[virus rootkit downloader] pbs de connection

voici le log de combofix

ComboFix 07-06-18.2 - C:\Documents and Settings\Demonn\Bureau\ComboFix.exe
"Demonn" - 2007-06-19 22:27:20 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users.\documents\settings\partnership.dll
C:\Program Files\vsadd-in
C:\WINDOWS\764.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\Inf\dbmio32.dll
C:\WINDOWS\system32\5_exception.nls
C:\WINDOWS\system32\al64.dll
C:\WINDOWS\system32\cryptsa.dll
C:\WINDOWS\system32\drv32dta
C:\WINDOWS\system32\drv32dta\klg.tmp
C:\WINDOWS\system32\drv32dta\pstore_070314_212703.txt
C:\WINDOWS\system32\drv32dta\pstore_070314_233825.txt
C:\WINDOWS\system32\drv32dta\pstore_070315_133838.txt
C:\WINDOWS\system32\drv32dta\pstore_070315_134531.txt
C:\WINDOWS\system32\drv32dta\pstore_070315_194953.txt
C:\WINDOWS\system32\drv32dta\pstore_070316_064235.txt
C:\WINDOWS\system32\drv32dta\pstore_070316_122013.txt
C:\WINDOWS\system32\drv32dta\pstore_070316_171135.txt
C:\WINDOWS\system32\drv32dta\pstore_070316_190724.txt
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_RUNTIME
-------\runtime


((((((((((((((((((((((((( Files Created from 2007-05-19 to 2007-06-19 )))))))))))))))))))))))))))))))


2007-06-19 22:27 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-19 21:21 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-19 21:21 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-19 21:21 3,804 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-19 21:21 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-19 20:43 <REP> d-------- C:\VundoFix Backups
2007-06-19 19:46 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-19 17:47 9,136 --a------ C:\WINDOWS\system32\Inetwh16.dll
2007-06-19 17:47 692,736 --a------ C:\WINDOWS\system32\BatchRegister.exe
2007-06-19 17:47 48,640 --a------ C:\WINDOWS\system32\Inetwh32.dll
2007-06-19 17:47 409,600 --a------ C:\WINDOWS\system32\Crde96v3.dll
2007-06-19 17:47 4,528 --a------ C:\WINDOWS\system32\Setbrows.exe
2007-06-19 17:47 221,184 --a------ C:\WINDOWS\system32\I3spec32.dll
2007-06-19 17:47 159,744 --a------ C:\WINDOWS\system32\Ilanot32.dll
2007-06-19 17:47 108,032 --a------ C:\WINDOWS\system32\UNWISE.EXE
2007-06-19 17:47 1,025,536 --a------ C:\WINDOWS\system32\SausReg.exe
2007-06-18 20:59 93,216 --a------ C:\WINDOWS\system32\eaeabbbebcdb.dll
2007-06-18 00:45 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-06-18 00:45 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-06-18 00:45 <REP> d-------- C:\DOCUME~1\Demonn\APPLIC~1\Simply Super Software
2007-06-18 00:45 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2007-06-17 23:58 922,729 --a------ C:\WINDOWS\system32\nogyqphp.ini.ren
2007-06-17 23:58 124,436 --a------ C:\WINDOWS\system32\phpqygon.dll.ren
2007-06-16 01:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-06-16 01:38 125,972 --a------ C:\WINDOWS\system32\qaqfvrie.dll
2007-06-15 23:25 <REP> d-------- C:\DOCUME~1\Demonn\APPLIC~1\Leadertech
2007-06-15 00:14 125,972 --a------ C:\WINDOWS\system32\ncsihied.dll
2007-06-11 12:15 <REP> d-------- C:\DOCUME~1\Demonn\APPLIC~1\SEGA
2007-06-10 23:09 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-07 16:43 892,553 --a------ C:\WINDOWS\system32\rrqss.bak2.ren
2007-06-07 07:54 901,759 --ahs---- C:\WINDOWS\system32\rrqss.ini.ren
2007-06-07 07:54 892,890 --a------ C:\WINDOWS\system32\rrqss.bak1.ren
2007-06-07 07:54 263,220 --a------ C:\WINDOWS\system32\ssqrr.dll.ren
2007-06-07 04:04 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-06-07 04:04 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll
2007-06-04 14:08 30,770 --a------ C:\my.exe
2007-06-04 14:08 30,770 --a------ C:\documents.exe
2007-06-03 17:55 299,008 --a------ C:\WINDOWS\uninst.exe
2007-06-03 17:38 32,768 --a------ C:\rgfk.exe
2007-06-03 16:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-05-31 19:40 58,368 --a------ C:\WINDOWS\Unwash6.exe
2007-05-19 11:16 <REP> d-------- C:\WINDOWS\Google Toolbar
2007-05-19 11:01 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-05-19 11:01 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-05-19 11:01 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-05-19 11:01 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-05-19 11:01 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-05-19 11:01 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-05-19 11:01 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-05-19 11:01 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-05-19 01:45 101,376 --a------ C:\WINDOWS\system32\drivers\ACEDRV07.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-19 08:16:02 -------- d-----w C:\Program Files\Google
2007-06-17 17:50:12 -------- d-----w C:\Program Files\Club-Internet
2007-06-15 23:07:38 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-15 19:59:16 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-06-15 19:34:10 -------- d-----w C:\Program Files\Norton Security Scan
2007-06-07 02:41:04 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-03 14:28:27 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-19 09:43:30 -------- d-----w C:\DOCUME~1\Demonn\APPLIC~1\Google
2007-05-16 23:32:30 -------- d-----w C:\Program Files\Spyware Doctor
2007-05-06 15:17:59 -------- d-----w C:\DOCUME~1\Demonn\APPLIC~1\PC Tools
2007-04-30 21:00:51 -------- d-----w C:\Program Files\MSN Messenger
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-04-25 14:29:28 -------- d-----w C:\Program Files\Winamp
2007-04-24 20:41:23 -------- d-----w C:\DOCUME~1\Demonn\APPLIC~1\vlc
2007-03-30 11:20:37 551 ----a-w C:\WINDOWS\eReg.dat
2007-03-25 22:03:04 83,046 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-03-25 22:03:04 504,492 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-03-23 18:32:10 460,689 --sh--w C:\WINDOWS\system32\ilnmp.ini2
2007-03-23 13:34:19 460,150 --sh--w C:\WINDOWS\system32\ilnmp.bak1
2007-03-23 13:28:59 12 ----a-w C:\WINDOWS\system32\gtv_sd.bin
2007-03-21 12:44:12 452,053 --sh--w C:\WINDOWS\system32\kjkmp.ini2
2007-03-21 12:31:27 459,636 --sh--w C:\WINDOWS\system32\kjkmp.bak2


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{A7DF7DB0-6103-455F-A54F-76D5D82A7D0d}=C:\WINDOWS\system32\qaqfvrie.dll [2007-06-16 01:38]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-17 17:35]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 18:16]
"Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2005-08-24 08:51]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 09:06 C:\WINDOWS\system32\ptipbmf.dll]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 20:54 C:\WINDOWS\SOUNDMAN.EXE]
"@"="" []
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-08-02 18:36]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12]
"avast!"="f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678"="C:\Program Files\user32.exe" []
"TrojanScanner"="d:\Program Files\Trojan Remover\Trjscan.exe" [2007-06-15 17:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" []
"svas"="C:\WINDOWS\TEMP\10.tmp" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearDocsOnExit"=64 (0x40)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcaxwu]
ddcaxwu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbawu]
gebbawu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkjk]
C:\WINDOWS\system32\pmkjk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnli]
C:\WINDOWS\system32\pmnli.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnllm]
ssqnllm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrr]
C:\WINDOWS\system32\ssqrr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{942a8109-d7ae-11db-b001-000ea674c6d6}]
AutoRun\command- K:\m.exe


Contents of the 'Scheduled Tasks' folder
2007-06-15 16:25:15 C:\WINDOWS\tasks\Norton Security Scan.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-19 22:31:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-19 22:33:23 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-19 22:33

--- E O F ---



voici le log de hijack this

Logfile of HijackThis v1.99.1
Scan saved at 22:36:53, on 19/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
f:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
f:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} - C:\WINDOWS\system32\qaqfvrie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [TrojanScanner] d:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [svas] C:\WINDOWS\TEMP\10.tmp
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcaxwu - ddcaxwu.dll (file missing)
O20 - Winlogon Notify: gebbawu - gebbawu.dll (file missing)
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll (file missing)
O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll (file missing)
O20 - Winlogon Notify: ssqnllm - ssqnllm.dll (file missing)
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll (file missing)
O23 - Service: A12FF9D8 - - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - ATI Technologies Inc. - (no file)
O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CD76C53C - C-Dilla Ltd - (no file)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



merci et desole pour l'attente j'avais pas vu ta reponse. Merci pour ton temps. K

salut green day,

voici le rapport:



SmitFraudFix v2.195

Rapport fait à 21:21:26,23, 19/06/2007
Executé à partir de C:\Documents and Settings\Demonn\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Internet Explorer\iexplore.exe
f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
f:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
f:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\Tasks\At?.job PRESENT !
C:\WINDOWS\Tasks\At??.job PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Demonn


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Demonn\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Demonn\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\serial.dat PRESENT !
C:\Program Files\serial.zip PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="Network Neighborhood"

[HKEY_CLASSES_ROOT\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
@="C:\WINDOWS\Inf\dbmio32.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
@="C:\WINDOWS\Inf\dbmio32.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 194.117.200.10
DNS Server Search Order: 194.117.200.15

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer=194.117.200.10,194.117.200.15


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Merci bien

désolé pour l'attente le mode sans echec s'etaignait tout seul. Enfin, voici le rapport de smitfraud:

SmitFraudFix v2.195

Rapport fait à 21:50:22,59, 19/06/2007
Executé à partir de C:\Documents and Settings\Demonn\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="Network Neighborhood"

[HKEY_CLASSES_ROOT\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
@="C:\WINDOWS\Inf\dbmio32.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
@="C:\WINDOWS\Inf\dbmio32.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\Tasks\At?.job supprimé
C:\WINDOWS\Tasks\At??.job supprimé
C:\Program Files\serial.dat supprimé
C:\Program Files\serial.zip supprimé

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 194.117.200.10
DNS Server Search Order: 194.117.200.15

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer=194.117.200.10,194.117.200.15


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="Network Neighborhood"

[HKEY_CLASSES_ROOT\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
@="C:\WINDOWS\Inf\dbmio32.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
@="C:\WINDOWS\Inf\dbmio32.dll"



»»»»»»»»»»»»»»»»»»»»»»»» Fin

je te renvoie celui de virtumondo des que je l'ai.

voici le begonevirtu log:


[06/19/2007, 22:02:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Demonn\Bureau\VirtumundoBeGone.exe" )
[06/19/2007, 22:02:42] - Detected System Information:
[06/19/2007, 22:02:42] - Windows Version: 5.1.2600, Service Pack 2
[06/19/2007, 22:02:42] - Current Username: Demonn (Admin)
[06/19/2007, 22:02:42] - Windows is in NORMAL mode.
[06/19/2007, 22:02:42] - Searching for Browser Helper Objects:
[06/19/2007, 22:02:42] - BHO 1: {00000026-8735-428D-B81F-DD098223B25F} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[06/19/2007, 22:02:42] - BHO 3: {13197ace-6851-45c3-a7ff-c281324d5489} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 4: {30000273-8230-4dd4-be4f-6889d1e74167} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 5: {4e1075f4-eec4-4a86-add7-cd5f52858c31} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 6: {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 7: {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 8: {669695bc-a811-4a9d-8cdf-ba8c795f261e} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 10: {8674aea0-9d3d-11d9-99dc-00600f9a01f1} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 11: {965a592f-8efa-4250-8630-7960230792f1} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 12: {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - Checking for HKLM\...\Winlogon\Notify\qaqfvrie
[06/19/2007, 22:02:42] - Key not found: HKLM\...\Winlogon\Notify\qaqfvrie, continuing.
[06/19/2007, 22:02:42] - BHO 13: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/19/2007, 22:02:42] - BHO 14: {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} ()
[06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:43] - No filename found. Continuing.
[06/19/2007, 22:02:43] - BHO 15: {bb936323-19fa-4521-ba29-eca6a121bc78} ()
[06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:43] - No filename found. Continuing.
[06/19/2007, 22:02:43] - BHO 16: {ca1d1b05-9c66-11d5-a009-000103c1e50b} ()
[06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:43] - No filename found. Continuing.
[06/19/2007, 22:02:43] - BHO 17: {cf021f40-3e14-23a5-cba2-717765728274} ()
[06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:43] - No filename found. Continuing.
[06/19/2007, 22:02:43] - BHO 18: {fc3a74e5-f281-4f10-ae1e-733078684f3c} ()
[06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:43] - No filename found. Continuing.
[06/19/2007, 22:02:43] - Finished Searching Browser Helper Objects
[06/19/2007, 22:02:43] - Finishing up...
[06/19/2007, 22:02:43] - Nothing found! Exiting...


et voici le dernier hijack this

Logfile of HijackThis v1.99.1
Scan saved at 22:05:41, on 19/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Internet Explorer\iexplore.exe
f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
f:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
f:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} - C:\WINDOWS\system32\qaqfvrie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\4.tmp
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [TrojanScanner] d:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\TEMP\5.tmp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [svas] C:\WINDOWS\TEMP\10.tmp
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: A12FF9D8 - - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - ATI Technologies Inc. - (no file)
O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CD76C53C - C-Dilla Ltd - (no file)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

merci pour ton aide !!!

jim

ecuse moi je n'avais pas redemarre, voici le denier log pour

virtu...



[06/19/2007, 22:02:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Demonn\Bureau\VirtumundoBeGone.exe" )
[06/19/2007, 22:02:42] - Detected System Information:
[06/19/2007, 22:02:42] - Windows Version: 5.1.2600, Service Pack 2
[06/19/2007, 22:02:42] - Current Username: Demonn (Admin)
[06/19/2007, 22:02:42] - Windows is in NORMAL mode.
[06/19/2007, 22:02:42] - Searching for Browser Helper Objects:
[06/19/2007, 22:02:42] - BHO 1: {00000026-8735-428D-B81F-DD098223B25F} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[06/19/2007, 22:02:42] - BHO 3: {13197ace-6851-45c3-a7ff-c281324d5489} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 4: {30000273-8230-4dd4-be4f-6889d1e74167} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 5: {4e1075f4-eec4-4a86-add7-cd5f52858c31} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 6: {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 7: {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 8: {669695bc-a811-4a9d-8cdf-ba8c795f261e} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 10: {8674aea0-9d3d-11d9-99dc-00600f9a01f1} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 11: {965a592f-8efa-4250-8630-7960230792f1} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - No filename found. Continuing.
[06/19/2007, 22:02:42] - BHO 12: {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} ()
[06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:42] - Checking for HKLM\...\Winlogon\Notify\qaqfvrie
[06/19/2007, 22:02:42] - Key not found: HKLM\...\Winlogon\Notify\qaqfvrie, continuing.
[06/19/2007, 22:02:42] - BHO 13: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/19/2007, 22:02:42] - BHO 14: {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} ()
[06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:43] - No filename found. Continuing.
[06/19/2007, 22:02:43] - BHO 15: {bb936323-19fa-4521-ba29-eca6a121bc78} ()
[06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:43] - No filename found. Continuing.
[06/19/2007, 22:02:43] - BHO 16: {ca1d1b05-9c66-11d5-a009-000103c1e50b} ()
[06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:43] - No filename found. Continuing.
[06/19/2007, 22:02:43] - BHO 17: {cf021f40-3e14-23a5-cba2-717765728274} ()
[06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:43] - No filename found. Continuing.
[06/19/2007, 22:02:43] - BHO 18: {fc3a74e5-f281-4f10-ae1e-733078684f3c} ()
[06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:02:43] - No filename found. Continuing.
[06/19/2007, 22:02:43] - Finished Searching Browser Helper Objects
[06/19/2007, 22:02:43] - Finishing up...
[06/19/2007, 22:02:43] - Nothing found! Exiting...

[06/19/2007, 22:10:34] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Demonn\Bureau\VirtumundoBeGone.exe" )
[06/19/2007, 22:10:40] - Detected System Information:
[06/19/2007, 22:10:40] - Windows Version: 5.1.2600, Service Pack 2
[06/19/2007, 22:10:40] - Current Username: Demonn (Admin)
[06/19/2007, 22:10:40] - Windows is in NORMAL mode.
[06/19/2007, 22:10:40] - Searching for Browser Helper Objects:
[06/19/2007, 22:10:41] - BHO 1: {00000026-8735-428D-B81F-DD098223B25F} ()
[06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:10:41] - No filename found. Continuing.
[06/19/2007, 22:10:41] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[06/19/2007, 22:10:41] - BHO 3: {13197ace-6851-45c3-a7ff-c281324d5489} ()
[06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:10:41] - No filename found. Continuing.
[06/19/2007, 22:10:41] - BHO 4: {30000273-8230-4dd4-be4f-6889d1e74167} ()
[06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:10:41] - No filename found. Continuing.
[06/19/2007, 22:10:41] - BHO 5: {4e1075f4-eec4-4a86-add7-cd5f52858c31} ()
[06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:10:41] - No filename found. Continuing.
[06/19/2007, 22:10:41] - BHO 6: {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} ()
[06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:10:41] - No filename found. Continuing.
[06/19/2007, 22:10:41] - BHO 7: {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} ()
[06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:10:41] - No filename found. Continuing.
[06/19/2007, 22:10:41] - BHO 8: {669695bc-a811-4a9d-8cdf-ba8c795f261e} ()
[06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:10:41] - No filename found. Continuing.
[06/19/2007, 22:10:41] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:10:41] - No filename found. Continuing.
[06/19/2007, 22:10:41] - BHO 10: {8674aea0-9d3d-11d9-99dc-00600f9a01f1} ()
[06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:10:41] - No filename found. Continuing.
[06/19/2007, 22:10:41] - BHO 11: {965a592f-8efa-4250-8630-7960230792f1} ()
[06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:10:41] - No filename found. Continuing.
[06/19/2007, 22:10:41] - BHO 12: {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} ()
[06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:10:41] - Checking for HKLM\...\Winlogon\Notify\qaqfvrie
[06/19/2007, 22:10:42] - Key not found: HKLM\...\Winlogon\Notify\qaqfvrie, continuing.
[06/19/2007, 22:10:42] - BHO 13: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/19/2007, 22:10:42] - BHO 14: {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} ()
[06/19/2007, 22:10:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:10:42] - No filename found. Continuing.
[06/19/2007, 22:10:42] - BHO 15: {bb936323-19fa-4521-ba29-eca6a121bc78} ()
[06/19/2007, 22:10:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:10:42] - No filename found. Continuing.
[06/19/2007, 22:10:42] - BHO 16: {ca1d1b05-9c66-11d5-a009-000103c1e50b} ()
[06/19/2007, 22:10:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:10:42] - No filename found. Continuing.
[06/19/2007, 22:10:42] - BHO 17: {cf021f40-3e14-23a5-cba2-717765728274} ()
[06/19/2007, 22:10:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:10:42] - No filename found. Continuing.
[06/19/2007, 22:10:42] - BHO 18: {fc3a74e5-f281-4f10-ae1e-733078684f3c} ()
[06/19/2007, 22:10:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/19/2007, 22:10:42] - No filename found. Continuing.
[06/19/2007, 22:10:42] - Finished Searching Browser Helper Objects
[06/19/2007, 22:10:42] - Finishing up...
[06/19/2007, 22:10:42] - Nothing found! Exiting...


et pour hijack


Logfile of HijackThis v1.99.1
Scan saved at 22:14:19, on 19/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Internet Explorer\iexplore.exe
f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
f:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
f:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
D:\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} - C:\WINDOWS\system32\qaqfvrie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\4.tmp
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [TrojanScanner] d:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\TEMP\5.tmp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [svas] C:\WINDOWS\TEMP\10.tmp
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: A12FF9D8 - - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - ATI Technologies Inc. - (no file)
O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CD76C53C - C-Dilla Ltd - (no file)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe




merciiiiiiii!

green day: do you have the time to listen to me whine?? jimi

Ok, cette fois je suis au bon endroit. j'ai fait scan bitdef hier à 1h du mat, j'ai laissé finir (et allumé) pdt la nuit, rapport copié à 9 h ce matin -est-il encore valable? "hijack this" de taleur. Apparemment je me suis planté sur avg car il faut les mettre en 40aine avt de faire le log?! salut a Lyonnais pour la suite du chemin.
J'écoute tes indications Green day car "sometimes I give myself the creeps". connection est ok mais avast montre 1 virus au redem. (il en reste qqs uns...)


Jim

j'avais presque oublié!!!

BitDefender Online Scanner - Real Time Virus Report
Generated at: Wed, Jun 20, 2007 - 09:09:02

Scan Info
Scanned Files 266798
Infected Files 18


Virus Detected
Trojan.Dropper.Small.NCA 2
Trojan.BHO.BP 1
Trojan.Clicker.Costrat.AZ 1
Trojan.BHO.AR 2
Win32.Grum.A 1
Trojan.Horse3.RJ 2
Trojan.Clicker.CM 2
Application.JS.ForcePopup.I 1
GenPack:Trojan.Vundo.DLZ 1
MemScan:Trojan.Virtumonde.IC 2
Trojan.Vundo.DLY 2
BehavesLike:Win32.ExplorerHijack 1



This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.



et hijack this

Logfile of HijackThis v1.99.1
Scan saved at 13:45:11, on 20/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
f:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
f:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} - C:\WINDOWS\system32\qaqfvrie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrojanScanner] d:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcaxwu - ddcaxwu.dll (file missing)
O20 - Winlogon Notify: gebbawu - gebbawu.dll (file missing)
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll (file missing)
O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll (file missing)
O20 - Winlogon Notify: ssqnllm - ssqnllm.dll (file missing)
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll (file missing)
O23 - Service: A12FF9D8 - - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - ATI Technologies Inc. - (no file)
O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CD76C53C - C-Dilla Ltd - (no file)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



Merci, Jim

le voici:

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 23:59:36 19/06/2007

+ Résultat de l'analyse:



[3324] C:\WINDOWS\system32\qaqfvrie.dll -> Adware.BHO : Ignoré.
[3732] C:\WINDOWS\system32\qaqfvrie.dll -> Adware.BHO : Ignoré.
[556] C:\WINDOWS\system32\qaqfvrie.dll -> Adware.BHO : Ignoré.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} -> Adware.Generic : Ignoré.
HKU\S-1-5-21-1409082233-308236825-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP116\A0045733.exe -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP116\A0045746.exe -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP116\A0045747.exe -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP116\A0045748.exe -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP119\A0046737.exe -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048728.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048729.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048730.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048731.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048732.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048735.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048736.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048737.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048738.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048739.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048740.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048741.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048746.dll -> Adware.Virtumonde : Ignoré.
C:\documents.exe -> Adware.Virtumonde : Ignoré.
C:\my.exe -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP143\A0055126.sys -> Downloader.Agent.acl : Ignoré.
C:\QooBox\Quarantine\catchme2007-06-19_223105.70.zip/al64.dll -> Downloader.Agent.bga : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP143\A0061184.dll -> Downloader.Agent.bga : Ignoré.
C:\QooBox\Quarantine\C\WINDOWS\system32\cryptsa.dll.vir -> Downloader.Agent.btd : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP143\A0061183.dll -> Downloader.Agent.btd : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP141\A0051999.exe -> Downloader.Alphabet : Ignoré.
C:\QooBox\Quarantine\C\WINDOWS\avp.exe.vir -> Downloader.Alphabet.b : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP143\A0061182.exe -> Downloader.Alphabet.b : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP141\A0051998.exe -> Downloader.Small.ddy : Ignoré.
C:\16.tmp -> Proxy.Xorpix.ar : Ignoré.
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Documents\Settings\partnership.dll.vir -> Proxy.Xorpix.ar : Ignoré.
C:\Documents and Settings\Demonn\Cookies\demonn@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\Demonn\Cookies\demonn@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Demonn\Cookies\demonn@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\Demonn\Cookies\demonn@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\Demonn\Cookies\demonn@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP138\A0048904.exe -> Trojan.Agent.aom : Ignoré.
C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP143\A0061168.dll -> Trojan.Agent.j : Ignoré.


Fin du rapport

ok thanks! ataleur

je me suis planté d'endroit

voici donc log avg avant suppression



---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 16:19:48 20/06/2007

+ Résultat de l'analyse:



[2296] C:\WINDOWS\system32\qaqfvrie.dll -> Adware.BHO : Aucune action entreprise.
[384] C:\WINDOWS\system32\qaqfvrie.dll -> Adware.BHO : Aucune action entreprise.
C:\Documents and Settings\Demonn\Cookies\demonn@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Demonn\Cookies\demonn@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Demonn\Cookies\demonn@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Demonn\Cookies\demonn@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Aucune action entreprise.
C:\Documents and Settings\Demonn\Cookies\demonn@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Demonn\Cookies\demonn@serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Demonn\Cookies\demonn@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Demonn\Cookies\demonn@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.


Fin du rapport



et avg apres suppression

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 16:21:08 20/06/2007

+ Résultat de l'analyse:



[2296] C:\WINDOWS\system32\qaqfvrie.dll -> Adware.BHO : Nettoyé.
[384] C:\WINDOWS\system32\qaqfvrie.dll -> Adware.BHO : Nettoyé.
C:\Documents and Settings\Demonn\Cookies\demonn@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Demonn\Cookies\demonn@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Demonn\Cookies\demonn@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Demonn\Cookies\demonn@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\Demonn\Cookies\demonn@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Demonn\Cookies\demonn@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Demonn\Cookies\demonn@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Demonn\Cookies\demonn@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.


Fin du rapport




dernier hi jack this

Logfile of HijackThis v1.99.1
Scan saved at 16:22:21, on 20/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
f:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
f:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
D:\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} - C:\WINDOWS\system32\qaqfvrie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrojanScanner] d:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcaxwu - ddcaxwu.dll (file missing)
O20 - Winlogon Notify: gebbawu - gebbawu.dll (file missing)
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll (file missing)
O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll (file missing)
O20 - Winlogon Notify: ssqnllm - ssqnllm.dll (file missing)
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll (file missing)
O23 - Service: A12FF9D8 - - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - ATI Technologies Inc. - (no file)
O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CD76C53C - C-Dilla Ltd - (no file)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



merci bcp.

salut green day,

t'as eu les infos? Juste pour etre sur que tu ne m'as pas oublié!!!

Jim

je vais faire une course et je reviens!

jim

L'ordi marche bien mais

1erement avast indique:

this file is in use/locked. It can't be scanned
C:windows/system32/drivers/sptd.sys

(chemin) hklm/system/Currentcontrolset/services/sptd/"image path"

last modified 21-3 15:15 (qd j'ai repris l'ordi et scan avg)


2ement
trojan remover me dit pbs sur:
ddcaxwu.dll
adresse hklm/software/microsoft/windowsNT/
current person/winloogn/notify/ddcaxwu

tout ca pareil 5x avec a la fin de chaque ligne
/gebbawu
pmkjk
pmnli
ssqnlm
ssqrr

j'y comprends rien, j'ai pas trop surfé pour cause pbs pas sur reglés mais la connection tient bien depuis hier soir.


3eme truc: sue les pages web en bas il y a un attenttion jaune et "des erreurs sur la page".

C'est pas evident ces machins. Tu pourras m'indiquer un lien pour comment mieux proteger pc (pare feu windows est-il ok? sites a eviter etc...). Aussi les tutoriels pour ghost please. Merci et j'espere qu'on va les avoir. En tout cas c'est marrant d'apprendre a connaitre l'ordi comme ca.

Jim

yes c'est cool,

voici le rapport.

Merci , je reviens dans 30 min.

jim

Search Navipromo version 2.0.3 commencé le 20/06/2007 à 19:11:12,70

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Demonn\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.

[+] Started on 06/20/07 at 19:11:14.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ....................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 06/20/07 at 19:13:50 (return code = 0).


*** Recherche fichiers ***




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control



*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\ilnmp.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\kjkmp.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\ilnmp.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\kjkmp.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\tstwa.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\kjkmp.bak2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********


*** Analyse Terminé le 20/06/2007 à 19:14:04,04 ***

pas compris? t'as eu le bon rapport navilog? je reviens, ataleur.
et encore merci!

a priori ca a l'air nickel, j'essaye de redemarrer pour voir ce que me dit avast? thanks.

cf post 30 j'ai pas fait gaffe. merci

t'es toujours la? Juste pour dire que je vais pas tarder a aller dormir. Cf post 30 pour dernieres infos. Merci pour ton temps en tout cas. Je reste encore ~ demi heure.

jim

ok, on fait ca demain. Je ne me rends pas trop compte de combien de personnes tu depannes et le temps qu'il faut pour preparer la soluc etc... Ouais j'eteins la machine et je te rappelle demain vers 13h si t'es la ou alors en soiree. C'est super cool en tout cas. Bonne nuit (tu dors quand meme?)

Jim

salut greenday,

de retour sur le pc. Voici le rapport demandé au dernier msg. Ok donc tu dors quand meme.
merci pour l'aide!

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcaxwu]
"Asynchronous"=dword:00000001
"DllName"="ddcaxwu.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebbawu]
"Asynchronous"=dword:00000001
"DllName"="gebbawu.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkjk]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\pmkjk.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnli]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\pmnli.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqnllm]
"Asynchronous"=dword:00000001
"DllName"="ssqnllm.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqrr]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\ssqrr.dll"
"Impersonate"=dword:00000000
"Startup"="RealLogon"
"Logoff"="RealLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office Binder Unbind"
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
"{45670FA8-ED97-4F44-BC93-305082590BFB}"="Microsoft.XPS.Shell.Metadata.1"
"{44121072-A222-48f2-A58A-6D9AD51EBBE9}"="Microsoft.XPS.Shell.Thumbnail.1"
"{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
"{6EE51AA0-77A0-11D7-B4E1-000347126E46}"="Window Washer Shredding Utility"
"{A155339D-CCCD-4714-85EB-3754B804C9DF}"="a-squared Free Context Menu Shell Extension"
"{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension"
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}"="Multiscan"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
cmdlin~1.dll Thu 7 Jun 2007 4:41:06 A.... 98 304 96,00 K
cmdlin~2.dll Sun 10 Jun 2007 23:10:28 A.... 43 520 42,50 K
eaeabb~1.dll Mon 18 Jun 2007 20:59:28 A.... 93 216 91,03 K
libeay32.dll Thu 7 Jun 2007 4:04:08 A.... 1 040 384 1016,00 K
ssleay32.dll Thu 7 Jun 2007 4:04:02 A.... 196 608 192,00 K

5 items found: 5 files, 0 directories.
Total of file sizes: 1 472 032 bytes 1,40 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
ilnmp.tmp Fri 23 Mar 2007 20:24:52 ..SH. 460 689 449,89 K
mcrh.tmp Thu 14 Jun 2007 14:19:56 A.... 0 0,00 K
mjmwygsi.tmp Thu 14 Jun 2007 0:12:32 A.... 0 0,00 K

3 items found: 3 files (1 H/S), 0 directories.
Total of file sizes: 460 689 bytes 449,89 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 3C3F-E464

R‚pertoire de C:\WINDOWS\System32

19/06/2007 17:14 <REP> dllcache
18/06/2007 00:48 901ÿ759 rrqss.ini.ren
17/06/2007 23:55 922ÿ705 whmtakqo.ini
17/06/2007 17:35 922ÿ490 wknrnmeh.ini
16/06/2007 01:39 922ÿ199 wnewcmbt.ini
13/06/2007 14:24 3ÿ740ÿ880 mjmwygsi.ini
12/06/2007 23:15 2ÿ796ÿ870 jjaywmsg.ini
12/06/2007 00:10 1ÿ875ÿ661 tvxatquu.ini
11/06/2007 10:28 955ÿ675 hmuptqym.ini
26/03/2007 12:28 1ÿ709ÿ769 umtfthsd.ini
23/03/2007 20:24 460ÿ689 ilnmp.tmp
21/03/2007 14:31 1ÿ599ÿ504 ddenjgar.ini
19/03/2007 20:30 1ÿ613ÿ311 nropymox.ini
17/03/2007 17:24 459ÿ689 kjkmp.ini
17/03/2007 17:24 459ÿ617 kjkmp.tmp
17/03/2007 17:22 1ÿ614ÿ091 pckulyvu.ini
16/03/2007 21:39 456ÿ054 tstwa.ini
16/02/2007 22:24 <REP> Microsoft
21/07/2002 19:01 353 onnmp.ini
17 fichier(s) 21ÿ411ÿ316 octets
2 R‚p(s) 24ÿ612ÿ786ÿ176 octets libres

bonne lecture....

jim

salut a toi "dors peu car pense jusqu'au petit matin", ici "petite taupe des machines de l'homme blanc".

Ou la je suis un peu "out" là. je vais me crouter comme on dit par ici. J'espere que mon log ne t'a pas hypnotisé. En tout cas l'ordi est une fusée maintenant. Je ne m'etais pas rendu compte de la vitesse que je perdais. mais il y a tjs le meme msg (cf post 30) quand j'allume. A part ca r.a.s. Donc deja un grand merci. Bonne nuit les petits. On reprend plus tard (merci).

Jim