Mode sans echec impossible
vassiliev
-
vassiliev -
vassiliev -
Bonjour,voila 5jours que je me bats contre des trojans et virus.Je possede XP pro SP1 j'ai telecharger combo;cc cleaner;antivir;hijack this,ewido ; et smitfraudfix et vundo fix;impossible a me mettre en mode sans echec ,apparait l'erreur invalid floating point quelquefois;plusieurs fois antivir detecte des problemes vundo.gen je mets en quarantaine et puis je supprime :
ci joint les différents rapports :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:26:27, on 08/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = France Télécom Câble
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1284B5A1-FC47-4652-A8B1-0AADED39B1B7} - (no file)
O2 - BHO: (no name) - {3A933AAE-0F81-458B-9642-101C137B66B9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {624D3817-B028-45D0-8CBA-F0763244B2D7} - (no file)
O2 - BHO: (no name) - {671E72A3-C401-49B1-8422-DCE800C42759} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O2 - BHO: (no name) - {B0F85664-3616-46FD-BCC7-D4541939F6E2} - (no file)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - (no file)
O2 - BHO: (no name) - {ED8F73A5-B441-49D8-949C-6CC35288A06C} - (no file)
O2 - BHO: (no name) - {FDCEE0A7-B722-41C5-8D40-9B50040E9B0D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
--
End of file - 6881 bytes
[10/07/2007, 14:46:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\vassiliev\Bureau\VirtumundoBeGone.exe" )
[10/07/2007, 14:51:48] - User choose NOT to continue. Exiting...
[10/07/2007, 15:01:30] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\vassiliev\Bureau\VirtumundoBeGone.exe" )
[10/07/2007, 15:01:32] - Detected System Information:
[10/07/2007, 15:01:32] - Windows Version: 5.1.2600, Service Pack 1
[10/07/2007, 15:01:32] - Current Username: vassiliev (Admin)
[10/07/2007, 15:01:32] - Windows is in NORMAL mode.
[10/07/2007, 15:01:32] - Searching for Browser Helper Objects:
[10/07/2007, 15:01:32] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[10/07/2007, 15:01:32] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[10/07/2007, 15:01:32] - BHO 3: {1284B5A1-FC47-4652-A8B1-0AADED39B1B7} ()
[10/07/2007, 15:01:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/07/2007, 15:01:32] - No filename found. Continuing.
[10/07/2007, 15:01:32] - BHO 4: {3A933AAE-0F81-458B-9642-101C137B66B9} ()
[10/07/2007, 15:01:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/07/2007, 15:01:32] - No filename found. Continuing.
[10/07/2007, 15:01:32] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/07/2007, 15:01:32] - BHO 6: {624D3817-B028-45D0-8CBA-F0763244B2D7} ()
[10/07/2007, 15:01:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/07/2007, 15:01:32] - No filename found. Continuing.
[10/07/2007, 15:01:32] - BHO 7: {671E72A3-C401-49B1-8422-DCE800C42759} ()
[10/07/2007, 15:01:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/07/2007, 15:01:32] - No filename found. Continuing.
[10/07/2007, 15:01:32] - BHO 8: {89AD4D75-2429-462e-BD4E-443F233F6033} ()
[10/07/2007, 15:01:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/07/2007, 15:01:32] - No filename found. Continuing.
[10/07/2007, 15:01:32] - BHO 9: {B0F85664-3616-46FD-BCC7-D4541939F6E2} ()
[10/07/2007, 15:01:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/07/2007, 15:01:32] - No filename found. Continuing.
[10/07/2007, 15:01:32] - BHO 10: {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} ()
[10/07/2007, 15:01:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/07/2007, 15:01:32] - No filename found. Continuing.
[10/07/2007, 15:01:32] - BHO 11: {ED8F73A5-B441-49D8-949C-6CC35288A06C} ()
[10/07/2007, 15:01:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/07/2007, 15:01:32] - No filename found. Continuing.
[10/07/2007, 15:01:32] - BHO 12: {FDCEE0A7-B722-41C5-8D40-9B50040E9B0D} ()
[10/07/2007, 15:01:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/07/2007, 15:01:32] - No filename found. Continuing.
[10/07/2007, 15:01:32] - Finished Searching Browser Helper Objects
[10/07/2007, 15:01:32] - Finishing up...
