Se connecter / S'enregistrer
Votre question

TR/Vundo.AJ.5

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
4 Avril 2007 12:10:47

Bonjour,
Est-ce que quelqu'un peut me dire comment faire face à ce virus?

Merci beaucoup.

Autres pages sur : vundo

4 Avril 2007 12:52:58

Je viens de faire le Hijackthis.
Voici le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 12:51:26, on 04/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\benmai\Bureau\VundoFix.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\benmai\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {68218620-3D65-43F6-AD47-D38D84B5412A} - C:\WINDOWS\system32\qommljk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.lessablesdolonne.com/axis2/AxisCamControl.oc...
O20 - Winlogon Notify: qommljk - C:\WINDOWS\SYSTEM32\qommljk.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

4 Avril 2007 14:02:43

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    4 Avril 2007 14:17:49

    Vundofix n'a rien trouvé. C'est normal?
    Merci de répondre.
    4 Avril 2007 14:20:10

    On va changer d'outil :) 

    Télécharge combofix.exe (par sUBs) sur ton Bureau

    http://download.bleepingcomputer.com/sUBs/combofix.exe

    Double clique combofix.exe et suis les invites.
    Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
    4 Avril 2007 14:24:51

    Ton lien ne fonctionne pas. T'en as un autre?
    Merci
    4 Avril 2007 14:29:40

    en fait c bon j'ai trouvé un autre lien
    4 Avril 2007 14:36:07

    Voilà le rapport
    "benmai" - 07-04-04 14:29:08 Service Pack 2
    ComboFix 07-04-04.5 - Running from: "C:\Documents and Settings\benmai\Bureau"


    ((((((((((((((((((((((((((((((( Files Created from 2007-03-04 to 2007-04-04 ))))))))))))))))))))))))))))))))))


    2007-04-04 14:04 3,296 --a------ C:\WINDOWS\system32\tmp.reg
    2007-04-04 14:03 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
    2007-04-04 14:03 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-04-04 14:03 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-04-04 14:03 40,960 --a------ C:\WINDOWS\system32\swsc.exe
    2007-04-04 14:03 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-04-04 14:03 135,168 --a------ C:\WINDOWS\system32\swreg.exe
    2007-04-04 13:13 <REP> d-------- C:\WINDOWS\LastGood
    2007-04-04 13:13 <REP> d-------- C:\WINDOWS\Drivers
    2007-04-04 13:12 <REP> d-------- C:\Program Files\Navimail
    2007-04-04 13:12 <REP> d-------- C:\Program Files\CM93_Ed3
    2007-04-04 11:50 <REP> d-------- C:\VundoFix Backups
    2007-04-04 11:32 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-04-04 11:24 <REP> d-------- C:\Program Files\Trojan Remover
    2007-04-04 11:24 <REP> d-------- C:\DOCUME~1\benmai\APPLIC~1\Simply Super Software
    2007-04-04 11:12 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-04-04 11:02 <REP> d-------- C:\Program Files\Informatique & Mer
    2007-04-04 10:47 26,694 --a------ C:\WINDOWS\system32\nnnmmmn.dll
    2007-04-04 10:45 26,694 --------- C:\WINDOWS\system32\qommljk.dll
    2007-04-04 10:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MaxSea International
    2007-04-04 10:25 <REP> d-------- C:\Program Files\SafeNet Sentinel
    2007-04-04 10:25 <REP> d-------- C:\Program Files\Fichiers communs\SafeNet Sentinel
    2007-04-04 10:24 283,648 --a------ C:\WINDOWS\uninst.exe
    2007-04-04 10:22 <REP> d-------- C:\Program Files\MaxSea International
    2007-04-03 19:02 <REP> d-------- C:\Movavi files
    2007-04-02 17:45 <REP> d-------- C:\Program Files\CR-TEKnologies
    2007-04-02 17:24 20,000 --------- C:\WINDOWS\system32\drivers\cmapusb.sys
    2007-04-02 17:24 18,013 --------- C:\WINDOWS\system32\drivers\cmap_pc2.sys
    2007-04-02 17:24 16,088 --------- C:\WINDOWS\system32\drivers\cmapldr.sys
    2007-04-02 17:24 <REP> d-------- C:\Program Files\C-Map
    2007-04-02 17:10 7,008 --a------ C:\WINDOWS\system\SETUPKIT.DLL
    2007-04-02 17:10 61,232 --a------ C:\WINDOWS\SETUP1.EXE
    2007-04-02 17:10 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL
    2007-04-02 14:25 <REP> d-------- C:\Cartes
    2007-04-02 13:58 <REP> d-------- C:\WINDOWS\MaxSea
    2007-04-02 13:55 <REP> d-------- C:\WINDOWS\system32\?¬
    2007-04-02 13:53 11,812 --a------ C:\WINDOWS\system32\drivers\SentEmul.sys
    2007-04-02 13:53 <REP> d-------- C:\Program Files\SentEmul
    2007-04-02 13:50 61,440 --a------ C:\WINDOWS\system32\Crypserv.exe
    2007-04-02 13:50 311,296 --a------ C:\WINDOWS\system32\CMGBase.dll
    2007-04-02 13:50 28,518 --a------ C:\WINDOWS\system32\Ckldrv.sys
    2007-04-02 13:50 27,648 -ra------ C:\WINDOWS\Setup_ck.exe
    2007-04-02 13:50 18,432 --a------ C:\WINDOWS\Setup_ck.dll
    2007-04-02 13:50 165,888 --a------ C:\WINDOWS\Ckconfig.exe
    2007-04-02 13:50 11,776 --a------ C:\WINDOWS\Ckrfresh.exe
    2007-04-02 13:49 <REP> d-------- C:\WINDOWS\system32\RNBOSENT
    2007-04-02 13:47 <REP> d-------- C:\Program Files\I&M
    2007-03-26 12:46 <REP> d-------- C:\Program Files\MSN Messenger
    2007-03-23 17:50 <REP> d-------- C:\DOCUME~1\benmai\Contacts
    2007-03-23 17:49 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-03-22 16:54 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
    2007-03-22 16:54 118,832 --a------ C:\WINDOWS\system32\SHW32.DLL
    2007-03-22 16:41 <REP> d-------- C:\Program Files\EA SPORTS
    2007-03-21 16:14 <REP> d-------- C:\DOCUME~1\benmai\APPLIC~1\Media Player Classic
    2007-03-21 13:37 843,776 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-03-21 13:37 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-03-21 13:37 2,024,448 --a------ C:\WINDOWS\system32\divx.dll
    2007-03-21 13:37 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
    2007-03-17 16:35 <REP> d-------- C:\DOCUME~1\benmai\APPLIC~1\vlc
    2007-03-16 16:34 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2007-03-16 16:13 <REP> d-------- C:\Program Files\VideoLAN
    2007-03-11 19:29 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
    2007-03-11 10:52 606,848 --a------ C:\WINDOWS\flashax.exe
    2007-03-11 10:52 12,288 --a------ C:\WINDOWS\impborl.dll
    2007-03-08 22:45 7,340,032 --a------ C:\DOCUME~1\benmai\ntuser.dat


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-04-04 13:15 -------- d--h----- C:\Program Files\installshield installation information
    2007-04-04 12:33 -------- d-------- C:\Program Files\emule
    2007-04-04 11:45 64458 --a--c--- C:\WINDOWS\system32\perfc00c.dat
    2007-04-04 11:45 447920 --a--c--- C:\WINDOWS\system32\perfh00c.dat
    2007-04-04 11:42 -------- d-------- C:\Program Files\wanadoo
    2007-04-04 10:55 -------- d-------- C:\DOCUME~1\benmai\APPLIC~1\utorrent
    2007-03-26 14:49 -------- d-------- C:\Program Files\quicktime
    2007-03-23 11:29 -------- d-------- C:\Program Files\everest poker
    2007-03-21 13:34 -------- d-------- C:\Program Files\wordbiz
    2007-03-21 13:34 -------- d-------- C:\Program Files\winiso
    2007-03-21 13:34 -------- d-------- C:\Program Files\pkr
    2007-03-21 13:34 -------- d-------- C:\Program Files\philips toucam camera
    2007-03-21 13:34 -------- d-------- C:\Program Files\messenger
    2007-03-21 13:34 -------- d-------- C:\Program Files\lexmark 3100 series
    2007-03-21 13:34 -------- d-------- C:\Program Files\ensemble clavier et souris sans fil labtec
    2007-03-16 16:34 -------- d-------- C:\Program Files\real
    2007-02-28 18:35 -------- d-------- C:\Program Files\winaspi
    2007-02-28 18:20 -------- d-------- C:\Program Files\softwareclub.ws
    2007-02-21 16:21 -------- d-------- C:\Program Files\utorrent
    2007-02-06 18:15 -------- d-------- C:\Program Files\google
    2007-02-05 10:09 -------- d-------- C:\Program Files\java


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
    "WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
    "AGRSMMSG"="AGRSMMSG.exe"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "CHotkey"="zHotkey.exe"
    "ShowWnd"="ShowWnd.exe"
    "PCMService"="\"C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe\""
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "LXBRKsk"="C:\\PROGRA~1\\LEXMAR~1\\LXBRKsk.exe"
    "WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
    "WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe"
    "RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
    "SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
    "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Activer l'ensemble clavier et souris sans fil Labtec.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Activer l'ensemble clavier et souris sans fil Labtec.lnk"
    "backup"="C:\\WINDOWS\\pss\\Activer l'ensemble clavier et souris sans fil Labtec.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\ENSEMB~1\\MagicKey.exe "
    "item"="Activer l'ensemble clavier et souris sans fil Labtec"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Reader Speed Launch.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
    "item"="Adobe Reader Speed Launch"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 8.0 Icône AOL.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\AOL 8.0 Icône AOL.lnk"
    "backup"="C:\\WINDOWS\\pss\\AOL 8.0 Icône AOL.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\AOL8~1.0\\aoltray.exe -check"
    "item"="AOL 8.0 Icône AOL"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Univ-Tchat.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Univ-Tchat.lnk"
    "backup"="C:\\WINDOWS\\pss\\Univ-Tchat.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\UNIV-T~1\\UNIV-T~1.EXE /minimized"
    "item"="Univ-Tchat"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="daemon"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="emule"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\eMule\\emule.exe -AutoStart"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 3100 Series]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="lxbrbmgr"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Lexmark 3100 Series\\lxbrbmgr.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MsgPlus"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mmtask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PWRISOVM"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="HDAudPropShortcut"
    "hkey"="HKLM"
    "command"="HDAudPropShortcut.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RealPlay"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PDVDServ"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
    "inimapping"="0"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{68218620-3D65-43F6-AD47-D38D84B5412A}"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qommljk

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aaa96f5e-aec3-11da-ac49-0013d32ecc20}]
    Shell\AutoRun\command L:\RunGame.exe


    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-04-04 14:33:47
    C:\ComboFix-quarantined-files.txt ... 07-04-04 14:33
    4 Avril 2007 14:36:56

    Y'en a un autre:
    1. 07-04-04 14:32 822 --a------ C:\Qoobox\Quarantine\07-04-04\Registry_backups\LEGACY_MCHINJDRV.reg.cf
    2.  
    3.  
    4. Structure du dossier
    5. Le num‚ro de s‚rie du volume est 7C59-1637
    6. C:\QOOBOX
    7. \---Quarantine
    8. \---07-04-04
    9. \---Registry_backups
    10. LEGACY_MCHINJDRV.reg.cf

    4 Avril 2007 15:40:48

    S que quelqu'un peut m'aider?
    Merci
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS