Blaster ? sasser ?
Résolu/Fermé
A voir également:
- Blaster ? sasser ?
- Spyware blaster - Télécharger - Antivirus & Antimalwares
- Mru blaster download - Télécharger - Confidentialité
- Sound blaster live 5.1 windows 7 - Forum Audio
- Ct4830 sound blaster live - Forum carte son
- Id blaster ✓ - Forum Logiciels
64 réponses
SmitFraudFix v2.197
Rapport fait à 18:51:35,96, 30/06/2007
Executé à partir de C:\Downloads\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 82.216.111.124
DNS Server Search Order: 82.216.111.125
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1E02607-57D2-4381-9146-31AC6F883BAE}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E1E02607-57D2-4381-9146-31AC6F883BAE}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E1E02607-57D2-4381-9146-31AC6F883BAE}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Rapport fait à 18:51:35,96, 30/06/2007
Executé à partir de C:\Downloads\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 82.216.111.124
DNS Server Search Order: 82.216.111.125
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1E02607-57D2-4381-9146-31AC6F883BAE}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E1E02607-57D2-4381-9146-31AC6F883BAE}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E1E02607-57D2-4381-9146-31AC6F883BAE}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.197
Rapport fait à 18:58:10,59, 30/06/2007
Executé à partir de C:\Downloads\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix
Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 82.216.111.124
DNS Server Search Order: 82.216.111.125
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1E02607-57D2-4381-9146-31AC6F883BAE}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E1E02607-57D2-4381-9146-31AC6F883BAE}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E1E02607-57D2-4381-9146-31AC6F883BAE}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125
»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix
Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 82.216.111.124
DNS Server Search Order: 82.216.111.125
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1E02607-57D2-4381-9146-31AC6F883BAE}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E1E02607-57D2-4381-9146-31AC6F883BAE}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E1E02607-57D2-4381-9146-31AC6F883BAE}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125
Rapport fait à 18:58:10,59, 30/06/2007
Executé à partir de C:\Downloads\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix
Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 82.216.111.124
DNS Server Search Order: 82.216.111.125
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1E02607-57D2-4381-9146-31AC6F883BAE}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E1E02607-57D2-4381-9146-31AC6F883BAE}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E1E02607-57D2-4381-9146-31AC6F883BAE}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125
»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix
Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 82.216.111.124
DNS Server Search Order: 82.216.111.125
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1E02607-57D2-4381-9146-31AC6F883BAE}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E1E02607-57D2-4381-9146-31AC6F883BAE}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4E8BE2FF-1A03-4324-87C4-94A721A5B8AC}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E1E02607-57D2-4381-9146-31AC6F883BAE}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.124
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.124 82.216.111.125
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
30 juin 2007 à 19:14
30 juin 2007 à 19:14
:)
rien ...
Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
++
rien ...
Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
++
u2f
Messages postés
3
Date d'inscription
samedi 30 juin 2007
Statut
Membre
Dernière intervention
1 juillet 2007
1 juil. 2007 à 00:32
1 juil. 2007 à 00:32
Bonjour,
Tu peux toujours essayé sa : demarrer , executer et tape mrt.
Analyse ton pc.
Tu peux toujours essayé sa : demarrer , executer et tape mrt.