[10/07/2007, 15:01:32] - Nothing found! Exiting...
ComboFix 07-10-07.2 - vassiliev 2007-10-08 21:29:14.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.84 [GMT 2:00]
Running from: C:\Documents and Settings\vassiliev\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\Documents and Settings\vassiliev\err.log
C:\WINDOWS\cookies.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
((((((((((((((((((((((((((((( Fichiers créés 2007-09-08 to 2007-10-08 ))))))))))))))))))))))))))))))))))))
.
2007-10-08 20:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-07 21:52 <REP> d-------- C:\Program Files\ewido anti-spyware 4.0
2007-10-07 18:08 <REP> d-------- C:\Program Files\T‚l‚chargement PHOTOWAYS
2007-10-07 17:08 <REP> d-------- C:\WINDOWS\AU_Temp
2007-10-07 15:37 6,473 ---hs---- C:\WINDOWS\system32\kmppo.bak1
2007-10-07 15:31 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2007-10-07 15:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-07 15:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-07 15:19 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-10-07 15:19 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2007-10-07 15:19 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-07 15:19 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-10-07 15:19 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-10-07 15:18 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-10-07 15:18 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-07 15:12 <REP> d-------- C:\WINDOWS\Internet Logs
2007-10-07 14:51 <REP> d-------- C:\Program Files\Yahoo!
2007-10-07 14:51 <REP> d-------- C:\Program Files\CCleaner
2007-10-07 14:44 <REP> d-------- C:\Program Files\Trend Micro
2007-10-07 09:01 <REP> d-------- C:\$WIN_NT$.~BT
2007-10-07 08:51 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-10-07 08:47 <REP> d-------- C:\VundoFix Backups
2007-10-07 08:41 <REP> d-------- C:\WINDOWS\pss
2007-10-06 23:19 6,473 ---hs---- C:\WINDOWS\system32\poqss.bak1
2007-10-06 22:11 <REP> d-------- C:\Program Files\Avira
2007-10-06 19:39 716,504 ---hs---- C:\WINDOWS\system32\pssut.bak2
2007-10-06 10:19 716,692 ---hs---- C:\WINDOWS\system32\pssut.ini2
2007-10-06 10:07 6,473 ---hs---- C:\WINDOWS\system32\sutwa.bak1
2007-10-06 09:55 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-10-06 09:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-06 09:00 6,473 ---hs---- C:\WINDOWS\system32\pssut.bak1
2007-10-05 23:08 <REP> d-------- C:\Program Files\PeerGuardian2
2007-10-05 23:01 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-10-05 08:20 717,339 ---hs---- C:\WINDOWS\system32\oorqr.bak2
2007-10-04 21:49 6,513 ---hs---- C:\WINDOWS\system32\oorqr.bak1
2007-10-04 21:46 <REP> d-------- C:\WINDOWS\report
2007-10-04 21:45 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-10-04 21:45 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-10-04 21:45 267,845 --a------ C:\WINDOWS\tsc.exe
2007-10-04 21:45 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-10-04 21:45 <REP> d-------- C:\WINDOWS\AU_Backup
2007-10-04 21:42 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-10-04 21:42 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-10-04 21:42 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-10-04 21:42 <REP> d-------- C:\WINDOWS\AU_Log
2007-10-04 21:39 48,128 --ah----- C:\WINDOWS\system32\crusgmmx.exe
2007-10-04 21:39 35,328 --a------ C:\WINDOWS\system32\iifccca.dll
2007-10-04 17:58 120 --a------ C:\WINDOWS\system32\aesmobd.bat
2007-10-04 17:57 123 --a------ C:\WINDOWS\system32\cppa.bat
2007-10-04 17:56 130 --a------ C:\WINDOWS\system32\xmwesfhb.bat
2007-10-04 17:48 115 --a------ C:\WINDOWS\system32\rvbkx.bat
2007-10-04 17:47 127 --a------ C:\WINDOWS\system32\sxlto.bat
2007-10-04 17:47 123 --a------ C:\WINDOWS\system32\yfizekp.bat
2007-10-04 17:47 123 --a------ C:\WINDOWS\system32\sthi.bat
2007-10-04 17:47 121 --a------ C:\WINDOWS\system32\fpcgckme.bat
2007-10-04 17:47 118 --a------ C:\WINDOWS\system32\adovk.bat
2007-10-04 17:45 127 --a------ C:\WINDOWS\system32\eqimjigs.bat
2007-10-04 17:45 124 --a------ C:\WINDOWS\system32\mzufj.bat
2007-10-04 17:45 118 --a------ C:\WINDOWS\system32\dazmj.bat
2007-10-04 17:44 124 --a------ C:\WINDOWS\system32\mdftgyip.bat
2007-10-04 17:43 127 --a------ C:\WINDOWS\system32\zdfturhw.bat
2007-10-04 17:43 120 --a------ C:\WINDOWS\system32\eacp.bat
2007-10-04 17:42 123 --a------ C:\WINDOWS\system32\pejruqz.bat
2007-10-04 17:42 119 --a------ C:\WINDOWS\system32\lziksx.bat
2007-10-04 17:42 116 --a------ C:\WINDOWS\system32\gspbzy.bat
2007-10-04 17:42 114 --a------ C:\WINDOWS\system32\kidx.bat
2007-10-04 17:40 129 --a------ C:\WINDOWS\system32\jmnjasm.bat
2007-10-04 17:40 129 --a------ C:\WINDOWS\system32\cibtnyu.bat
2007-10-04 17:40 127 --a------ C:\WINDOWS\system32\vejzegqg.bat
2007-10-04 17:39 123 --a------ C:\WINDOWS\system32\zxbc.bat
2007-10-04 17:39 120 --a------ C:\WINDOWS\system32\tmuuuvm.bat
2007-10-04 17:39 119 --a------ C:\WINDOWS\system32\xeujgs.bat
2007-10-04 17:39 117 --a------ C:\WINDOWS\system32\tbichyz.bat
2007-10-04 17:38 124 --a------ C:\WINDOWS\system32\puvattdt.bat
2007-10-04 17:38 121 --a------ C:\WINDOWS\system32\xnnlihdi.bat
2007-10-04 17:38 119 --a------ C:\WINDOWS\system32\moxbgn.bat
2007-10-04 17:37 123 --a------ C:\WINDOWS\system32\etzm.bat
2007-10-04 17:37 119 --a------ C:\WINDOWS\system32\fwkmvw.bat
2007-10-04 17:36 125 --a------ C:\WINDOWS\system32\lpuajy.bat
2007-10-04 17:36 121 --a------ C:\WINDOWS\system32\yqhhprmk.bat
2007-10-04 17:36 118 --a------ C:\WINDOWS\system32\zifru.bat
2007-10-04 17:35 125 --a------ C:\WINDOWS\system32\nmitwk.bat
2007-10-04 17:35 118 --a------ C:\WINDOWS\system32\atvegket.bat
2007-10-04 17:34 127 --a------ C:\WINDOWS\system32\huglpamz.bat
2007-10-04 17:33 129 --a------ C:\WINDOWS\system32\kixoics.bat
2007-10-04 17:33 127 --a------ C:\WINDOWS\system32\lrohigyh.bat
2007-10-04 17:33 124 --a------ C:\WINDOWS\system32\kyzrpxzr.bat
2007-10-04 17:33 121 --a------ C:\WINDOWS\system32\bkwpc.bat
2007-10-04 17:32 129 --a------ C:\WINDOWS\system32\zqfyikd.bat
2007-10-04 17:32 119 --a------ C:\WINDOWS\system32\xejomy.bat
2007-10-04 16:23 <REP> d-------- C:\Program Files\Alwil Software
2007-10-04 14:21 <REP> d-------- C:\Program Files\Micro Application
2007-10-03 21:44 <REP> d-------- C:\Program Files\Google
2007-10-03 21:44 <REP> d-------- C:\Documents and Settings\vassiliev\Application Data\Google
2007-10-03 21:05 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-03 21:05 <REP> d-------- C:\Documents and Settings\vassiliev\Application Data\Thunderbird
2007-10-03 21:02 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-10-03 13:05 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-03 13:03 2,048 --ah----- C:\WINDOWS\system32\xuky.exe
2007-10-03 13:02 16,648 --ah----- C:\WINDOWS\system32\fvswyyb.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-04 14:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-29 20:40 --------- d-------- C:\Program Files\Fichiers communs\InstallShield
2007-09-26 13:46 --------- d-------- C:\Program Files\France Telecom Cable
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
--------- C:\Program Files\Téléchargement PHOTOWAYS
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1284B5A1-FC47-4652-A8B1-0AADED39B1B7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A933AAE-0F81-458B-9642-101C137B66B9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{624D3817-B028-45D0-8CBA-F0763244B2D7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{671E72A3-C401-49B1-8422-DCE800C42759}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0F85664-3616-46FD-BCC7-D4541939F6E2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED8F73A5-B441-49D8-949C-6CC35288A06C}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDCEE0A7-B722-41C5-8D40-9B50040E9B0D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-06-03 18:50]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]
"!ewido"="C:\Program Files\ewido anti-spyware 4.0\ewido.exe" [2007-10-07 21:56]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 12:55]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-08-05 14:01]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 11:45]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Anivirus Monitor Process"=antiv.exe
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys
R2 ATITUNEP;ATI WDM TV Tuner (Microsoft);C:\WINDOWS\System32\DRIVERS\atintuxx.sys
R2 ATIXSAudio;ATI WDM TV Audio Crossbar (Microsoft);C:\WINDOWS\System32\DRIVERS\atinxsxx.sys
R2 TTDec;ATI WDM Teletext Decoder (Microsoft);C:\WINDOWS\System32\DRIVERS\ATINTTXX.sys
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S4 NOTEPAD;NOTEPAD;"C:\WINDOWS\system\NOTEPAD.exe"
S4 Szservice;Szservice;"C:\WINDOWS\czsrv.exe"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-01-17 23:04:50 C:\WINDOWS\Tasks\Lecteur Windows Media.job"
- F:\Video\clip\Moby - In my heart.AVI
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 21:38:14
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-08 21:43:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-08 21:43
.
--- E O F ---
Je pensais m'en sortir mais il semble que j'ai un résistant
Puis je m'en sortir sans format
Merci d'avance .
Information cet ordinateur PIII 1Ghz n'a pas été sur internet depuis 5 ans et suite à un problème de numéricable j'ai du le mettre sur le web et ce fut le début de la galère .Juste le temps de connecter et ce fut une attaque permanente
ci joint les différents rapports :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:26:27, on 08/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = France Télécom Câble
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1284B5A1-FC47-4652-A8B1-0AADED39B1B7} - (no file)
O2 - BHO: (no name) - {3A933AAE-0F81-458B-9642-101C137B66B9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {624D3817-B028-45D0-8CBA-F0763244B2D7} - (no file)
O2 - BHO: (no name) - {671E72A3-C401-49B1-8422-DCE800C42759} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O2 - BHO: (no name) - {B0F85664-3616-46FD-BCC7-D4541939F6E2} - (no file)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - (no file)
O2 - BHO: (no name) - {ED8F73A5-B441-49D8-949C-6CC35288A06C} - (no file)
O2 - BHO: (no name) - {FDCEE0A7-B722-41C5-8D40-9B50040E9B0D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
--
End of file - 6881 bytes
[10/07/2007, 14:46:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\vassiliev\Bureau\VirtumundoBeGone.exe" )
[10/07/2007, 14:51:48] - User choose NOT to continue. Exiting...
[10/07/2007, 15:01:30] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\vassiliev\Bureau\VirtumundoBeGone.exe" )
[10/07/2007, 15:01:32] - Detected System Information:
[10/07/2007, 15:01:32] - Windows Version: 5.1.2600, Service Pack 1
[10/07/2007, 15:01:32] - Current Username: vassiliev (Admin)
[10/07/2007, 15:01:32] - Windows is in NORMAL mode.
[10/07/2007, 15:01:32] - Searching for Browser Helper Objects:
[10/07/2007, 15:01:32] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[10/07/2007, 15:01:32] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[10/07/2007, 15:01:32] - BHO 3: {1284B5A1-FC47-4652-A8B1-0AADED39B1B7} ()
[10/07/2007, 15:01:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/07/2007, 15:01:32] - No filename found. Continuing.
[10/07/2007, 15:01:32] - BHO 4: {3A933AAE-0F81-458B-9642-101C137B66B9} ()
[10/07/2007, 15:01:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/07/2007, 15:01:32] - No filename found. Continuing.
[10/07/2007, 15:01:32] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/07/2007, 15:01:32] - BHO 6: {624D3817-B028-45D0-8CBA-F0763244B2D7} ()
[10/07/2007, 15:01:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/07/2007, 15:01:32] - No filename found. Continuing.
[10/07/2007, 15:01:32] - BHO 7: {671E72A3-C401-49B1-8422-DCE800C42759} ()
[10/07/2007, 15:01:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/07/2007, 15:01:32] - No filename found. Continuing.
[10/07/2007, 15:01:32] - BHO 8: {89AD4D75-2429-462e-BD4E-443F233F6033} ()
[10/07/2007, 15:01:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/07/2007, 15:01:32] - No filename found. Continuing.
[10/07/2007, 15:01:32] - BHO 9: {B0F85664-3616-46FD-BCC7-D4541939F6E2} ()
[10/07/2007, 15:01:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/07/2007, 15:01:32] - No filename found. Continuing.
[10/07/2007, 15:01:32] - BHO 10: {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} ()
[10/07/2007, 15:01:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/07/2007, 15:01:32] - No filename found. Continuing.
[10/07/2007, 15:01:32] - BHO 11: {ED8F73A5-B441-49D8-949C-6CC35288A06C} ()
[10/07/2007, 15:01:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/07/2007, 15:01:32] - No filename found. Continuing.
[10/07/2007, 15:01:32] - BHO 12: {FDCEE0A7-B722-41C5-8D40-9B50040E9B0D} ()
[10/07/2007, 15:01:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/07/2007, 15:01:32] - No filename found. Continuing.
[10/07/2007, 15:01:32] - Finished Searching Browser Helper Objects
[10/07/2007, 15:01:32] - Finishing up...
[10/07/2007, 15:01:32] - Nothing found! Exiting...
ComboFix 07-10-07.2 - vassiliev 2007-10-08 21:29:14.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.84 [GMT 2:00]
Running from: C:\Documents and Settings\vassiliev\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\Documents and Settings\vassiliev\err.log
C:\WINDOWS\cookies.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
((((((((((((((((((((((((((((( Fichiers créés 2007-09-08 to 2007-10-08 ))))))))))))))))))))))))))))))))))))
.
2007-10-08 20:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-07 21:52 <REP> d-------- C:\Program Files\ewido anti-spyware 4.0
2007-10-07 18:08 <REP> d-------- C:\Program Files\T‚l‚chargement PHOTOWAYS
2007-10-07 17:08 <REP> d-------- C:\WINDOWS\AU_Temp
2007-10-07 15:37 6,473 ---hs---- C:\WINDOWS\system32\kmppo.bak1
2007-10-07 15:31 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2007-10-07 15:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-07 15:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-07 15:19 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-10-07 15:19 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2007-10-07 15:19 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-07 15:19 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-10-07 15:19 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-10-07 15:18 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-10-07 15:18 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-07 15:12 <REP> d-------- C:\WINDOWS\Internet Logs
2007-10-07 14:51 <REP> d-------- C:\Program Files\Yahoo!
2007-10-07 14:51 <REP> d-------- C:\Program Files\CCleaner
2007-10-07 14:44 <REP> d-------- C:\Program Files\Trend Micro
2007-10-07 09:01 <REP> d-------- C:\$WIN_NT$.~BT
2007-10-07 08:51 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-10-07 08:47 <REP> d-------- C:\VundoFix Backups
2007-10-07 08:41 <REP> d-------- C:\WINDOWS\pss
2007-10-06 23:19 6,473 ---hs---- C:\WINDOWS\system32\poqss.bak1
2007-10-06 22:11 <REP> d-------- C:\Program Files\Avira
2007-10-06 19:39 716,504 ---hs---- C:\WINDOWS\system32\pssut.bak2
2007-10-06 10:19 716,692 ---hs---- C:\WINDOWS\system32\pssut.ini2
2007-10-06 10:07 6,473 ---hs---- C:\WINDOWS\system32\sutwa.bak1
2007-10-06 09:55 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-10-06 09:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-06 09:00 6,473 ---hs---- C:\WINDOWS\system32\pssut.bak1
2007-10-05 23:08 <REP> d-------- C:\Program Files\PeerGuardian2
2007-10-05 23:01 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-10-05 08:20 717,339 ---hs---- C:\WINDOWS\system32\oorqr.bak2
2007-10-04 21:49 6,513 ---hs---- C:\WINDOWS\system32\oorqr.bak1
2007-10-04 21:46 <REP> d-------- C:\WINDOWS\report
2007-10-04 21:45 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-10-04 21:45 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-10-04 21:45 267,845 --a------ C:\WINDOWS\tsc.exe
2007-10-04 21:45 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-10-04 21:45 <REP> d-------- C:\WINDOWS\AU_Backup
2007-10-04 21:42 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-10-04 21:42 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-10-04 21:42 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-10-04 21:42 <REP> d-------- C:\WINDOWS\AU_Log
2007-10-04 21:39 48,128 --ah----- C:\WINDOWS\system32\crusgmmx.exe
2007-10-04 21:39 35,328 --a------ C:\WINDOWS\system32\iifccca.dll
2007-10-04 17:58 120 --a------ C:\WINDOWS\system32\aesmobd.bat
2007-10-04 17:57 123 --a------ C:\WINDOWS\system32\cppa.bat
2007-10-04 17:56 130 --a------ C:\WINDOWS\system32\xmwesfhb.bat
2007-10-04 17:48 115 --a------ C:\WINDOWS\system32\rvbkx.bat
2007-10-04 17:47 127 --a------ C:\WINDOWS\system32\sxlto.bat
2007-10-04 17:47 123 --a------ C:\WINDOWS\system32\yfizekp.bat
2007-10-04 17:47 123 --a------ C:\WINDOWS\system32\sthi.bat
2007-10-04 17:47 121 --a------ C:\WINDOWS\system32\fpcgckme.bat
2007-10-04 17:47 118 --a------ C:\WINDOWS\system32\adovk.bat
2007-10-04 17:45 127 --a------ C:\WINDOWS\system32\eqimjigs.bat
2007-10-04 17:45 124 --a------ C:\WINDOWS\system32\mzufj.bat
2007-10-04 17:45 118 --a------ C:\WINDOWS\system32\dazmj.bat
2007-10-04 17:44 124 --a------ C:\WINDOWS\system32\mdftgyip.bat
2007-10-04 17:43 127 --a------ C:\WINDOWS\system32\zdfturhw.bat
2007-10-04 17:43 120 --a------ C:\WINDOWS\system32\eacp.bat
2007-10-04 17:42 123 --a------ C:\WINDOWS\system32\pejruqz.bat
2007-10-04 17:42 119 --a------ C:\WINDOWS\system32\lziksx.bat
2007-10-04 17:42 116 --a------ C:\WINDOWS\system32\gspbzy.bat
2007-10-04 17:42 114 --a------ C:\WINDOWS\system32\kidx.bat
2007-10-04 17:40 129 --a------ C:\WINDOWS\system32\jmnjasm.bat
2007-10-04 17:40 129 --a------ C:\WINDOWS\system32\cibtnyu.bat
2007-10-04 17:40 127 --a------ C:\WINDOWS\system32\vejzegqg.bat
2007-10-04 17:39 123 --a------ C:\WINDOWS\system32\zxbc.bat
2007-10-04 17:39 120 --a------ C:\WINDOWS\system32\tmuuuvm.bat
2007-10-04 17:39 119 --a------ C:\WINDOWS\system32\xeujgs.bat
2007-10-04 17:39 117 --a------ C:\WINDOWS\system32\tbichyz.bat
2007-10-04 17:38 124 --a------ C:\WINDOWS\system32\puvattdt.bat
2007-10-04 17:38 121 --a------ C:\WINDOWS\system32\xnnlihdi.bat
2007-10-04 17:38 119 --a------ C:\WINDOWS\system32\moxbgn.bat
2007-10-04 17:37 123 --a------ C:\WINDOWS\system32\etzm.bat
2007-10-04 17:37 119 --a------ C:\WINDOWS\system32\fwkmvw.bat
2007-10-04 17:36 125 --a------ C:\WINDOWS\system32\lpuajy.bat
2007-10-04 17:36 121 --a------ C:\WINDOWS\system32\yqhhprmk.bat
2007-10-04 17:36 118 --a------ C:\WINDOWS\system32\zifru.bat
2007-10-04 17:35 125 --a------ C:\WINDOWS\system32\nmitwk.bat
2007-10-04 17:35 118 --a------ C:\WINDOWS\system32\atvegket.bat
2007-10-04 17:34 127 --a------ C:\WINDOWS\system32\huglpamz.bat
2007-10-04 17:33 129 --a------ C:\WINDOWS\system32\kixoics.bat
2007-10-04 17:33 127 --a------ C:\WINDOWS\system32\lrohigyh.bat
2007-10-04 17:33 124 --a------ C:\WINDOWS\system32\kyzrpxzr.bat
2007-10-04 17:33 121 --a------ C:\WINDOWS\system32\bkwpc.bat
2007-10-04 17:32 129 --a------ C:\WINDOWS\system32\zqfyikd.bat
2007-10-04 17:32 119 --a------ C:\WINDOWS\system32\xejomy.bat
2007-10-04 16:23 <REP> d-------- C:\Program Files\Alwil Software
2007-10-04 14:21 <REP> d-------- C:\Program Files\Micro Application
2007-10-03 21:44 <REP> d-------- C:\Program Files\Google
2007-10-03 21:44 <REP> d-------- C:\Documents and Settings\vassiliev\Application Data\Google
2007-10-03 21:05 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-03 21:05 <REP> d-------- C:\Documents and Settings\vassiliev\Application Data\Thunderbird
2007-10-03 21:02 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-10-03 13:05 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-03 13:03 2,048 --ah----- C:\WINDOWS\system32\xuky.exe
2007-10-03 13:02 16,648 --ah----- C:\WINDOWS\system32\fvswyyb.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-04 14:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-29 20:40 --------- d-------- C:\Program Files\Fichiers communs\InstallShield
2007-09-26 13:46 --------- d-------- C:\Program Files\France Telecom Cable
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
--------- C:\Program Files\Téléchargement PHOTOWAYS
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1284B5A1-FC47-4652-A8B1-0AADED39B1B7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A933AAE-0F81-458B-9642-101C137B66B9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{624D3817-B028-45D0-8CBA-F0763244B2D7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{671E72A3-C401-49B1-8422-DCE800C42759}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0F85664-3616-46FD-BCC7-D4541939F6E2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED8F73A5-B441-49D8-949C-6CC35288A06C}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDCEE0A7-B722-41C5-8D40-9B50040E9B0D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-06-03 18:50]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]
"!ewido"="C:\Program Files\ewido anti-spyware 4.0\ewido.exe" [2007-10-07 21:56]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 12:55]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-08-05 14:01]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 11:45]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Anivirus Monitor Process"=antiv.exe
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys
R2 ATITUNEP;ATI WDM TV Tuner (Microsoft);C:\WINDOWS\System32\DRIVERS\atintuxx.sys
R2 ATIXSAudio;ATI WDM TV Audio Crossbar (Microsoft);C:\WINDOWS\System32\DRIVERS\atinxsxx.sys
R2 TTDec;ATI WDM Teletext Decoder (Microsoft);C:\WINDOWS\System32\DRIVERS\ATINTTXX.sys
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S4 NOTEPAD;NOTEPAD;"C:\WINDOWS\system\NOTEPAD.exe"
S4 Szservice;Szservice;"C:\WINDOWS\czsrv.exe"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-01-17 23:04:50 C:\WINDOWS\Tasks\Lecteur Windows Media.job"
- F:\Video\clip\Moby - In my heart.AVI
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 21:38:14
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-08 21:43:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-08 21:43
.
--- E O F ---
Je pensais m'en sortir mais il semble que j'ai un résistant
Puis je m'en sortir sans format
Merci d'avance .
Information cet ordinateur PIII 1Ghz n'a pas été sur internet depuis 5 ans et suite à un problème de numéricable j'ai du le mettre sur le web et ce fut le début de la galère .Juste le temps de connecter et ce fut une attaque permanente
Configuration: Windows XP pro Internet Explorer 6.0
A voir également:
- Mode sans echec impossible
- Mode sans echec ps4 - Guide
- Mode sans echec - Guide
- Mode sécurisé - Guide
- Mode sans echec msi ✓ - Forum Windows 10
- Mode d'emploi - Guide
