Pc devenu lent, besoin d'aide
Résolu/Fermé
lordyannuss
Messages postés
41
Date d'inscription
lundi 12 février 2007
Statut
Membre
Dernière intervention
22 mars 2009
-
12 févr. 2007 à 14:29
Nosstyle - 10 avril 2014 à 19:26
Nosstyle - 10 avril 2014 à 19:26
A voir également:
- Pc devenu lent, besoin d'aide
- Pc lent - Guide
- Benchmark pc - Guide
- Reinitialiser pc - Guide
- Whatsapp pc - Télécharger - Messagerie
- Double ecran pc - Guide
45 réponses
did71
Messages postés
2187
Date d'inscription
vendredi 24 mars 2006
Statut
Contributeur sécurité
Dernière intervention
30 janvier 2010
36
17 févr. 2007 à 23:51
17 févr. 2007 à 23:51
re,
les outils utilisés ici étaient spécifiques à tes infections!
ne pas les utiliser à tout va, tu peux les supprimer!
pour une meilleure protection, regarde ici:
https://forum.pcastuces.com/default.asp
tout est expliqué!
a+
les outils utilisés ici étaient spécifiques à tes infections!
ne pas les utiliser à tout va, tu peux les supprimer!
pour une meilleure protection, regarde ici:
https://forum.pcastuces.com/default.asp
tout est expliqué!
a+
did71
Messages postés
2187
Date d'inscription
vendredi 24 mars 2006
Statut
Contributeur sécurité
Dernière intervention
30 janvier 2010
36
12 févr. 2007 à 18:54
12 févr. 2007 à 18:54
Bonjour lordyannuss,
Télécharge ComboFix (par sUBs) d'un de ces liens sur ton bureau:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe
Double clique combofix.exe et suis les invites
Poste le rapport
a+
Télécharge ComboFix (par sUBs) d'un de ces liens sur ton bureau:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe
Double clique combofix.exe et suis les invites
Poste le rapport
a+
lordyannuss
Messages postés
41
Date d'inscription
lundi 12 février 2007
Statut
Membre
Dernière intervention
22 mars 2009
1
13 févr. 2007 à 23:24
13 févr. 2007 à 23:24
Merci pour cette réponse rapide!
Le problème c'est que je n'arrive pas à télécharger combofix.exe, que ce soit en ouvrant les liens ou en enregistrant la cible des liens. Mon navigateur c'est firefox. J'ai toujours les memes problèmes, pas d'amélioration...
Le problème c'est que je n'arrive pas à télécharger combofix.exe, que ce soit en ouvrant les liens ou en enregistrant la cible des liens. Mon navigateur c'est firefox. J'ai toujours les memes problèmes, pas d'amélioration...
did71
Messages postés
2187
Date d'inscription
vendredi 24 mars 2006
Statut
Contributeur sécurité
Dernière intervention
30 janvier 2010
36
13 févr. 2007 à 23:30
13 févr. 2007 à 23:30
re,
* Télécharge VundoFix.exe (par Atribune) sur ton Bureau:
http://www.atribune.org/public-beta/VundoFix.exe
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
a+
* Télécharge VundoFix.exe (par Atribune) sur ton Bureau:
http://www.atribune.org/public-beta/VundoFix.exe
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
a+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
lordyannuss
Messages postés
41
Date d'inscription
lundi 12 février 2007
Statut
Membre
Dernière intervention
22 mars 2009
1
14 févr. 2007 à 21:21
14 févr. 2007 à 21:21
re!
Voilà le rapport vundofix:
VundoFix V6.3.6
Checking Java version...
Java version is 1.4.2.5
Scan started at 21:03:17 14/02/2007
Listing files found while scanning....
C:\Documents and settings\Aurélie\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Aurélie\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\system32\byxxvsr.dll
C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\fhkmp.bak2
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fxvcwvae.exe
C:\WINDOWS\system32\ngucxelk.dll
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\vtussrr.dll
Beginning removal...
Attempting to delete C:\Documents and settings\Aurélie\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Aurélie\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!
Attempting to delete C:\Documents and settings\Aurélie\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Aurélie\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!
Attempting to delete C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\Program Files\VSAdd-in\VSAdd-in.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxxvsr.dll
C:\WINDOWS\system32\byxxvsr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\fhkmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\fhkmp.bak2
C:\WINDOWS\system32\fhkmp.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\fxvcwvae.exe
C:\WINDOWS\system32\fxvcwvae.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ngucxelk.dll
C:\WINDOWS\system32\ngucxelk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\pmkhf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtussrr.dll
C:\WINDOWS\system32\vtussrr.dll Has been deleted!
Performing Repairs to the registry.
Done!
...et le nouveau rapport hijackthis...
Logfile of HijackThis v1.99.1
Scan saved at 21:15:32, on 14/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soi-katoey.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C60A3C7-58BD-4E68-9C56-3F90C4472F6C} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\ngucxelk.dll (file missing)
O2 - BHO: (no name) - {C0982322-2A6C-4022-92F1-C7CB9F86DCC8} - C:\WINDOWS\system32\vtussrr.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\systu2.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Merci encore pour ton aide!
Voilà le rapport vundofix:
VundoFix V6.3.6
Checking Java version...
Java version is 1.4.2.5
Scan started at 21:03:17 14/02/2007
Listing files found while scanning....
C:\Documents and settings\Aurélie\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Aurélie\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\system32\byxxvsr.dll
C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\fhkmp.bak2
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fxvcwvae.exe
C:\WINDOWS\system32\ngucxelk.dll
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\vtussrr.dll
Beginning removal...
Attempting to delete C:\Documents and settings\Aurélie\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Aurélie\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!
Attempting to delete C:\Documents and settings\Aurélie\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Aurélie\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!
