Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:30:03, on 22/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
C:\Program Files\Magic Keyboard\MagicKey.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp .exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Magic Keyboard\OSD.EXE
C:\hijack this\eden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://GLOBAL.ACER.COM/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.internetdownloadmanager.com/welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94204837-0871-4E6A-A426-7F75B1B731F0} - C:\WINDOWS\System32\tuvurrs.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E2D1EB2A-7E40-4433-98F3-847F5D9D2F6E} - C:\WINDOWS\System32\mljgh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ItMonitor] C:\WINDOWS\WASAY\MONITOR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan .exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Magic Keyboard.lnk = C:\Program Files\Magic Keyboard\MagicKey.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
End of file - 5588 bytes
pour vundofix, g fait ce qui est demandé il m'a affiché quelque fichiers .dll et .exe. je les ai supprimé comme demandé puis un reboot automatique.
pour virtumundobegone, voila :
[12/22/2007, 9:41:42] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Slash\Mes documents\Downloads\Programs\VirtumundoBeGone.exe" )
[12/22/2007, 9:41:53] - Detected System Information:
[12/22/2007, 9:41:53] - Windows Version: 5.1.2600, Service Pack 1
[12/22/2007, 9:41:53] - Current Username: Slash (Admin)
[12/22/2007, 9:41:53] - Windows is in NORMAL mode.
[12/22/2007, 9:41:53] - Searching for Browser Helper Objects:
[12/22/2007, 9:41:53] - BHO 1: {0055C089-8582-441B-A0BF-17B458C2A3A8} (IDMIEHlprObj Class)
[12/22/2007, 9:41:53] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/22/2007, 9:41:53] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[12/22/2007, 9:41:53] - BHO 4: {94204837-0871-4E6A-A426-7F75B1B731F0} ()
[12/22/2007, 9:41:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/22/2007, 9:41:53] - Checking for HKLM\...\Winlogon\Notify\tuvurrs
[12/22/2007, 9:41:53] - Key not found: HKLM\...\Winlogon\Notify\tuvurrs, continuing.
[12/22/2007, 9:41:53] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/22/2007, 9:41:53] - BHO 6: {E2D1EB2A-7E40-4433-98F3-847F5D9D2F6E} ()
[12/22/2007, 9:41:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/22/2007, 9:41:53] - Checking for HKLM\...\Winlogon\Notify\mljgh
[12/22/2007, 9:41:53] - Key not found: HKLM\...\Winlogon\Notify\mljgh, continuing.
[12/22/2007, 9:41:53] - Finished Searching Browser Helper Objects
[12/22/2007, 9:41:53] - Finishing up...
[12/22/2007, 9:41:53] - Nothing found! Exiting...
et pour combofix :
ComboFix 07-12-21.4 - Slash 2007-12-22 9:47:55.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.52 [GMT 1:00]
Running from: C:\Documents and Settings\Slash\Mes documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ljdlpxiq.dll
C:\WINDOWS\system32\tuvurrs.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))))))))
.
2007-12-22 09:25 . 2007-12-22 09:25 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-12-22 09:14 . 2007-12-22 09:14 <REP> d-------- C:\hijack this
2007-12-22 09:09 . 2007-12-22 09:09 <REP> d-------- C:\VundoFix Backups
2007-12-21 21:09 . 2007-12-22 08:19 13,312 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-21 21:08 . 2007-12-22 08:18 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
2007-12-21 21:08 . 2007-12-22 08:18 114,688 --a------ C:\WINDOWS\system32\hkcmd .exe
2007-12-21 12:38 . 2007-12-21 12:38 18 --a------ C:\WINDOWS\system32\a9bcbba1
2007-12-20 16:32 . 2007-12-20 16:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-20 16:32 . 2007-12-20 16:32 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-15 22:48 . 2007-03-29 04:42 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-12-15 22:43 . 2007-12-15 22:45 334,848 --------- C:\WINDOWS\system32\mljgh.dll
2007-12-15 22:15 . 2007-12-15 22:15 <REP> d-------- C:\Program Files\TuneUp Utilities 2007
2007-12-15 22:15 . 2007-12-15 22:15 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-15 22:15 . 2007-12-15 22:15 <REP> d-------- C:\Documents and Settings\Slash\Application Data\TuneUp Software
2007-12-15 22:15 . 2007-12-15 22:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-12-15 17:44 . 2007-12-15 17:44 <REP> d-------- C:\Documents and Settings\Neyla\Application Data\IDM
2007-12-15 17:44 . 2007-12-15 17:44 <REP> d-------- C:\Documents and Settings\Neyla\Application Data\DMCache
2007-12-15 17:44 . 2007-12-22 08:18 167 --a------ C:\WINDOWS\WinInit.Ini
2007-12-15 09:39 . 2007-12-15 09:39 102,400 --a------ C:\WINDOWS\DIIUnin.exe
2007-12-15 09:39 . 2007-12-15 10:03 34,550 --a------ C:\WINDOWS\DIIUnin.dat
2007-12-15 09:39 . 2007-12-15 09:39 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2007-12-11 20:46 . 2007-12-11 20:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 20:46 . 2007-12-11 20:46 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 20:46 . 2007-12-11 20:46 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2007-12-11 20:46 . 2007-12-11 20:46 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 20:45 . 2007-12-11 20:45 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 20:45 . 2007-12-11 20:45 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 20:43 . 2007-12-11 20:43 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-11 20:43 . 2007-12-11 20:43 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2007-12-11 20:43 . 2007-12-11 20:43 3,162 --a------ C:\WINDOWS\system32\dtu_fr.qm
2007-12-10 21:34 . 2007-12-10 21:34 <REP> d-------- C:\Documents and Settings\Neyla\Contacts
2007-12-10 17:18 . 2007-07-23 09:39 202,160 --a------ C:\WINDOWS\system32\idmmbc.dll
2007-12-10 13:25 . 2007-12-10 13:25 <REP> d--hs---- C:\FOUND.000
2007-12-09 20:17 . 2007-12-09 20:17 <REP> d-------- C:\Documents and Settings\Slash\Application Data\skypePM
2007-12-09 20:17 . 2007-12-09 20:17 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-09 20:13 . 2007-12-09 20:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-04 22:18 . 2007-12-16 16:47 936 --a------ C:\WINDOWS\mozver.dat
2007-12-03 20:07 . 2007-12-03 20:07 <REP> d-------- C:\Program Files\BitLord
2007-12-03 18:18 . 2007-12-03 18:18 <REP> d-------- C:\Documents and Settings\Slash\Contacts
2007-12-03 17:34 . 2004-08-03 14:05 422,680 --a------ C:\WINDOWS\system32\wuapi.dll
2007-12-03 17:34 . 2004-08-03 14:00 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-12-03 17:34 . 2004-08-03 13:59 170,776 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-12-03 17:34 . 2004-08-03 14:02 169,240 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2007-12-03 17:34 . 2004-08-03 13:58 120,288 --a------ C:\WINDOWS\system32\wuweb.dll
2007-12-03 17:34 . 2004-08-03 14:01 120,088 --a------ C:\WINDOWS\system32\wucltui.dll
2007-12-03 17:34 . 2004-08-03 13:57 39,704 --a------ C:\WINDOWS\system32\wups.dll
2007-12-03 17:16 . 2007-12-03 17:16 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-03 17:11 . 2007-12-03 17:11 <REP> d-------- C:\Program Files\SAGEM
2007-12-03 17:11 . 2007-12-03 17:11 <REP> d-------- C:\Documents and Settings\Slash\Application Data\InstallShield
2007-12-03 16:54 . 2007-12-03 16:54 268 --ah----- C:\sqmdata02.sqm
2007-12-03 16:54 . 2007-12-03 16:54 244 --ah----- C:\sqmnoopt02.sqm
2007-12-03 16:53 . 2007-12-03 16:53 <REP> d-------- C:\Documents and Settings\Slash\Application Data\vlc
2007-12-03 16:47 . 2007-12-03 16:47 <REP> d-------- C:\Documents and Settings\Slash\Application Data\DivX
2007-12-03 16:41 . 2003-07-10 17:28 <REP> d--h----- C:\Documents and Settings\Bouya\Voisinage r‚seau
2007-12-03 16:41 . 2003-07-10 17:28 <REP> d--h----- C:\Documents and Settings\Bouya\Voisinage d'impression
2007-12-03 16:41 . 2003-07-10 17:28 <REP> d--h----- C:\Documents and Settings\Bouya\ModŠles
2007-12-03 16:41 . 2007-12-03 16:41 <REP> dr------- C:\Documents and Settings\Bouya\Mes documents
2007-12-03 16:41 . 2003-07-10 17:28 <REP> dr------- C:\Documents and Settings\Bouya\Menu D‚marrer
2007-12-03 16:41 . 2007-12-03 16:41 <REP> dr------- C:\Documents and Settings\Bouya\Favoris
2007-12-03 16:41 . 2003-07-10 17:28 <REP> d-------- C:\Documents and Settings\Bouya\Bureau
2007-12-03 16:41 . 2003-08-11 15:57 <REP> d-------- C:\Documents and Settings\Bouya\Application Data\InterTrust
2007-12-03 16:29 . 2006-08-25 03:47 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-03 16:29 . 2006-08-25 03:47 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-03 16:28 . 2007-12-03 16:28 <REP> d-------- C:\Program Files\Winamp
2007-12-03 16:28 . 2007-10-20 00:56 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-03 16:27 . 2007-12-03 16:27 <REP> d-------- C:\Program Files\DivX
2007-12-03 16:26 . 2007-12-03 16:26 <REP> d-------- C:\Program Files\VideoLAN
2007-12-03 16:25 . 2007-12-03 16:25 <REP> d-------- C:\Program Files\Total Video Converter
2007-12-03 16:25 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2007-12-03 16:24 . 2007-12-03 16:24 <REP> d-------- C:\Program Files\Internet Download Manager
2007-12-03 16:24 . 2007-12-03 16:24 <REP> d-------- C:\Documents and Settings\Slash\Application Data\IDM
2007-12-03 16:24 . 2007-12-03 16:24 <REP> d-------- C:\Documents and Settings\Slash\Application Data\DMCache
2007-12-03 16:24 . 2007-12-03 16:24 268 --ah----- C:\sqmdata00.sqm
2007-12-03 16:24 . 2007-12-03 16:24 244 --ah----- C:\sqmnoopt01.sqm
2007-12-03 16:24 . 2007-12-03 16:24 244 --ah----- C:\sqmnoopt00.sqm
2007-12-03 16:24 . 2007-12-03 16:24 232 --ah----- C:\sqmdata01.sqm
2007-12-03 16:23 . 2007-12-03 16:23 <REP> d-------- C:\WINDOWS\system32\DRVSTORE
2007-12-03 16:23 . 2007-12-03 16:23 <REP> d-------- C:\Program Files\MSN Messenger
2007-12-03 16:21 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-12-03 16:21 . 2007-12-03 16:22 385 --a------ C:\WINDOWS\ODBC.INI
2007-12-03 16:20 . 2007-12-03 16:20 <REP> d-------- C:\Program Files\Microsoft.NET
2007-12-03 16:18 . 2007-12-03 16:18 <REP> d-------- C:\Program Files\Microsoft Works
2007-12-03 16:17 . 2007-12-03 16:17 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-12-03 15:56 . 2007-12-03 15:56 <REP> d-------- C:\Documents and Settings\Slash\Application Data\Symantec
2007-12-03 15:56 . 2002-08-15 19:59 123,619 --a------ C:\WINDOWS\system32\SYMEVNT.386
2007-12-03 15:56 . 2002-08-15 19:59 83,672 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-03 15:56 . 2002-08-15 19:59 73,224 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-03 15:56 . 2007-12-03 15:56 32 --ahs---- C:\WINDOWS\system32\{8F8F2EE5-28C4-4B3E-B8A7-30FA0486D44C}.dat
2007-12-03 15:56 . 2007-12-03 15:56 32 --ahs---- C:\WINDOWS\{E6390164-7452-4C18-A603-619840DBCCB4}.dat
2007-12-03 15:56 . 2007-12-03 15:56 14 --a------ C:\WINDOWS\system32\SR2.dat
2007-12-03 15:55 . 2007-12-03 15:55 <REP> d-------- C:\Program Files\Symantec
2007-12-03 15:55 . 2007-12-03 15:55 <REP> d-------- C:\Program Files\Norton AntiVirus
2007-12-03 15:55 . 2007-12-03 15:55 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-12-03 15:55 . 2007-12-03 15:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-03 15:55 . 2007-12-03 15:55 6 --a------ C:\ISACER.ID
2007-12-03 15:36 . 2007-12-03 15:36 <REP> d-------- C:\Program Files\honestech Video Editor 7.0
2007-12-03 15:32 . 2007-12-03 15:32 <REP> d-------- C:\Program Files\Ashampoo
2007-12-03 15:32 . 2007-12-03 15:32 <REP> d-------- C:\Documents and Settings\Slash\Application Data\Ashampoo
2007-12-03 15:32 . 2007-12-03 15:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2007-12-03 15:31 . 2007-12-03 15:31 <REP> d-------- C:\Documents and Settings\Slash\Application Data\Apple Computer
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 19:44 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-03 16:12 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-10-19 23:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-19 23:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C4E7C2B-2BF9-4F67-9C94-3213423AC323}]
2007-12-15 22:45 334848 --------- C:\WINDOWS\System32\mljgh.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 11:45]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan .exe" [2007-12-22 09:52]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" []
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" []
"NvCplDaemon"="RUNDLL32.exe" [2001-08-28 20:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2002-10-26 02:18 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-02-27 14:29 C:\WINDOWS\SOUNDMAN.EXE]
"ItMonitor"="C:\WINDOWS\WASAY\MONITOR.EXE" [2007-12-22 09:52]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-22 09:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2007-12-22 09:52]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-12-22 09:36]
"ccRegVfy"="C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2007-12-22 09:52]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 11:45]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\System32\mljgh.dll
R0 DiskFilt;DiskFilt;C:\WINDOWS\System32\drivers\DiskFilt.sys [2003-08-11 16:03]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs []
R3 e4usbae;USB ADSL2 LAN Adapter;C:\WINDOWS\System32\DRIVERS\e4usbae.sys [2006-10-17 14:52]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\System32\Drivers\e4ldr.sys [2007-01-04 13:47]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-21 19:54:04 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-12-21 19:39:02 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2007-12-22 09:52:32
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.1106]
-> C:\WINDOWS\System32\mljgh.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2800.1106]
-> C:\DOCUME~1\Neyla\LOCALS~1\Temp\vtutq.dll
.
Completion time: 2007-12-22 9:58:03 - machine was rebooted
j'ai meme fait une analyse avec norton antivirus 2003 mais il persiste toujours ( C:\WINDOWS\System32\mljgh.dll)
autre chose: est ce que un formatage peut arranger les choses?
Comment supprimer trojan win32
