High-Tech Santé Médecine Droit-Finances

Installer

une imprimante

en WiFi

Rechercher : dans
Par :

Fichier indestructible

Dernière réponse le 24 mar 2008 à 20:14:35 Blacky57, le 23 mar 2008 à 10:27:14 
 Signaler ce message aux modérateurs

Bonjour,
Suite a quelque probleme sur mon ordinatuer j'aifait une reche Hijackthis et j'ai supprimé se qui n'avai pas raison d'etre. Mais le probleme c'est que je n'arrive pas a supprimé se fichier:

O2 - BHO: (no name) - {11241072-58BB-40CE-9171-0B2BDFB22E97} - C:\WINDOWS\system32\tuvusqp.dll

J'ai essayé de la supprimer avec killbox mais sa ne marche pas, en mode sans echec mais sa ne marche toujours pas. Comment faire pour la supprimé?
Merci

Configuration: Windows XP
Internet Explorer 7.0

Meilleures réponses pour « Fichier indestructible » dans :
Apache - Les fichiers .htaccess VoirLes fichiers .htaccess sont des fichiers de configuration d'Apache, permettant de définir des règles dans un répertoire et dans tous ses sous-répertoires (qui n'ont pas de tel fichier à l'intérieur). On peut les utiliser pour protéger un répertoire...
Fichier ISO (Image ISO) VoirFormat ISO Un fichier possédant l'extension .ISO est une image ISO, c'est-à-dire une image d'un disque (CD, DVD ou disque dur) sous forme de fichier, créer avec un logiciel de gravure. Comment lire un fichier ISO ? En l'absence de graveur, il...
Formats et extensions de fichiers VoirRemarque : La liste ci-dessous n'est pas exhaustive et certains noms d'extension peuvent avoir plusieures fonctionnalités. Quant aux programmes proposés pour utiliser ces fichiers, ils ne sont pas forcément les seuls, ni les plus...
Posez votre question Répondre

1

bambi-6, le 23 mar 2008 à 10:33:36

As tu essayé CC CLEANER ?

   
Répondre à bambi-6

2

ep44, le 23 mar 2008 à 10:33:49

Bonjour

poste un rapport hijack et
Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.



@+

   
Répondre à ep44

3

Blacky57, le 23 mar 2008 à 10:39:54

Avec l logiciel CClean ca nemarche as et voici le rappor Combofix qui ma éait donné:

"Herrmann" - 2008-03-22 11:42:22 - ComboFix 07-07-10.1 - Service Pack 2


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Herrmann\ravmonlog
C:\WINDOWS\system32\11156910.dll
C:\WINDOWS\system32\21394968.dll
C:\WINDOWS\system32\2314740.dll
C:\WINDOWS\system32\2750958.dll
C:\WINDOWS\system32\5386986.dll
C:\windows\xpupdate.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_FOPF


((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))


2008-03-22 10:27 <REP> d-------- C:\Program Files\Iconoid
2008-03-22 07:46 251,416 --a------ C:\DOCUME~1\Herrmann\APPLIC~1\install_fr[2].exe
2008-03-21 13:55 91,712 --a------ C:\WINDOWS\system32\gujdicxs.dll
2008-03-21 13:53 90,176 --a------ C:\WINDOWS\system32\oumjdxkb.dll
2008-03-21 13:53 86,592 --a------ C:\WINDOWS\system32\fnliqjvk.dll
2008-03-21 13:52 305,152 --a------ C:\WINDOWS\system32\ssqro.dll
2008-03-21 13:52 196,672 --ahs---- C:\WINDOWS\system32\orqss.ini2
2008-03-21 13:47 37,888 --a------ C:\WINDOWS\system32\tuvusqp.dll
2008-03-09 16:52 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RInfo
2008-03-09 16:14 <REP> d-------- C:\Program Files\EaseDic
2008-03-09 16:14 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\EaseDic
2008-03-09 16:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EaseDic
2008-03-09 16:13 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\StarDict
2008-03-09 16:12 <REP> d-------- C:\Program Files\StarDict
2008-03-09 16:02 <REP> d-------- C:\Program Files\Foreignword
2008-03-01 11:06 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\Panasonic
2008-03-01 11:02 <REP> d-------- C:\Program Files\Apple Software Update
2008-03-01 11:01 <REP> d-------- C:\Program Files\ISL
2008-03-01 10:57 77,824 --a------ C:\WINDOWS\system32\PICEntry.dll
2008-03-01 10:57 73,728 --a------ C:\WINDOWS\system32\PICSDK.dll
2008-03-01 10:57 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2008-03-01 10:57 495,616 --a------ C:\WINDOWS\system32\PICSDK2.dll
2008-03-01 10:57 4,943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2008-03-01 10:57 31,053 --a------ C:\WINDOWS\system32\EPPICPattern131.dat
2008-03-01 10:57 27,417 --a------ C:\WINDOWS\system32\EPPICPattern121.dat
2008-03-01 10:57 26,154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-03-01 10:57 24,903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2008-03-01 10:57 21,390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2008-03-01 10:57 20,148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-03-01 10:57 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2008-03-01 10:57 111,932 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-03-01 10:57 11,811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2008-03-01 10:57 1,146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2008-03-01 10:57 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-03-01 10:57 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-03-01 10:57 1,136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-03-01 10:57 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-03-01 10:57 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-03-01 10:57 1,120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2008-03-01 10:57 1,107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2008-03-01 10:57 1,104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-03-01 10:56 45,056 --a------ C:\WINDOWS\system32\PhDi2.sys
2008-03-01 10:56 <REP> d-------- C:\Program Files\Panasonic
2008-03-01 10:55 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\InstallShield
2008-02-28 11:45 <REP> d-------- C:\Program Files\Swat 4 ATC v2.0
2008-02-27 11:30 1,689,088 --a------ C:\WINDOWS\system32\faa8908.dll
2008-02-26 09:01 82,944 --a------ C:\WINDOWS\system32\356644f8.dll
2008-02-25 16:37 82,944 --a------ C:\WINDOWS\system32\2b99a04.dll
2008-02-25 16:37 82,944 --a------ C:\WINDOWS\system32\166a88f4.dll
2008-02-25 16:37 1,689,088 --a------ C:\WINDOWS\system32\6064c04.dll
2008-02-25 16:37 1,689,088 --a------ C:\WINDOWS\system32\263825c0.dll
2008-02-25 12:02 <REP> d-------- C:\Program Files\Replay Converter
2008-02-25 11:53 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\GetRightToGo
2008-02-25 11:41 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-02-25 00:37 <REP> d-------- C:\Program Files\7-Zip
2008-02-23 10:29 82,944 --a------ C:\WINDOWS\system32\30a2d3fc.dll
2008-02-23 09:26 82,944 --a------ C:\WINDOWS\system32\197fea2.dll
2008-02-23 09:26 1,689,088 --a------ C:\WINDOWS\system32\1419a886.dll
2008-02-22 12:58 <REP> d-------- C:\Program Files\AutoMz
2008-02-22 12:57 <REP> d-------- C:\Program Files\MzVistaForce
2008-02-22 12:56 <REP> d-------- C:\Program Files\Mz_CpuAcc
2008-02-22 12:55 <REP> d-------- C:\Program Files\MzRam
2008-02-22 12:54 <REP> d-------- C:\Program Files\MZ U.T


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-03-22 10:35:55 510,736 ----a-w C:\WINDOWS\system32\perfh00C.dat
2008-03-22 10:35:54 84,818 ----a-w C:\WINDOWS\system32\perfc00C.dat
2008-03-22 09:55:42 -------- d-----w C:\Program Files\FlashGet
2008-03-22 09:35:16 -------- d-----w C:\Program Files\Wanadoo
2008-03-14 17:30:36 96,624 ----a-w C:\DOCUME~1\Herrmann\APPLIC~1\GDIPFONTCACHEV1.DAT
2008-03-01 13:11:32 96,624 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-03-01 10:05:16 -------- d-----w C:\Program Files\QuickTime
2008-03-01 10:01:26 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 09:18:10 -------- d-----w C:\Program Files\LastChaosUSA
2008-02-29 09:57:29 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\Skype
2008-02-29 08:53:05 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-28 09:33:43 -------- d-----w C:\Program Files\Sierra
2008-02-26 22:56:16 -------- d-----w C:\Program Files\mIRC
2008-02-25 11:47:55 -------- d-----w C:\Program Files\GeoVid
2008-02-25 10:41:30 -------- d-----w C:\Program Files\Fichiers communs\GeoVid
2008-02-22 12:20:25 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 17:04:37 -------- d-----w C:\Program Files\Gpotato.eu
2008-02-18 16:50:56 -------- d-----w C:\Program Files\AxBx
2008-02-18 14:30:05 -------- d-----w C:\Program Files\Common Files
2008-02-18 12:36:49 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\TuneUp Software
2008-02-18 09:19:56 -------- d-----w C:\Program Files\Warcraft III
2008-02-16 15:34:00 -------- d-----w C:\Program Files\Sony Ericsson
2008-02-16 15:33:55 -------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-02-16 15:31:08 -------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-16 15:20:42 -------- d-----w C:\Program Files\Zeb-Utility
2008-02-16 15:10:03 -------- d-----w C:\Program Files\EPSON
2008-02-16 15:06:13 -------- d-----w C:\Program Files\Canon
2008-02-09 20:38:00 118,019 ----a-w C:\WINDOWS\War3Unin.dat
2008-02-09 19:02:13 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-27 23:10:11 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\Apple Computer
2008-01-27 20:14:32 -------- d-----w C:\Program Files\Total Video Converter
2008-01-27 20:07:04 -------- d-----w C:\Program Files\AviSynth 2.5
2008-01-27 20:06:23 -------- d-----w C:\Program Files\eRightSoft
2008-01-14 12:52:00 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11241072-58BB-40CE-9171-0B2BDFB22E97}]
2008-03-21 13:47 37888 --a------ C:\WINDOWS\system32\tuvusqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{231a64f8-ebd6-4516-aa44-e2d754e92af3}]
2008-03-21 13:55 91712 --a------ C:\WINDOWS\system32\gujdicxs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
2007-06-28 11:11 94308 --a------ C:\Program Files\FlashGet\jccatch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 02:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2007-09-20 10:30 328752 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-06-09 20:48 2436160 -ra------ c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-08-11 11:38 654832 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8341D93-055D-48CB-912B-4ED80744CC20}]
2008-03-21 13:52 305152 --a------ C:\WINDOWS\system32\ssqro.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
2007-05-18 17:13 163840 --a------ C:\Program Files\FlashGet\getflash.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38]
"WOOTASKBARICON"="C:\Program Files\Wanadoo\taskbaricon.exe" [2004-10-05 16:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 00:10 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-15 13:42]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"Adobe Photoshop Album Starter Edition 3.0 component"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"MzRamBooster"="C:\Program Files\MzRam\MzRamBooster.exe" [2008-02-01 10:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"combofix"=C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29]
"{11241072-58BB-40CE-9171-0B2BDFB22E97}"="C:\WINDOWS\system32\tuvusqp.dll" [2008-03-21 13:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkjgg]
nnnkjgg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvusqp]
tuvusqp.dll 2008-03-21 13:47 37888 C:\WINDOWS\system32\tuvusqp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 C:\WINDOWS\system32\ssqro.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avg Antivirus]
C:\WINDOWS\system32\icpldrvx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNA]
"C:\Program Files\BitTorrent_DNA\dna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\valve\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1959f36e-b489-11db-a425-000e505a106b}]
play\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1c608f9-8ceb-11db-a3ee-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5e7790e-b483-11db-a424-000e505a106b}]
Rip\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /RipAudioCD "%L"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b35c35ff-a946-11db-a411-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e004b519-14cb-11dc-a4c0-000e505a106b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f53af055-9b4a-11dc-80ca-000e505a106b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe448c1c-3243-11dc-a513-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


Contents of the 'Scheduled Tasks' folder
2008-02-29 16:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job
2008-03-16 18:58:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2008-03-22 10:58:05 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 11:55:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2008-03-22 12:01:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2008-03-22 12:01
C:\ComboFix2.txt ... 2007-07-11 17:37

--- E O F ---

   
Répondre à Blacky57

4

ep44, le 23 mar 2008 à 11:22:00

Selectionne ceci

registry::

[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\lsa]
"Authentication Packages"= hex(7):6d,73,76,31,5f,30,00,00

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11241072-58BB-40CE-9171-0B2BDFB22E97}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{231a64f8-ebd6-4516-aa44-e2d754e92af3}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8341D93-055D-48CB-912B-4ED80744CC20}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkjgg]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvusqp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{11241072-58BB-40CE-9171-0B2BDFB22E97}"=-



File::
C:\WINDOWS\system32\gujdicxs.dll
C:\WINDOWS\system32\oumjdxkb.dll
C:\WINDOWS\system32\fnliqjvk.dll
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\orqss.ini2
C:\WINDOWS\system32\tuvusqp.dll
C:\WINDOWS\system32\faa8908.dll
C:\WINDOWS\system32\356644f8.dll
C:\WINDOWS\system32\2b99a04.dll
C:\WINDOWS\system32\166a88f4.dll
C:\WINDOWS\system32\6064c04.dll
C:\WINDOWS\system32\263825c0.dll
C:\WINDOWS\system32\30a2d3fc.dll
C:\WINDOWS\system32\197fea2.dll
C:\WINDOWS\system32\1419a886.dll


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt



ensuite
Télécharge sur le bureau

ftp://ftp.commentcamarche.com/download/HJTInstall.exe

= Double-clic dessus pour l'installer
= Clic Do a system scan and save the log
=coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

@+

   
Répondre à ep44

5

Blacky57, le 23 mar 2008 à 19:47:16

Désoler de ne pas avoir répondu plus tot mais j'était a un repas de famille.

Voici le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27, on 2008-03-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\MzRam\MzRamBooster.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BM2350ad67] Rundll32.exe "C:\WINDOWS\system32\ltcoydnf.dll",s
O4 - HKLM\..\Run: [20639efb] rundll32.exe "C:\WINDOWS\system32\yomdigcj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Adobe Photoshop Album Starter Edition 3.0 component] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
O4 - HKCU\..\Run: [MzRamBooster] C:\Program Files\MzRam\MzRamBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0051A22E-CC80-4C71-9036-09E40BA2A18B}: NameServer = 80.10.246.1 81.253.149.2
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0051A22E-CC80-4C71-9036-09E40BA2A18B}: NameServer = 80.10.246.1 81.253.149.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
End of file - 9185 bytes


Et voici le rapport ComboFix :

"Herrmann" - 2008-03-23 19:11:01 - ComboFix 07-07-10.1 - Service Pack 2
Command switches used :: C:\Documents and Settings\Herrmann\Bureau\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\1419a886.dll
C:\WINDOWS\system32\166a88f4.dll
C:\WINDOWS\system32\197fea2.dll
C:\WINDOWS\system32\263825c0.dll
C:\WINDOWS\system32\2b99a04.dll
C:\WINDOWS\system32\30a2d3fc.dll
C:\WINDOWS\system32\356644f8.dll
C:\WINDOWS\system32\6064c04.dll
C:\WINDOWS\system32\faa8908.dll
C:\WINDOWS\system32\fnliqjvk.dll
C:\WINDOWS\system32\gujdicxs.dll
C:\WINDOWS\system32\orqss.ini2
C:\WINDOWS\system32\oumjdxkb.dll
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\tuvusqp.dll


((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))


2008-03-23 19:08 90,176 --a------ C:\WINDOWS\system32\yomdigcj.dll
2008-03-23 19:05 92,736 --a------ C:\WINDOWS\system32\wbhsokpc.dll
2008-03-23 19:05 90,176 --a------ C:\WINDOWS\system32\ltcoydnf.dll
2008-03-22 16:15 <REP> d-------- C:\!KillBox
2008-03-22 13:59 86,592 --a------ C:\WINDOWS\system32\bpbilaqy.dll
2008-03-22 13:56 93,248 --a------ C:\WINDOWS\system32\qyywbsby.dll
2008-03-22 13:54 92,224 --a------ C:\WINDOWS\system32\imlgdljq.dll
2008-03-22 07:46 251,416 --a------ C:\DOCUME~1\Herrmann\APPLIC~1\install_fr[2].exe
2008-03-09 16:52 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RInfo
2008-03-09 16:14 <REP> d-------- C:\Program Files\EaseDic
2008-03-09 16:14 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\EaseDic
2008-03-09 16:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EaseDic
2008-03-09 16:13 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\StarDict
2008-03-09 16:12 <REP> d-------- C:\Program Files\StarDict
2008-03-09 16:02 <REP> d-------- C:\Program Files\Foreignword
2008-03-01 11:06 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\Panasonic
2008-03-01 11:02 <REP> d-------- C:\Program Files\Apple Software Update
2008-03-01 11:01 <REP> d-------- C:\Program Files\ISL
2008-03-01 10:57 77,824 --a------ C:\WINDOWS\system32\PICEntry.dll
2008-03-01 10:57 73,728 --a------ C:\WINDOWS\system32\PICSDK.dll
2008-03-01 10:57 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2008-03-01 10:57 495,616 --a------ C:\WINDOWS\system32\PICSDK2.dll
2008-03-01 10:57 4,943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2008-03-01 10:57 31,053 --a------ C:\WINDOWS\system32\EPPICPattern131.dat
2008-03-01 10:57 27,417 --a------ C:\WINDOWS\system32\EPPICPattern121.dat
2008-03-01 10:57 26,154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-03-01 10:57 24,903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2008-03-01 10:57 21,390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2008-03-01 10:57 20,148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-03-01 10:57 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2008-03-01 10:57 111,932 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-03-01 10:57 11,811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2008-03-01 10:57 1,146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2008-03-01 10:57 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-03-01 10:57 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-03-01 10:57 1,136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-03-01 10:57 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-03-01 10:57 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-03-01 10:57 1,120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2008-03-01 10:57 1,107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2008-03-01 10:57 1,104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-03-01 10:56 45,056 --a------ C:\WINDOWS\system32\PhDi2.sys
2008-03-01 10:56 <REP> d-------- C:\Program Files\Panasonic
2008-03-01 10:55 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\InstallShield
2008-02-28 11:45 <REP> d-------- C:\Program Files\Swat 4 ATC v2.0
2008-02-25 12:02 <REP> d-------- C:\Program Files\Replay Converter
2008-02-25 11:53 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\GetRightToGo
2008-02-25 11:41 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-02-25 00:37 <REP> d-------- C:\Program Files\7-Zip


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-03-23 18:38:38 -------- d-----w C:\Program Files\Wanadoo
2008-03-23 18:35:43 -------- d-----w C:\Program Files\FlashGet
2008-03-22 15:12:01 510,736 ----a-w C:\WINDOWS\system32\perfh00C.dat
2008-03-22 15:12:00 84,818 ----a-w C:\WINDOWS\system32\perfc00C.dat
2008-03-14 17:30:36 96,624 ----a-w C:\DOCUME~1\Herrmann\APPLIC~1\GDIPFONTCACHEV1.DAT
2008-03-01 13:11:32 96,624 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-03-01 10:05:16 -------- d-----w C:\Program Files\QuickTime
2008-03-01 10:01:26 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 09:18:10 -------- d-----w C:\Program Files\LastChaosUSA
2008-02-29 09:57:29 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\Skype
2008-02-29 08:53:05 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-28 09:33:43 -------- d-----w C:\Program Files\Sierra
2008-02-26 22:56:16 -------- d-----w C:\Program Files\mIRC
2008-02-25 11:47:55 -------- d-----w C:\Program Files\GeoVid
2008-02-25 10:41:30 -------- d-----w C:\Program Files\Fichiers communs\GeoVid
2008-02-22 12:20:25 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-22 11:58:11 -------- d-----w C:\Program Files\AutoMz
2008-02-22 11:57:56 -------- d-----w C:\Program Files\MZ U.T
2008-02-22 11:57:38 -------- d-----w C:\Program Files\MzVistaForce
2008-02-22 11:57:27 -------- d-----w C:\Program Files\Mz_CpuAcc
2008-02-22 11:56:24 -------- d-----w C:\Program Files\MzRam
2008-02-21 17:04:37 -------- d-----w C:\Program Files\Gpotato.eu
2008-02-18 16:50:56 -------- d-----w C:\Program Files\AxBx
2008-02-18 14:30:05 -------- d-----w C:\Program Files\Common Files
2008-02-18 12:36:49 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\TuneUp Software
2008-02-18 09:19:56 -------- d-----w C:\Program Files\Warcraft III
2008-02-16 15:34:00 -------- d-----w C:\Program Files\Sony Ericsson
2008-02-16 15:33:55 -------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-02-16 15:31:08 -------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-16 15:20:42 -------- d-----w C:\Program Files\Zeb-Utility
2008-02-16 15:10:03 -------- d-----w C:\Program Files\EPSON
2008-02-16 15:06:13 -------- d-----w C:\Program Files\Canon
2008-02-09 20:38:00 118,019 ----a-w C:\WINDOWS\War3Unin.dat
2008-02-09 19:02:13 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-27 23:10:11 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\Apple Computer
2008-01-27 20:14:32 -------- d-----w C:\Program Files\Total Video Converter
2008-01-27 20:07:04 -------- d-----w C:\Program Files\AviSynth 2.5
2008-01-27 20:06:23 -------- d-----w C:\Program Files\eRightSoft
2008-01-14 12:52:00 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{025cd60e-d0ff-4cc3-8123-6092c266cf87}]
2008-03-23 19:06 92736 --a------ C:\WINDOWS\system32\wbhsokpc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 02:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2007-09-20 10:30 328752 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-06-09 20:48 2436160 -ra------ c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEAD9B29-81CD-496B-95DB-63F7CADC67BE}]
C:\WINDOWS\system32\ssqro.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-08-11 11:38 654832 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
2007-05-18 17:13 163840 --a------ C:\Program Files\FlashGet\getflash.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38]
"WOOTASKBARICON"="C:\Program Files\Wanadoo\taskbaricon.exe" [2004-10-05 16:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 00:10 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-15 13:42]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"Adobe Photoshop Album Starter Edition 3.0 component"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"MzRamBooster"="C:\Program Files\MzRam\MzRamBooster.exe" [2008-02-01 10:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avg Antivirus]
C:\WINDOWS\system32\icpldrvx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNA]
"C:\Program Files\BitTorrent_DNA\dna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\valve\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1959f36e-b489-11db-a425-000e505a106b}]
play\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1c608f9-8ceb-11db-a3ee-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5e7790e-b483-11db-a424-000e505a106b}]
Rip\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /RipAudioCD "%L"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6fab7d1-6428-11dc-9e22-000e505a106b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b35c35ff-a946-11db-a411-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c45514a9-1667-11dc-a4c4-000e505a106b}]
Auto\command- L:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e004b519-14cb-11dc-a4c0-000e505a106b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f53af055-9b4a-11dc-80ca-000e505a106b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe448c1c-3243-11dc-a513-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


Contents of the 'Scheduled Tasks' folder
2008-02-29 16:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job
2008-03-16 18:58:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2008-03-23 18:40:21 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer,
Rootkit scan 2008-03-23 19:38:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2008-03-23 19:41:02 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2008-03-23 19:41
C:\ComboFix2.txt ... 2008-03-22 12:01
C:\ComboFix3.txt ... 2007-07-11 17:37

--- E O F ---

Merci

   
Répondre à Blacky57

6

ep44, le 23 mar 2008 à 21:08:37

Recommence la manip avec combofix
mais avec ce texte


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{025cd60e-d0ff-4cc3-8123-6092c266cf87}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEAD9B29-81CD-496B-95DB-63F7CADC67BE}]



File::
C:\WINDOWS\system32\yomdigcj.dll
C:\WINDOWS\system32\wbhsokpc.dll
C:\WINDOWS\system32\ltcoydnf.dll
C:\!KillBox
C:\WINDOWS\system32\bpbilaqy.dll
C:\WINDOWS\system32\qyywbsby.dll
C:\WINDOWS\system32\imlgdljq.dll
C:\WINDOWS\system32\icpldrvx.exe



@+

   
Répondre à ep44

7

Blacky57, le 24 mar 2008 à 13:29:40

Voici le Log de ComboFix :

"Herrmann" - 2008-03-24 13:14:49 - ComboFix 07-07-10.1 - Service Pack 2
Command switches used :: C:\Documents and Settings\Herrmann\Bureau\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\!KillBox
C:\WINDOWS\system32\bpbilaqy.dll
C:\WINDOWS\system32\imlgdljq.dll
C:\WINDOWS\system32\ltcoydnf.dll
C:\WINDOWS\system32\qyywbsby.dll
C:\WINDOWS\system32\wbhsokpc.dll
C:\WINDOWS\system32\yomdigcj.dll


((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))


2008-03-23 20:10 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-03-23 20:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2008-03-22 07:46 251,416 --a------ C:\DOCUME~1\Herrmann\APPLIC~1\install_fr[2].exe
2008-03-09 16:52 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RInfo
2008-03-09 16:14 <REP> d-------- C:\Program Files\EaseDic
2008-03-09 16:14 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\EaseDic
2008-03-09 16:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EaseDic
2008-03-09 16:13 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\StarDict
2008-03-09 16:12 <REP> d-------- C:\Program Files\StarDict
2008-03-09 16:02 <REP> d-------- C:\Program Files\Foreignword
2008-03-01 11:06 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\Panasonic
2008-03-01 11:02 <REP> d-------- C:\Program Files\Apple Software Update
2008-03-01 11:01 <REP> d-------- C:\Program Files\ISL
2008-03-01 10:57 77,824 --a------ C:\WINDOWS\system32\PICEntry.dll
2008-03-01 10:57 73,728 --a------ C:\WINDOWS\system32\PICSDK.dll
2008-03-01 10:57 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2008-03-01 10:57 495,616 --a------ C:\WINDOWS\system32\PICSDK2.dll
2008-03-01 10:57 4,943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2008-03-01 10:57 31,053 --a------ C:\WINDOWS\system32\EPPICPattern131.dat
2008-03-01 10:57 27,417 --a------ C:\WINDOWS\system32\EPPICPattern121.dat
2008-03-01 10:57 26,154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-03-01 10:57 24,903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2008-03-01 10:57 21,390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2008-03-01 10:57 20,148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-03-01 10:57 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2008-03-01 10:57 111,932 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-03-01 10:57 11,811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2008-03-01 10:57 1,146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2008-03-01 10:57 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-03-01 10:57 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-03-01 10:57 1,136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-03-01 10:57 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-03-01 10:57 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-03-01 10:57 1,120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2008-03-01 10:57 1,107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2008-03-01 10:57 1,104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-03-01 10:56 45,056 --a------ C:\WINDOWS\system32\PhDi2.sys
2008-03-01 10:56 <REP> d-------- C:\Program Files\Panasonic
2008-03-01 10:55 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\InstallShield
2008-02-28 11:45 <REP> d-------- C:\Program Files\Swat 4 ATC v2.0
2008-02-25 12:02 <REP> d-------- C:\Program Files\Replay Converter
2008-02-25 11:53 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\GetRightToGo
2008-02-25 11:41 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-02-25 00:37 <REP> d-------- C:\Program Files\7-Zip


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-03-24 10:00:15 -------- d-----w C:\Program Files\Wanadoo
2008-03-24 07:50:29 -------- d-----w C:\Program Files\FlashGet
2008-03-23 20:01:12 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-22 15:12:01 510,736 ----a-w C:\WINDOWS\system32\perfh00C.dat
2008-03-22 15:12:00 84,818 ----a-w C:\WINDOWS\system32\perfc00C.dat
2008-03-14 17:30:36 96,624 ----a-w C:\DOCUME~1\Herrmann\APPLIC~1\GDIPFONTCACHEV1.DAT
2008-03-01 13:11:32 96,624 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-03-01 10:05:16 -------- d-----w C:\Program Files\QuickTime
2008-03-01 10:01:26 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 09:18:10 -------- d-----w C:\Program Files\LastChaosUSA
2008-02-29 09:57:29 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\Skype
2008-02-28 09:33:43 -------- d-----w C:\Program Files\Sierra
2008-02-26 22:56:16 -------- d-----w C:\Program Files\mIRC
2008-02-25 11:47:55 -------- d-----w C:\Program Files\GeoVid
2008-02-25 10:41:30 -------- d-----w C:\Program Files\Fichiers communs\GeoVid
2008-02-22 12:20:25 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-22 11:58:11 -------- d-----w C:\Program Files\AutoMz
2008-02-22 11:57:56 -------- d-----w C:\Program Files\MZ U.T
2008-02-22 11:57:38 -------- d-----w C:\Program Files\MzVistaForce
2008-02-22 11:57:27 -------- d-----w C:\Program Files\Mz_CpuAcc
2008-02-22 11:56:24 -------- d-----w C:\Program Files\MzRam
2008-02-21 17:04:37 -------- d-----w C:\Program Files\Gpotato.eu
2008-02-18 16:50:56 -------- d-----w C:\Program Files\AxBx
2008-02-18 14:30:05 -------- d-----w C:\Program Files\Common Files
2008-02-18 12:36:49 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\TuneUp Software
2008-02-18 09:19:56 -------- d-----w C:\Program Files\Warcraft III
2008-02-16 15:34:00 -------- d-----w C:\Program Files\Sony Ericsson
2008-02-16 15:33:55 -------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-02-16 15:31:08 -------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-16 15:20:42 -------- d-----w C:\Program Files\Zeb-Utility
2008-02-16 15:10:03 -------- d-----w C:\Program Files\EPSON
2008-02-16 15:06:13 -------- d-----w C:\Program Files\Canon
2008-02-09 20:38:00 118,019 ----a-w C:\WINDOWS\War3Unin.dat
2008-02-09 19:02:13 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-27 23:10:11 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\Apple Computer
2008-01-27 20:14:32 -------- d-----w C:\Program Files\Total Video Converter
2008-01-27 20:07:04 -------- d-----w C:\Program Files\AviSynth 2.5
2008-01-27 20:06:23 -------- d-----w C:\Program Files\eRightSoft
2008-01-14 12:52:00 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
2007-06-28 11:11 94308 --a------ C:\Program Files\FlashGet\jccatch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 02:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2007-09-20 10:30 328752 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-06-09 20:48 2436160 -ra------ c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-08-11 11:38 654832 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
2007-05-18 17:13 163840 --a------ C:\Program Files\FlashGet\getflash.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38]
"WOOTASKBARICON"="C:\Program Files\Wanadoo\taskbaricon.exe" [2004-10-05 16:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 00:10 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-15 13:42]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"Adobe Photoshop Album Starter Edition 3.0 component"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"MzRamBooster"="C:\Program Files\MzRam\MzRamBooster.exe" [2008-02-01 10:01]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 19:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avg Antivirus]
C:\WINDOWS\system32\icpldrvx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNA]
"C:\Program Files\BitTorrent_DNA\dna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\valve\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1959f36e-b489-11db-a425-000e505a106b}]
play\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1c608f9-8ceb-11db-a3ee-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5e7790e-b483-11db-a424-000e505a106b}]
Rip\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /RipAudioCD "%L"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6fab7d1-6428-11dc-9e22-000e505a106b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b35c35ff-a946-11db-a411-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c45514a9-1667-11dc-a4c4-000e505a106b}]
Auto\command- L:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e004b519-14cb-11dc-a4c0-000e505a106b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f53af055-9b4a-11dc-80ca-000e505a106b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe448c1c-3243-11dc-a513-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


Contents of the 'Scheduled Tasks' folder
2008-02-29 16:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job
2008-03-23 19:02:10 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2008-03-24 06:33:41 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 13:23:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2008-03-24 13:24:16
C:\ComboFix-quarantined-files.txt ... 2008-03-24 13:24
C:\ComboFix2.txt ... 2008-03-23 19:41
C:\ComboFix3.txt ... 2008-03-22 12:01

--- E O F ---

@+

   
Répondre à Blacky57

8

 ep44, le 24 mar 2008 à 20:14:35

Salut

Télécharge:
http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware
= Installer
= Le lancer
= Clic : Mise à jour
------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
= Dans ANALYSE ( en forme de loupe )
==> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
==> Clic : Analyse complète du système
En fin de scan ( qui est assez long)
==> Clic Appliquer toutes les actions <== ceci Très important
==> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
En mode normal
colle le rapport
====================================

ensuite fait un scan en ligne

avec bitdefender et colle le rapport

http://www.bitdefender.com/scan8/ie.html

un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm

ensuite un nouveau rapport hijack

@+

   
Répondre à ep44
Posez votre question Répondre
Ils ont besoin de votre aide