Se connecter / S'enregistrer
Votre question

Virus msn photo

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
25 Juin 2007 22:09:24

Bonjour !! Alors voilà j'ai eu comme beaucoup de monde un virus sur msn qui dit : Est ce vous sur cette photo ***LIEN EDITE PAR ANGELDARK*** :p  ou un truc dans le style.
Pourriez vous m'aidez?
Voici le rapport hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 21:42, on 2007-06-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\e-Carte Bleue\LA BANQUE POSTALE\CVD VISA\ECB.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\retadpu1000627.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WinPop\winpop.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\fhhtathd.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Aline\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.targa.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [eCarteBleue-LPV-P1] "C:\Program Files\e-Carte Bleue\LA BANQUE POSTALE\CVD VISA\ECB.exe" /dontopenmycards
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000627.exe 61A847B5BBF72813329B385070FE01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - Startup: Mediabarre.lnk = C:\Program Files\Mediabarre\Mediabarre.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.coolwebsearch.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpl...
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\fhhtathd.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

Dites moi ce que je dois faire :( 

Autres pages sur : virus msn photo

a b 8 Sécurité
25 Juin 2007 22:12:18

Un bonjour ?

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    26 Juin 2007 14:03:22

    Voilà le rapport de VundoFix !

    undoFix V6.5.1

    Checking Java version...

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 20:41:22 25/06/2007

    Listing files found while scanning....

    C:\WINDOWS\q2403906.dll
    C:\WINDOWS\q3040812.dll

    Beginning removal...

    Performing Repairs to the registry.
    Done!


    Et celui de HiJackThis !

    Logfile of HijackThis v1.99.1
    Scan saved at 14:05, on 2007-06-26
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\e-Carte Bleue\LA BANQUE POSTALE\CVD VISA\ECB.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\WINDOWS\retadpu1000627.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\WinPop\winpop.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Orbitdownloader\orbitdm.exe
    C:\Program Files\Orbitdownloader\orbitnet.exe
    C:\Program Files\Orbitdownloader\orbitdm.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\Aline\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.targa.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [eCarteBleue-LPV-P1] "C:\Program Files\e-Carte Bleue\LA BANQUE POSTALE\CVD VISA\ECB.exe" /dontopenmycards
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000627.exe 61A847B5BBF72813329B385070FE01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\guiknddf.dll",forkonce
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
    O4 - Startup: Mediabarre.lnk = C:\Program Files\Mediabarre\Mediabarre.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: *.coolwebsearch.com
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpl...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\fhhtathd.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

    Contenus similaires
    a b 8 Sécurité
    26 Juin 2007 14:11:53

    Re,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    26 Juin 2007 18:32:37

    Voilà le rapport de Combofix :

    "Aline" - 2007-06-26 17:49:36 - ComboFix 07-06-25.3 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\vtuts.dll
    C:\WINDOWS\system32\rqrstst.dll
    C:\WINDOWS\system32\yayyabx.dll
    C:\WINDOWS\system32\stutv.bak1
    C:\WINDOWS\system32\stutv.ini
    C:\WINDOWS\system32\stutv.bak1
    C:\WINDOWS\system32\stutv.ini
    C:\WINDOWS\system32\wvurpmn.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\inetget2
    C:\Program Files\winpop
    C:\Program Files\winpop\UnInstall.exe
    C:\Program Files\winpop\winpop.exe
    C:\WINDOWS\b122.exe
    C:\WINDOWS\retadpu1000627.exe
    C:\WINDOWS\wr.txt


    ((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))


    2007-06-26 14:04 128,576 --a------ C:\WINDOWS\system32\guiknddf.dll
    2007-06-26 14:01 66,112 --a------ C:\WINDOWS\system32\ietwqviu.dll
    2007-06-25 21:37 6,369 ---hs---- C:\WINDOWS\system32\ppqss.bak1
    2007-06-25 21:32 2,624 --a------ C:\WINDOWS\system32\vaqxevmy.exe
    2007-06-25 21:29 4,672 --a------ C:\WINDOWS\system32\xjkkxlbm.exe
    2007-06-25 20:51 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-25 20:41 <REP> d-------- C:\VundoFix Backups
    2007-06-25 20:29 71,906 --a------ C:\DOCUME~1\Aline\call.exe
    2007-06-25 20:29 239,715 --a------ C:\DOCUME~1\Aline\services.exe
    2007-06-15 13:00 <REP> d-------- C:\Program Files\Anti-Blaxx 1.18
    2007-06-15 12:03 <REP> dr-h----- C:\DOCUME~1\Aline\APPLIC~1\SecuROM
    2007-06-11 22:33 <REP> d-------- C:\Program Files\Imperialisme
    2007-06-10 12:17 <REP> d-------- C:\DOCUME~1\Aline\APPLIC~1\TaoUSign
    2007-06-08 19:17 <REP> d-------- C:\Program Files\Windows Live
    2007-06-08 11:47 <REP> d-------- C:\Program Files\Gabest
    2007-06-02 17:42 11,010,048 --a------ C:\DOCUME~1\Aline\ntuser.dat
    2007-05-28 20:18 <REP> d-------- C:\Program Files\Lionhead Studios


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-26 10:56:42 -------- d-----w C:\DOCUME~1\Aline\APPLIC~1\Orbit
    2007-06-25 19:54:41 -------- d-----w C:\Program Files\MSN Messenger
    2007-06-25 19:33:48 -------- d-----w C:\Program Files\THQ
    2007-06-25 08:03:13 -------- d-----w C:\Program Files\Diablo II
    2007-06-25 08:02:44 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2007-06-24 19:31:07 38,642 ----a-w C:\DOCUME~1\Aline\APPLIC~1\wklnhst.dat
    2007-06-23 21:28:01 -------- d-----w C:\DOCUME~1\Aline\APPLIC~1\Azureus
    2007-06-23 09:22:57 -------- d-----w C:\DOCUME~1\Aline\APPLIC~1\AdobeUM
    2007-06-20 17:09:34 -------- d-----w C:\Program Files\LimeWire
    2007-06-15 22:52:33 -------- d-----w C:\Program Files\Orbitdownloader
    2007-06-15 22:49:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-15 11:12:54 -------- d-----w C:\Program Files\DivX
    2007-06-15 09:14:44 -------- d-----w C:\Program Files\Azureus
    2007-06-15 06:57:58 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-06-10 21:05:18 64,474 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-06-10 21:05:18 446,054 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-06-08 17:17:22 -------- d-----w C:\Program Files\Messenger Plus! Live
    2007-06-06 08:03:55 -------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
    2007-05-30 20:27:35 -------- d-----w C:\DOCUME~1\Aline\APPLIC~1\U3
    2007-05-28 16:33:55 -------- d-----w C:\Program Files\EA GAMES
    2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-08 04:39:04 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-04-30 18:43:47 -------- d-----w C:\Program Files\Warcraft III
    2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2004-08-05 12:00:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
    2006-06-19 23:05:38 56 --sh--r C:\WINDOWS\system32\01F649A422.sys
    2006-06-19 23:05:38 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {000123B4-9B42-4900-B3F7-F4B073EFC214}=C:\Program Files\Orbitdownloader\orbitcth.dll [2007-05-22 18:19]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-12-07 16:06]
    {1F6581D5-AA53-4b73-A6F9-41420C6B61F1}=C:\WINDOWS\system32\ietwqviu.dll [2007-06-26 14:01]
    {2E03C0FD-4C48-43A7-9A54-00240C70FF16}=C:\WINDOWS\system32\BhoECart.dll [2005-12-08 19:15]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {826B2228-BC09-49F2-B5F8-42CE26B1B711}=C:\WINDOWS\adsldpbd.dll []
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]
    {C7CF1142-0785-4B12-A280-B64681E4D45E}=C:\WINDOWS\prflbmsgp32.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OEM-Reset"="" []
    "nwiz"="nwiz.exe" [2006-06-01 17:22 C:\WINDOWS\system32\nwiz.exe]
    "AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-01-06 01:13]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-19 22:22]
    "Amazing3DAquariumWallpaper"="" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-11-24 19:16]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
    "eCarteBleue-LPV-P1"="C:\Program Files\e-Carte Bleue\LA BANQUE POSTALE\CVD VISA\ECB.exe" [2005-12-13 16:39]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-26 19:10]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-24 21:15]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"=1 (0x1)
    "AllowUnhashedWebView"=1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "winlogon.exe"=msole32.exe

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    Source= C:\WINDOWS\warnhp.html
    FriendlyName= Warning homepage

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}"="C:\WINDOWS\q2403906.dll" []
    "{C7CF1142-0785-4B12-A280-B64681E4D45E}"="C:\WINDOWS\prflbmsgp32.dll" []
    "{B212D577-05B7-4963-911E-4A8588160DFA}"="C:\WINDOWS\q3040812.dll" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5291d218-c9ad-11db-9ca1-00038a000015}]
    AutoRun\command- M:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf9ec1c1-6a2f-11d9-92be-806d6172696f}]
    AutoRun\command- E:\Autorun.exe


    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-26 17:54:46
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


    Completion time: 2007-06-26 17:56:19 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-06-26 17:55

    --- E O F ---
    a b 8 Sécurité
    26 Juin 2007 18:46:48

    Reposte un rapport Hijackthis.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS