Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

Infection Win32/Adware.Virtumonde Application

 

Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

Infection Win32/Adware.Virtumonde Application

Prévenir les modérateurs en cas d'abus 
Cynics
cynics
  1. Posté le 30/11/2007 à 04:23:52  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour à tous!

 Voila depuis hier nod32 m'affiche sans cesse que la menace "Win32/Adware.Virtumonde Application" est présente sur mon pc et qu'il va la supprimer. Malheureusement dès que ce dernier procède à sa suppression l'application se relance.. Mon UC est constament utilisé à 100%. Nod32 m'indique aussi que l'objet infecté est "C:\WINDOWS\system32\ljjjjjhe.​dll".

 J'ai essayé divers scan (spybot, AVG Anti-Spyware..) mais ces derniers ne trouvent rien d'anormal.

 Je vous laisse un rapport HijackThis si ça peut vous aider:


 Edit modo : pas de rapport avant qu'il ne soit demandé.

 veuillez lire ce sujet :

 http://forum.telecharger.01net [...] ges-1.html


 Merci d'avance

malekal_morte
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 30/11/2007 à 09:29:33  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut,


 Télécharge Combofix sUBs : combofix.exe
 et sauvegarde le sur ton bureau et pas ailleurs!

 Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
 Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

 Copie/colle un nouveau rapport HiJackThis avec.

(Publicité)
cynics
  1. Posté le 30/11/2007 à 12:57:12  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Je n'avais pas signalé dans mon premier post qu'explorer.exe planté parfois depuis que ce spyware a infecté mon pc..

 Rapport ComboFix

 



 
 ComboFix 07-11-19.4C - William 2007-11-30 12:45:18.2 - NTFSx86
 Microsoft Windows XP Édition familiale  5.1.2600.2.1252.1.1036.18.601 [GMT 1:00]
 Running from: C:\Documents and Settings\William\Bureau\ComboF​ix.exe
 .

 ((((((((((((((((((((((((((((((​((((((   Autres suppressions   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .

 C:\WINDOWS\system32\_000003_.t​mp.dll
 C:\WINDOWS\system32\_000006_.t​mp.dll
 C:\WINDOWS\system32\_000007_.t​mp.dll
 C:\WINDOWS\system32\_000008_.t​mp.dll
 C:\WINDOWS\system32\_000009_.t​mp.dll
 C:\WINDOWS\system32\_000010_.t​mp.dll
 C:\WINDOWS\system32\_000012_.t​mp.dll
 C:\WINDOWS\system32\_000013_.t​mp.dll
 C:\WINDOWS\system32\awvvs.dll
 C:\WINDOWS\system32\gebyv.dll
 C:\WINDOWS\system32\svvwa.ini
 C:\WINDOWS\system32\svvwa.ini2
 C:\WINDOWS\system32\vybeg.ini
 C:\WINDOWS\system32\vybeg.ini2
 .
 ---- Previous Run -------
 .
 C:\WINDOWS\system32\_000003_.t​mp.dll
 C:\WINDOWS\system32\_000006_.t​mp.dll
 C:\WINDOWS\system32\_000007_.t​mp.dll
 C:\WINDOWS\system32\_000008_.t​mp.dll
 C:\WINDOWS\system32\_000009_.t​mp.dll
 C:\WINDOWS\system32\_000010_.t​mp.dll
 C:\WINDOWS\system32\_000012_.t​mp.dll
 C:\WINDOWS\system32\_000013_.t​mp.dll
 C:\WINDOWS\system32\awvvs.dll
 C:\WINDOWS\system32\svvwa.ini
 C:\WINDOWS\system32\svvwa.ini2

 .
 ((((((((((((((((((((((((((((((​(((((((((   Drivers/Services   ))))))))))))))))))))))))))))))​)))))))))))))))))))

 .
 -------\poof




 (((((((((((((((((((((((((((((   Fichiers cr‚‚s 2007-10-28 to 2007-11-30  ))))))))))))))))))))))))))))))​))))))
 .

 2007-11-30 03:12 <REP> d-------- C:\Program Files\Trend Micro
 2007-11-29 20:30 77,888 --a------ C:\WINDOWS\system32\aycjgjbl.d​ll
 2007-11-29 18:50 <REP> d-------- C:\Program Files\Enigma Software Group
 2007-11-29 17:31 <REP> d-------- C:\Documents and Settings\William\Application Data\Grisoft
 2007-11-29 17:31 10,872 --a------ C:\WINDOWS\system32\drivers\Av​gAsCln.sys
 2007-11-26 19:41 32,764 --a------ C:\WINDOWS\17PHolmes1061.exe
 2007-11-26 07:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
 2007-11-20 22:23 <REP> d-------- C:\Program Files\Audacity
 2007-11-18 01:43 <REP> d-------- C:\Program Files\Firefox
 2007-11-17 21:24 <REP> d-------- C:\Program Files\WC3Banlist
 2007-11-13 07:43 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
 2007-11-08 16:17 30,728 --a------ C:\WINDOWS\system32\drivers\ep​fwtdir.sys
 2007-11-08 16:10 27,656 --a------ C:\WINDOWS\system32\drivers\ea​sdrv.sys
 2007-11-08 16:09 33,800 --a------ C:\WINDOWS\system32\drivers\ea​mon.sys
 2007-11-07 12:50 0 --ah----- C:\WINDOWS\system32\drivers\Ms​ftWdf_Kernel_01005_Coinstaller​_Critical.Wdf
 2007-11-07 12:50 0 --ah----- C:\WINDOWS\system32\drivers\Ms​ft_Kernel_LMouFilt_01005.Wdf
 2007-11-06 21:35 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
 2007-11-01 14:24 <REP> d-------- C:\Program Files\Alwil Software
 2007-11-01 14:18 <REP> d-------- C:\Program Files\WinPcap
 2007-11-01 14:17 <REP> d-------- C:\Program Files\ElcomSoft
 2007-11-01 14:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
 2007-10-25 18:57 <REP> d-------- C:\Program Files\Opera 9.5 beta
 2007-10-23 17:49 586,752 --a------ C:\WINDOWS\WLXPGSS.SCR
 2007-10-20 18:03 139,264 --a------ C:\WINDOWS\War3Unin.exe
 2007-10-20 18:03 66,060 --a------ C:\WINDOWS\War3Unin.dat
 2007-10-20 18:03 2,829 --a------ C:\WINDOWS\War3Unin.pif
 2007-10-18 10:03 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.d​ll
 2007-10-18 10:03 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
 2007-10-18 10:03 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
 2007-10-18 10:03 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
 2007-10-18 10:03 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
 2007-10-18 10:03 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.d​ll
 2007-10-18 10:02 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
 2007-10-07 17:04 5,804 --a------ C:\WINDOWS\BricoPackFoldersDel​ete.cmd
 2007-10-05 13:17 <REP> d-------- C:\Program Files\Stardock
 2007-10-05 13:17 42,672 --------- C:\WINDOWS\system32\wbsys.dll
 2007-10-03 06:40 <REP> d-------- C:\Program Files\Diskeeper Corporation
 2007-10-01 20:40 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
 2007-10-01 19:40 <REP> d-------- C:\Documents and Settings\William\Application Data\DeepBurner
 2007-10-01 19:38 <REP> d-------- C:\Program Files\DeepBurner

 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2007-11-30 03:49 --------- d-----w C:\Documents and Settings\William\Application Data\OpenOffice.org2
 2007-11-30 02:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
 2007-11-27 23:47 --------- d-----w C:\Program Files\a-squared Free
 2007-11-27 23:45 --------- d-----w C:\Program Files\Teamspeak2_RC2
 2007-11-27 23:43 --------- d-----w C:\Program Files\Octoshape Streaming Services
 2007-11-26 18:38 --------- d-----w C:\Documents and Settings\William\Application Data\Azureus
 2007-11-20 21:50 --------- d-----w C:\Program Files\DivX
 2007-11-18 00:54 --------- d-----w C:\Program Files\Opera
 2007-11-17 15:20 --------- d-----w C:\Program Files\MSN Messenger
 2007-11-17 15:18 --------- d-----w C:\Program Files\Windows Live
 2007-11-16 17:59 --------- d-----w C:\Program Files\Logitech
 2007-11-16 17:56 --------- d-----w C:\Program Files\Thunderbird
 2007-11-16 17:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
 2007-11-15 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
 2007-11-08 18:21 --------- d-----w C:\Program Files\mIRC
 2007-11-07 11:50 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
 2007-11-07 11:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
 2007-11-06 19:32 --------- d-----w C:\Documents and Settings\William\Application Data\teamspeak2
 2007-11-01 13:18 --------- d-----w C:\Program Files\SuperCopier2
 2007-11-01 13:18 --------- d-----w C:\Program Files\MSECACHE
 2007-11-01 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
 2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\px​help20.sys
 2007-10-07 16:05 65,492 ----a-w C:\WINDOWS\BricoPackUninst.cmd
 2007-10-04 05:09 --------- d-----w C:\Program Files\Java
 2007-10-01 19:43 --------- d-----w C:\Program Files\Nero Burning Rom
 2007-10-01 19:43 --------- d-----w C:\Program Files\Fichiers communs\Ahead
 2007-09-29 17:20 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
 2007-09-29 14:54 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
 2007-09-29 14:33 --------- d-----w C:\Program Files\MSBuild
 2007-09-29 14:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
 2007-09-29 05:28 --------- d-----w C:\Documents and Settings\William\Application Data\ma-config.com
 2007-09-29 05:27 --------- d-----w C:\Program Files\ma-config.com
 2007-09-12 11:04 29,696 ----a-w C:\WINDOWS\mickey32.dll
 2007-09-12 11:04 2,285,222 ----a-w C:\WINDOWS\Matrix Code.exe
 2007-09-05 18:24 456 ---ha-w C:\os466477.bin
 2006-12-25 14:21 1 ----a-w C:\Documents and Settings\William\SI.bin
 .

 ((((((((((((((((((((((((((((((​(((   Point de chargement Reg   ))))))))))))))))))))))))))))))​)))))))))))))))))))
 .
 .
 *Note* les &#8218;l&#8218;ments vides & les &#8218;l&#8218;ments initiaux l&#8218;gitimes ne sont pas list&#8218;s

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17B88DF7-95AB-44DA-8ECD-5FF0B6CAEC67}]
    C:\WINDOWS\system32\ljjjjhe.dl​l

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{eec25831-c9a3-4184-b383-e4ddfbce63e0}]
 2007-11-29 20:31 77888 --a------ C:\WINDOWS\system32\aycjgjbl.d​ll

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24]
 "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\CLIStart.exe" [2006-11-10 11:35]
 "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-18 00:30]
 "Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 01:08]
 "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-08 16:13]
 "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\Run]
 "CTFMON.EXE"="C:\WINDOWS\syste​m32\CTFMON.EXE" [2004-08-05 13:00]

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​policies\system]
 "DisableRegistryTools"= 0 (0x0)

 [hklm\software\microsoft\window​s\currentversion\explorer\shel​lexecutehooks]
 "{17B88DF7-95AB-44DA-8ECD-5FF0​B6CAEC67}"= C:\WINDOWS\system32\ljjjjhe.dl​l [ ]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\winlogon\notify\ljjjjhe]
 ljjjjhe.dll

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\control\lsa]
 "Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebyv.dll

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\WdfLoadGroup]
 @=""

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupfolder\C​:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^​Adobe Reader Speed Launch.lnk]
 path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\​Adobe Reader Speed Launch.lnk
 backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupfolder\C​:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^​Java SATARaid.lnk]
 path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\​Java SATARaid.lnk
 backup=C:\WINDOWS\pss\Java SATARaid.lnkCommon Startup

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupfolder\C​:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^​Microsoft Office.lnk]
 path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\​Microsoft Office.lnk
 backup=C:\WINDOWS\pss\Microsof​t Office.lnkCommon Startup

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupfolder\C​:^Documents and Settings^William^Menu Démarrer^Programmes^Démarrage^​MSN Pictures Displayer.lnk]
 path=C:\Documents and Settings\William\Menu Démarrer\Programmes\Démarrage\​MSN Pictures Displayer.lnk
 backup=C:\WINDOWS\pss\MSN Pictures Displayer.lnkStartup

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupfolder\C​:^Documents and Settings^William^Menu Démarrer^Programmes^Démarrage^​OpenOffice.org 2.2.lnk]
 path=C:\Documents and Settings\William\Menu Démarrer\Programmes\Démarrage\​OpenOffice.org 2.2.lnk
 backup=C:\WINDOWS\pss\OpenOffi​ce.org 2.2.lnkStartup

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupfolder\C​:^Documents and Settings^William^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
 path=C:\Documents and Settings\William\Menu Démarrer\Programmes\Démarrage\​RocketDock.lnk
 backup=C:\WINDOWS\pss\RocketDo​ck.lnkStartup

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupfolder\C​:^Documents and Settings^William^Menu Démarrer^Programmes^Démarrage^​Stardock ObjectDock.lnk]
 path=C:\Documents and Settings\William\Menu Démarrer\Programmes\Démarrage\​Stardock ObjectDock.lnk
 backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupfolder\C​:^Documents and Settings^William^Menu Démarrer^Programmes^Démarrage^​Y'z ToolBar.lnk]
 path=C:\Documents and Settings\William\Menu Démarrer\Programmes\Démarrage\​Y'z ToolBar.lnk
 backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\ares]
    D:\Ares\Ares.exe -h
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\CTFMON.EXE]
 2004-08-05 13:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\EPSO​N Stylus C48 Series]
    C:\WINDOWS\System32\spool\DRIV​ERS\W32X86\3\E_S4I091.EXE /P23 EPSON Stylus C48 Series /O6 USB001 /M Stylus C48
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Flashget]
    C:\Program Files\FlashGet\FlashGet.exe /min
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\GrooveMonitor]
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.​exe
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\IncrediMail]
    C:\Program Files\IncrediMail\bin\IncMail.​exe /c
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Kern​el and Hardware Abstraction Layer]
    KHALMNPR.EXE
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
 2007-05-17 09:52 505368 --a------ C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Commu​nications_Helper.exe
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    C:\Program Files\Logitech\QuickCam10\Quic​kCam10.exe /hide
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\mmtask]
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\MMTray]
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.​exe
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\nFor​ce Tray Options]
    sstray.exe /r
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,​NvStartup
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.d​ll,NvTaskbarInit
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Octo​shape Streaming Services]
    C:\Program Files\Octoshape Streaming Services\William\OctoshapeClie​nt.exe -inv:bootrun
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Quic​kTime Task]
    C:\Program Files\QuickTime\QTTask.exe -atboottime
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Skype]
    C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Steam]
    D:\Steam\Steam.exe -silent
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
 2007-09-25 00:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jus​ched.exe
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    C:\Program Files\TomTom HOME\TomTomHOME.exe -s
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\UnlockerAssistant]
 2006-09-07 18:19 15872 --a------ C:\Program Files\Unlocker\UnlockerAssista​nt.exe
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

 R0 Defrag32b;Defrag32Boot;C:\WIND​OWS\system32\drivers\Defrag32b​.sys
 R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32​\drivers\si3112r.sys
 R0 SiWinAcc;SiWinAcc;C:\WINDOWS\s​ystem32\drivers\SiWinAcc.sys
 R1 easdrv;easdrv;C:\WINDOWS\syste​m32\DRIVERS\easdrv.sys
 R1 epfwtdir;epfwtdir;C:\WINDOWS\s​ystem32\DRIVERS\epfwtdir.sys
 R2 Defrag32;Defrag32;C:\WINDOWS\s​ystem32\drivers\Defrag32.sys
 R2 eamon;EAMON;C:\WINDOWS\system3​2\DRIVERS\eamon.sys
 R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
 R2 PDSched;PDScheduler;"C:\Progra​m Files\Raxco\PerfectDisk\PDSche​d.exe"
 S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
 S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\dri​vers\lccfltr.sys
 S3 msvad_simple;SoliCall;C:\WINDO​WS\system32\drivers\solicall.s​ys
 S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\dri​vers\npf.sys
 S3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Dri​vers\Razerlow.sys

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{e8f7032​b-f3cf-11db-acd6-00112fb8fc4a}​]
 \Shell\AutoRun\command - I:\InstallTomTomHOME.exe

 .
 ******************************​******************************​**************

 catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2007-11-30 12:53:04
 Windows 5.1.2600 Service Pack 2 NTFS

 scanning hidden processes ...

 scanning hidden autostart entries ...

 scanning hidden files ...

 scan completed successfully
 hidden files: 0

 ******************************​******************************​**************
 .
 Completion time: 2007-11-30 12:54:05 - machine was rebooted
 .
  --- E O F ---
 




 Rapport HijackThis

 



 
 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 12:56:57, on 30/11/2007
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.6000.16544)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcS​rv.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\Explorer.EXE
 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
 C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Raxco\PerfectDisk\PDSche​d.exe
 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
 C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\MOM.EXE
 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
 C:\Program Files\DAEMON Tools\daemon.exe
 C:\Program Files\MSN Messenger\MsnMsgr.Exe
 C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
 C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
 C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
 C:\Program Files\Logitech\SetPoint II\SetpointII.exe
 C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNP​R.EXE
 C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
 C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
 C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\ccc.exe
 C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 C:\Program Files\MSN Messenger\usnsvc.exe
 C:\WINDOWS\system32\wuauclt.ex​e
 C:\WINDOWS\system32\notepad.ex​e
 C:\Program Files\Opera\Opera.exe
 C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://www.google.fr/
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
 O2 - BHO: (no name) - {17B88DF7-95AB-44DA-8ECD-5FF0B​6CAEC67} - C:\WINDOWS\system32\ljjjjhe.dl​l (file missing)
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5​E23E045} - (no file)
 O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-51647​60863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: {0e36ecbf-dd4e-383b-4814-3a9c1​3852cee} - {eec25831-c9a3-4184-b383-e4ddf​bce63e0} - C:\WINDOWS\system32\aycjgjbl.d​ll
 O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050B​A6940E3} - (no file)
 O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\CLIStart.exe
 O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
 O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
 O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
 O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
 O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
 O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
 O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
 O4 - Global Startup: SetPointII.lnk = ?
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Off​ice12\EXCEL.EXE/3000
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe
 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488​ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/15 [...] plugin.cab
 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD8​4642501} (Checkers Class) - http://messenger.zone.msn.com/ [...] b56986.cab
 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05C​B959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail. [...] nPUpld.cab
 O16 - DPF: {5D6F45B3-9043-443D-A792-11544​7494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ [...] E_UNO1.cab
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF​33E833C} (WUWebControl Class) - http://update.microsoft.com/wi [...] 5224092442
 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04​F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840 [...] scan53.cab
 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F​29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/a [...] asinst.cab
 O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E​146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/ [...] her-fr.cab
 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46​475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/ [...] b56907.cab
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-44455​3540000} (Shockwave Flash Object) - http://fpdownload2.macromedia. [...] wflash.cab
 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E2​07A39E6} (McFreeScan Class) - http://download.mcafee.com/mol [...] cfscan.cab
 O17 - HKLM\System\CCS\Services\Tcpip​\..\{6A261226-2E76-4E44-A934-3​F35D6304DE9}: NameServer = 192.168.0.1
 O20 - Winlogon Notify: ljjjjhe - ljjjjhe.dll (file missing)
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.e​xe
 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.e​xe
 O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
 O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
 O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcS​rv.exe
 O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLn​ch.exe
 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.ex​e
 O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngi​ne.exe
 O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSche​d.exe
 O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

 --
 End of file - 9293 bytes
 


malekal_morte
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 30/11/2007 à 13:02:27  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
C:\Program Files\Enigma Software Group
 --> t'as installé un truc venant d'un blog qui doit soit disant la solution pour  supprimer des infection mais c'est pour refourguer des antispyware, style spyhunter etc... désinstalle ce truc.

 DESACTIVE LA PROTECTION ANTIVIR DURANT LA PROCEDURE

 Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

 



File::
 C:\WINDOWS\system32\aycjgjbl.d​ll
 C:\WINDOWS\17PHolmes1061.exe
 C:\WINDOWS\mickey32.dll
 C:\WINDOWS\Matrix Code.exe




 Enregistre ce fichier sous le nom CFScript

 

  • Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 http://img.photobucket.com/alb​ums/v666/sUBs/CFScript.gif
 
  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
 
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

 
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

 Relance HijackThis, coche ces lignes :

 O2 - BHO: (no name) - {17B88DF7-95AB-44DA-8ECD-5FF0B​6CAEC67} - C:\WINDOWS\system32\ljjjjhe.dl​l (file missing)
 O2 - BHO: {0e36ecbf-dd4e-383b-4814-3a9c1​3852cee} - {eec25831-c9a3-4184-b383-e4ddf​bce63e0} - C:\WINDOWS\system32\aycjgjbl.d​ll
 O20 - Winlogon Notify: ljjjjhe - ljjjjhe.dll (file missing)

 --> clic sur fix checked

 Poste un nouveau rapport HijackThis.

cynics
  1. Posté le 30/11/2007 à 13:35:49  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
le logiciel était bien spyhunter, je l'ai désinstallé.

 Rapport combofix

 



 
 ComboFix 07-11-19.4C - William 2007-11-30 13:17:33.3 - NTFSx86
 Microsoft Windows XP Édition familiale  5.1.2600.2.1252.1.1036.18.560 [GMT 1:00]
 Running from: C:\Documents and Settings\William\Bureau\ComboF​ix.exe
 Command switches used :: C:\Documents and Settings\William\Bureau\CFScri​pt.txt
 * Created a new restore point

 FILE
 C:\WINDOWS\17PHolmes1061.exe
 C:\WINDOWS\Matrix Code.exe
 C:\WINDOWS\mickey32.dll
 C:\WINDOWS\system32\aycjgjbl.d​ll
 .

 ((((((((((((((((((((((((((((((​((((((   Autres suppressions   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .

 C:\WINDOWS\17PHolmes1061.exe
 C:\WINDOWS\Matrix Code.exe
 C:\WINDOWS\mickey32.dll
 C:\WINDOWS\system32\aycjgjbl.d​ll

 .
 (((((((((((((((((((((((((((((   Fichiers cr&#8218;&#8218;s 2007-10-28 to 2007-11-30  ))))))))))))))))))))))))))))))​))))))
 .

 2007-11-30 13:00 <REP> d-------- C:\VundoFix Backups
 2007-11-30 03:12 <REP> d-------- C:\Program Files\Trend Micro
 2007-11-29 17:31 <REP> d-------- C:\Documents and Settings\William\Application Data\Grisoft
 2007-11-29 17:31 10,872 --a------ C:\WINDOWS\system32\drivers\Av​gAsCln.sys
 2007-11-26 07:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
 2007-11-20 22:23 <REP> d-------- C:\Program Files\Audacity
 2007-11-18 01:43 <REP> d-------- C:\Program Files\Firefox
 2007-11-17 21:24 <REP> d-------- C:\Program Files\WC3Banlist
 2007-11-13 07:43 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
 2007-11-08 16:17 30,728 --a------ C:\WINDOWS\system32\drivers\ep​fwtdir.sys
 2007-11-08 16:10 27,656 --a------ C:\WINDOWS\system32\drivers\ea​sdrv.sys
 2007-11-08 16:09 33,800 --a------ C:\WINDOWS\system32\drivers\ea​mon.sys
 2007-11-07 12:50 0 --ah----- C:\WINDOWS\system32\drivers\Ms​ftWdf_Kernel_01005_Coinstaller​_Critical.Wdf
 2007-11-07 12:50 0 --ah----- C:\WINDOWS\system32\drivers\Ms​ft_Kernel_LMouFilt_01005.Wdf
 2007-11-06 21:35 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
 2007-11-01 14:24 <REP> d-------- C:\Program Files\Alwil Software
 2007-11-01 14:18 <REP> d-------- C:\Program Files\WinPcap
 2007-11-01 14:17 <REP> d-------- C:\Program Files\ElcomSoft
 2007-11-01 14:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
 2007-10-25 18:57 <REP> d-------- C:\Program Files\Opera 9.5 beta
 2007-10-23 17:49 586,752 --a------ C:\WINDOWS\WLXPGSS.SCR
 2007-10-20 18:03 139,264 --a------ C:\WINDOWS\War3Unin.exe
 2007-10-20 18:03 66,060 --a------ C:\WINDOWS\War3Unin.dat
 2007-10-20 18:03 2,829 --a------ C:\WINDOWS\War3Unin.pif
 2007-10-18 10:03 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.d​ll
 2007-10-18 10:03 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
 2007-10-18 10:03 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
 2007-10-18 10:03 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
 2007-10-18 10:03 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
 2007-10-18 10:03 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.d​ll
 2007-10-18 10:02 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
 2007-10-07 17:04 5,804 --a------ C:\WINDOWS\BricoPackFoldersDel​ete.cmd
 2007-10-05 13:17 <REP> d-------- C:\Program Files\Stardock
 2007-10-05 13:17 42,672 --------- C:\WINDOWS\system32\wbsys.dll
 2007-10-03 06:40 <REP> d-------- C:\Program Files\Diskeeper Corporation
 2007-10-01 20:40 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
 2007-10-01 19:40 <REP> d-------- C:\Documents and Settings\William\Application Data\DeepBurner
 2007-10-01 19:38 <REP> d-------- C:\Program Files\DeepBurner

 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2007-11-30 03:49 --------- d-----w C:\Documents and Settings\William\Application Data\OpenOffice.org2
 2007-11-30 02:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
 2007-11-27 23:47 --------- d-----w C:\Program Files\a-squared Free
 2007-11-27 23:45 --------- d-----w C:\Program Files\Teamspeak2_RC2
 2007-11-27 23:43 --------- d-----w C:\Program Files\Octoshape Streaming Services
 2007-11-26 18:38 --------- d-----w C:\Documents and Settings\William\Application Data\Azureus
 2007-11-20 21:50 --------- d-----w C:\Program Files\DivX
 2007-11-18 00:54 --------- d-----w C:\Program Files\Opera
 2007-11-17 15:20 --------- d-----w C:\Program Files\MSN Messenger
 2007-11-17 15:18 --------- d-----w C:\Program Files\Windows Live
 2007-11-16 17:59 --------- d-----w C:\Program Files\Logitech
 2007-11-16 17:56 --------- d-----w C:\Program Files\Thunderbird
 2007-11-16 17:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
 2007-11-15 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
 2007-11-08 18:21 --------- d-----w C:\Program Files\mIRC
 2007-11-07 11:50 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
 2007-11-07 11:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
 2007-11-06 19:32 --------- d-----w C:\Documents and Settings\William\Application Data\teamspeak2
 2007-11-01 13:18 --------- d-----w C:\Program Files\SuperCopier2
 2007-11-01 13:18 --------- d-----w C:\Program Files\MSECACHE
 2007-11-01 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
 2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\px​help20.sys
 2007-10-07 16:05 65,492 ----a-w C:\WINDOWS\BricoPackUninst.cmd
 2007-10-04 05:09 --------- d-----w C:\Program Files\Java
 2007-10-01 19:43 --------- d-----w C:\Program Files\Nero Burning Rom
 2007-10-01 19:43 --------- d-----w C:\Program Files\Fichiers communs\Ahead
 2007-09-29 17:20 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
 2007-09-29 14:54 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
 2007-09-29 14:33 --------- d-----w C:\Program Files\MSBuild
 2007-09-29 14:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
 2007-09-29 05:28 --------- d-----w C:\Documents and Settings\William\Application Data\ma-config.com
 2007-09-29 05:27 --------- d-----w C:\Program Files\ma-config.com
 2007-09-05 18:24 456 ---ha-w C:\os466477.bin
 2006-12-25 14:21 1 ----a-w C:\Documents and Settings\William\SI.bin
 .

