éiminer Win32:Trojan-gen. {UPX!}
Dernière réponse : dans Sécurité et virus
knakiball
11 Mars 2008 08:37:14
Bonjour, j'ai un problème avec cette saleté de virus Win32:Trojan-gen. {UPX!} (et je ne suis visiblement pas le seul vu le nombre de discussions portant cet intitulé)...
Voilà, mon ordinateur semble fonctionner correctement, mais avast n'arrête pas d'afficher des messages d'alerte indiquant que je suis infecté par ce trojan, je le met en quarantaine, mais il revient tout le temps. Le message s'affiche surtout quand j'ouvre mon disque dur externe (wd passport) et parfois au démarrage de l'ordinateur.
J'ai pu constater en me balladant sur ce forum qu'il y a des gens plutôt balèzes qui seraient en mesure de m'aider à résoudre ce problème. Etant relativement une buse en informatique, je m'en remet à vos doctes conseils.
Merci de m'aider ça serait vraiment très sympa...
Voici le log de hijack this :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:22, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\Recycler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dlcccoms.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mpbtn.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer par NUMERICABLE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [Windows Recycled] C:\WINDOWS\system32\Recycler.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Mon Assistant Internet.lnk = C:\Program Files\Numericable\Mon Assistant Internet\bin\matcli.exe
O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\hervault jules\Application Data\Mozilla\Firefox\Profiles\zx3sw3sa.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\hervault jules\Application Data\Mozilla\Firefox\Profiles\zx3sw3sa.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.mediapluspro.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacCo...
O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Unknown owner - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www.wtv-zone.com/whales/images/clapton/clapton17...
End of file - 10585 bytes
Voilà, mon ordinateur semble fonctionner correctement, mais avast n'arrête pas d'afficher des messages d'alerte indiquant que je suis infecté par ce trojan, je le met en quarantaine, mais il revient tout le temps. Le message s'affiche surtout quand j'ouvre mon disque dur externe (wd passport) et parfois au démarrage de l'ordinateur.
J'ai pu constater en me balladant sur ce forum qu'il y a des gens plutôt balèzes qui seraient en mesure de m'aider à résoudre ce problème. Etant relativement une buse en informatique, je m'en remet à vos doctes conseils.
Merci de m'aider ça serait vraiment très sympa...
Voici le log de hijack this :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:22, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\Recycler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dlcccoms.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mpbtn.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer par NUMERICABLE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [Windows Recycled] C:\WINDOWS\system32\Recycler.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Mon Assistant Internet.lnk = C:\Program Files\Numericable\Mon Assistant Internet\bin\matcli.exe
O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\hervault jules\Application Data\Mozilla\Firefox\Profiles\zx3sw3sa.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\hervault jules\Application Data\Mozilla\Firefox\Profiles\zx3sw3sa.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.mediapluspro.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacCo...
O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Unknown owner - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www.wtv-zone.com/whales/images/clapton/clapton17...
End of file - 10585 bytes
Autres pages sur : eiminer win32 trojan gen upx
Bonjour,
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Redémarre en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Redémarre en mode sans échec
knakiball
11 Mars 2008 19:28:19
Voici le contenu du fichier report.txt :
SDFix: Version 1.155
Run by hervault jules on 10/03/2008 at 23:35
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\HERVAU~1\Bureau\DSINFE~1\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\0exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\10exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\10exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\11exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\13exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\13exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\15exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\16exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\18exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\18exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\19exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\19exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\1exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\1exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\21exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\21exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\22exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\22exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\23exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\23exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\25exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\28exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\28exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\29exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\2exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\30exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\31exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\31exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\32exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\33exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\33exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\34exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\34exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\36exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\38exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\38exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\42exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\43exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\43exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\44exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\48exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\48exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\49exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\4exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\4exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\50exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\50exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\51exgmrgml10.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\51exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\52exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\53exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\54exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\55exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\57exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\58exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\58exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\59exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\60exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\61exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\62exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\64exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\64exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\65exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\66exgmrgml10.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\66exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\67exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\67exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\68exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\69exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\6exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\71exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\72exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\74exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\74exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\75exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\75exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\76exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\77exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\78exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\79exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\7exgmrgml10.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\80exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\80exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\81exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\82exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\83exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\84exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\84exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\86exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\87exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\88exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\89exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\89exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\8exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\90exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\90exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\91exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\92exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\93exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\94exgmrgml10.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\94exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\94exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\95exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\96exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\97exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\99exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\9exgmrgml10.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\9exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\9exgmrgml19.exe - Deleted
C:\WINDOWS\system\smvss.exe - Deleted
Could Not Remove C:\autorun.inf
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 23:50:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:a92210cc
"s2"=dword:a3818a1b
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b7,12,17,54,a6,c0,21,b0,25,1f,7f,d2,6d,ff,9e,f8,6d,da,cf,8a,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8c,02,ef,f5,3d,65,22,fa,ac,14,41,c4,90,cc,ca,22,82,..
"khjeh"=hex:93,69,f5,7f,26,cb,1e,6a,97,61,2d,a9,f9,b9,56,d2,14,35,34,f0,14,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c4,19,83,b3,5a,d0,0c,ef,e9,92,3b,1e,8a,47,e0,f3,95,67,1b,0b,a7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b7,12,17,54,a6,c0,21,b0,25,1f,7f,d2,6d,ff,9e,f8,6d,da,cf,8a,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8c,02,ef,f5,3d,65,22,fa,ac,14,41,c4,90,cc,ca,22,82,..
"khjeh"=hex:93,69,f5,7f,26,cb,1e,6a,97,61,2d,a9,f9,b9,56,d2,14,35,34,f0,14,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c4,19,83,b3,5a,d0,0c,ef,e9,92,3b,1e,8a,47,e0,f3,95,67,1b,0b,a7,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000045
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 33
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled![:p]( ":p")
ANDORA"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
C:\autorun.inf Found
File Backups: - C:\DOCUME~1\HERVAU~1\Bureau\DSINFE~1\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 22 Jun 2006 215 A.SHR --- "C:\BOOT.BAK"
Tue 31 May 2005 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Tue 31 May 2005 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Tue 31 May 2005 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Mon 23 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 26 Apr 2007 37,888 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL0635.tmp"
Sun 19 Nov 2006 35,840 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL1157.tmp"
Sun 9 Dec 2007 24,064 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL1462.tmp"
Sun 29 Apr 2007 26,112 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL2995.tmp"
Sat 24 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL3597.tmp"
Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Thu 25 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2.tmp"
Sat 16 Feb 2008 1,035 A..H. --- "C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy\xzvYfyupcepPG68\sujSrrpTjQQ.tmp"
Tue 17 Apr 2007 29,696 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\ModŠles\~WRL0176.tmp"
Sat 24 Nov 2007 19,968 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0003.tmp"
Sun 9 Dec 2007 26,624 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0004.tmp"
Sat 24 Nov 2007 19,968 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0005.tmp"
Sat 24 Nov 2007 20,480 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0012.tmp"
Sat 24 Nov 2007 21,504 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0412.tmp"
Sat 24 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0446.tmp"
Sun 29 Apr 2007 38,400 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0530.tmp"
Sun 29 Apr 2007 34,816 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1049.tmp"
Sat 24 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1689.tmp"
Sat 24 Nov 2007 22,016 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1804.tmp"
Sun 9 Dec 2007 26,624 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1825.tmp"
Sat 24 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1939.tmp"
Sat 24 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL2128.tmp"
Sat 24 Nov 2007 23,040 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL2968.tmp"
Sat 24 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL3867.tmp"
Sun 29 Apr 2007 34,816 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL4020.tmp"
Thu 24 Jan 2008 1,745 ...HR --- "C:\Documents and Settings\hervault jules\Application Data\SecuROM\UserData\securom_v7_01.bak"
Tue 31 May 2005 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
Fri 24 Jun 2005 1,121 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\UXI0WYQy19R0F\kF6Tz2ZRIJ.tmp"
Thu 30 Nov 2006 257,536 A.SH. --- "C:\Documents and Settings\hervault jules\Mes documents\Docs\Cours A2\ann‚e 2007 2008\pas en cours\SP\droit administratif\~WRL3147.tmp"
Mon 4 Dec 2006 253,952 A.SH. --- "C:\Documents and Settings\hervault jules\Mes documents\Docs\Cours A2\ann‚e 2007 2008\pas en cours\SP\droit administratif\~WRL3407.tmp"
Finished!
