Pedevice, rapport hijackthis
lollie_pops
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour je crois etre inffectee par le virus pedevice c a d qu'a chaque fois que j'ouvre une page internet un page blanche s'ouvre
g tout essayer mais pas moyen de m'en debarrasser. Je vous envoie mon rapport hijackthis, j'espere que vous pourrez m'aider. Merci beaucoup.
Logfile of HijackThis v1.99.1
Scan saved at 14:42:38, on 01/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\drivers\RMC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
c:\windows\system32\rlvknlg.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\svchost.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310021}\Update.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PeDevice\PeDev.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jujue\Mes documents\Programmes d'installation\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8E984E7F-8E99-A14A-CFFC-F4FA4DDE6CC4} - C:\WINDOWS\system32\erwl.dll (file missing)
O2 - BHO: (no name) - {8F984E7E-8E9A-D74E-CFF9-82FA39AE6CC6} - (no file)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3CB8F~1\Bar888.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3CB8F~1\Bar888.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_7.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [{CCB8FDC4-0708-1036-0829-050503310021}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [{CCB8FDC4-0707-1036-0829-050503310021}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0707-1036-0829-050503310021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [kukr] C:\PROGRA~1\FICHIE~1\kukr\kukrm.exe
O4 - Global Startup: Docteur Club Internet.lnk.disabled
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O4 - Global Startup: svchost.exe
O4 - Global Startup: taskmgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: IntlRun - C:\WINDOWS\system32\m6rmlg9116.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
g tout essayer mais pas moyen de m'en debarrasser. Je vous envoie mon rapport hijackthis, j'espere que vous pourrez m'aider. Merci beaucoup.
Logfile of HijackThis v1.99.1
Scan saved at 14:42:38, on 01/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\drivers\RMC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
c:\windows\system32\rlvknlg.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\svchost.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310021}\Update.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PeDevice\PeDev.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jujue\Mes documents\Programmes d'installation\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8E984E7F-8E99-A14A-CFFC-F4FA4DDE6CC4} - C:\WINDOWS\system32\erwl.dll (file missing)
O2 - BHO: (no name) - {8F984E7E-8E9A-D74E-CFF9-82FA39AE6CC6} - (no file)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3CB8F~1\Bar888.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3CB8F~1\Bar888.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_7.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [{CCB8FDC4-0708-1036-0829-050503310021}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [{CCB8FDC4-0707-1036-0829-050503310021}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0707-1036-0829-050503310021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [kukr] C:\PROGRA~1\FICHIE~1\kukr\kukrm.exe
O4 - Global Startup: Docteur Club Internet.lnk.disabled
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O4 - Global Startup: svchost.exe
O4 - Global Startup: taskmgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: IntlRun - C:\WINDOWS\system32\m6rmlg9116.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
A voir également:
- Pedevice, rapport hijackthis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Plan rapport de stage - Guide
- Rapport de crash windows - Guide
- Impression rapport de stage ✓ - Forum Word
- Modifier rapport d'échelle pdf xchange viewer ✓ - Forum PDF
4 réponses
Bonjour
Plusieurs infections différentes.
$$ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
$$ Redémarre en mode sans échec.
$$ Fais un clic droit sur SDFix.zip et choisis "Extraire tout"
Double-clique sur RunThis.bat
Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire
Presse une touche pour redémarrer
Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche
$$ Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt".
Plusieurs infections différentes.
$$ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
$$ Redémarre en mode sans échec.
$$ Fais un clic droit sur SDFix.zip et choisis "Extraire tout"
Double-clique sur RunThis.bat
Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire
Presse une touche pour redémarrer
Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche
$$ Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt".
Bonjour merci pour votre reponse.
J'ai donc fait tout ce que vous m'avez dit et voici les 3 rapports.
rapport combofix:
Jujue - 07-01-01 17:33:30,18 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Jujue\Bureau"
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\clsid\{D7E4582D-6EAA-4012-8040-248AACDD7771}]
@=""
[HKEY_CLASSES_ROOT\clsid\{D7E4582D-6EAA-4012-8040-248AACDD7771}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{D7E4582D-6EAA-4012-8040-248AACDD7771}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{D7E4582D-6EAA-4012-8040-248AACDD7771}\InprocServer32]
@="C:\\WINDOWS\\system32\\CkdbPlaylist2Sony.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{9310FA17-7CB9-4701-A1DB-66B7190E81EA}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{9310FA17-7CB9-4701-A1DB-66B7190E81EA}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{9310FA17-7CB9-4701-A1DB-66B7190E81EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{9310FA17-7CB9-4701-A1DB-66B7190E81EA}\InprocServer32]
@="C:\\WINDOWS\\system32\\iympagnt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{C814B355-3CAF-4F37-A069-6B0B47EA839D}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{C814B355-3CAF-4F37-A069-6B0B47EA839D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{C814B355-3CAF-4F37-A069-6B0B47EA839D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{C814B355-3CAF-4F37-A069-6B0B47EA839D}\InprocServer32]
@="C:\\WINDOWS\\system32\\iympagnt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{1A10E6B8-AEA4-43CC-A922-E63BBC204BD4}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{1A10E6B8-AEA4-43CC-A922-E63BBC204BD4}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{1A10E6B8-AEA4-43CC-A922-E63BBC204BD4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{1A10E6B8-AEA4-43CC-A922-E63BBC204BD4}\InprocServer32]
@="C:\\WINDOWS\\system32\\iympagnt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{16E15287-42E3-4806-8DEA-A1C569107E7A}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{16E15287-42E3-4806-8DEA-A1C569107E7A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{16E15287-42E3-4806-8DEA-A1C569107E7A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{16E15287-42E3-4806-8DEA-A1C569107E7A}\InprocServer32]
@="C:\\WINDOWS\\system32\\iympagnt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{4C593118-8BDB-431D-81F7-F9F45E414DCC}]
@=""
[HKEY_CLASSES_ROOT\clsid\{4C593118-8BDB-431D-81F7-F9F45E414DCC}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{4C593118-8BDB-431D-81F7-F9F45E414DCC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{4C593118-8BDB-431D-81F7-F9F45E414DCC}\InprocServer32]
@="C:\\WINDOWS\\system32\\miprivs.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{984B2882-12FD-4AF4-ADDB-69834907B35A}]
@=""
[HKEY_CLASSES_ROOT\clsid\{984B2882-12FD-4AF4-ADDB-69834907B35A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{984B2882-12FD-4AF4-ADDB-69834907B35A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{984B2882-12FD-4AF4-ADDB-69834907B35A}\InprocServer32]
@="C:\\WINDOWS\\system32\\oseacc.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{D0F8E172-8E85-4929-9769-AA3B7264D10A}]
@=""
[HKEY_CLASSES_ROOT\clsid\{D0F8E172-8E85-4929-9769-AA3B7264D10A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{D0F8E172-8E85-4929-9769-AA3B7264D10A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{D0F8E172-8E85-4929-9769-AA3B7264D10A}\InprocServer32]
@="C:\\WINDOWS\\system32\\dtsshlex.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{1587BC1D-538E-40DD-BA61-22F654C3C875}]
@=""
[HKEY_CLASSES_ROOT\clsid\{1587BC1D-538E-40DD-BA61-22F654C3C875}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{1587BC1D-538E-40DD-BA61-22F654C3C875}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{1587BC1D-538E-40DD-BA61-22F654C3C875}\InprocServer32]
@="C:\\WINDOWS\\system32\\szlunirl.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{8DEEDAC0-C6A6-4CF5-BF82-96C75AF98694}]
@=""
[HKEY_CLASSES_ROOT\clsid\{8DEEDAC0-C6A6-4CF5-BF82-96C75AF98694}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{8DEEDAC0-C6A6-4CF5-BF82-96C75AF98694}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{8DEEDAC0-C6A6-4CF5-BF82-96C75AF98694}\InprocServer32]
@="C:\\WINDOWS\\system32\\wksdmod.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{3FF1B059-34C7-41FC-B315-DC896B11B251}]
@=""
[HKEY_CLASSES_ROOT\clsid\{3FF1B059-34C7-41FC-B315-DC896B11B251}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{3FF1B059-34C7-41FC-B315-DC896B11B251}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{3FF1B059-34C7-41FC-B315-DC896B11B251}\InprocServer32]
@="C:\\WINDOWS\\system32\\veu8201f.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{9887901C-77D9-4CBD-A972-43903667241F}]
@=""
[HKEY_CLASSES_ROOT\clsid\{9887901C-77D9-4CBD-A972-43903667241F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{9887901C-77D9-4CBD-A972-43903667241F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{9887901C-77D9-4CBD-A972-43903667241F}\InprocServer32]
@="C:\\WINDOWS\\system32\\MJJET35.DLL"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
FILES REMOVED:
C:\WINDOWS\system32\CkdbPlaylist2Sony.dll
C:\WINDOWS\system32\dn0s01d7e.dll
C:\WINDOWS\system32\miprivs.dll
Granting sedebugprivilege to Administrateurs ... successful
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wnsintsv.exe
C:\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\Fichiers communs\Yazzle1396OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1396OinUninstaller.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Inetget2
C:\Program Files\network monitor
C:\Program Files\outlook
C:\Program Files\winupdates
C:\Program Files\Fichiers communs\{3CB8FDC4-0707-1036-0829-050503310021}
C:\Program Files\Fichiers communs\{3CB8FDC4-0708-1036-0829-050503310021}
C:\Program Files\Fichiers communs\{CCB8FDC4-0707-1036-0829-050503310021}
C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310021}
((((((((((((((((((((((((((((((( Files Created from 2006-12-01 to 2007-01-01 ))))))))))))))))))))))))))))))))))
2007-01-01 17:35 <REP> d-------- C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}
2007-01-01 17:07 <REP> d----c--- C:\SDFix
2006-12-30 14:32 <REP> d-------- C:\Program Files\Ipwindows
2006-12-23 18:28 <REP> dr-h----- C:\Documents and Settings\Jujue\Recent
2006-12-19 14:37 <REP> d-------- C:\Program Files\PeDevice
2006-12-19 13:22 <REP> d--h----- C:\Program Files\Fichiers communs\Uninstall Information
2006-12-18 09:27 93,509 --a------ C:\Documents and Settings\Jujue\install.exe
2006-12-17 20:40 36,864 --------- C:\WINDOWS\system32\svchosts.exe
2006-12-17 20:40 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2006-12-17 20:35 0 --a------ C:\WINDOWS\b.exe
2006-12-12 20:20 <REP> d-------- C:\Program Files\CasinoOnNet
2006-12-10 13:29 <REP> d-------- C:\Program Files\Eurobarre
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-01 17:35 -------- d-------- C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}
2007-01-01 17:35 -------- d-------- C:\Program Files\Fichiers communs
2006-12-24 12:22 -------- d-------- C:\Program Files\CVitae
2006-12-20 21:21 -------- d-------- C:\Program Files\eMule
2006-12-20 12:39 -------- d-------- C:\Program Files\Java
2006-12-20 12:36 -------- d-------- C:\Program Files\eBay
2006-12-20 12:27 -------- d-------- C:\Documents and Settings\Jujue\Application Data\WholeSecurity
2006-12-19 23:36 -------- d-------- C:\Program Files\Common Files
2006-12-18 17:13 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-12-18 09:51 -------- d-------- C:\Program Files\LimeWire
2006-11-26 15:09 -------- d-------- C:\Program Files\SourceTec
2006-11-26 14:44 -------- d-------- C:\Program Files\iTunes
2006-11-26 14:44 -------- d-------- C:\Program Files\iPod
2006-11-26 14:13 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-26 14:11 -------- d-------- C:\Program Files\AviSynth 2.5
2006-11-24 12:57 -------- d-------- C:\Program Files\Google
2006-11-21 12:50 -------- d-------- C:\Program Files\eChanblard
2006-11-13 22:54 319488 --a------ C:\WINDOWS\system32\rlls.dll
2006-11-13 22:54 1441792 --a------ C:\WINDOWS\system32\rlvknlg.exe
2006-11-11 18:56 -------- d-------- C:\Documents and Settings\Jujue\Application Data\Apple Computer
2006-11-11 12:49 -------- d-------- C:\Program Files\Cucusoft
2006-11-08 14:28 -------- d-------- C:\Program Files\QuickTime
2006-10-02 11:52 49152 -ra------ C:\WINDOWS\system32\inetwh32.dll
2006-10-02 11:52 1044480 -ra------ C:\WINDOWS\system32\roboex32.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"kukr"="C:\\PROGRA~1\\FICHIE~1\\kukr\\kukrm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"RMC"="C:\\WINDOWS\\system32\\drivers\\RMC.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"PCMService"="\"c:\\Apps\\Powercinema\\PCMService.exe\""
"AVGCtrl"="\"C:\\Program Files\\AVPersonal\\AVGNT.EXE\" /min"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"Club-Internet_McciTrayApp"="C:\\Program Files\\Club-Internet\\Agent Wi-Fi V2\\McciTrayApp.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"VVSN"="C:\\Program Files\\VVSN\\VVSN.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"EPSON Stylus DX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE /P26 \"EPSON Stylus DX3800 Series\" /O6 \"USB001\" /M \"Stylus DX3800\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"{CCB8FDC4-0708-1036-0829-050503310021}"="\"C:\\Program Files\\Fichiers communs\\{CCB8FDC4-0708-1036-0829-050503310021}\\Update.exe\" mc-110-12-0000137"
"{CCB8FDC4-0707-1036-0829-050503310021}"="\"C:\\Program Files\\Fichiers communs\\{CCB8FDC4-0707-1036-0829-050503310021}\\Update.exe\" mc-110-12-0000137"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe"
"Nfo"="C:\\WINDOWS\\system32\\nfomon\\nfomon.exe"
"vidmon"="C:\\WINDOWS\\system32\\vidmon\\vidmon.exe"
"{CCB8FDC4-0708-1036-0829-050503310001}"="\"C:\\Program Files\\Fichiers communs\\{CCB8FDC4-0708-1036-0829-050503310001}\\Update.exe\" mc-110-12-0000137"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,c0
"OriginalStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,\
00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Device Detector"="DevDetect.exe -autorun"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqu8201b]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049be5b.dll,n 002820190000000a049be5b"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\squ8201c]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049be0d.dll,n 0028201a0000000a049be0d"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tqu8201d]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049bff1.dll,n 0028201b0000000a049bff1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uqu8201e]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049bdfd.dll,n 0028201c0000000a049bdfd"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vqu8201f]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049c08d.dll,n 0028201d0000000a049c08d"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=dword:00000003
"SNDSrvc"=dword:00000003
"ccSetMgr"=dword:00000002
"ccPwdSvc"=dword:00000003
"ccProxy"=dword:00000002
"ccEvtMgr"=dword:00000002
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 07-01-01 17:36:21.46
C:\ComboFix.txt ... 07-01-01 17:36
Rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 17:38:38, on 01/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\drivers\RMC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
c:\windows\system32\rlvknlg.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\Jujue\Mes documents\Programmes d'installation\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8E984E7F-8E99-A14A-CFFC-F4FA4DDE6CC4} - C:\WINDOWS\system32\erwl.dll (file missing)
O2 - BHO: (no name) - {8F984E7E-8E9A-D74E-CFF9-82FA39AE6CC6} - (no file)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3CB8F~1\Bar888.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3CB8F~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{CCB8FDC4-0708-1036-0829-050503310021}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [{CCB8FDC4-0707-1036-0829-050503310021}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0707-1036-0829-050503310021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [{CCB8FDC4-0708-1036-0829-050503310001}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}\Update.exe" mc-110-12-0000137
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [kukr] C:\PROGRA~1\FICHIE~1\kukr\kukrm.exe
O4 - Global Startup: Docteur Club Internet.lnk.disabled
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
Rapport SDfix:
SDFix: Version 1.53
****************
01/01/2007 - 17:25:12,35
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Jujue\Bureau\SDFix\SDFix
Stage One - Safe Mode
Checking Services...
Service Name:
File Path:
Starting Registry Repairs...
Restoring Default Hosts File...
Stage One Complete
Rebooting...
Stage Two - Normal Mode
Checking For Malware:
--------------------
C:\SETUP.EXE
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\TASKMGR.EXE
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\taskmgr.exe
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\svchost.exe
C:\WINDOWS\drsmartload2.dat
C:\t.rar
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\WINDOWS\system32\svchosts.exe
Backing Up and Removing any Files Found...