 ((((((((((((((((((((((((((((((​(((   Point de chargement Reg   ))))))))))))))))))))))))))))))​)))))))))))))))))))
 .
 .
 *Note* les &#8218;l&#8218;ments vides & les &#8218;l&#8218;ments initiaux l&#8218;gitimes ne sont pas list&#8218;s

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17B88DF7-95AB-44DA-8ECD-5FF0B6CAEC67}]
    C:\WINDOWS\system32\ljjjjhe.dl​l

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24]
 "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\CLIStart.exe" [2006-11-10 11:35]
 "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-18 00:30]
 "Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 01:08]
 "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-08 16:13]
 "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\Run]
 "CTFMON.EXE"="C:\WINDOWS\syste​m32\CTFMON.EXE" [2004-08-05 13:00]

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​policies\system]
 "DisableRegistryTools"= 0 (0x0)

 [hklm\software\microsoft\window​s\currentversion\explorer\shel​lexecutehooks]
 "{17B88DF7-95AB-44DA-8ECD-5FF0​B6CAEC67}"= C:\WINDOWS\system32\ljjjjhe.dl​l [ ]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\winlogon\notify\ljjjjhe]
 ljjjjhe.dll

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\WdfLoadGroup]
 @=""

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupfolder\C​:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^​Adobe Reader Speed Launch.lnk]
 path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\​Adobe Reader Speed Launch.lnk
 backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupfolder\C​:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^​Java SATARaid.lnk]
 path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\​Java SATARaid.lnk
 backup=C:\WINDOWS\pss\Java SATARaid.lnkCommon Startup

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupfolder\C​:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^​Microsoft Office.lnk]
 path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\​Microsoft Office.lnk
 backup=C:\WINDOWS\pss\Microsof​t Office.lnkCommon Startup

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupfolder\C​:^Documents and Settings^William^Menu Démarrer^Programmes^Démarrage^​MSN Pictures Displayer.lnk]
 path=C:\Documents and Settings\William\Menu Démarrer\Programmes\Démarrage\​MSN Pictures Displayer.lnk
 backup=C:\WINDOWS\pss\MSN Pictures Displayer.lnkStartup

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupfolder\C​:^Documents and Settings^William^Menu Démarrer^Programmes^Démarrage^​OpenOffice.org 2.2.lnk]
 path=C:\Documents and Settings\William\Menu Démarrer\Programmes\Démarrage\​OpenOffice.org 2.2.lnk
 backup=C:\WINDOWS\pss\OpenOffi​ce.org 2.2.lnkStartup

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupfolder\C​:^Documents and Settings^William^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
 path=C:\Documents and Settings\William\Menu Démarrer\Programmes\Démarrage\​RocketDock.lnk
 backup=C:\WINDOWS\pss\RocketDo​ck.lnkStartup

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupfolder\C​:^Documents and Settings^William^Menu Démarrer^Programmes^Démarrage^​Stardock ObjectDock.lnk]
 path=C:\Documents and Settings\William\Menu Démarrer\Programmes\Démarrage\​Stardock ObjectDock.lnk
 backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupfolder\C​:^Documents and Settings^William^Menu Démarrer^Programmes^Démarrage^​Y'z ToolBar.lnk]
 path=C:\Documents and Settings\William\Menu Démarrer\Programmes\Démarrage\​Y'z ToolBar.lnk
 backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\ares]
    D:\Ares\Ares.exe -h
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\CTFMON.EXE]
 2004-08-05 13:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\EPSO​N Stylus C48 Series]
    C:\WINDOWS\System32\spool\DRIV​ERS\W32X86\3\E_S4I091.EXE /P23 EPSON Stylus C48 Series /O6 USB001 /M Stylus C48
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Flashget]
    C:\Program Files\FlashGet\FlashGet.exe /min
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\GrooveMonitor]
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.​exe
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\IncrediMail]
    C:\Program Files\IncrediMail\bin\IncMail.​exe /c
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Kern​el and Hardware Abstraction Layer]
    KHALMNPR.EXE
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
 2007-05-17 09:52 505368 --a------ C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Commu​nications_Helper.exe
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    C:\Program Files\Logitech\QuickCam10\Quic​kCam10.exe /hide
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\mmtask]
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\MMTray]
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.​exe
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\nFor​ce Tray Options]
    sstray.exe /r
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,​NvStartup
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.d​ll,NvTaskbarInit
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Octo​shape Streaming Services]
    C:\Program Files\Octoshape Streaming Services\William\OctoshapeClie​nt.exe -inv:bootrun
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Quic​kTime Task]
    C:\Program Files\QuickTime\QTTask.exe -atboottime
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Skype]
    C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Steam]
    D:\Steam\Steam.exe -silent
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
 2007-09-25 00:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jus​ched.exe
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    C:\Program Files\TomTom HOME\TomTomHOME.exe -s
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\UnlockerAssistant]
 2006-09-07 18:19 15872 --a------ C:\Program Files\Unlocker\UnlockerAssista​nt.exe
     
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

 R0 Defrag32b;Defrag32Boot;C:\WIND​OWS\system32\drivers\Defrag32b​.sys
 R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32​\drivers\si3112r.sys
 R0 SiWinAcc;SiWinAcc;C:\WINDOWS\s​ystem32\drivers\SiWinAcc.sys
 R1 easdrv;easdrv;C:\WINDOWS\syste​m32\DRIVERS\easdrv.sys
 R1 epfwtdir;epfwtdir;C:\WINDOWS\s​ystem32\DRIVERS\epfwtdir.sys
 R2 Defrag32;Defrag32;C:\WINDOWS\s​ystem32\drivers\Defrag32.sys
 R2 eamon;EAMON;C:\WINDOWS\system3​2\DRIVERS\eamon.sys
 R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
 R2 PDSched;PDScheduler;"C:\Progra​m Files\Raxco\PerfectDisk\PDSche​d.exe"
 S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
 S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\dri​vers\lccfltr.sys
 S3 msvad_simple;SoliCall;C:\WINDO​WS\system32\drivers\solicall.s​ys
 S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\dri​vers\npf.sys
 S3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Dri​vers\Razerlow.sys

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{e8f7032​b-f3cf-11db-acd6-00112fb8fc4a}​]
 \Shell\AutoRun\command - I:\InstallTomTomHOME.exe

 .
 ******************************​******************************​**************

 catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2007-11-30 13:21:05
 Windows 5.1.2600 Service Pack 2 NTFS

 scanning hidden processes ...

 scanning hidden autostart entries ...

 scanning hidden files ...

 scan completed successfully
 hidden files: 0

 ******************************​******************************​**************
 .
 Completion time: 2007-11-30 13:22:08 - machine was rebooted
 C:\ComboFix2.txt ... 2007-11-30 12:54
 .
  --- E O F ---
 




 Dans le rapport HijackThis la ligne a coché "O2 - BHO: {0e36ecbf-dd4e-383b-4814-3a9c1​3852cee} - {eec25831-c9a3-4184-b383-e4ddf​bce63e0} - C:\WINDOWS\system32\aycjgjbl.d​ll" n'était pas présente

 



 
 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 13:33:46, on 30/11/2007
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.6000.16544)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcS​rv.exe
 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
 C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Raxco\PerfectDisk\PDSche​d.exe
 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
 C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\MOM.EXE
 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
 C:\Program Files\DAEMON Tools\daemon.exe
 C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
 C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
 C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
 C:\Program Files\MSN Messenger\MsnMsgr.Exe
 C:\Program Files\Logitech\SetPoint II\SetpointII.exe
 C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNP​R.EXE
 C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
 C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
 C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\ccc.exe
 C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 C:\Program Files\MSN Messenger\usnsvc.exe
 C:\Program Files\Opera\Opera.exe
 C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://www.google.fr/
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5​E23E045} - (no file)
 O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-51647​60863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050B​A6940E3} - (no file)
 O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\CLIStart.exe
 O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
 O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
 O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
 O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
 O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
 O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
 O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
 O4 - Global Startup: SetPointII.lnk = ?
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Off​ice12\EXCEL.EXE/3000
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe
 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488​ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/15 [...] plugin.cab
 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD8​4642501} (Checkers Class) - http://messenger.zone.msn.com/ [...] b56986.cab
 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05C​B959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail. [...] nPUpld.cab
 O16 - DPF: {5D6F45B3-9043-443D-A792-11544​7494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ [...] E_UNO1.cab
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF​33E833C} (WUWebControl Class) - http://update.microsoft.com/wi [...] 5224092442
 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04​F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840 [...] scan53.cab
 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F​29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/a [...] asinst.cab
 O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E​146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/ [...] her-fr.cab
 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46​475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/ [...] b56907.cab
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-44455​3540000} (Shockwave Flash Object) - http://fpdownload2.macromedia. [...] wflash.cab
 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E2​07A39E6} (McFreeScan Class) - http://download.mcafee.com/mol [...] cfscan.cab
 O17 - HKLM\System\CCS\Services\Tcpip​\..\{6A261226-2E76-4E44-A934-3​F35D6304DE9}: NameServer = 192.168.0.1
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.e​xe
 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.e​xe
 O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
 O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
 O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCo​mSer.exe
 O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcS​rv.exe
 O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLn​ch.exe
 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.ex​e
 O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngi​ne.exe
 O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSche​d.exe
 O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

 --
 End of file - 8929 bytes
 



(Publicité)
 Page :
1

Aller à :
 

Sujets relatifs
virus Win32:DNSChanger-VJ [trj] Infection de clavier
infection par babylon HEUR:not-a-virus:AdWare
Infection avec Win7Home sécurity 2012 alert. Résolu Problème avec "super" et clubic -infection?
Help infection System Care Antivirus infection virus system care antivirus
infection peut etre RESOLU infection JS:agent-BWQ trj Facebook
Plus de sujets relatifs à : Infection Win32/Adware.Virtumonde Application

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
Trojan Vundo DQL [Résolu] 13
Ralentissment et Personal Security Center 7
Spyware envahissant... 108
privacy_danger [resolu] 18
Fenêtres intempestives [Résolu] 36