Attempting to delete C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\Program Files\VSAdd-in\VSAdd-in.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxxvsr.dll
C:\WINDOWS\system32\byxxvsr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\fhkmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\fhkmp.bak2
C:\WINDOWS\system32\fhkmp.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\fxvcwvae.exe
C:\WINDOWS\system32\fxvcwvae.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ngucxelk.dll
C:\WINDOWS\system32\ngucxelk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\pmkhf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtussrr.dll
C:\WINDOWS\system32\vtussrr.dll Has been deleted!
Performing Repairs to the registry.
Done!
...et le nouveau rapport hijackthis...
Logfile of HijackThis v1.99.1
Scan saved at 21:15:32, on 14/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soi-katoey.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C60A3C7-58BD-4E68-9C56-3F90C4472F6C} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\ngucxelk.dll (file missing)
O2 - BHO: (no name) - {C0982322-2A6C-4022-92F1-C7CB9F86DCC8} - C:\WINDOWS\system32\vtussrr.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\systu2.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Merci encore pour ton aide!
did71
Messages postés
2187
Date d'inscription
vendredi 24 mars 2006
Statut
Contributeur sécurité
Dernière intervention
30 janvier 2010
36
14 févr. 2007 à 21:29
14 févr. 2007 à 21:29
Bonsoir,
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
Redémarre ton ordinateur
Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
Choisis ton compte.
Déroule la liste des instructions ci-dessous :
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
a+
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
Redémarre ton ordinateur
Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
Choisis ton compte.
Déroule la liste des instructions ci-dessous :
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
a+
lordyannuss
Messages postés
41
Date d'inscription
lundi 12 février 2007
Statut
Membre
Dernière intervention
22 mars 2009
1
14 févr. 2007 à 22:28
14 févr. 2007 à 22:28
re
voilà le rapport SDfix:
SDFix: Version 1.65
Run by: Aur‚lie - 14/02/2007 @ 22:13:32,78
Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\Aur‚lie\Bureau\SDFix
Safe Mode:
Checking Services:
Name:
Path:
Restoring Windows Registry Entries
Restoring Default Hosts File
Killing PID 204 'smss.exe'
Killing PID 276 'winlogon.exe'
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\system32\ctpmom.exe.exe - Deleted
C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp\aax3D.tmp.exe - Deleted
C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp\autorun.inf - Deleted
C:\WINDOWS\system32\ctpmon.exe - Deleted
C:\WINDOWS\system32\rpcc.dll - Deleted
C:\WINDOWS\system32\svchosts.exe - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted
ADS Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\dawn of war\\W40k.exe"="D:\\dawn of war\\W40k.exe:*:Enabled:W40K"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\dawn of war\\W40k.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\dawn of war\\W40k.exe:*:Enabled:W40K"
"C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\Infogrames\\Civilization III\\Civilization3.exe"="C:\\Program Files\\Infogrames\\Civilization III\\Civilization3.exe:*:Enabled:Civilization3"
"C:\\Program Files\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe"="C:\\Program Files\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe:*:Enabled:Empires_DMW"
"C:\\Program Files\\Infogrames\\Civilization III\\Conquests\\Civ3Conquests.exe"="C:\\Program Files\\Infogrames\\Civilization III\\Conquests\\Civ3Conquests.exe:*:Enabled:Civ3Conquests"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WoW-Intro-enUS-downloader.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WoW-Intro-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccmain.exe"="C:\\Program Files\\Trend Micro\\Internet Security 12\\pccmain.exe:*:Enabled:Trend Micro PC-cillin Internet Security 12"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WOW_Coke-downloader.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WOW_Coke-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Infogrames\\Civilization III\\Civ3PTW\\Civilization3X.exe"="C:\\Program Files\\Infogrames\\Civilization III\\Civ3PTW\\Civilization3X.exe:*:Enabled:Civilization3Xd"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Jedi knight academy\\GameData\\jamp.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Jedi knight academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\dawn of war\\W40k.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\dawn of war\\W40k.exe:*:Enabled:W40K"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\VLC\\vlc.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Documents and Settings\\Aurélie\\Bureau\\IncrediMail\\bin\\IncMail.exe"="C:\\Documents and Settings\\Aurélie\\Bureau\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Downloads\\tnet_fr\\TetriNET fr.exe"="C:\\Downloads\\tnet_fr\\TetriNET fr.exe:*:Enabled:TetriNET fr"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\deathmatch classic\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\deathmatch classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\77exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\77exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\58exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\58exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\42exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\42exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\22exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\22exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\47exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\47exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\70exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\70exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\10exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\10exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\15exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\15exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\51exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\51exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\31exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\31exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\65exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\65exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\99exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\99exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\53exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\53exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\AURLIE~1\Bureau\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\WINDOWS\system32\systu2.dll
C:\Documents and Settings\Aur‚lie\Local Settings\Temp\~33.tmp
C:\Documents and Settings\Aur‚lie\Local Settings\Temp\R‚pertoire temporaire 3 pour neko98_4.zip\NEKO98.GID
Finished
et le nouvel hikackthis:
Logfile of HijackThis v1.99.1
Scan saved at 22:27:59, on 14/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soi-katoey.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C60A3C7-58BD-4E68-9C56-3F90C4472F6C} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\ngucxelk.dll (file missing)
O2 - BHO: (no name) - {C0982322-2A6C-4022-92F1-C7CB9F86DCC8} - C:\WINDOWS\system32\vtussrr.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\systu2.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
voilà le rapport SDfix:
SDFix: Version 1.65
Run by: Aur‚lie - 14/02/2007 @ 22:13:32,78
Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\Aur‚lie\Bureau\SDFix
Safe Mode:
Checking Services:
Name:
Path:
Restoring Windows Registry Entries
Restoring Default Hosts File
Killing PID 204 'smss.exe'
Killing PID 276 'winlogon.exe'
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\system32\ctpmom.exe.exe - Deleted
C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp\aax3D.tmp.exe - Deleted
C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp\autorun.inf - Deleted
C:\WINDOWS\system32\ctpmon.exe - Deleted
C:\WINDOWS\system32\rpcc.dll - Deleted
C:\WINDOWS\system32\svchosts.exe - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted
ADS Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\dawn of war\\W40k.exe"="D:\\dawn of war\\W40k.exe:*:Enabled:W40K"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\dawn of war\\W40k.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\dawn of war\\W40k.exe:*:Enabled:W40K"
"C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\Infogrames\\Civilization III\\Civilization3.exe"="C:\\Program Files\\Infogrames\\Civilization III\\Civilization3.exe:*:Enabled:Civilization3"
"C:\\Program Files\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe"="C:\\Program Files\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe:*:Enabled:Empires_DMW"
"C:\\Program Files\\Infogrames\\Civilization III\\Conquests\\Civ3Conquests.exe"="C:\\Program Files\\Infogrames\\Civilization III\\Conquests\\Civ3Conquests.exe:*:Enabled:Civ3Conquests"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WoW-Intro-enUS-downloader.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WoW-Intro-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccmain.exe"="C:\\Program Files\\Trend Micro\\Internet Security 12\\pccmain.exe:*:Enabled:Trend Micro PC-cillin Internet Security 12"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WOW_Coke-downloader.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WOW_Coke-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Infogrames\\Civilization III\\Civ3PTW\\Civilization3X.exe"="C:\\Program Files\\Infogrames\\Civilization III\\Civ3PTW\\Civilization3X.exe:*:Enabled:Civilization3Xd"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Jedi knight academy\\GameData\\jamp.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Jedi knight academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\dawn of war\\W40k.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\dawn of war\\W40k.exe:*:Enabled:W40K"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\VLC\\vlc.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Documents and Settings\\Aurélie\\Bureau\\IncrediMail\\bin\\IncMail.exe"="C:\\Documents and Settings\\Aurélie\\Bureau\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Downloads\\tnet_fr\\TetriNET fr.exe"="C:\\Downloads\\tnet_fr\\TetriNET fr.exe:*:Enabled:TetriNET fr"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\deathmatch classic\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\deathmatch classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\77exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\77exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\58exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\58exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\42exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\42exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\22exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\22exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\47exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\47exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\70exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\70exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\10exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\10exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\15exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\15exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\51exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\51exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\31exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\31exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\65exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\65exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\99exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\99exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\53exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\53exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\AURLIE~1\Bureau\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\WINDOWS\system32\systu2.dll
C:\Documents and Settings\Aur‚lie\Local Settings\Temp\~33.tmp
C:\Documents and Settings\Aur‚lie\Local Settings\Temp\R‚pertoire temporaire 3 pour neko98_4.zip\NEKO98.GID
Finished
et le nouvel hikackthis:
Logfile of HijackThis v1.99.1
Scan saved at 22:27:59, on 14/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soi-katoey.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C60A3C7-58BD-4E68-9C56-3F90C4472F6C} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\ngucxelk.dll (file missing)
O2 - BHO: (no name) - {C0982322-2A6C-4022-92F1-C7CB9F86DCC8} - C:\WINDOWS\system32\vtussrr.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\systu2.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
did71
Messages postés
2187
Date d'inscription
vendredi 24 mars 2006
Statut
Contributeur sécurité
Dernière intervention
30 janvier 2010
36
14 févr. 2007 à 22:31
14 févr. 2007 à 22:31
re,
maintenant, tu peux charger combofix?
a+
maintenant, tu peux charger combofix?
a+
lordyannuss
Messages postés
41
Date d'inscription
lundi 12 février 2007
Statut
Membre
Dernière intervention
22 mars 2009
1
14 févr. 2007 à 22:40
14 févr. 2007 à 22:40
Oui je te poste le rapport le plus vite possible, à noter que le pc marche beaucoup mieux!
lordyannuss
Messages postés
41
Date d'inscription
lundi 12 février 2007
Statut
Membre
Dernière intervention
22 mars 2009
1
14 févr. 2007 à 22:47
14 févr. 2007 à 22:47
Voilà le rapport combofix:
"Aur‚lie" - 07-02-14 22:39:18 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Aur‚lie\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Ipwindows\ipwins.dll
C:\WINDOWS\system32\unsvchosts.exe
C:\INSTALL.LOG
C:\secure32.html
C:\Program Files\Fichiers communs\{1CDFC~1
C:\Program Files\Fichiers communs\{1CDFC~2
C:\DOCUME~1\AURLIE~1\Application Data\SearchToolbarCorp
C:\Program Files\Ipwindows
C:\Program Files\VSAdd-in
((((((((((((((((((((((((((((((( Files Created from 2007-01-14 to 2007-02-14 ))))))))))))))))))))))))))))))))))
2007-02-14 22:06 <REP> d-------- C:\SDFix
2007-02-14 21:03 <REP> d-------- C:\VundoFix Backups
2007-02-13 20:01 <REP> d-------- C:\WINDOWS\AU_Temp
2007-02-12 20:50 <REP> d-------- C:\Program Files\MSN Messenger
2007-02-12 16:11 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-02-12 16:11 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-02-12 16:11 229,957 --a------ C:\WINDOWS\tsc.exe
2007-02-12 16:11 1,101,904 --a------ C:\WINDOWS\vsapi32.dll
2007-02-12 16:11 <REP> d-------- C:\WINDOWS\report
2007-02-12 16:11 <REP> d-------- C:\WINDOWS\AU_Backup
2007-02-12 16:10 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-02-12 16:10 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-02-12 16:10 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-02-12 16:10 <REP> d-------- C:\WINDOWS\AU_Log
2007-02-12 16:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-02-11 23:56 <REP> d-------- C:\Program Files\a-squared Free
2007-02-11 23:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2007-02-11 18:28 <REP> d--h----- C:\Program Files\Fichiers communs\Uninstall Information
2007-02-11 12:25 621,182 --a------ C:\WINDOWS\system32\RegistryCleanerSetup.exe
2007-02-11 12:23 4,096 -rah----- C:\WINDOWS\system32\systu2.dll
2007-02-11 12:22 49,152 --a------ C:\buqp.exe
2007-02-11 12:21 314,494 --a------ C:\Program Files\serial.dat
2007-02-11 00:50 646,392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-02-10 13:37 1,596 --ah----- C:\hpothb07.dat
2007-02-02 17:47 111,429 --a------ C:\WINDOWS\dr.exe
2007-02-02 17:47 111,429 --a------ C:\my.exe
2007-02-02 17:47 111,429 --a------ C:\documents.exe
2007-02-02 01:01 3,977 --a------ C:\Program Files\user32.exe
2007-01-20 18:46 <REP> d-------- C:\Program Files\GALA-NET
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-14 22:38 -------- d-------- C:\Program Files\mozilla firefox
2007-02-14 11:27 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\the bat!
2007-02-13 21:38 -------- d-------- C:\Program Files\warcraft iii
2007-02-13 21:24 91718 --a------ C:\WINDOWS\war3unin.dat
2007-02-12 20:37 -------- d--h----- C:\Program Files\installshield installation information
2007-02-12 18:51 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\my games
2007-02-12 15:30 -------- d-------- C:\Program Files\divx
2007-02-12 00:12 1036288 --a------ C:\WINDOWS\explorer.exe
2007-02-11 23:26 -------- d---s---- C:\DOCUME~1\AURLIE~1\Application Data\microsoft
2007-02-11 16:14 -------- d-------- C:\Program Files\emule
2007-02-11 12:22 314494 --a------ C:\Program Files\serial.zip
2007-02-11 12:22 -------- d-------- C:\Program Files\winamp
2007-02-03 23:44 -------- d-------- C:\Program Files\webtarot
2007-02-02 17:47 111429 --a------ C:\Program Files\dr.exe~
2007-01-20 20:42 -------- d-------- C:\Program Files\pariah
2007-01-19 18:42 -------- d-------- C:\Program Files\videolan
2007-01-16 22:30 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\adobe
2007-01-11 18:53 -------- d-------- C:\Program Files\gdho
2007-01-05 21:12 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\vlc
2007-01-03 20:48 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\gtopala
2006-12-28 14:54 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll
2006-12-26 14:25 -------- d-------- C:\Program Files\teamspeak2_rc2
2006-12-26 14:25 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\teamspeak2
2006-12-23 19:28 -------- d-------- C:\Program Files\Fichiers communs\avsmedia
2006-12-23 19:27 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\avsmedia
2006-12-23 19:26 -------- d-------- C:\Program Files\avsmedia
2006-12-20 19:19 -------- d-------- C:\Program Files\hacker
2006-12-15 19:03 -------- d-------- C:\Program Files\valve
2006-11-30 18:42 535 --a------ C:\WINDOWS\ereg.dat
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"IncrediMail"="C:\\PROGRA~1\\INCRED~1\\bin\\IncMail.exe /c"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"Steam"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"Device Detector"="DevDetect.exe -autorun"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
"012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678"="C:\\Program Files\\user32.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AudioDeck.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\AudioDeck.lnk"
"backup"="C:\\WINDOWS\\pss\\AudioDeck.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\VIATEC~1\\VIAAUD~1\\AUDIOD~1\\AUDIOD~1.EXE -min"
"item"="AudioDeck"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pccguide"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\WINDOWS\system32\systu2.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C0982322-2A6C-4022-92F1-C7CB9F86DCC8}"=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{896ca478-b962-11db-8e7e-0011096048dc}]
Shell\AutoRun\command E:\autorun.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1113397553.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1123059668.job
C:\WINDOWS\tasks\WebReg 20070119232807.job
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-14 22:42:34
et un hijackthis, si besoin:
Logfile of HijackThis v1.99.1
Scan saved at 22:45:51, on 14/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C60A3C7-58BD-4E68-9C56-3F90C4472F6C} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\ngucxelk.dll (file missing)
O2 - BHO: (no name) - {C0982322-2A6C-4022-92F1-C7CB9F86DCC8} - C:\WINDOWS\system32\vtussrr.dll (file missing)
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\systu2.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
"Aur‚lie" - 07-02-14 22:39:18 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Aur‚lie\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Ipwindows\ipwins.dll
C:\WINDOWS\system32\unsvchosts.exe
C:\INSTALL.LOG
C:\secure32.html
C:\Program Files\Fichiers communs\{1CDFC~1
C:\Program Files\Fichiers communs\{1CDFC~2
C:\DOCUME~1\AURLIE~1\Application Data\SearchToolbarCorp
C:\Program Files\Ipwindows
C:\Program Files\VSAdd-in
((((((((((((((((((((((((((((((( Files Created from 2007-01-14 to 2007-02-14 ))))))))))))))))))))))))))))))))))
2007-02-14 22:06 <REP> d-------- C:\SDFix
2007-02-14 21:03 <REP> d-------- C:\VundoFix Backups
2007-02-13 20:01 <REP> d-------- C:\WINDOWS\AU_Temp
2007-02-12 20:50 <REP> d-------- C:\Program Files\MSN Messenger
2007-02-12 16:11 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-02-12 16:11 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-02-12 16:11 229,957 --a------ C:\WINDOWS\tsc.exe
2007-02-12 16:11 1,101,904 --a------ C:\WINDOWS\vsapi32.dll
2007-02-12 16:11 <REP> d-------- C:\WINDOWS\report
2007-02-12 16:11 <REP> d-------- C:\WINDOWS\AU_Backup
2007-02-12 16:10 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-02-12 16:10 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-02-12 16:10 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-02-12 16:10 <REP> d-------- C:\WINDOWS\AU_Log
2007-02-12 16:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-02-11 23:56 <REP> d-------- C:\Program Files\a-squared Free
2007-02-11 23:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2007-02-11 18:28 <REP> d--h----- C:\Program Files\Fichiers communs\Uninstall Information
2007-02-11 12:25 621,182 --a------ C:\WINDOWS\system32\RegistryCleanerSetup.exe
2007-02-11 12:23 4,096 -rah----- C:\WINDOWS\system32\systu2.dll
2007-02-11 12:22 49,152 --a------ C:\buqp.exe
2007-02-11 12:21 314,494 --a------ C:\Program Files\serial.dat
2007-02-11 00:50 646,392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-02-10 13:37 1,596 --ah----- C:\hpothb07.dat
2007-02-02 17:47 111,429 --a------ C:\WINDOWS\dr.exe
2007-02-02 17:47 111,429 --a------ C:\my.exe
2007-02-02 17:47 111,429 --a------ C:\documents.exe
2007-02-02 01:01 3,977 --a------ C:\Program Files\user32.exe
2007-01-20 18:46 <REP> d-------- C:\Program Files\GALA-NET
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-14 22:38 -------- d-------- C:\Program Files\mozilla firefox
2007-02-14 11:27 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\the bat!
2007-02-13 21:38 -------- d-------- C:\Program Files\warcraft iii
2007-02-13 21:24 91718 --a------ C:\WINDOWS\war3unin.dat
2007-02-12 20:37 -------- d--h----- C:\Program Files\installshield installation information
2007-02-12 18:51 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\my games
2007-02-12 15:30 -------- d-------- C:\Program Files\divx
2007-02-12 00:12 1036288 --a------ C:\WINDOWS\explorer.exe
2007-02-11 23:26 -------- d---s---- C:\DOCUME~1\AURLIE~1\Application Data\microsoft
2007-02-11 16:14 -------- d-------- C:\Program Files\emule
2007-02-11 12:22 314494 --a------ C:\Program Files\serial.zip
2007-02-11 12:22 -------- d-------- C:\Program Files\winamp
2007-02-03 23:44 -------- d-------- C:\Program Files\webtarot
2007-02-02 17:47 111429 --a------ C:\Program Files\dr.exe~
2007-01-20 20:42 -------- d-------- C:\Program Files\pariah
2007-01-19 18:42 -------- d-------- C:\Program Files\videolan
2007-01-16 22:30 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\adobe
2007-01-11 18:53 -------- d-------- C:\Program Files\gdho
2007-01-05 21:12 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\vlc
2007-01-03 20:48 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\gtopala
2006-12-28 14:54 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll
2006-12-26 14:25 -------- d-------- C:\Program Files\teamspeak2_rc2
2006-12-26 14:25 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\teamspeak2
2006-12-23 19:28 -------- d-------- C:\Program Files\Fichiers communs\avsmedia
2006-12-23 19:27 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\avsmedia
2006-12-23 19:26 -------- d-------- C:\Program Files\avsmedia
2006-12-20 19:19 -------- d-------- C:\Program Files\hacker
2006-12-15 19:03 -------- d-------- C:\Program Files\valve
2006-11-30 18:42 535 --a------ C:\WINDOWS\ereg.dat
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"IncrediMail"="C:\\PROGRA~1\\INCRED~1\\bin\\IncMail.exe /c"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"Steam"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"Device Detector"="DevDetect.exe -autorun"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
"012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678"="C:\\Program Files\\user32.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AudioDeck.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\AudioDeck.lnk"
"backup"="C:\\WINDOWS\\pss\\AudioDeck.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\VIATEC~1\\VIAAUD~1\\AUDIOD~1\\AUDIOD~1.EXE -min"
"item"="AudioDeck"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pccguide"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\WINDOWS\system32\systu2.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C0982322-2A6C-4022-92F1-C7CB9F86DCC8}"=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{896ca478-b962-11db-8e7e-0011096048dc}]
Shell\AutoRun\command E:\autorun.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1113397553.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1123059668.job
C:\WINDOWS\tasks\WebReg 20070119232807.job
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-14 22:42:34
et un hijackthis, si besoin:
Logfile of HijackThis v1.99.1
Scan saved at 22:45:51, on 14/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C60A3C7-58BD-4E68-9C56-3F90C4472F6C} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\ngucxelk.dll (file missing)
O2 - BHO: (no name) - {C0982322-2A6C-4022-92F1-C7CB9F86DCC8} - C:\WINDOWS\system32\vtussrr.dll (file missing)
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\systu2.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
did71
Messages postés
2187
Date d'inscription
vendredi 24 mars 2006
Statut
Contributeur sécurité
Dernière intervention
30 janvier 2010
36
14 févr. 2007 à 23:00
14 févr. 2007 à 23:00
re,
et bien c'est pas trop mal!
combo a viré encore beaucoup de saletés dont ipwins que j'attendais depuis le début!
maintenant, Télécharge clean.zip
http://www2.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 1.
Poste le rapport qui se trouve ici C:\rapport_clean.txt
a+
et bien c'est pas trop mal!
combo a viré encore beaucoup de saletés dont ipwins que j'attendais depuis le début!
maintenant, Télécharge clean.zip
http://www2.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 1.
Poste le rapport qui se trouve ici C:\rapport_clean.txt
a+
lordyannuss
Messages postés
41
Date d'inscription
lundi 12 février 2007
Statut
Membre
Dernière intervention
22 mars 2009
1
14 févr. 2007 à 23:06
14 févr. 2007 à 23:06
Voilà le rapport!
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 14/02/2007 a 23:05:43,28
*** Recherche de fichiers sur C:
C:\documents.exe FOUND
C:\my.exe FOUND
C:\unwise.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\dr.exe FOUND
C:\WINDOWS\patcher.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\RegistryCleanerSetup.exe FOUND
C:\WINDOWS\system32\RegistryCleanerSetup.exe FOUND
C:\WINDOWS\system32\SpoonUninstall.exe FOUND
"C:\Program Files\serial.zip" FOUND
"C:\Program Files\serial.dat" FOUND
"C:\Program Files\serial.zip" FOUND
"C:\Program Files\user32.exe" FOUND
"C:\Program Files\patcher.exe" FOUND
C:\PROGRA~1\UNIVER~1\ FOUND
*** Fin du rapport !
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 14/02/2007 a 23:05:43,28
*** Recherche de fichiers sur C:
C:\documents.exe FOUND
C:\my.exe FOUND
C:\unwise.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\dr.exe FOUND
C:\WINDOWS\patcher.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\RegistryCleanerSetup.exe FOUND
C:\WINDOWS\system32\RegistryCleanerSetup.exe FOUND
C:\WINDOWS\system32\SpoonUninstall.exe FOUND
"C:\Program Files\serial.zip" FOUND
"C:\Program Files\serial.dat" FOUND
"C:\Program Files\serial.zip" FOUND
"C:\Program Files\user32.exe" FOUND
"C:\Program Files\patcher.exe" FOUND
C:\PROGRA~1\UNIVER~1\ FOUND
*** Fin du rapport !
did71
Messages postés
2187
Date d'inscription
vendredi 24 mars 2006
Statut
Contributeur sécurité
Dernière intervention
30 janvier 2010
36
14 févr. 2007 à 23:14
14 févr. 2007 à 23:14
re,
relance cleanzip,
Choisis cette fois l'option 2!
Poste le rapport ensuite
a+
relance cleanzip,
Choisis cette fois l'option 2!
Poste le rapport ensuite
a+
lordyannuss
Messages postés
41
Date d'inscription
lundi 12 février 2007
Statut
Membre
Dernière intervention
22 mars 2009
1
14 févr. 2007 à 23:20
14 févr. 2007 à 23:20
Script execute en mode normal
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 14/02/2007 a 23:18:04,65
Microsoft Windows XP [version 5.1.2600]
*** Suppression de fichiers sur C:
tentative de suppression de C:\documents.exe
tentative de suppression de C:\my.exe
tentative de suppression de C:\unwise.exe
*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\dr.exe
tentative de suppression de C:\WINDOWS\patcher.exe
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\RegistryCleanerSetup.exe
tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe
tentative de suppression de "C:\Program Files\serial.zip"
tentative de suppression de "C:\Program Files\serial.dat"
tentative de suppression de "C:\Program Files\user32.exe"
tentative de suppression de "C:\Program Files\patcher.exe"
tentative de suppression de C:\PROGRA~1\UNIVER~1\
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Peut-etre je ferai mieux de refaire en mode sans échec?
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 14/02/2007 a 23:18:04,65
Microsoft Windows XP [version 5.1.2600]
*** Suppression de fichiers sur C:
tentative de suppression de C:\documents.exe
tentative de suppression de C:\my.exe
tentative de suppression de C:\unwise.exe
*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\dr.exe
tentative de suppression de C:\WINDOWS\patcher.exe
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\RegistryCleanerSetup.exe
tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe
tentative de suppression de "C:\Program Files\serial.zip"
tentative de suppression de "C:\Program Files\serial.dat"
tentative de suppression de "C:\Program Files\user32.exe"
tentative de suppression de "C:\Program Files\patcher.exe"
tentative de suppression de C:\PROGRA~1\UNIVER~1\
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Peut-etre je ferai mieux de refaire en mode sans échec?
did71
Messages postés
2187
Date d'inscription
vendredi 24 mars 2006
Statut
Contributeur sécurité
Dernière intervention
30 janvier 2010
36
14 févr. 2007 à 23:24
14 févr. 2007 à 23:24
re,
non,non!
repasse cleanzip en mode normal, option1!
poste le rapport!
a+
non,non!
repasse cleanzip en mode normal, option1!
poste le rapport!
a+
lordyannuss
Messages postés
41
Date d'inscription
lundi 12 février 2007
Statut
Membre
Dernière intervention
22 mars 2009
1
14 févr. 2007 à 23:25
14 févr. 2007 à 23:25
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 14/02/2007 a 23:24:44,34
*** Recherche de fichiers sur C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Fin du rapport !
On dirait qu'il n'y a rien :) !
Option 1, executee le 14/02/2007 a 23:24:44,34
*** Recherche de fichiers sur C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Fin du rapport !
On dirait qu'il n'y a rien :) !
did71
Messages postés
2187
Date d'inscription
vendredi 24 mars 2006
Statut
Contributeur sécurité
Dernière intervention
30 janvier 2010
36
14 févr. 2007 à 23:31
14 févr. 2007 à 23:31
re,
oui, c'est propre!
on va passer un scan en ligne pour vérifier!
ça peut paraître long mais nécessaire!
passe ce scan ici:
http://www.bitdefender.fr/scan8/ie.html
poste le rapport bitdefender ensuite
a+
oui, c'est propre!
on va passer un scan en ligne pour vérifier!
ça peut paraître long mais nécessaire!
passe ce scan ici:
http://www.bitdefender.fr/scan8/ie.html
poste le rapport bitdefender ensuite
a+
lordyannuss
Messages postés
41
Date d'inscription
lundi 12 février 2007
Statut
Membre
Dernière intervention
22 mars 2009
1
15 févr. 2007 à 02:01
15 févr. 2007 à 02:01
voilà le rapport du scan:
Scanned File
Status
C:\buqp.exe
Infected with: Trojan.Dropper.FakeAlert.C
C:\buqp.exe
Disinfection failed
C:\buqp.exe
Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\131[1].net=>(NSIS o)=>lzma_solid_nsis0002
Detected with: Adware.Softomate.D
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\131[1].net=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\131[1].net=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\131[1].net=>(NSIS o)
Update failed
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\hvwezdygyg[1].htm
Infected with: Trojan.Dropper.FakeAlert.C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\hvwezdygyg[1].htm
Disinfection failed
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\hvwezdygyg[1].htm
Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QF492R\secure32[1].htm
Infected with: Trojan.SpySheriff.C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QF492R\secure32[1].htm
Disinfection failed
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QF492R\secure32[1].htm
Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QF492R\uxyroof[1].txt
Infected with: DeepScan:Generic.Malware.SMN!dldg.3A42812D
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QF492R\uxyroof[1].txt
Disinfection failed
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QF492R\uxyroof[1].txt
Deleted
C:\Program Files\dr.exe~
Infected with: Trojan.Downloader.Agent.AWX
C:\Program Files\dr.exe~
Disinfection failed
C:\Program Files\dr.exe~
Deleted
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/ctpmom.exe.exe
Suspected of: Generic.Malware.Sdld.994F7195
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/ctpmom.exe.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/ctpmom.exe.exe
Deleted
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip
Updated
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/ctpmon.exe
Infected with: Trojan.FakeAlert.DM
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/ctpmon.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/ctpmon.exe
Deleted
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip
Updated
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/rpcc.dll
Infected with: DeepScan:Generic.Malware.SMN!dldg.929E57FC
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/rpcc.dll
Disinfection failed
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/rpcc.dll
Deleted
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip
Updated
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/svchosts.exe
Infected with: Trojan.Downloader.Agent.AWX
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/svchosts.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/svchosts.exe
Deleted
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip
Updated
C:\VundoFix Backups\byxxvsr.dll.bad
Infected with: DeepScan:Generic.Malware.SYddldg.E6B69DEA
C:\VundoFix Backups\byxxvsr.dll.bad
Disinfection failed
C:\VundoFix Backups\byxxvsr.dll.bad
Deleted
C:\VundoFix Backups\fxvcwvae.exe.bad
Infected with: Trojan.Agent.ACL
C:\VundoFix Backups\fxvcwvae.exe.bad
Disinfection failed
C:\VundoFix Backups\fxvcwvae.exe.bad
Deleted
C:\VundoFix Backups\ngucxelk.dll.bad
Infected with: Trojan.Juan.E
C:\VundoFix Backups\ngucxelk.dll.bad
Disinfection failed
C:\VundoFix Backups\ngucxelk.dll.bad
Deleted
C:\VundoFix Backups\pmkhf.dll.bad
Infected with: MemScan:Trojan.Vundo.AA
C:\VundoFix Backups\pmkhf.dll.bad
Disinfection failed
C:\VundoFix Backups\pmkhf.dll.bad
Deleted
C:\VundoFix Backups\VSAdd-in.dll.bad
Infected with: Trojan.Agent.ACL
C:\VundoFix Backups\VSAdd-in.dll.bad
Disinfection failed
C:\VundoFix Backups\VSAdd-in.dll.bad
Deleted
C:\VundoFix Backups\vtussrr.dll.bad
Infected with: DeepScan:Generic.Malware.SYddldg.E6B69DEA
C:\VundoFix Backups\vtussrr.dll.bad
Disinfection failed
C:\VundoFix Backups\vtussrr.dll.bad
Deleted
C:\WINDOWS\system\smss.exe~
Infected with: DeepScan:Generic.Horst.72F6A175
C:\WINDOWS\system\smss.exe~
Disinfection failed
C:\WINDOWS\system\smss.exe~
Deleted
C:\WINDOWS\system32\abeymheu.dll_tobedeleted
Infected with: Trojan.Spy.VBStat.B
C:\WINDOWS\system32\abeymheu.dll_tobedeleted
Deleted
C:\WINDOWS\system32\secure32.html
Infected with: Trojan.SpySheriff.C
C:\WINDOWS\system32\secure32.html
Disinfection failed
C:\WINDOWS\system32\secure32.html
Deleted
I:\Logiciels\Reste\MailWasher Pro 4.1.9 FR + Crack\Mail Waher Pro Crack.exe
Infected with: Trojan.Regpat.A
I:\Logiciels\Reste\MailWasher Pro 4.1.9 FR + Crack\Mail Waher Pro Crack.exe
Disinfection failed
I:\Logiciels\Reste\MailWasher Pro 4.1.9 FR + Crack\Mail Waher Pro Crack.exe
Deleted
Scanned File
Status
C:\buqp.exe
Infected with: Trojan.Dropper.FakeAlert.C
C:\buqp.exe
Disinfection failed
C:\buqp.exe
Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\131[1].net=>(NSIS o)=>lzma_solid_nsis0002
Detected with: Adware.Softomate.D
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\131[1].net=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\131[1].net=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\131[1].net=>(NSIS o)
Update failed
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\hvwezdygyg[1].htm
Infected with: Trojan.Dropper.FakeAlert.C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\hvwezdygyg[1].htm
Disinfection failed
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\hvwezdygyg[1].htm
Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QF492R\secure32[1].htm
Infected with: Trojan.SpySheriff.C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QF492R\secure32[1].htm
Disinfection failed
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QF492R\secure32[1].htm
Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QF492R\uxyroof[1].txt
Infected with: DeepScan:Generic.Malware.SMN!dldg.3A42812D
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QF492R\uxyroof[1].txt
Disinfection failed
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QF492R\uxyroof[1].txt
Deleted
C:\Program Files\dr.exe~
Infected with: Trojan.Downloader.Agent.AWX
C:\Program Files\dr.exe~
Disinfection failed
C:\Program Files\dr.exe~
Deleted
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/ctpmom.exe.exe
Suspected of: Generic.Malware.Sdld.994F7195
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/ctpmom.exe.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/ctpmom.exe.exe
Deleted
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip
Updated
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/ctpmon.exe
Infected with: Trojan.FakeAlert.DM
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/ctpmon.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/ctpmon.exe
Deleted
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip
Updated
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/rpcc.dll
Infected with: DeepScan:Generic.Malware.SMN!dldg.929E57FC
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/rpcc.dll
Disinfection failed
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/rpcc.dll
Deleted
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip
Updated
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/svchosts.exe
Infected with: Trojan.Downloader.Agent.AWX
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/svchosts.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/svchosts.exe
Deleted
C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip
Updated
C:\VundoFix Backups\byxxvsr.dll.bad
Infected with: DeepScan:Generic.Malware.SYddldg.E6B69DEA
C:\VundoFix Backups\byxxvsr.dll.bad
Disinfection failed
C:\VundoFix Backups\byxxvsr.dll.bad
Deleted
C:\VundoFix Backups\fxvcwvae.exe.bad
Infected with: Trojan.Agent.ACL
C:\VundoFix Backups\fxvcwvae.exe.bad
Disinfection failed
C:\VundoFix Backups\fxvcwvae.exe.bad
Deleted
C:\VundoFix Backups\ngucxelk.dll.bad
Infected with: Trojan.Juan.E
C:\VundoFix Backups\ngucxelk.dll.bad
Disinfection failed
C:\VundoFix Backups\ngucxelk.dll.bad
Deleted
C:\VundoFix Backups\pmkhf.dll.bad
Infected with: MemScan:Trojan.Vundo.AA
C:\VundoFix Backups\pmkhf.dll.bad
Disinfection failed
C:\VundoFix Backups\pmkhf.dll.bad
Deleted
C:\VundoFix Backups\VSAdd-in.dll.bad
Infected with: Trojan.Agent.ACL
C:\VundoFix Backups\VSAdd-in.dll.bad
Disinfection failed
C:\VundoFix Backups\VSAdd-in.dll.bad
Deleted
C:\VundoFix Backups\vtussrr.dll.bad
Infected with: DeepScan:Generic.Malware.SYddldg.E6B69DEA
C:\VundoFix Backups\vtussrr.dll.bad
Disinfection failed
C:\VundoFix Backups\vtussrr.dll.bad
Deleted
C:\WINDOWS\system\smss.exe~
Infected with: DeepScan:Generic.Horst.72F6A175
C:\WINDOWS\system\smss.exe~
Disinfection failed
C:\WINDOWS\system\smss.exe~
Deleted
C:\WINDOWS\system32\abeymheu.dll_tobedeleted
Infected with: Trojan.Spy.VBStat.B
C:\WINDOWS\system32\abeymheu.dll_tobedeleted
Deleted
C:\WINDOWS\system32\secure32.html
Infected with: Trojan.SpySheriff.C
C:\WINDOWS\system32\secure32.html
Disinfection failed
C:\WINDOWS\system32\secure32.html
Deleted
I:\Logiciels\Reste\MailWasher Pro 4.1.9 FR + Crack\Mail Waher Pro Crack.exe
Infected with: Trojan.Regpat.A
I:\Logiciels\Reste\MailWasher Pro 4.1.9 FR + Crack\Mail Waher Pro Crack.exe
Disinfection failed
I:\Logiciels\Reste\MailWasher Pro 4.1.9 FR + Crack\Mail Waher Pro Crack.exe
Deleted
did71
Messages postés
2187
Date d'inscription
vendredi 24 mars 2006
Statut
Contributeur sécurité
Dernière intervention
30 janvier 2010
36
15 févr. 2007 à 19:51
15 févr. 2007 à 19:51
Bonsoir,
bitdefender a lui aussi bien fait le ménage!
Supprime SDFix, Vundofix, combofix, on n'en a plus besoin!
Vide ta corbeille!
Puis
Télécharge SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Tu le dézippes sur le Bureau.
* Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
Postes le rapport.
a+
bitdefender a lui aussi bien fait le ménage!
Supprime SDFix, Vundofix, combofix, on n'en a plus besoin!
Vide ta corbeille!
Puis
Télécharge SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Tu le dézippes sur le Bureau.
* Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
Postes le rapport.
a+
lordyannuss
Messages postés
41
Date d'inscription
lundi 12 février 2007
Statut
Membre
Dernière intervention
22 mars 2009
1
15 févr. 2007 à 20:41
15 févr. 2007 à 20:41
Voilà le rapport
SmitFraudFix v2.142
Rapport fait à 20:40:44,60, 15/02/2007
Executé à partir de C:\Documents and Settings\Aur‚lie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\Tasks\At1.job PRESENT !
C:\WINDOWS\Tasks\At2.job PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Aur‚lie
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Aur‚lie\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\systu2.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.142
Rapport fait à 20:40:44,60, 15/02/2007
Executé à partir de C:\Documents and Settings\Aur‚lie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\Tasks\At1.job PRESENT !
C:\WINDOWS\Tasks\At2.job PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Aur‚lie
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Aur‚lie\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\systu2.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin