problème virus
Dernière réponse : dans Sécurité et virus
jorjor
18 Janvier 2008 18:44:07
jorjor
18 Janvier 2008 19:10:01
Contenus similaires
- Probléme de virus avast - Forum
- Problème de virus Avast - Forum
- Probleme windows7 suite a un virus - Forum
- Problème Virus Chinois UC Browser windows 10 - Forum
- Probleme de virus xxx.tmp.exe - Forum
- Problème de virus navigateur avec pub - Forum
Ok.
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
jorjor
18 Janvier 2008 19:29:38
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:52, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon .exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe
C:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\hrvpetpn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\7-Zip\7zFM.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\7zO59.tmp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Plugins\reg\VeohToolbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [himem] "c:\windows\himem.exe" 3fff 8ffff
O4 - HKCU\..\Run: [Veoh] "D:\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?49e943f288f04fb6bb8a2aa97c791a8d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?49e943f288f04fb6bb8a2aa97c791a8d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E77A4442-AEB3-4591-BAA3-BD17FD4278BA}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\hrvpetpn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7304 bytes
voila
Scan saved at 19:28:52, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon .exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe
C:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\hrvpetpn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\7-Zip\7zFM.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\7zO59.tmp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Plugins\reg\VeohToolbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [himem] "c:\windows\himem.exe" 3fff 8ffff
O4 - HKCU\..\Run: [Veoh] "D:\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?49e943f288f04fb6bb8a2aa97c791a8d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?49e943f288f04fb6bb8a2aa97c791a8d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E77A4442-AEB3-4591-BAA3-BD17FD4278BA}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\hrvpetpn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7304 bytes
voila
Re,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
jorjor
18 Janvier 2008 21:04:36
ComboFix 08-01-09.2 - Utilisateur 2008-01-18 21:00:28.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.402 [GMT 1:00]
Running from: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\efcaxxw.dll
C:\WINDOWS\system32\hggddcy.dll
C:\WINDOWS\system32\hrvpetpn.exe
C:\WINDOWS\system32\mljkllj.dll
C:\WINDOWS\system32\tuvvwxy.dll
C:\WINDOWS\system32\ybadd.ini
C:\WINDOWS\system32\ybadd.ini2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
.
2008-01-18 20:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 10:03 . 2008-01-18 20:47 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-12 21:39 . 2008-01-12 21:39 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-01-12 21:39 . 2008-01-12 21:39 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\SystemRequirementsLab
2008-01-12 12:28 . 2008-01-12 12:28 4,096 --a------ C:\WINDOWS\system32\crash
2008-01-04 20:18 . 2008-01-04 20:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-01-04 18:35 . 2008-01-04 18:35 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\ATI
2008-01-04 18:28 . 2008-01-04 18:28 <REP> d-------- C:\Program Files\Fichiers communs\ATI Technologies
2008-01-04 18:24 . 2007-05-17 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-01-04 18:23 . 2008-01-04 18:32 <REP> d-------- C:\Program Files\ATI Technologies
2008-01-04 18:20 . 2008-01-04 22:01 <REP> d-------- C:\Program Files\graphique
2007-12-26 12:09 . 2007-12-26 12:09 268 --ah----- C:\sqmdata00.sqm
2007-12-26 12:09 . 2007-12-26 12:09 244 --ah----- C:\sqmnoopt00.sqm
2007-12-23 11:59 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-12-22 20:04 . 2007-12-22 20:04 1,024 --a------ C:\WINDOWS\yh022n22.cfg
2007-12-22 20:04 . 2007-12-22 20:04 8 --a------ C:\WINDOWS\system32\WIN.INI
2007-12-22 20:04 . 2007-12-22 20:04 8 --a------ C:\WINDOWS\system32\SYSTEM.INI
2007-12-22 20:04 . 2007-12-22 20:04 8 --a------ C:\WINDOWS\system32\PROTOCOL.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 19:54 428,972 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-18 19:54 40,675,360 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-18 18:55 --------- d-----w C:\Program Files\eMule
2008-01-14 14:50 --------- d-----w C:\Program Files\MSN Messenger
2008-01-12 20:04 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-12 20:03 --------- d-----w C:\Program Files\SuperCopier2
2008-01-12 20:03 --------- d-----w C:\Program Files\QuickTime
2008-01-12 19:43 --------- d-----w C:\Program Files\Steam
2008-01-12 19:40 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
2008-01-11 17:57 --------- d-----w C:\Program Files\Counter-Strike 1.6
2008-01-04 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 16:52 --------- d-----w C:\Program Files\DivX
2007-12-26 18:26 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\Spyware Terminator
2007-12-23 20:49 --------- d-----w C:\Program Files\Player Metaboli
2007-12-16 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Exetender
2007-12-15 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 22:00 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 22:00 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"himem"="c:\windows\himem.exe" [ ]
"Veoh"="D:\VeohClient.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 06:19 7626752]
"nwiz"="nwiz.exe" [2006-07-12 06:19 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 06:19 86016]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54 919016]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 12:10 16049664 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-09-09 13:47:22]
[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Controleur de calendrier pour Ulead Photo Express]
--a------ 2004-01-12 19:40 69632 C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 14:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--------- 2003-11-19 12:03 45056 C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-08-06 14:00]
R2 ScFBPNT2;CanoScan FBP2 Port Driver;C:\WINDOWS\system32\drivers\ScFBPNT2.SYS [2000-02-08 10:30]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:10]
S3 DCamUSBNovatek;Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys [2005-11-01 14:18]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2006-06-18 13:44]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-28 16:20:51 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- D:\documents\SystemOptimizer.exe
"2008-01-18 19:58:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 21:02:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-18 21:03:08
ComboFix-quarantined-files.txt 2008-01-18 20:03:05
.
2008-01-09 20:07:38 --- E O F ---
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.402 [GMT 1:00]
Running from: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\efcaxxw.dll
C:\WINDOWS\system32\hggddcy.dll
C:\WINDOWS\system32\hrvpetpn.exe
C:\WINDOWS\system32\mljkllj.dll
C:\WINDOWS\system32\tuvvwxy.dll
C:\WINDOWS\system32\ybadd.ini
C:\WINDOWS\system32\ybadd.ini2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
.
2008-01-18 20:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 10:03 . 2008-01-18 20:47 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-12 21:39 . 2008-01-12 21:39 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-01-12 21:39 . 2008-01-12 21:39 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\SystemRequirementsLab
2008-01-12 12:28 . 2008-01-12 12:28 4,096 --a------ C:\WINDOWS\system32\crash
2008-01-04 20:18 . 2008-01-04 20:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-01-04 18:35 . 2008-01-04 18:35 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\ATI
2008-01-04 18:28 . 2008-01-04 18:28 <REP> d-------- C:\Program Files\Fichiers communs\ATI Technologies
2008-01-04 18:24 . 2007-05-17 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-01-04 18:23 . 2008-01-04 18:32 <REP> d-------- C:\Program Files\ATI Technologies
2008-01-04 18:20 . 2008-01-04 22:01 <REP> d-------- C:\Program Files\graphique
2007-12-26 12:09 . 2007-12-26 12:09 268 --ah----- C:\sqmdata00.sqm
2007-12-26 12:09 . 2007-12-26 12:09 244 --ah----- C:\sqmnoopt00.sqm
2007-12-23 11:59 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-12-22 20:04 . 2007-12-22 20:04 1,024 --a------ C:\WINDOWS\yh022n22.cfg
2007-12-22 20:04 . 2007-12-22 20:04 8 --a------ C:\WINDOWS\system32\WIN.INI
2007-12-22 20:04 . 2007-12-22 20:04 8 --a------ C:\WINDOWS\system32\SYSTEM.INI
2007-12-22 20:04 . 2007-12-22 20:04 8 --a------ C:\WINDOWS\system32\PROTOCOL.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 19:54 428,972 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-18 19:54 40,675,360 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-18 18:55 --------- d-----w C:\Program Files\eMule
2008-01-14 14:50 --------- d-----w C:\Program Files\MSN Messenger
2008-01-12 20:04 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-12 20:03 --------- d-----w C:\Program Files\SuperCopier2
2008-01-12 20:03 --------- d-----w C:\Program Files\QuickTime
2008-01-12 19:43 --------- d-----w C:\Program Files\Steam
2008-01-12 19:40 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
2008-01-11 17:57 --------- d-----w C:\Program Files\Counter-Strike 1.6
2008-01-04 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 16:52 --------- d-----w C:\Program Files\DivX
2007-12-26 18:26 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\Spyware Terminator
2007-12-23 20:49 --------- d-----w C:\Program Files\Player Metaboli
2007-12-16 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Exetender
2007-12-15 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 22:00 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 22:00 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"himem"="c:\windows\himem.exe" [ ]
"Veoh"="D:\VeohClient.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 06:19 7626752]
"nwiz"="nwiz.exe" [2006-07-12 06:19 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 06:19 86016]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54 919016]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 12:10 16049664 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-09-09 13:47:22]
[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Controleur de calendrier pour Ulead Photo Express]
--a------ 2004-01-12 19:40 69632 C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 14:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--------- 2003-11-19 12:03 45056 C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-08-06 14:00]
R2 ScFBPNT2;CanoScan FBP2 Port Driver;C:\WINDOWS\system32\drivers\ScFBPNT2.SYS [2000-02-08 10:30]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:10]
S3 DCamUSBNovatek;Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys [2005-11-01 14:18]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2006-06-18 13:44]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-28 16:20:51 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- D:\documents\SystemOptimizer.exe
"2008-01-18 19:58:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 21:02:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-18 21:03:08
ComboFix-quarantined-files.txt 2008-01-18 20:03:05
.
2008-01-09 20:07:38 --- E O F ---
Re,
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
RenV::
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\WINDOWS\system32\ctfmon .exe
File::
C:\WINDOWS\unvise32.exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\WINDOWS\system32\ctfmon .exe
File::
C:\WINDOWS\unvise32.exe
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
jorjor
18 Janvier 2008 22:31:39
ComboFix 08-01-09.2 - Utilisateur 2008-01-18 22:24:36.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.373 [GMT 1:00]
Running from: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Utilisateur\Bureau\CFScript.txt.txt
* Created a new restore point
FILE
C:\WINDOWS\unvise32.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\unvise32.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
.
2008-01-18 20:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 10:03 . 2008-01-18 20:47 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-13 10:03 . 2008-01-18 20:47 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-12 21:39 . 2008-01-12 21:39 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-01-12 21:39 . 2008-01-12 21:39 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\SystemRequirementsLab
2008-01-12 12:28 . 2008-01-12 12:28 4,096 --a------ C:\WINDOWS\system32\crash
2008-01-04 20:18 . 2008-01-04 20:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-01-04 18:35 . 2008-01-04 18:35 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\ATI
2008-01-04 18:28 . 2008-01-04 18:28 <REP> d-------- C:\Program Files\Fichiers communs\ATI Technologies
2008-01-04 18:24 . 2007-05-17 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-01-04 18:23 . 2008-01-04 18:32 <REP> d-------- C:\Program Files\ATI Technologies
2008-01-04 18:20 . 2008-01-04 22:01 <REP> d-------- C:\Program Files\graphique
2007-12-26 12:09 . 2007-12-26 12:09 268 --ah----- C:\sqmdata00.sqm
2007-12-26 12:09 . 2007-12-26 12:09 244 --ah----- C:\sqmnoopt00.sqm
2007-12-22 20:04 . 2007-12-22 20:04 1,024 --a------ C:\WINDOWS\yh022n22.cfg
2007-12-22 20:04 . 2007-12-22 20:04 8 --a------ C:\WINDOWS\system32\WIN.INI
2007-12-22 20:04 . 2007-12-22 20:04 8 --a------ C:\WINDOWS\system32\SYSTEM.INI
2007-12-22 20:04 . 2007-12-22 20:04 8 --a------ C:\WINDOWS\system32\PROTOCOL.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 21:24 --------- d-----w C:\Program Files\MSN Messenger
2008-01-18 20:47 --------- d-----w C:\Program Files\eMule
2008-01-18 19:54 428,972 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-18 19:54 40,675,360 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-12 20:04 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-12 20:03 --------- d-----w C:\Program Files\SuperCopier2
2008-01-12 20:03 --------- d-----w C:\Program Files\QuickTime
2008-01-12 19:43 --------- d-----w C:\Program Files\Steam
2008-01-12 19:40 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
2008-01-11 17:57 --------- d-----w C:\Program Files\Counter-Strike 1.6
2008-01-04 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 16:52 --------- d-----w C:\Program Files\DivX
2007-12-26 18:26 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\Spyware Terminator
2007-12-23 20:49 --------- d-----w C:\Program Files\Player Metaboli
2007-12-16 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Exetender
2007-12-15 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 22:00 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 22:00 --------- d-----w C:\Program Files\Windows Live Favorites
.
((((((((((((((((((((((((((((( snapshot@2008-01-18_20.58.24.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-18 19:50:50 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-18 21:24:26 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-18 19:50:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-18 21:24:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-18 19:50:50 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-18 21:24:26 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-18 19:50:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-18 21:24:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-18 19:50:51 4,538,368 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-18 21:24:26 4,599,808 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-18 19:50:51 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 21:24:26 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-18 20:47 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-14 15:51 5674352]
"himem"="c:\windows\himem.exe" [ ]
"Veoh"="D:\VeohClient.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 06:19 7626752]
"nwiz"="nwiz.exe" [2006-07-12 06:19 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 06:19 86016]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54 919016]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 12:10 16049664 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-18 20:47 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-01-14 15:51 5674352]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-09-09 13:47:22]
[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Controleur de calendrier pour Ulead Photo Express]
--a------ 2004-01-12 19:40 69632 C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 14:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--------- 2003-11-19 12:03 45056 C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-08-06 14:00]
R2 ScFBPNT2;CanoScan FBP2 Port Driver;C:\WINDOWS\system32\drivers\ScFBPNT2.SYS [2000-02-08 10:30]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:10]
S3 DCamUSBNovatek;Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys [2005-11-01 14:18]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2006-06-18 13:44]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-28 16:20:51 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- D:\documents\SystemOptimizer.exe
"2008-01-18 20:58:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 22:27:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-18 22:27:51
ComboFix-quarantined-files.txt 2008-01-18 21:27:49
ComboFix2.txt 2008-01-18 20:03:09
.
2008-01-09 20:07:38 --- E O F ---
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.373 [GMT 1:00]
Running from: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Utilisateur\Bureau\CFScript.txt.txt
* Created a new restore point
FILE
C:\WINDOWS\unvise32.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\unvise32.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
.
2008-01-18 20:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 10:03 . 2008-01-18 20:47 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-13 10:03 . 2008-01-18 20:47 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-12 21:39 . 2008-01-12 21:39 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-01-12 21:39 . 2008-01-12 21:39 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\SystemRequirementsLab
2008-01-12 12:28 . 2008-01-12 12:28 4,096 --a------ C:\WINDOWS\system32\crash
2008-01-04 20:18 . 2008-01-04 20:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-01-04 18:35 . 2008-01-04 18:35 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\ATI
2008-01-04 18:28 . 2008-01-04 18:28 <REP> d-------- C:\Program Files\Fichiers communs\ATI Technologies
2008-01-04 18:24 . 2007-05-17 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-01-04 18:23 . 2008-01-04 18:32 <REP> d-------- C:\Program Files\ATI Technologies
2008-01-04 18:20 . 2008-01-04 22:01 <REP> d-------- C:\Program Files\graphique
2007-12-26 12:09 . 2007-12-26 12:09 268 --ah----- C:\sqmdata00.sqm
2007-12-26 12:09 . 2007-12-26 12:09 244 --ah----- C:\sqmnoopt00.sqm
2007-12-22 20:04 . 2007-12-22 20:04 1,024 --a------ C:\WINDOWS\yh022n22.cfg
2007-12-22 20:04 . 2007-12-22 20:04 8 --a------ C:\WINDOWS\system32\WIN.INI
2007-12-22 20:04 . 2007-12-22 20:04 8 --a------ C:\WINDOWS\system32\SYSTEM.INI
2007-12-22 20:04 . 2007-12-22 20:04 8 --a------ C:\WINDOWS\system32\PROTOCOL.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 21:24 --------- d-----w C:\Program Files\MSN Messenger
2008-01-18 20:47 --------- d-----w C:\Program Files\eMule
2008-01-18 19:54 428,972 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-18 19:54 40,675,360 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-12 20:04 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-12 20:03 --------- d-----w C:\Program Files\SuperCopier2
2008-01-12 20:03 --------- d-----w C:\Program Files\QuickTime
2008-01-12 19:43 --------- d-----w C:\Program Files\Steam
2008-01-12 19:40 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
2008-01-11 17:57 --------- d-----w C:\Program Files\Counter-Strike 1.6
2008-01-04 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 16:52 --------- d-----w C:\Program Files\DivX
2007-12-26 18:26 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\Spyware Terminator
2007-12-23 20:49 --------- d-----w C:\Program Files\Player Metaboli
2007-12-16 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Exetender
2007-12-15 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 22:00 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 22:00 --------- d-----w C:\Program Files\Windows Live Favorites
.
((((((((((((((((((((((((((((( snapshot@2008-01-18_20.58.24.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-18 19:50:50 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-18 21:24:26 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-18 19:50:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-18 21:24:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-18 19:50:50 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-18 21:24:26 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-18 19:50:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-18 21:24:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-18 19:50:51 4,538,368 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-18 21:24:26 4,599,808 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-18 19:50:51 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 21:24:26 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-18 20:47 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-14 15:51 5674352]
"himem"="c:\windows\himem.exe" [ ]
"Veoh"="D:\VeohClient.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 06:19 7626752]
"nwiz"="nwiz.exe" [2006-07-12 06:19 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 06:19 86016]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54 919016]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 12:10 16049664 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-18 20:47 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-01-14 15:51 5674352]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-09-09 13:47:22]
[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Controleur de calendrier pour Ulead Photo Express]
--a------ 2004-01-12 19:40 69632 C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 14:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--------- 2003-11-19 12:03 45056 C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-08-06 14:00]
R2 ScFBPNT2;CanoScan FBP2 Port Driver;C:\WINDOWS\system32\drivers\ScFBPNT2.SYS [2000-02-08 10:30]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:10]
S3 DCamUSBNovatek;Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys [2005-11-01 14:18]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2006-06-18 13:44]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-28 16:20:51 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- D:\documents\SystemOptimizer.exe
"2008-01-18 20:58:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 22:27:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-18 22:27:51
ComboFix-quarantined-files.txt 2008-01-18 21:27:49
ComboFix2.txt 2008-01-18 20:03:09
.
2008-01-09 20:07:38 --- E O F ---
jorjor
18 Janvier 2008 22:32:05
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:39, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Utilisateur\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Plugins\reg\VeohToolbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [himem] "c:\windows\himem.exe" 3fff 8ffff
O4 - HKCU\..\Run: [Veoh] "D:\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?49e943f288f04fb6bb8a2aa97c791a8d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?49e943f288f04fb6bb8a2aa97c791a8d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E77A4442-AEB3-4591-BAA3-BD17FD4278BA}: NameServer = 80.10.246.1 81.253.149.10
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7544 bytes
Scan saved at 22:29:39, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Utilisateur\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Plugins\reg\VeohToolbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [himem] "c:\windows\himem.exe" 3fff 8ffff
O4 - HKCU\..\Run: [Veoh] "D:\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?49e943f288f04fb6bb8a2aa97c791a8d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?49e943f288f04fb6bb8a2aa97c791a8d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E77A4442-AEB3-4591-BAA3-BD17FD4278BA}: NameServer = 80.10.246.1 81.253.149.10
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7544 bytes
jorjor
19 Janvier 2008 12:22:27
jorjor
19 Janvier 2008 13:18:44
jorjor
19 Janvier 2008 13:24:27
jorjor
19 Janvier 2008 13:45:00
ComboFix 08-01-09.2 - Utilisateur 2008-01-19 13:40:22.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.381 [GMT 1:00]
Running from: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
.
2008-01-19 13:28 . 2008-01-19 13:28 <REP> d-------- C:\WINDOWS\LastGood
2008-01-19 13:28 . 2008-01-19 13:38 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-18 20:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 10:03 . 2008-01-18 20:47 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-13 10:03 . 2008-01-18 20:47 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-12 21:39 . 2008-01-12 21:39 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-01-12 21:39 . 2008-01-12 21:39 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\SystemRequirementsLab
2008-01-12 12:28 . 2008-01-12 12:28 4,096 --a------ C:\WINDOWS\system32\crash
2008-01-04 20:18 . 2008-01-04 20:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-01-04 18:35 . 2008-01-04 18:35 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\ATI
2008-01-04 18:28 . 2008-01-04 18:28 <REP> d-------- C:\Program Files\Fichiers communs\ATI Technologies
2008-01-04 18:24 . 2007-05-17 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-01-04 18:23 . 2008-01-04 18:32 <REP> d-------- C:\Program Files\ATI Technologies
2008-01-04 18:20 . 2008-01-04 22:01 <REP> d-------- C:\Program Files\graphique
2007-12-26 12:09 . 2007-12-26 12:09 268 --ah----- C:\sqmdata00.sqm
2007-12-26 12:09 . 2007-12-26 12:09 244 --ah----- C:\sqmnoopt00.sqm
2007-12-22 20:04 . 2007-12-22 20:04 1,024 --a------ C:\WINDOWS\yh022n22.cfg
2007-12-22 20:04 . 2007-12-22 20:04 8 --a------ C:\WINDOWS\system32\WIN.INI
2007-12-22 20:04 . 2007-12-22 20:04 8 --a------ C:\WINDOWS\system32\SYSTEM.INI
2007-12-22 20:04 . 2007-12-22 20:04 8 --a------ C:\WINDOWS\system32\PROTOCOL.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 23:02 430,436 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-18 23:02 40,675,360 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-18 21:24 --------- d-----w C:\Program Files\MSN Messenger
2008-01-18 20:47 --------- d-----w C:\Program Files\eMule
2008-01-12 20:04 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-12 20:03 --------- d-----w C:\Program Files\SuperCopier2
2008-01-12 20:03 --------- d-----w C:\Program Files\QuickTime
2008-01-12 19:43 --------- d-----w C:\Program Files\Steam
2008-01-12 19:40 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
2008-01-11 17:57 --------- d-----w C:\Program Files\Counter-Strike 1.6
2008-01-04 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 16:52 --------- d-----w C:\Program Files\DivX
2007-12-26 18:26 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\Spyware Terminator
2007-12-23 20:49 --------- d-----w C:\Program Files\Player Metaboli
2007-12-16 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Exetender
2007-12-15 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 22:00 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 22:00 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-18_20.58.24.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-19 12:28:12 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-01-19 12:28:13 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-01-19 12:28:13 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-01-19 12:28:22 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-25 00:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-25 00:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-01-19 12:28:23 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-01-19 12:28:14 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-25 00:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2006-05-25 00:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2006-05-25 00:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
- 2008-01-18 19:50:50 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-18 21:24:26 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-18 19:50:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-18 21:24:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-18 19:50:50 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-18 21:24:26 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-18 19:50:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-18 21:24:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-18 19:50:51 4,538,368 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-18 21:24:26 4,599,808 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-18 19:50:51 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 21:24:26 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-18 20:47 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-14 15:51 5674352]
"himem"="c:\windows\himem.exe" [ ]
"Veoh"="D:\VeohClient.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 06:19 7626752]
"nwiz"="nwiz.exe" [2006-07-12 06:19 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 06:19 86016]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54 919016]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 12:10 16049664 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-18 20:47 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-01-14 15:51 5674352]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-09-09 13:47:22]
[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Controleur de calendrier pour Ulead Photo Express]
--a------ 2004-01-12 19:40 69632 C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 14:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--------- 2003-11-19 12:03 45056 C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-08-06 14:00]
R2 ScFBPNT2;CanoScan FBP2 Port Driver;C:\WINDOWS\system32\drivers\ScFBPNT2.SYS [2000-02-08 10:30]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:10]
S3 DCamUSBNovatek;Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys [2005-11-01 14:18]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2006-06-18 13:44]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-28 16:20:51 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- D:\documents\SystemOptimizer.exe
"2008-01-19 11:58:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 13:42:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-19 13:43:37
ComboFix-quarantined-files.txt 2008-01-19 12:43:33
ComboFix2.txt 2008-01-18 21:27:52
ComboFix3.txt 2008-01-18 20:03:09
.
2008-01-09 20:07:38 --- E O F ---
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.381 [GMT 1:00]
Running from: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
.
2008-01-19 13:28 . 2008-01-19 13:28 <REP> d-------- C:\WINDOWS\LastGood
2008-01-19 13:28 . 2008-01-19 13:38 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-18 20:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 10:03 . 2008-01-18 20:47 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-13 10:03 . 2008-01-18 20:47 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-12 21:39 . 2008-01-12 21:39 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-01-12 21:39 . 2008-01-12 21:39 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\SystemRequirementsLab
2008-01-12 12:28 . 2008-01-12 12:28 4,096 --a------ C:\WINDOWS\system32\crash
2008-01-04 20:18 . 2008-01-04 20:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-01-04 18:35 . 2008-01-04 18:35 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\ATI
2008-01-04 18:28 . 2008-01-04 18:28 <REP> d-------- C:\Program Files\Fichiers communs\ATI Technologies
2008-01-04 18:24 . 2007-05-17 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-01-04 18:23 . 2008-01-04 18:32 <REP> d-------- C:\Program Files\ATI Technologies
2008-01-04 18:20 . 2008-01-04 22:01 <REP> d-------- C:\Program Files\graphique
2007-12-26 12:09 . 2007-12-26 12:09 268 --ah----- C:\sqmdata00.sqm
2007-12-26 12:09 . 2007-12-26 12:09 244 --ah----- C:\sqmnoopt00.sqm
2007-12-22 20:04 . 2007-12-22 20:04 1,024 --a------ C:\WINDOWS\yh022n22.cfg
2007-12-22 20:04 . 2007-12-22 20:04 8 --a------ C:\WINDOWS\system32\WIN.INI
2007-12-22 20:04 . 2007-12-22 20:04 8 --a------ C:\WINDOWS\system32\SYSTEM.INI
2007-12-22 20:04 . 2007-12-22 20:04 8 --a------ C:\WINDOWS\system32\PROTOCOL.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 23:02 430,436 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-18 23:02 40,675,360 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-18 21:24 --------- d-----w C:\Program Files\MSN Messenger
2008-01-18 20:47 --------- d-----w C:\Program Files\eMule
2008-01-12 20:04 --------- d-----w C:\Program Files\Spyware Terminator
2008-01-12 20:03 --------- d-----w C:\Program Files\SuperCopier2
2008-01-12 20:03 --------- d-----w C:\Program Files\QuickTime
2008-01-12 19:43 --------- d-----w C:\Program Files\Steam
2008-01-12 19:40 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
2008-01-11 17:57 --------- d-----w C:\Program Files\Counter-Strike 1.6
2008-01-04 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 16:52 --------- d-----w C:\Program Files\DivX
2007-12-26 18:26 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\Spyware Terminator
2007-12-23 20:49 --------- d-----w C:\Program Files\Player Metaboli
2007-12-16 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Exetender
2007-12-15 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 22:00 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 22:00 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-18_20.58.24.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-19 12:28:12 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-01-19 12:28:13 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-01-19 12:28:13 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-01-19 12:28:22 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-25 00:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-25 00:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-01-19 12:28:23 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-01-19 12:28:14 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-25 00:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2006-05-25 00:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2006-05-25 00:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
- 2008-01-18 19:50:50 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-18 21:24:26 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-18 19:50:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-18 21:24:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-18 19:50:50 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-18 21:24:26 1,257,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-18 19:50:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-18 21:24:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-18 19:50:51 4,538,368 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-18 21:24:26 4,599,808 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-18 19:50:51 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 21:24:26 163,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-18 20:47 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-14 15:51 5674352]
"himem"="c:\windows\himem.exe" [ ]
"Veoh"="D:\VeohClient.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 06:19 7626752]
"nwiz"="nwiz.exe" [2006-07-12 06:19 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 06:19 86016]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54 919016]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 12:10 16049664 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-18 20:47 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-01-14 15:51 5674352]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-09-09 13:47:22]
[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Controleur de calendrier pour Ulead Photo Express]
--a------ 2004-01-12 19:40 69632 C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 14:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--------- 2003-11-19 12:03 45056 C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-08-06 14:00]
R2 ScFBPNT2;CanoScan FBP2 Port Driver;C:\WINDOWS\system32\drivers\ScFBPNT2.SYS [2000-02-08 10:30]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:10]
S3 DCamUSBNovatek;Digital Camera;C:\WINDOWS\system32\Drivers\nvtcam.sys [2005-11-01 14:18]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2006-06-18 13:44]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-28 16:20:51 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- D:\documents\SystemOptimizer.exe
"2008-01-19 11:58:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 13:42:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-19 13:43:37
ComboFix-quarantined-files.txt 2008-01-19 12:43:33
ComboFix2.txt 2008-01-18 21:27:52
ComboFix3.txt 2008-01-18 20:03:09
.
2008-01-09 20:07:38 --- E O F ---
jorjor
19 Janvier 2008 14:32:38
jorjor
19 Janvier 2008 15:13:00
voici le rapport de bit defender
BitDefender Online Scanner
Rapport d'analyse généré à: Sat, Jan 19, 2008 - 15:08:41
Voie d'analyse: A:\;C:\;D:\;E:\;
Statistiques
Temps
01:16:10
Fichiers
212410
Directoires
6957
Secteurs de boot
3
Archives
1627
Paquets programmes
6511
Résultats
Virus identifiés
7
Fichiers infectés
39
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
39
Info sur les moteurs
Définition virus
892171
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins
14
Archive des plugins
38
Unpack des plugins
7
E-mail plugins
6
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
*;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\Program Files\Navilog1\Backupnavi\eqezrjdzl.exe
Infecté par: Trojan.Skintrim.ATY
C:\Program Files\Navilog1\Backupnavi\eqezrjdzl.exe
Echec de la désinfection
C:\Program Files\Navilog1\Backupnavi\eqezrjdzl.exe
Supprimé
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir
Infecté par: Trojan.Dropper.Vundo.D
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir
Echec de la désinfection
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir
Supprimé
C:\QooBox\Quarantine\C\WINDOWS\system32\hggddcy.dll.vir
Infecté par: Trojan.Vundo.DVO
C:\QooBox\Quarantine\C\WINDOWS\system32\hggddcy.dll.vir
Echec de la désinfection
C:\QooBox\Quarantine\C\WINDOWS\system32\hggddcy.dll.vir
Supprimé
C:\QooBox\Quarantine\C\WINDOWS\system32\hrvpetpn.exe.vir
Infecté par: Trojan.Fotomoto.H
C:\QooBox\Quarantine\C\WINDOWS\system32\hrvpetpn.exe.vir
Echec de la désinfection
C:\QooBox\Quarantine\C\WINDOWS\system32\hrvpetpn.exe.vir
Supprimé
C:\QooBox\Quarantine\C\WINDOWS\system32\mljkllj.dll.vir
Infecté par: Trojan.Vundo.DVO
C:\QooBox\Quarantine\C\WINDOWS\system32\mljkllj.dll.vir
Echec de la désinfection
C:\QooBox\Quarantine\C\WINDOWS\system32\mljkllj.dll.vir
Supprimé
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvvwxy.dll.vir
Infecté par: Trojan.Vundo.DVO
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvvwxy.dll.vir
Echec de la désinfection
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvvwxy.dll.vir
Supprimé
C:\QooBox\Quarantine\catchme2008-01-18_205616.29.zip=>ddaby.dll
Infecté par: Trojan.Vundo.DVD
C:\QooBox\Quarantine\catchme2008-01-18_205616.29.zip=>ddaby.dll
Echec de la désinfection
C:\QooBox\Quarantine\catchme2008-01-18_205616.29.zip=>ddaby.dll
Supprimé
C:\QooBox\Quarantine\catchme2008-01-18_205616.29.zip
Mis à jour
C:\QooBox\Quarantine\catchme2008-01-18_205616.29.zip=>efcaxxw.dll
Infecté par: Trojan.Vundo.DVO
C:\QooBox\Quarantine\catchme2008-01-18_205616.29.zip=>efcaxxw.dll
Echec de la désinfection
C:\QooBox\Quarantine\catchme2008-01-18_205616.29.zip=>efcaxxw.dll
Supprimé
C:\QooBox\Quarantine\catchme2008-01-18_205616.29.zip
Mis à jour
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0080255.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0080255.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0080255.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0080257.exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0080257.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0080257.exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0081255.Exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0081255.Exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0081255.Exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0081256.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0081256.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0081256.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0081258.exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0081258.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0081258.exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082255.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082255.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082255.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082256.Exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082256.Exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082256.Exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082259.exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082259.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082259.exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082280.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082280.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082280.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082281.Exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082281.Exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082281.Exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082285.exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082285.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082285.exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082437.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082437.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082437.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0083437.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0083437.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0083437.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0083438.Exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0083438.Exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0083438.Exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0083442.exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0083442.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0083442.exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP322\A0083463.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP322\A0083463.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP322\A0083463.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP322\A0083516.Exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP322\A0083516.Exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP322\A0083516.Exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP322\A0083517.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP322\A0083517.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP322\A0083517.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0083535.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0083535.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0083535.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0083545.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0083545.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0083545.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0084545.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0084545.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0084545.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0084547.exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0084547.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0084547.exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0085547.exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0085547.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0085547.exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085562.exe
Infecté par: Trojan.Fotomoto.H
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085562.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085562.exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085563.dll
Infecté par: Trojan.Vundo.DVO
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085563.dll
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085563.dll
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085564.dll
Infecté par: Trojan.Vundo.DVO
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085564.dll
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085564.dll
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085565.dll
Infecté par: Trojan.Vundo.DVO
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085565.dll
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085565.dll
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085570.dll
Infecté par: Trojan.Vundo.DVD
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085570.dll
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085570.dll
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085571.dll
Infecté par: Trojan.Vundo.DVO
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085571.dll
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085571.dll
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP326\A0085763.exe
Infecté par: Trojan.Skintrim.ATY
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP326\A0085763.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP326\A0085763.exe
Supprimé
D:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP326\A0085758.exe
Infecté par: Trojan.Agent.AGNA
D:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP326\A0085758.exe
Supprimé
BitDefender Online Scanner
Rapport d'analyse généré à: Sat, Jan 19, 2008 - 15:08:41
Voie d'analyse: A:\;C:\;D:\;E:\;
Statistiques
Temps
01:16:10
Fichiers
212410
Directoires
6957
Secteurs de boot
3
Archives
1627
Paquets programmes
6511
Résultats
Virus identifiés
7
Fichiers infectés
39
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
39
Info sur les moteurs
Définition virus
892171
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins
14
Archive des plugins
38
Unpack des plugins
7
E-mail plugins
6
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
*;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\Program Files\Navilog1\Backupnavi\eqezrjdzl.exe
Infecté par: Trojan.Skintrim.ATY
C:\Program Files\Navilog1\Backupnavi\eqezrjdzl.exe
Echec de la désinfection
C:\Program Files\Navilog1\Backupnavi\eqezrjdzl.exe
Supprimé
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir
Infecté par: Trojan.Dropper.Vundo.D
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir
Echec de la désinfection
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir
Supprimé
C:\QooBox\Quarantine\C\WINDOWS\system32\hggddcy.dll.vir
Infecté par: Trojan.Vundo.DVO
C:\QooBox\Quarantine\C\WINDOWS\system32\hggddcy.dll.vir
Echec de la désinfection
C:\QooBox\Quarantine\C\WINDOWS\system32\hggddcy.dll.vir
Supprimé
C:\QooBox\Quarantine\C\WINDOWS\system32\hrvpetpn.exe.vir
Infecté par: Trojan.Fotomoto.H
C:\QooBox\Quarantine\C\WINDOWS\system32\hrvpetpn.exe.vir
Echec de la désinfection
C:\QooBox\Quarantine\C\WINDOWS\system32\hrvpetpn.exe.vir
Supprimé
C:\QooBox\Quarantine\C\WINDOWS\system32\mljkllj.dll.vir
Infecté par: Trojan.Vundo.DVO
C:\QooBox\Quarantine\C\WINDOWS\system32\mljkllj.dll.vir
Echec de la désinfection
C:\QooBox\Quarantine\C\WINDOWS\system32\mljkllj.dll.vir
Supprimé
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvvwxy.dll.vir
Infecté par: Trojan.Vundo.DVO
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvvwxy.dll.vir
Echec de la désinfection
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvvwxy.dll.vir
Supprimé
C:\QooBox\Quarantine\catchme2008-01-18_205616.29.zip=>ddaby.dll
Infecté par: Trojan.Vundo.DVD
C:\QooBox\Quarantine\catchme2008-01-18_205616.29.zip=>ddaby.dll
Echec de la désinfection
C:\QooBox\Quarantine\catchme2008-01-18_205616.29.zip=>ddaby.dll
Supprimé
C:\QooBox\Quarantine\catchme2008-01-18_205616.29.zip
Mis à jour
C:\QooBox\Quarantine\catchme2008-01-18_205616.29.zip=>efcaxxw.dll
Infecté par: Trojan.Vundo.DVO
C:\QooBox\Quarantine\catchme2008-01-18_205616.29.zip=>efcaxxw.dll
Echec de la désinfection
C:\QooBox\Quarantine\catchme2008-01-18_205616.29.zip=>efcaxxw.dll
Supprimé
C:\QooBox\Quarantine\catchme2008-01-18_205616.29.zip
Mis à jour
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0080255.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0080255.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0080255.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0080257.exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0080257.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0080257.exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0081255.Exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0081255.Exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0081255.Exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0081256.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0081256.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0081256.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0081258.exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0081258.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0081258.exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082255.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082255.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082255.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082256.Exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082256.Exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082256.Exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082259.exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082259.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082259.exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082280.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082280.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082280.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082281.Exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082281.Exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082281.Exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082285.exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082285.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082285.exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082437.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082437.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0082437.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0083437.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0083437.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0083437.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0083438.Exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0083438.Exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0083438.Exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0083442.exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0083442.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP321\A0083442.exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP322\A0083463.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP322\A0083463.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP322\A0083463.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP322\A0083516.Exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP322\A0083516.Exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP322\A0083516.Exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP322\A0083517.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP322\A0083517.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP322\A0083517.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0083535.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0083535.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0083535.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0083545.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0083545.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0083545.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0084545.ini
Infecté par: Trojan.Vundo.DVS
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0084545.ini
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0084545.ini
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0084547.exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0084547.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0084547.exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0085547.exe
Infecté par: Trojan.Dropper.Vundo.D
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0085547.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP323\A0085547.exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085562.exe
Infecté par: Trojan.Fotomoto.H
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085562.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085562.exe
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085563.dll
Infecté par: Trojan.Vundo.DVO
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085563.dll
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085563.dll
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085564.dll
Infecté par: Trojan.Vundo.DVO
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085564.dll
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085564.dll
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085565.dll
Infecté par: Trojan.Vundo.DVO
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085565.dll
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085565.dll
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085570.dll
Infecté par: Trojan.Vundo.DVD
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085570.dll
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085570.dll
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085571.dll
Infecté par: Trojan.Vundo.DVO
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085571.dll
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP325\A0085571.dll
Supprimé
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP326\A0085763.exe
Infecté par: Trojan.Skintrim.ATY
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP326\A0085763.exe
Echec de la désinfection
C:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP326\A0085763.exe
Supprimé
D:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP326\A0085758.exe
Infecté par: Trojan.Agent.AGNA
D:\System Volume Information\_restore{6B6CFCDD-9527-4886-B1B3-CCD00BB91A1D}\RP326\A0085758.exe
Supprimé
jorjor
19 Janvier 2008 19:02:21
jorjor
19 Janvier 2008 19:29:19
jorjor
19 Janvier 2008 21:05:30
Contenus similaires
