848 --a------ C:\WINDOWS\system32\ace16wi
n.dll
2007-11-04
21:37 <REP> d-------- C:\WINDOWS\system32\bfubacku
ps
2007-11-04 21:20 <REP> d-------- C:\Navipromo
2007-11-04
21:08 25,600 --a------ C:\WINDOWS\system32\WS2Fix.
exe
2007-11-04
21:08 5,324 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-04
21:07 289,144 --a------ C:\WINDOWS\system32\VCCLSI
D.exe
2007-11-04
21:07 288,417 --a------ C:\WINDOWS\system32\SrchST
S.exe
2007-11-04
21:07 53,248 --a------ C:\WINDOWS\system32\Process
.exe
2007-11-04
21:07 51,200 --a------ C:\WINDOWS\system32\dumphiv
e.exe
2007-11-04 20:58 <REP> d-------- C:\Program Files\CCleaner
2007-11-04 20:04 <REP> d-------- C:\Program Files\Trend Micro
2007-11-04 14:03 <REP> d-------- C:\Documents and Settings\GRAFF\Shared
2007-11-04 14:03 <REP> d-------- C:\Documents and Settings\GRAFF\Incomplete
2007-11-04 14:03 <REP> d-------- C:\Documents and Settings\GRAFF\Application Data\LimeWire
2007-11-04 14:02 <REP> d-------- C:\Program Files\360Share Pro
2007-11-04 11:41 <REP> d-------- C:\Program Files\[u]0[/u]1-mp3search
2007-11-04
11:17 552 --a------ C:\WINDOWS\system32\d3d8caps.d
at
2007-11-04 10:45 <REP> d-------- C:\WINDOWS\system32\acespy
2007-11-04
09:08 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bi
n
2007-11-03 12:57 <REP> d-------- C:\Documents and Settings\GRAFF\Application Data\XINEK
2007-11-03 12:56 <REP> d-------- C:\WINDOWS\system32\log
2007-11-03 12:56 <REP> d-------- C:\Program Files\Xinek
2007-10-21 08:38 <REP> d-------- C:\Program Files\Dico TV5
2007-10-18 15:29 <REP> d-------- C:\Program Files\MP3 Player Utilities 3.5.02
2007-10-18 15:27 <REP> d-------- C:\Program Files\MP3 Player Utilities 4.13
2007-10-15 22:54 <REP> d-------- C:\Program Files\Alwil Software
2007-10-15 16:02 <REP> d-------- C:\Program Files\Poker Tracker V2
2007-10-15
16:02 87,280 --a------ C:\WINDOWS\system32\wsatrac
e.dll
2007-10-14 14:45 <REP> d-------- C:\Program Files\PacificPoker
2007-10-10
09:36 582,656 -----c--- C:\WINDOWS\system32\dllcac
he\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-04 22:17 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-04 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-28 22:18 --------- d-----w C:\Program Files\Google
2007-10-28 22:06 --------- d-----w C:\Program Files\Absolute Poker
2007-10-25 10:45 --------- d-----w C:\Program Files\OpenOffice.org1.1.0
2007-10-17 19:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-12 17:06 --------- d-----w C:\Program Files\MessengerDiscovery
2007-10-07 09:07 --------- d-----w C:\Program Files\Java
2007-10-03
21:23 805 ----a-w C:\WINDOWS\system32\drivers\SYME
VENT.INF
2007-10-03
21:23 10,740 ----a-w C:\WINDOWS\system32\drivers\S
YMEVENT.CAT
2007-10-02 16:41 --------- d-----w C:\Program Files\Norton Security Scan
2007-10-01 18:53 --------- d-----w C:\Program Files\Shareaza
2007-10-01 18:53 --------- d-----w C:\Documents and Settings\GRAFF\Application Data\Shareaza
2007-10-01 10:47 48,640 -c--a-w C:\Documents and Settings\GRAFF\timeseal.exe
2007-10-01 10:10 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-09-28 09:22 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-09-23 13:08 --------- d-----w C:\Program Files\Toox
2007-09-22 16:07 --------- d-----w C:\Documents and Settings\GRAFF\Application Data\Goto.Games
2007-09-21 10:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-21 10:22 --------- d-----w C:\Program Files\Full Tilt Poker
2007-09-21 10:22 --------- d-----w C:\Program Files\_uninstallation_info
2007-09-21 08:55 --------- d-----w C:\Program Files\Webshots
2007-09-20 10:31 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-09-20 10:29 --------- d-----w C:\Program Files\PowerPoint Viewer
2007-09-20 09:27 --------- d-----w C:\Documents and Settings\GRAFF\Application Data\Chessmaster Challenge
2007-09-19 20:47 --------- d-----w C:\Program Files\eMule
2007-09-19 20:46 --------- d-----w C:\Documents and Settings\GRAFF\Application Data\Lavasoft
2007-09-17 15:31 --------- d-----w C:\Program Files\Ludiclub
2007-07-21 11:37 108,238 -c--a-w C:\Documents and Settings\GRAFF\Application Data\mdb.bin
2006-05-18 09:00 38,025 -c--a-w C:\Program Files\ASTROLOGIE.htm
2004-12-17 19:46 219,535 -c--a-w C:\Program Files\DSC_0180.JPG
2004-03-28 12:11 1,244 -c--a-w C:\Documents and Settings\GRAFF\OOo_dictionary_list.dat
2006-03-04
13:02:26 56 -csh--r C:\WINDOWS\system32\5FD4205C67
.sys
2006-03-13
17:12:56 88 -csh--r C:\WINDOWS\system32\675C20D45F
.sys
2006-03-13
17:12:57 5,852 -csha-w C:\WINDOWS\system32\KGyGaAv
L.sys
(((((((((((((((((((((((((((((((( Point de chargement Reg
)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
- Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CEDDA62D-5FBE-4AB2-AE2E-5E069F444444}"= C:\Program Files\Dico TV5\MDTV5TB.dll [2007-09-11 16:19 802816]
[HKEY_CLASSES_ROOT\CLSID\{CEDDA62D-5FBE-4AB2-AE2E-
5E069F444444}]
[HKEY_CLASSES_ROOT\MDTV5Tb.IEToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{43C9998B-DB65-4F03-8C5
7-BBF146CCCCCC}]
[HKEY_CLASSES_ROOT\MDTV5Tb.IEToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-03 09:29]
"nwiz"="nwiz.exe" [2004-03-03 09:29 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll"
[2004-03-03 09:29]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 14:03 C:\WINDOWS\system32\TWEAKUI.CPL]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-10-03 09:09]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2004-10-05 18:13]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-07-27 07:49]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-17 11:21]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-04 23:33]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curr
entVersion\Run]
"EPSON Stylus Photo
890"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E
_S00IC2.exe" [2001-01-30 03:03]
"Livecom"="C:\PROGRA~1\Livecom\APPLIC~1\Communicat
ionAgent\CommunicationAgent.exe" [2006-03-20 15:54]
"swg"="C:\Program
Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go
ogleToolbarNotifier.exe" [2006-09-21 11:49]
"Windows Registry Repair Pro"="C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" [2005-09-07 14:01]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57]
[HKEY_USERS\.default\software\microsoft\windows\cu
rrentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
C:\Documents and Settings\GRAFF\Menu Démarrer\Programmes\Démarrage\
UltimateZip Quick Start.lnk - C:\Documents and
Settings\GRAFF\Bureau\Ultimatezip2\UltimateZip\uzq
kst.exe [2005-02-26 12:27:14]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-04-19 07:42:09]
C:\Documents and Settings\GRAFF\Menu Démarrer\Programmes\Démarrage\
UltimateZip Quick Start.lnk - C:\Documents and
Settings\GRAFF\Bureau\Ultimatezip2\UltimateZip\uzq
kst.exe [2005-02-26 12:27:14]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-04-19 07:42:09]
C:\Documents and Settings\GRAFF\Menu Démarrer\Programmes\Démarrage\
UltimateZip Quick Start.lnk - C:\Documents and
Settings\GRAFF\Bureau\Ultimatezip2\UltimateZip\uzq
kst.exe [2005-02-26 12:27:14]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-04-19 07:42:09]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
EPSON Status Monitor 3 Environment Check 2.lnk -
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0
2.EXE [2004-03-29 18:05:35]
Lancement rapide d´Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-01-17 11:23:25]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:
\\WINDOWS\\system32\\userinit.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^GRAFF^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 1.1.0.lnk]
path=C:\Program Files\OpenOffice.org1.1.0\OpenOffice.org 1.1.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 1.1.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\Winampa.exe"
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S4
Comidenu;Comidenu;C:\WINDOWS\system32\drivers\clas
spnp.sys
.
- ***********************************************
- *********************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-05 12:52:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
- ***********************************************
- *********************
.
Completion time: 2007-11-05 12:54:26 - machine was rebooted
.
--- E O F ---
- Aide à l'achat Mac
- Internet
- Macintosh
- Création de sites web
- Création de Jeux
- Linux
- Programmation
- Steam Deck
- Hardware