Alternate Stream Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule"
"c:\\windows\\system32\\rk.exe"="c:\\windows\\system32\\rk.exe:*:Enabled:rk.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os435.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os435.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os4.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os4.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os28.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os28.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os36.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os36.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os38.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os38.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os6E.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os6E.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os70.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os70.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os72.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os72.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os48.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os48.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"c:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os3.tmp\\ossproxy.exe"="c:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os3.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os4C.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os4C.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"c:\\windows\\system32\\rlvknlg.exe"="c:\\windows\\system32\\rlvknlg.exe:*:Enabled:rlvknlg.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
Remaining Files:
---------------
C:\WINDOWS\system32\svchosts.exe
Backups Folder: - C:\DOCUME~1\Jujue\Bureau\SDFix\SDFix\backups\backups.zip
Checking for files with Hidden Attributes:
C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll
C:\WINDOWS\system32\asycfilt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\mfc42loc.dll
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msvcrt20.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\vbajet32.dll
C:\Program Files\AOL 9.0\aolphx.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL 9.0\RBM.exe
C:\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\Fichiers communs\Yazzle1396OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1396OinUninstaller.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\Jujue\Application Data\Microsoft\ModŠles\~WRL0003.tmp
C:\Documents and Settings\Jujue\Application Data\Microsoft\ModŠles\~WRL0005.tmp
FINISHED!
J'ai donc fait tout ce que vous m'avez dit et voici les 3 rapports.
rapport combofix:
Jujue - 07-01-01 17:33:30,18 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Jujue\Bureau"
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\clsid\{D7E4582D-6EAA-4012-8040-248AACDD7771}]
@=""
[HKEY_CLASSES_ROOT\clsid\{D7E4582D-6EAA-4012-8040-248AACDD7771}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{D7E4582D-6EAA-4012-8040-248AACDD7771}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{D7E4582D-6EAA-4012-8040-248AACDD7771}\InprocServer32]
@="C:\\WINDOWS\\system32\\CkdbPlaylist2Sony.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{9310FA17-7CB9-4701-A1DB-66B7190E81EA}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{9310FA17-7CB9-4701-A1DB-66B7190E81EA}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{9310FA17-7CB9-4701-A1DB-66B7190E81EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{9310FA17-7CB9-4701-A1DB-66B7190E81EA}\InprocServer32]
@="C:\\WINDOWS\\system32\\iympagnt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{C814B355-3CAF-4F37-A069-6B0B47EA839D}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{C814B355-3CAF-4F37-A069-6B0B47EA839D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{C814B355-3CAF-4F37-A069-6B0B47EA839D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{C814B355-3CAF-4F37-A069-6B0B47EA839D}\InprocServer32]
@="C:\\WINDOWS\\system32\\iympagnt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{1A10E6B8-AEA4-43CC-A922-E63BBC204BD4}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{1A10E6B8-AEA4-43CC-A922-E63BBC204BD4}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{1A10E6B8-AEA4-43CC-A922-E63BBC204BD4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{1A10E6B8-AEA4-43CC-A922-E63BBC204BD4}\InprocServer32]
@="C:\\WINDOWS\\system32\\iympagnt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{16E15287-42E3-4806-8DEA-A1C569107E7A}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{16E15287-42E3-4806-8DEA-A1C569107E7A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{16E15287-42E3-4806-8DEA-A1C569107E7A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{16E15287-42E3-4806-8DEA-A1C569107E7A}\InprocServer32]
@="C:\\WINDOWS\\system32\\iympagnt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{4C593118-8BDB-431D-81F7-F9F45E414DCC}]
@=""
[HKEY_CLASSES_ROOT\clsid\{4C593118-8BDB-431D-81F7-F9F45E414DCC}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{4C593118-8BDB-431D-81F7-F9F45E414DCC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{4C593118-8BDB-431D-81F7-F9F45E414DCC}\InprocServer32]
@="C:\\WINDOWS\\system32\\miprivs.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{984B2882-12FD-4AF4-ADDB-69834907B35A}]
@=""
[HKEY_CLASSES_ROOT\clsid\{984B2882-12FD-4AF4-ADDB-69834907B35A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{984B2882-12FD-4AF4-ADDB-69834907B35A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{984B2882-12FD-4AF4-ADDB-69834907B35A}\InprocServer32]
@="C:\\WINDOWS\\system32\\oseacc.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{D0F8E172-8E85-4929-9769-AA3B7264D10A}]
@=""
[HKEY_CLASSES_ROOT\clsid\{D0F8E172-8E85-4929-9769-AA3B7264D10A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{D0F8E172-8E85-4929-9769-AA3B7264D10A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{D0F8E172-8E85-4929-9769-AA3B7264D10A}\InprocServer32]
@="C:\\WINDOWS\\system32\\dtsshlex.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{1587BC1D-538E-40DD-BA61-22F654C3C875}]
@=""
[HKEY_CLASSES_ROOT\clsid\{1587BC1D-538E-40DD-BA61-22F654C3C875}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{1587BC1D-538E-40DD-BA61-22F654C3C875}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{1587BC1D-538E-40DD-BA61-22F654C3C875}\InprocServer32]
@="C:\\WINDOWS\\system32\\szlunirl.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{8DEEDAC0-C6A6-4CF5-BF82-96C75AF98694}]
@=""
[HKEY_CLASSES_ROOT\clsid\{8DEEDAC0-C6A6-4CF5-BF82-96C75AF98694}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{8DEEDAC0-C6A6-4CF5-BF82-96C75AF98694}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{8DEEDAC0-C6A6-4CF5-BF82-96C75AF98694}\InprocServer32]
@="C:\\WINDOWS\\system32\\wksdmod.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{3FF1B059-34C7-41FC-B315-DC896B11B251}]
@=""
[HKEY_CLASSES_ROOT\clsid\{3FF1B059-34C7-41FC-B315-DC896B11B251}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{3FF1B059-34C7-41FC-B315-DC896B11B251}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{3FF1B059-34C7-41FC-B315-DC896B11B251}\InprocServer32]
@="C:\\WINDOWS\\system32\\veu8201f.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{9887901C-77D9-4CBD-A972-43903667241F}]
@=""
[HKEY_CLASSES_ROOT\clsid\{9887901C-77D9-4CBD-A972-43903667241F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{9887901C-77D9-4CBD-A972-43903667241F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{9887901C-77D9-4CBD-A972-43903667241F}\InprocServer32]
@="C:\\WINDOWS\\system32\\MJJET35.DLL"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
FILES REMOVED:
C:\WINDOWS\system32\CkdbPlaylist2Sony.dll
C:\WINDOWS\system32\dn0s01d7e.dll
C:\WINDOWS\system32\miprivs.dll
Granting sedebugprivilege to Administrateurs ... successful
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wnsintsv.exe
C:\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\Fichiers communs\Yazzle1396OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1396OinUninstaller.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Inetget2
C:\Program Files\network monitor
C:\Program Files\outlook
C:\Program Files\winupdates
C:\Program Files\Fichiers communs\{3CB8FDC4-0707-1036-0829-050503310021}
C:\Program Files\Fichiers communs\{3CB8FDC4-0708-1036-0829-050503310021}
C:\Program Files\Fichiers communs\{CCB8FDC4-0707-1036-0829-050503310021}
C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310021}
((((((((((((((((((((((((((((((( Files Created from 2006-12-01 to 2007-01-01 ))))))))))))))))))))))))))))))))))
2007-01-01 17:35 <REP> d-------- C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}
2007-01-01 17:07 <REP> d----c--- C:\SDFix
2006-12-30 14:32 <REP> d-------- C:\Program Files\Ipwindows
2006-12-23 18:28 <REP> dr-h----- C:\Documents and Settings\Jujue\Recent
2006-12-19 14:37 <REP> d-------- C:\Program Files\PeDevice
2006-12-19 13:22 <REP> d--h----- C:\Program Files\Fichiers communs\Uninstall Information
2006-12-18 09:27 93,509 --a------ C:\Documents and Settings\Jujue\install.exe
2006-12-17 20:40 36,864 --------- C:\WINDOWS\system32\svchosts.exe
2006-12-17 20:40 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2006-12-17 20:35 0 --a------ C:\WINDOWS\b.exe