Analyse ton pc.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
"Propri‚taire" - 2007-07-01 2:34:17 - ComboFix 07-06-27.7 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\nm
((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))
2007-07-01 02:33 49,152 --a------ D:\WINDOWS\nircmd.exe
2007-06-30 18:49 53,248 --a------ D:\WINDOWS\system32\Process.exe
2007-06-30 18:49 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2007-06-30 18:49 3,168 --a------ D:\WINDOWS\system32\tmp.reg
2007-06-30 18:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2007-06-30 01:15 <REP> d-------- D:\DOCUME~1\PROPRI~1\Contacts
2007-06-30 01:13 <REP> d----c--- D:\WINDOWS\system32\DRVSTORE
2007-06-30 01:12 <REP> d-------- D:\Program Files\MSN Messenger
2007-06-27 19:31 <REP> d-------- D:\WINDOWS\BDOSCAN8
2007-06-27 17:55 10,872 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-27 15:50 <REP> d-------- D:\Program Files\CCleaner
2007-06-27 02:28 <REP> d-------- D:\WINDOWS\system32\FlashAX
2007-06-24 04:41 <REP> d-------- D:\DOCUME~1\PROPRI~1\APPLIC~1\Help
2007-06-24 04:38 32,768 --a------ D:\WINDOWS\system32\WooDial2000.dll
2007-06-24 04:38 <REP> d-------- D:\WINDOWS\system32\AlertModule
2007-06-24 04:37 40,960 --a------ D:\WINDOWS\system32\FTRTSVC.exe
2007-06-24 04:37 36,864 --a------ D:\WINDOWS\system32\IfHelper.dll
2007-06-24 04:37 32,768 --a------ D:\WINDOWS\system32\ffJmpWeb.dll
2007-06-24 04:37 <REP> d-------- D:\Program Files\Wanadoo Messager
2007-06-24 04:35 <REP> d-------- D:\Program Files\Wanadoo
2007-06-24 04:32 <REP> d-------- D:\Program Files\SAGEM
2007-06-18 08:48 12,288 --a------ D:\WINDOWS\system32\drivers\mouhid.sys
2007-06-16 05:33 <REP> d-------- D:\WINDOWS\system32\Kaspersky Lab
2007-06-16 00:46 <REP> d-------- D:\Program Files\Windows Media Connect 2
2007-06-16 00:30 <REP> d-------- D:\WINDOWS\system32\LogFiles
2007-06-16 00:30 <REP> d-------- D:\WINDOWS\system32\drivers\UMDF
2007-06-16 00:18 221,184 --a------ D:\WINDOWS\system32\wmpns.dll
2007-06-16 00:12 <REP> d-------- D:\WINDOWS\RegisteredPackages
2007-06-14 20:25 <REP> d-------- D:\DOCUME~1\PROPRI~1\OngameNetwork
2007-06-13 19:34 16,512 -ra------ D:\WINDOWS\system32\drivers\Brndis.sys
2007-06-08 22:42 <REP> d-------- D:\Program Files\Seagrand
2007-06-08 22:36 <REP> d-------- D:\DOCUME~1\PROPRI~1\APPLIC~1\Artweaver
2007-06-07 23:38 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\DivX
2007-06-07 23:36 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
2007-06-03 18:20 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-01 04:14 <REP> d-------- D:\Program Files\Amazing Photo Editor
2007-06-01 04:04 <REP> d-------- D:\DOCUME~1\PROPRI~1\APPLIC~1\Leadertech
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-01 00:03:39 -------- d-----w D:\Program Files\eMule
2007-06-27 05:57:18 -------- d-----w D:\Program Files\Lx_cats
2007-06-27 00:29:09 -------- d-----w D:\DOCUME~1\PROPRI~1\APPLIC~1\Microgaming
2007-06-27 00:06:44 -------- d-----w D:\Program Files\DivX
2007-06-24 02:32:55 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-06-11 02:44:41 -------- d-----w D:\DOCUME~1\PROPRI~1\APPLIC~1\Google
2007-06-11 02:42:07 -------- d-----w D:\Program Files\Google
2007-06-07 19:20:34 -------- d-----w D:\DOCUME~1\PROPRI~1\APPLIC~1\Hamachi
2007-06-01 01:00:07 -------- d-----w D:\Program Files\UltimateBet
2007-05-31 06:45:07 524,288 ----a-w D:\WINDOWS\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w D:\WINDOWS\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w D:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w D:\WINDOWS\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w D:\WINDOWS\system32\DivX.dll
2007-05-27 19:09:07 25,544 ----a-w D:\WINDOWS\system32\drivers\hamachi.sys
2007-05-24 03:03:13 -------- d-----w D:\Program Files\Fichiers communs\ScanSoft Shared
2007-05-24 03:02:13 -------- d-----w D:\Program Files\ScanSoft
2007-05-23 23:42:03 -------- d-----w D:\Program Files\Securitoo
2007-05-21 17:15:48 -------- d-----w D:\Program Files\UltraSnap
2007-05-21 16:12:35 -------- d-----w D:\Program Files\Lexmark 2300 Series
2007-05-20 16:32:20 -------- d-----w D:\Program Files\Fichiers communs\InstallShield
2007-05-20 01:33:27 -------- d-----w D:\Program Files\Kaspersky Lab
2007-05-16 15:13:53 683,520 ----a-w D:\WINDOWS\system32\inetcomm.dll
2007-05-10 00:04:54 -------- d-----w D:\DOCUME~1\PROPRI~1\APPLIC~1\Real
2007-05-09 23:55:34 -------- d-----w D:\Program Files\Fichiers communs\xing shared
2007-05-09 23:55:25 -------- d-----w D:\Program Files\Fichiers communs\Real
2007-05-09 23:53:44 -------- d-----w D:\Program Files\Real
2007-05-09 23:53:42 -------- d-----w D:\DOCUME~1\PROPRI~1\APPLIC~1\DivX
2007-05-07 20:58:48 49,054 ----a-w D:\WINDOWS\system32\perfc00C.dat
2007-05-07 20:58:48 368,314 ----a-w D:\WINDOWS\system32\perfh00C.dat
2007-05-06 21:49:13 -------- d-----w D:\Program Files\_uninstallation_info
2007-05-06 13:13:25 -------- d-----w D:\Program Files\CDBurnerXP Pro 3
2007-05-06 01:10:15 -------- d-----w D:\Program Files\Messenger
2007-05-04 23:59:41 -------- d-----w D:\Program Files\BitComet
2007-05-04 22:51:32 2,560 ----a-w D:\WINDOWS\system32\BitCometRes.dll
2007-05-04 22:01:58 -------- d-----w D:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
2007-05-04 18:48:14 -------- d-----w D:\DOCUME~1\PROPRI~1\APPLIC~1\SopCast
2007-05-04 01:58:44 -------- d-----w D:\Program Files\Fichiers communs\ODBC
2007-05-04 01:58:38 -------- d-----w D:\Program Files\Fichiers communs\SpeechEngines
2007-05-04 00:35:37 -------- d-----w D:\Program Files\Intel
2007-05-04 00:34:08 -------- d-----w D:\Program Files\SopCast
2007-05-04 00:30:17 -------- d-----w D:\DOCUME~1\PROPRI~1\APPLIC~1\vlc
2007-05-04 00:29:28 -------- d-----w D:\Program Files\VideoLAN
2007-05-04 00:15:39 -------- d-----w D:\Program Files\microsoft frontpage
2007-05-04 00:12:15 -------- d--h--w D:\Program Files\WindowsUpdate
2007-05-04 00:12:07 -------- d-----w D:\Program Files\Services en ligne
2007-05-04 00:10:35 -------- d-----w D:\Program Files\Fichiers communs\MSSoap
2007-05-04 00:10:18 -------- d-----w D:\Program Files\Movie Maker
2007-05-04 00:09:25 21,892 ----a-w D:\WINDOWS\system32\emptyregdb.dat
2007-05-04 00:07:55 -------- d-----w D:\Program Files\Online Services
2007-05-04 00:07:39 -------- d-----w D:\Program Files\MSN Gaming Zone
2007-05-04 00:07:26 -------- d-----w D:\Program Files\Windows NT
2007-05-02 18:04:15 36,624 ------w D:\WINDOWS\system32\drivers\PxHelp20.sys
2007-05-02 18:04:15 2,560 ------w D:\WINDOWS\system32\drivers\cdralw2k.sys
2007-05-02 18:04:15 2,432 ------w D:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-05-02 18:04:14 129,784 ------w D:\WINDOWS\system32\pxafs.dll
2007-05-02 18:04:14 118,520 ------w D:\WINDOWS\system32\pxinsi64.exe
2007-05-02 18:04:14 116,472 ------w D:\WINDOWS\system32\pxcpyi64.exe
2007-04-25 14:22:35 144,896 ----a-w D:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29 3,596,288 ----a-w D:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w D:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w D:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w D:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w D:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w D:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w D:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w D:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w D:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w D:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w D:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w D:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w D:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:14:18 2,854,400 ----a-w D:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w D:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w D:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w D:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w D:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w D:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w D:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w D:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w D:\WINDOWS\system32\wups2.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=D:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll [2007-03-29 16:31]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=d:\program files\google\googletoolbar1.dll [2007-05-04 22:52]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"lxcgmon.exe"="D:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 02:07]
"EzPrint"="D:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 08:05]
"Omnipage"="D:\Program Files\ScanSoft\TextBridgePro11.0\opware32.exe" [2002-05-14 16:08]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"WOOWATCH"="D:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="D:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-04 22:52]
"WOOKIT"="D:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-01 02:41:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-01 2:46:13 - machine was rebooted
D:\ComboFix-quarantined-files.txt ... 2007-07-01 02:46
--- E O F ---
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\nm
((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))
2007-07-01 02:33 49,152 --a------ D:\WINDOWS\nircmd.exe
2007-06-30 18:49 53,248 --a------ D:\WINDOWS\system32\Process.exe
2007-06-30 18:49 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2007-06-30 18:49 3,168 --a------ D:\WINDOWS\system32\tmp.reg
2007-06-30 18:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2007-06-30 01:15 <REP> d-------- D:\DOCUME~1\PROPRI~1\Contacts
2007-06-30 01:13 <REP> d----c--- D:\WINDOWS\system32\DRVSTORE
2007-06-30 01:12 <REP> d-------- D:\Program Files\MSN Messenger
2007-06-27 19:31 <REP> d-------- D:\WINDOWS\BDOSCAN8
2007-06-27 17:55 10,872 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-27 15:50 <REP> d-------- D:\Program Files\CCleaner
2007-06-27 02:28 <REP> d-------- D:\WINDOWS\system32\FlashAX
2007-06-24 04:41 <REP> d-------- D:\DOCUME~1\PROPRI~1\APPLIC~1\Help
2007-06-24 04:38 32,768 --a------ D:\WINDOWS\system32\WooDial2000.dll
2007-06-24 04:38 <REP> d-------- D:\WINDOWS\system32\AlertModule
2007-06-24 04:37 40,960 --a------ D:\WINDOWS\system32\FTRTSVC.exe
2007-06-24 04:37 36,864 --a------ D:\WINDOWS\system32\IfHelper.dll
2007-06-24 04:37 32,768 --a------ D:\WINDOWS\system32\ffJmpWeb.dll
2007-06-24 04:37 <REP> d-------- D:\Program Files\Wanadoo Messager
2007-06-24 04:35 <REP> d-------- D:\Program Files\Wanadoo
2007-06-24 04:32 <REP> d-------- D:\Program Files\SAGEM
2007-06-18 08:48 12,288 --a------ D:\WINDOWS\system32\drivers\mouhid.sys
2007-06-16 05:33 <REP> d-------- D:\WINDOWS\system32\Kaspersky Lab
2007-06-16 00:46 <REP> d-------- D:\Program Files\Windows Media Connect 2
2007-06-16 00:30 <REP> d-------- D:\WINDOWS\system32\LogFiles
2007-06-16 00:30 <REP> d-------- D:\WINDOWS\system32\drivers\UMDF
2007-06-16 00:18 221,184 --a------ D:\WINDOWS\system32\wmpns.dll
2007-06-16 00:12 <REP> d-------- D:\WINDOWS\RegisteredPackages
2007-06-14 20:25 <REP> d-------- D:\DOCUME~1\PROPRI~1\OngameNetwork
2007-06-13 19:34 16,512 -ra------ D:\WINDOWS\system32\drivers\Brndis.sys
2007-06-08 22:42 <REP> d-------- D:\Program Files\Seagrand
2007-06-08 22:36 <REP> d-------- D:\DOCUME~1\PROPRI~1\APPLIC~1\Artweaver
2007-06-07 23:38 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\DivX
2007-06-07 23:36 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
2007-06-03 18:20 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-01 04:14 <REP> d-------- D:\Program Files\Amazing Photo Editor
2007-06-01 04:04 <REP> d-------- D:\DOCUME~1\PROPRI~1\APPLIC~1\Leadertech
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-01 00:03:39 -------- d-----w D:\Program Files\eMule
2007-06-27 05:57:18 -------- d-----w D:\Program Files\Lx_cats
2007-06-27 00:29:09 -------- d-----w D:\DOCUME~1\PROPRI~1\APPLIC~1\Microgaming