Et voici le log hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:58:45, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\Recycler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dlcccoms.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mpbtn.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Recycled] C:\WINDOWS\system32\Recycler.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Mon Assistant Internet.lnk = C:\Program Files\Numericable\Mon Assistant Internet\bin\matcli.exe
O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\hervault jules\Application Data\Mozilla\Firefox\Profiles\zx3sw3sa.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\hervault jules\Application Data\Mozilla\Firefox\Profiles\zx3sw3sa.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.mediapluspro.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacCo...
O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Unknown owner - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www.wtv-zone.com/whales/images/clapton/clapton17...
End of file - 10359 bytes
SDFix: Version 1.155
Run by hervault jules on 10/03/2008 at 23:35
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\HERVAU~1\Bureau\DSINFE~1\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\0exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\10exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\10exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\11exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\13exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\13exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\15exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\16exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\18exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\18exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\19exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\19exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\1exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\1exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\21exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\21exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\22exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\22exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\23exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\23exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\25exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\28exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\28exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\29exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\2exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\30exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\31exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\31exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\32exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\33exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\33exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\34exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\34exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\36exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\38exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\38exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\42exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\43exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\43exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\44exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\48exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\48exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\49exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\4exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\4exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\50exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\50exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\51exgmrgml10.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\51exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\52exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\53exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\54exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\55exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\57exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\58exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\58exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\59exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\60exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\61exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\62exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\64exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\64exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\65exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\66exgmrgml10.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\66exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\67exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\67exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\68exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\69exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\6exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\71exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\72exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\74exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\74exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\75exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\75exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\76exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\77exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\78exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\79exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\7exgmrgml10.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\80exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\80exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\81exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\82exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\83exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\84exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\84exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\86exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\87exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\88exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\89exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\89exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\8exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\90exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\90exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\91exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\92exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\93exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\94exgmrgml10.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\94exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\94exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\95exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\96exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\97exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\99exgmrgml19.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\9exgmrgml10.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\9exgmrgml18.exe - Deleted
C:\DOCUME~1\HERVAU~1\LOCALS~1\Temp\9exgmrgml19.exe - Deleted
C:\WINDOWS\system\smvss.exe - Deleted
Could Not Remove C:\autorun.inf
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 23:50:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:a92210cc
"s2"=dword:a3818a1b
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b7,12,17,54,a6,c0,21,b0,25,1f,7f,d2,6d,ff,9e,f8,6d,da,cf,8a,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8c,02,ef,f5,3d,65,22,fa,ac,14,41,c4,90,cc,ca,22,82,..
"khjeh"=hex:93,69,f5,7f,26,cb,1e,6a,97,61,2d,a9,f9,b9,56,d2,14,35,34,f0,14,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c4,19,83,b3,5a,d0,0c,ef,e9,92,3b,1e,8a,47,e0,f3,95,67,1b,0b,a7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:b7,12,17,54,a6,c0,21,b0,25,1f,7f,d2,6d,ff,9e,f8,6d,da,cf,8a,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8c,02,ef,f5,3d,65,22,fa,ac,14,41,c4,90,cc,ca,22,82,..
"khjeh"=hex:93,69,f5,7f,26,cb,1e,6a,97,61,2d,a9,f9,b9,56,d2,14,35,34,f0,14,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c4,19,83,b3,5a,d0,0c,ef,e9,92,3b,1e,8a,47,e0,f3,95,67,1b,0b,a7,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000045
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 33
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled
ANDORA""%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
C:\autorun.inf Found
File Backups: - C:\DOCUME~1\HERVAU~1\Bureau\DSINFE~1\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 22 Jun 2006 215 A.SHR --- "C:\BOOT.BAK"
Tue 31 May 2005 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Tue 31 May 2005 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Tue 31 May 2005 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Mon 23 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 26 Apr 2007 37,888 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL0635.tmp"
Sun 19 Nov 2006 35,840 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL1157.tmp"
Sun 9 Dec 2007 24,064 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL1462.tmp"
Sun 29 Apr 2007 26,112 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL2995.tmp"
Sat 24 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\hervault jules\Mes documents\~WRL3597.tmp"
Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Thu 25 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2.tmp"
Sat 16 Feb 2008 1,035 A..H. --- "C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy\xzvYfyupcepPG68\sujSrrpTjQQ.tmp"
Tue 17 Apr 2007 29,696 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\ModŠles\~WRL0176.tmp"
Sat 24 Nov 2007 19,968 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0003.tmp"
Sun 9 Dec 2007 26,624 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0004.tmp"
Sat 24 Nov 2007 19,968 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0005.tmp"
Sat 24 Nov 2007 20,480 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0012.tmp"
Sat 24 Nov 2007 21,504 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0412.tmp"
Sat 24 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0446.tmp"
Sun 29 Apr 2007 38,400 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL0530.tmp"
Sun 29 Apr 2007 34,816 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1049.tmp"
Sat 24 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1689.tmp"
Sat 24 Nov 2007 22,016 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1804.tmp"
Sun 9 Dec 2007 26,624 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1825.tmp"
Sat 24 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL1939.tmp"
Sat 24 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL2128.tmp"
Sat 24 Nov 2007 23,040 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL2968.tmp"
Sat 24 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL3867.tmp"
Sun 29 Apr 2007 34,816 ...H. --- "C:\Documents and Settings\hervault jules\Application Data\Microsoft\Word\~WRL4020.tmp"
Thu 24 Jan 2008 1,745 ...HR --- "C:\Documents and Settings\hervault jules\Application Data\SecuROM\UserData\securom_v7_01.bak"
Tue 31 May 2005 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
Fri 24 Jun 2005 1,121 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\UXI0WYQy19R0F\kF6Tz2ZRIJ.tmp"
Thu 30 Nov 2006 257,536 A.SH. --- "C:\Documents and Settings\hervault jules\Mes documents\Docs\Cours A2\ann‚e 2007 2008\pas en cours\SP\droit administratif\~WRL3147.tmp"
Mon 4 Dec 2006 253,952 A.SH. --- "C:\Documents and Settings\hervault jules\Mes documents\Docs\Cours A2\ann‚e 2007 2008\pas en cours\SP\droit administratif\~WRL3407.tmp"
Finished!
Et voici le log hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:58:45, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\Recycler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dlcccoms.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mpbtn.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Recycled] C:\WINDOWS\system32\Recycler.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Mon Assistant Internet.lnk = C:\Program Files\Numericable\Mon Assistant Internet\bin\matcli.exe
O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\hervault jules\Application Data\Mozilla\Firefox\Profiles\zx3sw3sa.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\hervault jules\Application Data\Mozilla\Firefox\Profiles\zx3sw3sa.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.mediapluspro.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacCo...
O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Unknown owner - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www.wtv-zone.com/whales/images/clapton/clapton17...
End of file - 10359 bytes
Contenus similaires
- win32 trojan gen {upx} - Forum
- Virus Win32: trojan-gen {other} - Forum
- Soucis avec Win32 : Trojan-gen détecté avec AVAST - Forum
C'est mieux non ?
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
knakiball
12 Mars 2008 07:44:40
J'ai toujours le virus. Je n'y connaiS rien mais j'ai comme l'impression qu'il se loge,à la base, dans mon disque dur externe car le message d'alerte apparait au démarrage de l'ordinateur en même temps que s'affiche une fenêtre avec le contenu de mon disque dur externe. D'autant plus que cette fenêtre ne s'affichait pas toute seule au démarrage d'habitude, mais lorsque je connectait, le disque dur et seulement après que windows m'ait demandé l'action a effectué... Voilà... Enfin en tout cas le virus est toujours là uisque j'ai eu une alerte dès le redémarrage de l'ordinateur.
knakiball
12 Mars 2008 18:30:00
Et bien, j'ai fait tout ce que tu m'as dit de faire avec SDfix et le redémarrage en mode sans échec, mais ça n'a pas changé grand chose vu que, dès que j'ai relancé mon PC, avast m'a remis un message d'alerte pour le même virus.
Et en fait, je pense que ça serait mon disque dur externe qui serait infecté car l'alerte ne s'affiche qu'au moment ou j'ouvre ce disque dur externe, ou au démarrage de windows, lorsque celui-ci s'ouvre tout seul (ce qui n'est pas normal)...
Voilà, donc en gros j'ai toujours le même problème...
Et en fait, je pense que ça serait mon disque dur externe qui serait infecté car l'alerte ne s'affiche qu'au moment ou j'ouvre ce disque dur externe, ou au démarrage de windows, lorsque celui-ci s'ouvre tout seul (ce qui n'est pas normal)...
Voilà, donc en gros j'ai toujours le même problème...
knakiball
13 Mars 2008 17:02:22