2006-12-12 20:20 <REP> d-------- C:\Program Files\CasinoOnNet
2006-12-10 13:29 <REP> d-------- C:\Program Files\Eurobarre
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-01 17:35 -------- d-------- C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}
2007-01-01 17:35 -------- d-------- C:\Program Files\Fichiers communs
2006-12-24 12:22 -------- d-------- C:\Program Files\CVitae
2006-12-20 21:21 -------- d-------- C:\Program Files\eMule
2006-12-20 12:39 -------- d-------- C:\Program Files\Java
2006-12-20 12:36 -------- d-------- C:\Program Files\eBay
2006-12-20 12:27 -------- d-------- C:\Documents and Settings\Jujue\Application Data\WholeSecurity
2006-12-19 23:36 -------- d-------- C:\Program Files\Common Files
2006-12-18 17:13 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-12-18 09:51 -------- d-------- C:\Program Files\LimeWire
2006-11-26 15:09 -------- d-------- C:\Program Files\SourceTec
2006-11-26 14:44 -------- d-------- C:\Program Files\iTunes
2006-11-26 14:44 -------- d-------- C:\Program Files\iPod
2006-11-26 14:13 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-26 14:11 -------- d-------- C:\Program Files\AviSynth 2.5
2006-11-24 12:57 -------- d-------- C:\Program Files\Google
2006-11-21 12:50 -------- d-------- C:\Program Files\eChanblard
2006-11-13 22:54 319488 --a------ C:\WINDOWS\system32\rlls.dll
2006-11-13 22:54 1441792 --a------ C:\WINDOWS\system32\rlvknlg.exe
2006-11-11 18:56 -------- d-------- C:\Documents and Settings\Jujue\Application Data\Apple Computer
2006-11-11 12:49 -------- d-------- C:\Program Files\Cucusoft
2006-11-08 14:28 -------- d-------- C:\Program Files\QuickTime
2006-10-02 11:52 49152 -ra------ C:\WINDOWS\system32\inetwh32.dll
2006-10-02 11:52 1044480 -ra------ C:\WINDOWS\system32\roboex32.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"kukr"="C:\\PROGRA~1\\FICHIE~1\\kukr\\kukrm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"RMC"="C:\\WINDOWS\\system32\\drivers\\RMC.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"PCMService"="\"c:\\Apps\\Powercinema\\PCMService.exe\""
"AVGCtrl"="\"C:\\Program Files\\AVPersonal\\AVGNT.EXE\" /min"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"Club-Internet_McciTrayApp"="C:\\Program Files\\Club-Internet\\Agent Wi-Fi V2\\McciTrayApp.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"VVSN"="C:\\Program Files\\VVSN\\VVSN.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"EPSON Stylus DX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE /P26 \"EPSON Stylus DX3800 Series\" /O6 \"USB001\" /M \"Stylus DX3800\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"{CCB8FDC4-0708-1036-0829-050503310021}"="\"C:\\Program Files\\Fichiers communs\\{CCB8FDC4-0708-1036-0829-050503310021}\\Update.exe\" mc-110-12-0000137"
"{CCB8FDC4-0707-1036-0829-050503310021}"="\"C:\\Program Files\\Fichiers communs\\{CCB8FDC4-0707-1036-0829-050503310021}\\Update.exe\" mc-110-12-0000137"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe"
"Nfo"="C:\\WINDOWS\\system32\\nfomon\\nfomon.exe"
"vidmon"="C:\\WINDOWS\\system32\\vidmon\\vidmon.exe"
"{CCB8FDC4-0708-1036-0829-050503310001}"="\"C:\\Program Files\\Fichiers communs\\{CCB8FDC4-0708-1036-0829-050503310001}\\Update.exe\" mc-110-12-0000137"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,c0
"OriginalStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,\
00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Device Detector"="DevDetect.exe -autorun"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqu8201b]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049be5b.dll,n 002820190000000a049be5b"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\squ8201c]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049be0d.dll,n 0028201a0000000a049be0d"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tqu8201d]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049bff1.dll,n 0028201b0000000a049bff1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uqu8201e]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049bdfd.dll,n 0028201c0000000a049bdfd"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vqu8201f]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049c08d.dll,n 0028201d0000000a049c08d"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=dword:00000003
"SNDSrvc"=dword:00000003
"ccSetMgr"=dword:00000002
"ccPwdSvc"=dword:00000003
"ccProxy"=dword:00000002
"ccEvtMgr"=dword:00000002
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 07-01-01 17:36:21.46
C:\ComboFix.txt ... 07-01-01 17:36
Rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 17:38:38, on 01/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\drivers\RMC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
c:\windows\system32\rlvknlg.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\Jujue\Mes documents\Programmes d'installation\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8E984E7F-8E99-A14A-CFFC-F4FA4DDE6CC4} - C:\WINDOWS\system32\erwl.dll (file missing)
O2 - BHO: (no name) - {8F984E7E-8E9A-D74E-CFF9-82FA39AE6CC6} - (no file)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3CB8F~1\Bar888.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3CB8F~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{CCB8FDC4-0708-1036-0829-050503310021}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [{CCB8FDC4-0707-1036-0829-050503310021}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0707-1036-0829-050503310021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [{CCB8FDC4-0708-1036-0829-050503310001}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}\Update.exe" mc-110-12-0000137
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [kukr] C:\PROGRA~1\FICHIE~1\kukr\kukrm.exe
O4 - Global Startup: Docteur Club Internet.lnk.disabled
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
Rapport SDfix:
SDFix: Version 1.53
****************
01/01/2007 - 17:25:12,35
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Jujue\Bureau\SDFix\SDFix
Stage One - Safe Mode
Checking Services...
Service Name:
File Path:
Starting Registry Repairs...
Restoring Default Hosts File...
Stage One Complete
Rebooting...
Stage Two - Normal Mode
Checking For Malware:
--------------------
C:\SETUP.EXE
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\TASKMGR.EXE
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\taskmgr.exe
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\svchost.exe
C:\WINDOWS\drsmartload2.dat
C:\t.rar
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\WINDOWS\system32\svchosts.exe
Backing Up and Removing any Files Found...
Alternate Stream Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule"
"c:\\windows\\system32\\rk.exe"="c:\\windows\\system32\\rk.exe:*:Enabled:rk.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os435.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os435.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os4.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os4.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os28.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os28.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os36.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os36.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os38.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os38.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os6E.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os6E.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os70.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os70.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os72.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os72.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os48.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os48.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"c:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os3.tmp\\ossproxy.exe"="c:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os3.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os4C.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os4C.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"c:\\windows\\system32\\rlvknlg.exe"="c:\\windows\\system32\\rlvknlg.exe:*:Enabled:rlvknlg.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
Remaining Files:
---------------
C:\WINDOWS\system32\svchosts.exe
Backups Folder: - C:\DOCUME~1\Jujue\Bureau\SDFix\SDFix\backups\backups.zip
Checking for files with Hidden Attributes:
C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll
C:\WINDOWS\system32\asycfilt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\mfc42loc.dll
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msvcrt20.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\vbajet32.dll
C:\Program Files\AOL 9.0\aolphx.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL 9.0\RBM.exe
C:\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\Fichiers communs\Yazzle1396OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1396OinUninstaller.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\Jujue\Application Data\Microsoft\ModŠles\~WRL0003.tmp
C:\Documents and Settings\Jujue\Application Data\Microsoft\ModŠles\~WRL0005.tmp
FINISHED!
Bonjour merci pour votre reponse.
J'ai donc fait tout ce que vous m'avez dit et voici les 3 rapports.
rapport combofix:
Jujue - 07-01-01 17:33:30,18 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Jujue\Bureau"
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\clsid\{D7E4582D-6EAA-4012-8040-248AACDD7771}]
@=""
[HKEY_CLASSES_ROOT\clsid\{D7E4582D-6EAA-4012-8040-248AACDD7771}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{D7E4582D-6EAA-4012-8040-248AACDD7771}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{D7E4582D-6EAA-4012-8040-248AACDD7771}\InprocServer32]
@="C:\\WINDOWS\\system32\\CkdbPlaylist2Sony.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{9310FA17-7CB9-4701-A1DB-66B7190E81EA}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{9310FA17-7CB9-4701-A1DB-66B7190E81EA}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{9310FA17-7CB9-4701-A1DB-66B7190E81EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{9310FA17-7CB9-4701-A1DB-66B7190E81EA}\InprocServer32]
@="C:\\WINDOWS\\system32\\iympagnt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{C814B355-3CAF-4F37-A069-6B0B47EA839D}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{C814B355-3CAF-4F37-A069-6B0B47EA839D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{C814B355-3CAF-4F37-A069-6B0B47EA839D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{C814B355-3CAF-4F37-A069-6B0B47EA839D}\InprocServer32]
@="C:\\WINDOWS\\system32\\iympagnt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{1A10E6B8-AEA4-43CC-A922-E63BBC204BD4}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{1A10E6B8-AEA4-43CC-A922-E63BBC204BD4}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{1A10E6B8-AEA4-43CC-A922-E63BBC204BD4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{1A10E6B8-AEA4-43CC-A922-E63BBC204BD4}\InprocServer32]
@="C:\\WINDOWS\\system32\\iympagnt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{16E15287-42E3-4806-8DEA-A1C569107E7A}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{16E15287-42E3-4806-8DEA-A1C569107E7A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{16E15287-42E3-4806-8DEA-A1C569107E7A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{16E15287-42E3-4806-8DEA-A1C569107E7A}\InprocServer32]
@="C:\\WINDOWS\\system32\\iympagnt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{4C593118-8BDB-431D-81F7-F9F45E414DCC}]
@=""
[HKEY_CLASSES_ROOT\clsid\{4C593118-8BDB-431D-81F7-F9F45E414DCC}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{4C593118-8BDB-431D-81F7-F9F45E414DCC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{4C593118-8BDB-431D-81F7-F9F45E414DCC}\InprocServer32]
@="C:\\WINDOWS\\system32\\miprivs.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{984B2882-12FD-4AF4-ADDB-69834907B35A}]
@=""
[HKEY_CLASSES_ROOT\clsid\{984B2882-12FD-4AF4-ADDB-69834907B35A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{984B2882-12FD-4AF4-ADDB-69834907B35A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{984B2882-12FD-4AF4-ADDB-69834907B35A}\InprocServer32]
@="C:\\WINDOWS\\system32\\oseacc.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{D0F8E172-8E85-4929-9769-AA3B7264D10A}]
@=""
[HKEY_CLASSES_ROOT\clsid\{D0F8E172-8E85-4929-9769-AA3B7264D10A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{D0F8E172-8E85-4929-9769-AA3B7264D10A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{D0F8E172-8E85-4929-9769-AA3B7264D10A}\InprocServer32]
@="C:\\WINDOWS\\system32\\dtsshlex.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{1587BC1D-538E-40DD-BA61-22F654C3C875}]
@=""
[HKEY_CLASSES_ROOT\clsid\{1587BC1D-538E-40DD-BA61-22F654C3C875}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{1587BC1D-538E-40DD-BA61-22F654C3C875}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{1587BC1D-538E-40DD-BA61-22F654C3C875}\InprocServer32]
@="C:\\WINDOWS\\system32\\szlunirl.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{8DEEDAC0-C6A6-4CF5-BF82-96C75AF98694}]
@=""
[HKEY_CLASSES_ROOT\clsid\{8DEEDAC0-C6A6-4CF5-BF82-96C75AF98694}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{8DEEDAC0-C6A6-4CF5-BF82-96C75AF98694}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{8DEEDAC0-C6A6-4CF5-BF82-96C75AF98694}\InprocServer32]
@="C:\\WINDOWS\\system32\\wksdmod.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{3FF1B059-34C7-41FC-B315-DC896B11B251}]
@=""
[HKEY_CLASSES_ROOT\clsid\{3FF1B059-34C7-41FC-B315-DC896B11B251}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{3FF1B059-34C7-41FC-B315-DC896B11B251}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{3FF1B059-34C7-41FC-B315-DC896B11B251}\InprocServer32]
@="C:\\WINDOWS\\system32\\veu8201f.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{9887901C-77D9-4CBD-A972-43903667241F}]
@=""
[HKEY_CLASSES_ROOT\clsid\{9887901C-77D9-4CBD-A972-43903667241F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{9887901C-77D9-4CBD-A972-43903667241F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{9887901C-77D9-4CBD-A972-43903667241F}\InprocServer32]
@="C:\\WINDOWS\\system32\\MJJET35.DLL"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
FILES REMOVED:
C:\WINDOWS\system32\CkdbPlaylist2Sony.dll
C:\WINDOWS\system32\dn0s01d7e.dll
C:\WINDOWS\system32\miprivs.dll
Granting sedebugprivilege to Administrateurs ... successful
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wnsintsv.exe
C:\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\Fichiers communs\Yazzle1396OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1396OinUninstaller.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Inetget2
C:\Program Files\network monitor
C:\Program Files\outlook
C:\Program Files\winupdates
C:\Program Files\Fichiers communs\{3CB8FDC4-0707-1036-0829-050503310021}
C:\Program Files\Fichiers communs\{3CB8FDC4-0708-1036-0829-050503310021}
C:\Program Files\Fichiers communs\{CCB8FDC4-0707-1036-0829-050503310021}
C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310021}
((((((((((((((((((((((((((((((( Files Created from 2006-12-01 to 2007-01-01 ))))))))))))))))))))))))))))))))))
2007-01-01 17:35 <REP> d-------- C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}
2007-01-01 17:07 <REP> d----c--- C:\SDFix
2006-12-30 14:32 <REP> d-------- C:\Program Files\Ipwindows
2006-12-23 18:28 <REP> dr-h----- C:\Documents and Settings\Jujue\Recent
2006-12-19 14:37 <REP> d-------- C:\Program Files\PeDevice
2006-12-19 13:22 <REP> d--h----- C:\Program Files\Fichiers communs\Uninstall Information
2006-12-18 09:27 93,509 --a------ C:\Documents and Settings\Jujue\install.exe
2006-12-17 20:40 36,864 --------- C:\WINDOWS\system32\svchosts.exe
2006-12-17 20:40 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2006-12-17 20:35 0 --a------ C:\WINDOWS\b.exe
2006-12-12 20:20 <REP> d-------- C:\Program Files\CasinoOnNet
2006-12-10 13:29 <REP> d-------- C:\Program Files\Eurobarre
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-01 17:35 -------- d-------- C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}
2007-01-01 17:35 -------- d-------- C:\Program Files\Fichiers communs
2006-12-24 12:22 -------- d-------- C:\Program Files\CVitae
2006-12-20 21:21 -------- d-------- C:\Program Files\eMule
2006-12-20 12:39 -------- d-------- C:\Program Files\Java
2006-12-20 12:36 -------- d-------- C:\Program Files\eBay
2006-12-20 12:27 -------- d-------- C:\Documents and Settings\Jujue\Application Data\WholeSecurity
2006-12-19 23:36 -------- d-------- C:\Program Files\Common Files
2006-12-18 17:13 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-12-18 09:51 -------- d-------- C:\Program Files\LimeWire
2006-11-26 15:09 -------- d-------- C:\Program Files\SourceTec
2006-11-26 14:44 -------- d-------- C:\Program Files\iTunes
2006-11-26 14:44 -------- d-------- C:\Program Files\iPod
2006-11-26 14:13 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-26 14:11 -------- d-------- C:\Program Files\AviSynth 2.5
2006-11-24 12:57 -------- d-------- C:\Program Files\Google
2006-11-21 12:50 -------- d-------- C:\Program Files\eChanblard
2006-11-13 22:54 319488 --a------ C:\WINDOWS\system32\rlls.dll
2006-11-13 22:54 1441792 --a------ C:\WINDOWS\system32\rlvknlg.exe
2006-11-11 18:56 -------- d-------- C:\Documents and Settings\Jujue\Application Data\Apple Computer
2006-11-11 12:49 -------- d-------- C:\Program Files\Cucusoft
2006-11-08 14:28 -------- d-------- C:\Program Files\QuickTime
2006-10-02 11:52 49152 -ra------ C:\WINDOWS\system32\inetwh32.dll
2006-10-02 11:52 1044480 -ra------ C:\WINDOWS\system32\roboex32.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"kukr"="C:\\PROGRA~1\\FICHIE~1\\kukr\\kukrm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"RMC"="C:\\WINDOWS\\system32\\drivers\\RMC.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"PCMService"="\"c:\\Apps\\Powercinema\\PCMService.exe\""
"AVGCtrl"="\"C:\\Program Files\\AVPersonal\\AVGNT.EXE\" /min"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"Club-Internet_McciTrayApp"="C:\\Program Files\\Club-Internet\\Agent Wi-Fi V2\\McciTrayApp.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"VVSN"="C:\\Program Files\\VVSN\\VVSN.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"EPSON Stylus DX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE /P26 \"EPSON Stylus DX3800 Series\" /O6 \"USB001\" /M \"Stylus DX3800\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"{CCB8FDC4-0708-1036-0829-050503310021}"="\"C:\\Program Files\\Fichiers communs\\{CCB8FDC4-0708-1036-0829-050503310021}\\Update.exe\" mc-110-12-0000137"
"{CCB8FDC4-0707-1036-0829-050503310021}"="\"C:\\Program Files\\Fichiers communs\\{CCB8FDC4-0707-1036-0829-050503310021}\\Update.exe\" mc-110-12-0000137"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe"
"Nfo"="C:\\WINDOWS\\system32\\nfomon\\nfomon.exe"
"vidmon"="C:\\WINDOWS\\system32\\vidmon\\vidmon.exe"
"{CCB8FDC4-0708-1036-0829-050503310001}"="\"C:\\Program Files\\Fichiers communs\\{CCB8FDC4-0708-1036-0829-050503310001}\\Update.exe\" mc-110-12-0000137"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,c0
"OriginalStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,\
00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Device Detector"="DevDetect.exe -autorun"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqu8201b]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049be5b.dll,n 002820190000000a049be5b"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\squ8201c]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049be0d.dll,n 0028201a0000000a049be0d"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tqu8201d]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049bff1.dll,n 0028201b0000000a049bff1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uqu8201e]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049bdfd.dll,n 0028201c0000000a049bdfd"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vqu8201f]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049c08d.dll,n 0028201d0000000a049c08d"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=dword:00000003
"SNDSrvc"=dword:00000003
"ccSetMgr"=dword:00000002
"ccPwdSvc"=dword:00000003
"ccProxy"=dword:00000002
"ccEvtMgr"=dword:00000002
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 07-01-01 17:36:21.46
C:\ComboFix.txt ... 07-01-01 17:36
Rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 17:38:38, on 01/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\drivers\RMC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
c:\windows\system32\rlvknlg.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\Jujue\Mes documents\Programmes d'installation\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8E984E7F-8E99-A14A-CFFC-F4FA4DDE6CC4} - C:\WINDOWS\system32\erwl.dll (file missing)
O2 - BHO: (no name) - {8F984E7E-8E9A-D74E-CFF9-82FA39AE6CC6} - (no file)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3CB8F~1\Bar888.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3CB8F~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{CCB8FDC4-0708-1036-0829-050503310021}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [{CCB8FDC4-0707-1036-0829-050503310021}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0707-1036-0829-050503310021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [{CCB8FDC4-0708-1036-0829-050503310001}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}\Update.exe" mc-110-12-0000137
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [kukr] C:\PROGRA~1\FICHIE~1\kukr\kukrm.exe
O4 - Global Startup: Docteur Club Internet.lnk.disabled
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
Rapport SDfix:
SDFix: Version 1.53
****************
01/01/2007 - 17:25:12,35
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Jujue\Bureau\SDFix\SDFix
Stage One - Safe Mode
Checking Services...
Service Name:
File Path:
Starting Registry Repairs...
Restoring Default Hosts File...
Stage One Complete
Rebooting...
Stage Two - Normal Mode
Checking For Malware:
--------------------
C:\SETUP.EXE
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\TASKMGR.EXE
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\taskmgr.exe
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\svchost.exe
C:\WINDOWS\drsmartload2.dat
C:\t.rar
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\WINDOWS\system32\svchosts.exe
Backing Up and Removing any Files Found...
Alternate Stream Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule"
"c:\\windows\\system32\\rk.exe"="c:\\windows\\system32\\rk.exe:*:Enabled:rk.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os435.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os435.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os4.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os4.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os28.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os28.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os36.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os36.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os38.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os38.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os6E.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os6E.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os70.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os70.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os72.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os72.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os48.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os48.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"c:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os3.tmp\\ossproxy.exe"="c:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os3.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os4C.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os4C.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"c:\\windows\\system32\\rlvknlg.exe"="c:\\windows\\system32\\rlvknlg.exe:*:Enabled:rlvknlg.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
Remaining Files:
---------------
C:\WINDOWS\system32\svchosts.exe
Backups Folder: - C:\DOCUME~1\Jujue\Bureau\SDFix\SDFix\backups\backups.zip
Checking for files with Hidden Attributes:
C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll
C:\WINDOWS\system32\asycfilt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\mfc42loc.dll
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msvcrt20.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\vbajet32.dll
C:\Program Files\AOL 9.0\aolphx.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL 9.0\RBM.exe
C:\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\Fichiers communs\Yazzle1396OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1396OinUninstaller.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\Jujue\Application Data\Microsoft\ModŠles\~WRL0003.tmp
C:\Documents and Settings\Jujue\Application Data\Microsoft\ModŠles\~WRL0005.tmp
FINISHED!
J'ai donc fait tout ce que vous m'avez dit et voici les 3 rapports.
rapport combofix:
Jujue - 07-01-01 17:33:30,18 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Jujue\Bureau"
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\clsid\{D7E4582D-6EAA-4012-8040-248AACDD7771}]
@=""
[HKEY_CLASSES_ROOT\clsid\{D7E4582D-6EAA-4012-8040-248AACDD7771}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{D7E4582D-6EAA-4012-8040-248AACDD7771}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{D7E4582D-6EAA-4012-8040-248AACDD7771}\InprocServer32]
@="C:\\WINDOWS\\system32\\CkdbPlaylist2Sony.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{9310FA17-7CB9-4701-A1DB-66B7190E81EA}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{9310FA17-7CB9-4701-A1DB-66B7190E81EA}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{9310FA17-7CB9-4701-A1DB-66B7190E81EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{9310FA17-7CB9-4701-A1DB-66B7190E81EA}\InprocServer32]
@="C:\\WINDOWS\\system32\\iympagnt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{C814B355-3CAF-4F37-A069-6B0B47EA839D}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{C814B355-3CAF-4F37-A069-6B0B47EA839D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{C814B355-3CAF-4F37-A069-6B0B47EA839D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{C814B355-3CAF-4F37-A069-6B0B47EA839D}\InprocServer32]
@="C:\\WINDOWS\\system32\\iympagnt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{1A10E6B8-AEA4-43CC-A922-E63BBC204BD4}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{1A10E6B8-AEA4-43CC-A922-E63BBC204BD4}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{1A10E6B8-AEA4-43CC-A922-E63BBC204BD4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{1A10E6B8-AEA4-43CC-A922-E63BBC204BD4}\InprocServer32]
@="C:\\WINDOWS\\system32\\iympagnt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{16E15287-42E3-4806-8DEA-A1C569107E7A}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{16E15287-42E3-4806-8DEA-A1C569107E7A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{16E15287-42E3-4806-8DEA-A1C569107E7A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{16E15287-42E3-4806-8DEA-A1C569107E7A}\InprocServer32]
@="C:\\WINDOWS\\system32\\iympagnt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{4C593118-8BDB-431D-81F7-F9F45E414DCC}]
@=""
[HKEY_CLASSES_ROOT\clsid\{4C593118-8BDB-431D-81F7-F9F45E414DCC}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{4C593118-8BDB-431D-81F7-F9F45E414DCC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{4C593118-8BDB-431D-81F7-F9F45E414DCC}\InprocServer32]
@="C:\\WINDOWS\\system32\\miprivs.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{984B2882-12FD-4AF4-ADDB-69834907B35A}]
@=""
[HKEY_CLASSES_ROOT\clsid\{984B2882-12FD-4AF4-ADDB-69834907B35A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{984B2882-12FD-4AF4-ADDB-69834907B35A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{984B2882-12FD-4AF4-ADDB-69834907B35A}\InprocServer32]
@="C:\\WINDOWS\\system32\\oseacc.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{D0F8E172-8E85-4929-9769-AA3B7264D10A}]
@=""
[HKEY_CLASSES_ROOT\clsid\{D0F8E172-8E85-4929-9769-AA3B7264D10A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{D0F8E172-8E85-4929-9769-AA3B7264D10A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{D0F8E172-8E85-4929-9769-AA3B7264D10A}\InprocServer32]
@="C:\\WINDOWS\\system32\\dtsshlex.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{1587BC1D-538E-40DD-BA61-22F654C3C875}]
@=""
[HKEY_CLASSES_ROOT\clsid\{1587BC1D-538E-40DD-BA61-22F654C3C875}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{1587BC1D-538E-40DD-BA61-22F654C3C875}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{1587BC1D-538E-40DD-BA61-22F654C3C875}\InprocServer32]
@="C:\\WINDOWS\\system32\\szlunirl.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{8DEEDAC0-C6A6-4CF5-BF82-96C75AF98694}]
@=""
[HKEY_CLASSES_ROOT\clsid\{8DEEDAC0-C6A6-4CF5-BF82-96C75AF98694}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{8DEEDAC0-C6A6-4CF5-BF82-96C75AF98694}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{8DEEDAC0-C6A6-4CF5-BF82-96C75AF98694}\InprocServer32]
@="C:\\WINDOWS\\system32\\wksdmod.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{3FF1B059-34C7-41FC-B315-DC896B11B251}]
@=""
[HKEY_CLASSES_ROOT\clsid\{3FF1B059-34C7-41FC-B315-DC896B11B251}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{3FF1B059-34C7-41FC-B315-DC896B11B251}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{3FF1B059-34C7-41FC-B315-DC896B11B251}\InprocServer32]
@="C:\\WINDOWS\\system32\\veu8201f.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{9887901C-77D9-4CBD-A972-43903667241F}]
@=""
[HKEY_CLASSES_ROOT\clsid\{9887901C-77D9-4CBD-A972-43903667241F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{9887901C-77D9-4CBD-A972-43903667241F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{9887901C-77D9-4CBD-A972-43903667241F}\InprocServer32]
@="C:\\WINDOWS\\system32\\MJJET35.DLL"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
FILES REMOVED:
C:\WINDOWS\system32\CkdbPlaylist2Sony.dll
C:\WINDOWS\system32\dn0s01d7e.dll
C:\WINDOWS\system32\miprivs.dll
Granting sedebugprivilege to Administrateurs ... successful
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wnsintsv.exe
C:\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\Fichiers communs\Yazzle1396OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1396OinUninstaller.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Inetget2
C:\Program Files\network monitor
C:\Program Files\outlook
C:\Program Files\winupdates
C:\Program Files\Fichiers communs\{3CB8FDC4-0707-1036-0829-050503310021}
C:\Program Files\Fichiers communs\{3CB8FDC4-0708-1036-0829-050503310021}
C:\Program Files\Fichiers communs\{CCB8FDC4-0707-1036-0829-050503310021}
C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310021}
((((((((((((((((((((((((((((((( Files Created from 2006-12-01 to 2007-01-01 ))))))))))))))))))))))))))))))))))
2007-01-01 17:35 <REP> d-------- C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}
2007-01-01 17:07 <REP> d----c--- C:\SDFix
2006-12-30 14:32 <REP> d-------- C:\Program Files\Ipwindows
2006-12-23 18:28 <REP> dr-h----- C:\Documents and Settings\Jujue\Recent
2006-12-19 14:37 <REP> d-------- C:\Program Files\PeDevice
2006-12-19 13:22 <REP> d--h----- C:\Program Files\Fichiers communs\Uninstall Information
2006-12-18 09:27 93,509 --a------ C:\Documents and Settings\Jujue\install.exe
2006-12-17 20:40 36,864 --------- C:\WINDOWS\system32\svchosts.exe
2006-12-17 20:40 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2006-12-17 20:35 0 --a------ C:\WINDOWS\b.exe
2006-12-12 20:20 <REP> d-------- C:\Program Files\CasinoOnNet
2006-12-10 13:29 <REP> d-------- C:\Program Files\Eurobarre
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-01 17:35 -------- d-------- C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}
2007-01-01 17:35 -------- d-------- C:\Program Files\Fichiers communs
2006-12-24 12:22 -------- d-------- C:\Program Files\CVitae
2006-12-20 21:21 -------- d-------- C:\Program Files\eMule
2006-12-20 12:39 -------- d-------- C:\Program Files\Java
2006-12-20 12:36 -------- d-------- C:\Program Files\eBay
2006-12-20 12:27 -------- d-------- C:\Documents and Settings\Jujue\Application Data\WholeSecurity
2006-12-19 23:36 -------- d-------- C:\Program Files\Common Files
2006-12-18 17:13 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-12-18 09:51 -------- d-------- C:\Program Files\LimeWire
2006-11-26 15:09 -------- d-------- C:\Program Files\SourceTec
2006-11-26 14:44 -------- d-------- C:\Program Files\iTunes
2006-11-26 14:44 -------- d-------- C:\Program Files\iPod
2006-11-26 14:13 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-26 14:11 -------- d-------- C:\Program Files\AviSynth 2.5
2006-11-24 12:57 -------- d-------- C:\Program Files\Google
2006-11-21 12:50 -------- d-------- C:\Program Files\eChanblard
2006-11-13 22:54 319488 --a------ C:\WINDOWS\system32\rlls.dll
2006-11-13 22:54 1441792 --a------ C:\WINDOWS\system32\rlvknlg.exe
2006-11-11 18:56 -------- d-------- C:\Documents and Settings\Jujue\Application Data\Apple Computer
2006-11-11 12:49 -------- d-------- C:\Program Files\Cucusoft
2006-11-08 14:28 -------- d-------- C:\Program Files\QuickTime
2006-10-02 11:52 49152 -ra------ C:\WINDOWS\system32\inetwh32.dll
2006-10-02 11:52 1044480 -ra------ C:\WINDOWS\system32\roboex32.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"kukr"="C:\\PROGRA~1\\FICHIE~1\\kukr\\kukrm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"RMC"="C:\\WINDOWS\\system32\\drivers\\RMC.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"PCMService"="\"c:\\Apps\\Powercinema\\PCMService.exe\""
"AVGCtrl"="\"C:\\Program Files\\AVPersonal\\AVGNT.EXE\" /min"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"Club-Internet_McciTrayApp"="C:\\Program Files\\Club-Internet\\Agent Wi-Fi V2\\McciTrayApp.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"VVSN"="C:\\Program Files\\VVSN\\VVSN.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"EPSON Stylus DX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE /P26 \"EPSON Stylus DX3800 Series\" /O6 \"USB001\" /M \"Stylus DX3800\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"{CCB8FDC4-0708-1036-0829-050503310021}"="\"C:\\Program Files\\Fichiers communs\\{CCB8FDC4-0708-1036-0829-050503310021}\\Update.exe\" mc-110-12-0000137"
"{CCB8FDC4-0707-1036-0829-050503310021}"="\"C:\\Program Files\\Fichiers communs\\{CCB8FDC4-0707-1036-0829-050503310021}\\Update.exe\" mc-110-12-0000137"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe"
"Nfo"="C:\\WINDOWS\\system32\\nfomon\\nfomon.exe"
"vidmon"="C:\\WINDOWS\\system32\\vidmon\\vidmon.exe"
"{CCB8FDC4-0708-1036-0829-050503310001}"="\"C:\\Program Files\\Fichiers communs\\{CCB8FDC4-0708-1036-0829-050503310001}\\Update.exe\" mc-110-12-0000137"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,c0
"OriginalStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,\
00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Device Detector"="DevDetect.exe -autorun"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqu8201b]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049be5b.dll,n 002820190000000a049be5b"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\squ8201c]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049be0d.dll,n 0028201a0000000a049be0d"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tqu8201d]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049bff1.dll,n 0028201b0000000a049bff1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uqu8201e]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049bdfd.dll,n 0028201c0000000a049bdfd"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vqu8201f]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w049c08d.dll,n 0028201d0000000a049c08d"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=dword:00000003
"SNDSrvc"=dword:00000003
"ccSetMgr"=dword:00000002
"ccPwdSvc"=dword:00000003
"ccProxy"=dword:00000002
"ccEvtMgr"=dword:00000002
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 07-01-01 17:36:21.46
C:\ComboFix.txt ... 07-01-01 17:36
Rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 17:38:38, on 01/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\drivers\RMC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
c:\windows\system32\rlvknlg.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\Jujue\Mes documents\Programmes d'installation\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8E984E7F-8E99-A14A-CFFC-F4FA4DDE6CC4} - C:\WINDOWS\system32\erwl.dll (file missing)
O2 - BHO: (no name) - {8F984E7E-8E9A-D74E-CFF9-82FA39AE6CC6} - (no file)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3CB8F~1\Bar888.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3CB8F~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{CCB8FDC4-0708-1036-0829-050503310021}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [{CCB8FDC4-0707-1036-0829-050503310021}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0707-1036-0829-050503310021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [{CCB8FDC4-0708-1036-0829-050503310001}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}\Update.exe" mc-110-12-0000137
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [kukr] C:\PROGRA~1\FICHIE~1\kukr\kukrm.exe
O4 - Global Startup: Docteur Club Internet.lnk.disabled
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
Rapport SDfix:
SDFix: Version 1.53
****************
01/01/2007 - 17:25:12,35
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Jujue\Bureau\SDFix\SDFix
Stage One - Safe Mode
Checking Services...
Service Name:
File Path:
Starting Registry Repairs...
Restoring Default Hosts File...
Stage One Complete
Rebooting...
Stage Two - Normal Mode
Checking For Malware:
--------------------
C:\SETUP.EXE
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\TASKMGR.EXE
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\taskmgr.exe
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\svchost.exe
C:\WINDOWS\drsmartload2.dat
C:\t.rar
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\WINDOWS\system32\svchosts.exe
Backing Up and Removing any Files Found...
Alternate Stream Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule"
"c:\\windows\\system32\\rk.exe"="c:\\windows\\system32\\rk.exe:*:Enabled:rk.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os435.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os435.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os4.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os4.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os28.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os28.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os36.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os36.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os38.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os38.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os6E.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os6E.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os70.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os70.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os72.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os72.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os48.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os48.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"c:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os3.tmp\\ossproxy.exe"="c:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os3.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os4C.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Jujue\\Local Settings\\Temp\\~os4C.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"c:\\windows\\system32\\rlvknlg.exe"="c:\\windows\\system32\\rlvknlg.exe:*:Enabled:rlvknlg.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
Remaining Files:
---------------
C:\WINDOWS\system32\svchosts.exe
Backups Folder: - C:\DOCUME~1\Jujue\Bureau\SDFix\SDFix\backups\backups.zip
Checking for files with Hidden Attributes:
C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll
C:\WINDOWS\system32\asycfilt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\mfc42loc.dll
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msvcrt20.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\vbajet32.dll
C:\Program Files\AOL 9.0\aolphx.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL 9.0\RBM.exe
C:\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\Fichiers communs\Yazzle1396OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1396OinUninstaller.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\Jujue\Application Data\Microsoft\ModŠles\~WRL0003.tmp
C:\Documents and Settings\Jujue\Application Data\Microsoft\ModŠles\~WRL0005.tmp
FINISHED!
Re
Du nettoyage a été fait, mais tu en encore multi-infecté.
Désactive le tea-timer de Spybot, cela peut gêner les corrections.
Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer
1 Télécharge
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
AVG Anti-Spyware
https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente
LSPfix
http://www.cexx.org/lspfix.htm
Installes le sur le Bureau
2 Télécharge ceci
http://www.outerinfo.com/OiUninstaller.exe
Sauvegarde le sur le Bureau.
Regarde si tu as ces programmes dans Ajout/suppression de programmes. Désinstalle les si présent.
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
ou d'autres similaires avec Oin ou Outerinfo dedans
Zolero
Tizzletalk
MediaTickets
Cowabanga
Lance OiUninstaller.exe
Entre le code qui apparait.
Clique sur Uninstall.
Clique sur OK ensuite.
3 Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 1 minute". Clique OK
* Il se relancera après la minute, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
#Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
4 Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuye sur Entrée.
5 Relance un scan HijackThis et coche les lignes ci-dessous :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8E984E7F-8E99-A14A-CFFC-F4FA4DDE6CC4} - C:\WINDOWS\system32\erwl.dll (file missing)
O2 - BHO: (no name) - {8F984E7E-8E9A-D74E-CFF9-82FA39AE6CC6} - (no file)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3CB8F~1\Bar888.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3CB8F~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{CCB8FDC4-0708-1036-0829-050503310021}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [{CCB8FDC4-0707-1036-0829-050503310021}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0707-1036-0829-050503310021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [{CCB8FDC4-0708-1036-0829-050503310001}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}\Update.exe" mc-110-12-0000137
O4 - HKCU\..\Run: [kukr] C:\PROGRA~1\FICHIE~1\kukr\kukrm.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
6 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer
7 Tu clique sur Démarrer puis Exécuter, tu tapes services.msc et tu cliques sur OK.
Dans la liste des services, cherche et sélectionne
"COM+ Messages" / double clique sur la ligne
/ vérifie dans Chemin d'accès des fichiers exécutables qu'il
s'agit bien de "C:\WINDOWS\ETC.... " / dans Type de démarrage,
sélectionne Désactiver / valide la modification.
8 Lances LSPfix et agrandis la fenêtre qui, par défaut, est trop petite et fait apparaître les ascenseurs horizontaux et verticaux, masquant un bouton.
Déconnecte toi d'Internet et ferme toutes les instances (fenêtres) Internet Explorer.
Coche la case "I know what I'm doing" ("Je sais ce que je fais").
Sélectionne toutes les instances des dll suivantes
rlls.dll
et fais les glisser du panneau de gauche, appelé "keep" au panneau de droite, appelé "Remove".
Clique sur le bouton "Finish".
9 Désinstalle ces applications (si tu les trouves) dans Ajout-Suppression de programmes :
PeDevice
VVSN
10 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :
C:\Program Files\PeDevice
C:\Program Files\VVSN
C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310021}
C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}
C:\Program Files\Fichiers communs\kukr
C:\WINDOWS\system32\nfomon
C:\WINDOWS\system32\vidmon
C:\WINDOWS\system32\rlls.dll
C:\WINDOWS\system32\svchosts.exe --> Attention, respecte bien l'orthographe.
Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.
11 Lance le nettoyage avec CCleaner
12 Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
13 Redémarre normalement
Poste un nouveau log HijackThis avec le rapport d'AVG Anti-Spyware et le rapport situé ici : C:\Look2Me-Destroyer.txt
Du nettoyage a été fait, mais tu en encore multi-infecté.
Désactive le tea-timer de Spybot, cela peut gêner les corrections.
Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer
1 Télécharge
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
AVG Anti-Spyware
https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente
LSPfix
http://www.cexx.org/lspfix.htm
Installes le sur le Bureau
2 Télécharge ceci
http://www.outerinfo.com/OiUninstaller.exe
Sauvegarde le sur le Bureau.
Regarde si tu as ces programmes dans Ajout/suppression de programmes. Désinstalle les si présent.
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
ou d'autres similaires avec Oin ou Outerinfo dedans
Zolero
Tizzletalk
MediaTickets
Cowabanga
Lance OiUninstaller.exe
Entre le code qui apparait.
Clique sur Uninstall.
Clique sur OK ensuite.
3 Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 1 minute". Clique OK
* Il se relancera après la minute, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
#Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
4 Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuye sur Entrée.
5 Relance un scan HijackThis et coche les lignes ci-dessous :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8E984E7F-8E99-A14A-CFFC-F4FA4DDE6CC4} - C:\WINDOWS\system32\erwl.dll (file missing)
O2 - BHO: (no name) - {8F984E7E-8E9A-D74E-CFF9-82FA39AE6CC6} - (no file)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3CB8F~1\Bar888.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3CB8F~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{CCB8FDC4-0708-1036-0829-050503310021}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [{CCB8FDC4-0707-1036-0829-050503310021}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0707-1036-0829-050503310021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [{CCB8FDC4-0708-1036-0829-050503310001}] "C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}\Update.exe" mc-110-12-0000137
O4 - HKCU\..\Run: [kukr] C:\PROGRA~1\FICHIE~1\kukr\kukrm.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
6 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer
7 Tu clique sur Démarrer puis Exécuter, tu tapes services.msc et tu cliques sur OK.
Dans la liste des services, cherche et sélectionne
"COM+ Messages" / double clique sur la ligne
/ vérifie dans Chemin d'accès des fichiers exécutables qu'il
s'agit bien de "C:\WINDOWS\ETC.... " / dans Type de démarrage,
sélectionne Désactiver / valide la modification.
8 Lances LSPfix et agrandis la fenêtre qui, par défaut, est trop petite et fait apparaître les ascenseurs horizontaux et verticaux, masquant un bouton.
Déconnecte toi d'Internet et ferme toutes les instances (fenêtres) Internet Explorer.
Coche la case "I know what I'm doing" ("Je sais ce que je fais").
Sélectionne toutes les instances des dll suivantes
rlls.dll
et fais les glisser du panneau de gauche, appelé "keep" au panneau de droite, appelé "Remove".
Clique sur le bouton "Finish".
9 Désinstalle ces applications (si tu les trouves) dans Ajout-Suppression de programmes :
PeDevice
VVSN
10 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :
C:\Program Files\PeDevice
C:\Program Files\VVSN
C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310021}
C:\Program Files\Fichiers communs\{CCB8FDC4-0708-1036-0829-050503310001}
C:\Program Files\Fichiers communs\kukr
C:\WINDOWS\system32\nfomon
C:\WINDOWS\system32\vidmon
C:\WINDOWS\system32\rlls.dll
C:\WINDOWS\system32\svchosts.exe --> Attention, respecte bien l'orthographe.
Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.
11 Lance le nettoyage avec CCleaner
12 Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
13 Redémarre normalement
Poste un nouveau log HijackThis avec le rapport d'AVG Anti-Spyware et le rapport situé ici : C:\Look2Me-Destroyer.txt