2007-06-27 00:06:44 -------- d-----w D:\Program Files\DivX
2007-06-24 02:32:55 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-06-11 02:44:41 -------- d-----w D:\DOCUME~1\PROPRI~1\APPLIC~1\Google
2007-06-11 02:42:07 -------- d-----w D:\Program Files\Google
2007-06-07 19:20:34 -------- d-----w D:\DOCUME~1\PROPRI~1\APPLIC~1\Hamachi
2007-06-01 01:00:07 -------- d-----w D:\Program Files\UltimateBet
2007-05-31 06:45:07 524,288 ----a-w D:\WINDOWS\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w D:\WINDOWS\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w D:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w D:\WINDOWS\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w D:\WINDOWS\system32\DivX.dll
2007-05-27 19:09:07 25,544 ----a-w D:\WINDOWS\system32\drivers\hamachi.sys
2007-05-24 03:03:13 -------- d-----w D:\Program Files\Fichiers communs\ScanSoft Shared
2007-05-24 03:02:13 -------- d-----w D:\Program Files\ScanSoft
2007-05-23 23:42:03 -------- d-----w D:\Program Files\Securitoo
2007-05-21 17:15:48 -------- d-----w D:\Program Files\UltraSnap
2007-05-21 16:12:35 -------- d-----w D:\Program Files\Lexmark 2300 Series
2007-05-20 16:32:20 -------- d-----w D:\Program Files\Fichiers communs\InstallShield
2007-05-20 01:33:27 -------- d-----w D:\Program Files\Kaspersky Lab
2007-05-16 15:13:53 683,520 ----a-w D:\WINDOWS\system32\inetcomm.dll
2007-05-10 00:04:54 -------- d-----w D:\DOCUME~1\PROPRI~1\APPLIC~1\Real
2007-05-09 23:55:34 -------- d-----w D:\Program Files\Fichiers communs\xing shared
2007-05-09 23:55:25 -------- d-----w D:\Program Files\Fichiers communs\Real
2007-05-09 23:53:44 -------- d-----w D:\Program Files\Real
2007-05-09 23:53:42 -------- d-----w D:\DOCUME~1\PROPRI~1\APPLIC~1\DivX
2007-05-07 20:58:48 49,054 ----a-w D:\WINDOWS\system32\perfc00C.dat
2007-05-07 20:58:48 368,314 ----a-w D:\WINDOWS\system32\perfh00C.dat
2007-05-06 21:49:13 -------- d-----w D:\Program Files\_uninstallation_info
2007-05-06 13:13:25 -------- d-----w D:\Program Files\CDBurnerXP Pro 3
2007-05-06 01:10:15 -------- d-----w D:\Program Files\Messenger
2007-05-04 23:59:41 -------- d-----w D:\Program Files\BitComet
2007-05-04 22:51:32 2,560 ----a-w D:\WINDOWS\system32\BitCometRes.dll
2007-05-04 22:01:58 -------- d-----w D:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
2007-05-04 18:48:14 -------- d-----w D:\DOCUME~1\PROPRI~1\APPLIC~1\SopCast
2007-05-04 01:58:44 -------- d-----w D:\Program Files\Fichiers communs\ODBC
2007-05-04 01:58:38 -------- d-----w D:\Program Files\Fichiers communs\SpeechEngines
2007-05-04 00:35:37 -------- d-----w D:\Program Files\Intel
2007-05-04 00:34:08 -------- d-----w D:\Program Files\SopCast
2007-05-04 00:30:17 -------- d-----w D:\DOCUME~1\PROPRI~1\APPLIC~1\vlc
2007-05-04 00:29:28 -------- d-----w D:\Program Files\VideoLAN
2007-05-04 00:15:39 -------- d-----w D:\Program Files\microsoft frontpage
2007-05-04 00:12:15 -------- d--h--w D:\Program Files\WindowsUpdate
2007-05-04 00:12:07 -------- d-----w D:\Program Files\Services en ligne
2007-05-04 00:10:35 -------- d-----w D:\Program Files\Fichiers communs\MSSoap
2007-05-04 00:10:18 -------- d-----w D:\Program Files\Movie Maker
2007-05-04 00:09:25 21,892 ----a-w D:\WINDOWS\system32\emptyregdb.dat
2007-05-04 00:07:55 -------- d-----w D:\Program Files\Online Services
2007-05-04 00:07:39 -------- d-----w D:\Program Files\MSN Gaming Zone
2007-05-04 00:07:26 -------- d-----w D:\Program Files\Windows NT
2007-05-02 18:04:15 36,624 ------w D:\WINDOWS\system32\drivers\PxHelp20.sys
2007-05-02 18:04:15 2,560 ------w D:\WINDOWS\system32\drivers\cdralw2k.sys
2007-05-02 18:04:15 2,432 ------w D:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-05-02 18:04:14 129,784 ------w D:\WINDOWS\system32\pxafs.dll
2007-05-02 18:04:14 118,520 ------w D:\WINDOWS\system32\pxinsi64.exe
2007-05-02 18:04:14 116,472 ------w D:\WINDOWS\system32\pxcpyi64.exe
2007-04-25 14:22:35 144,896 ----a-w D:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29 3,596,288 ----a-w D:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w D:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w D:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w D:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w D:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w D:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w D:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w D:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w D:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w D:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w D:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w D:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w D:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:14:18 2,854,400 ----a-w D:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w D:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w D:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w D:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w D:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w D:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w D:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w D:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w D:\WINDOWS\system32\wups2.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=D:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll [2007-03-29 16:31]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=d:\program files\google\googletoolbar1.dll [2007-05-04 22:52]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"lxcgmon.exe"="D:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 02:07]
"EzPrint"="D:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 08:05]
"Omnipage"="D:\Program Files\ScanSoft\TextBridgePro11.0\opware32.exe" [2002-05-14 16:08]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"WOOWATCH"="D:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="D:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-04 22:52]
"WOOKIT"="D:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-01 02:41:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-01 2:46:13 - machine was rebooted
D:\ComboFix-quarantined-files.txt ... 2007-07-01 02:46
--- E O F ---
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
3 juil. 2007 à 22:20
3 juil. 2007 à 22:20
Bonsoir :)
est-ce que ton antivirus ou autre te le détecte quelque part ???
++
est-ce que ton antivirus ou autre te le détecte quelque part ???
++
non
absolument pas
bitdefender, kaspersky, avg ne detectent rien.
comment est-ce que je sais que cest un virus ?
simple : quand je metrs "fin de tache" a un processus service local, service reseau ou system, enfin bref un intitulé "svchost.exe" ; le truc de blaster s'affiche "arrret du systeme dans une minute".
absolument pas
bitdefender, kaspersky, avg ne detectent rien.
comment est-ce que je sais que cest un virus ?
simple : quand je metrs "fin de tache" a un processus service local, service reseau ou system, enfin bref un intitulé "svchost.exe" ; le truc de blaster s'affiche "arrret du systeme dans une minute".
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
10 juil. 2007 à 19:27
10 juil. 2007 à 19:27
Salut :)
Tu connais la définition du mot : "politesse" ! ben ça alors, j'aurai jamais crus ;)
Période estivale oblige, j'avions pris quelques jours de congés :)
Je n'arrive pas à déterminer d'où est-ce que ça peut venir ... :/
remets un nouveau hijack
++
Tu connais la définition du mot : "politesse" ! ben ça alors, j'aurai jamais crus ;)
Période estivale oblige, j'avions pris quelques jours de congés :)
Je n'arrive pas à déterminer d'où est-ce que ça peut venir ... :/
remets un nouveau hijack
++
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:12:49, on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\PC\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
Scan saved at 16:12:49, on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\PC\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe