[Rootkit] Infécté par rootkit de pubs Fermé

Question

Bonjour,

je suis infecté de rootkit, pub d'anti virus (win anti spyware, spyware doctor,...)
les fichiers se trouvent dans le system32 (des .exe)  mais revienennet tjrs biensur, comme d'autres gens ont ca.

Voici mon log Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00, on 2007-08-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://french.eazel.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\cbhjbegq.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: JT's Blocks - http://download2.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Blackjack - http://download2.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Bridge - http://download2.games.yahoo.com/games/clients/y/bt1_x.cab
O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab
O16 - DPF: Yahoo! Euchre - http://download2.games.yahoo.com/games/clients/y/et3_x.cab
O16 - DPF: Yahoo! Games Voice Chat - http://presence.games.yahoo.com/yog/y/va1_x.cab
O16 - DPF: Yahoo! Go - http://download2.games.yahoo.com/games/clients/y/gt2_x.cab
O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt4_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download2.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: Yahoo! Pyramids - http://download2.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download2.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR}  (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\irwhuelr.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe



voila merci de dire ce qui est louche :)

Malekal_morte- · Answer

Salut,

Relance HijackThis, coche cette ligne :

O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\cbhjbegq.dll",forkonce 

--> clic sur fix checked

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Copie/colle un nouveau rapport HiJackThis avec.

JoN · Answer

re voila les 2 logs LOG DE COMBO FIX ComboFix 07-08-09.3 - "jon" 2007-08-13 11:12:59.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.469 [GMT 2:00] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\jon\APPLIC~1.\macromedia\Flash Player\#SharedObjects\7GKY8MG7\iforex.com C:\DOCUME~1\jon\APPLIC~1.\macromedia\Flash Player\#SharedObjects\7GKY8MG7\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\DOCUME~1\jon\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\DOCUME~1\jon\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\WINDOWS\hosts C:\WINDOWS\system32\cbhjbegq.dll C:\WINDOWS\system32\ddaby.dll C:\WINDOWS\system32\efcddef.dll C:\WINDOWS\system32\ftrxoxgn.ini C:\WINDOWS\system32\iltqyjpe.dll C:\WINDOWS\system32 gxoxrtf.dll C:\WINDOWS\system32\owgmfxgg.exe C:\WINDOWS\system32\qgebjhbc.ini C:\WINDOWS\system32\xhyljcml.dll C:\WINDOWS\system32\ybadd.bak2 C:\WINDOWS\system32\ybadd.ini ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 ))))))))))))))))))))))))))))))) 2007-08-13 11:00 812,344 --a------ C:\hijackthis_hijackthis_2.02_anglais_17891.exe 2007-08-13 11:00 d-------- C:\Program Files\Trend Micro 2007-08-13 10:47 1,049,585 --a------ C:\SDFix.exe 2007-08-13 10:45 51,200 --a------ C:\WINDOWS ircmd.exe 2007-08-13 10:44 1,412,580 --a------ C:\ComboFix.exe 2007-08-13 10:42 75,328 --a------ C:\WINDOWS\system32\iribenuc.exe 2007-08-13 01:31 155 --a------ C:\muxmp4.bat 2007-08-12 22:22 43,602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe 2007-08-12 22:22 d-------- C:\Program Files\Gabest 2007-08-12 22:22 d-------- C:\Program Files\AutoGK 2007-08-12 22:20 9,436,018 --a------ C:\AutoGordianKnot.2.40.Setup.exe 2007-08-12 22:16 d-------- C:\DOCUME~1\jon\APPLIC~1\DivX 2007-08-12 22:09 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-08-12 22:09 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-08-12 22:07 24,140,200 --a------ C:\DivXInstaller.exe 2007-08-12 21:48 d-------- C:\Program Files\Xilisoft 2007-08-12 21:46 15,333,256 --a------ C:\x-avi-to-dvd-converter.exe 2007-08-12 21:38 d-------- C:\Program Files\Ripp-it_AM 2007-08-12 21:38 d-------- C:\Program Files\AviSynth 2.5 2007-08-12 21:37 1,324,576 --a------ C:\MAJ_Ri4m_v503b.exe 2007-08-12 21:36 19,473,146 --a------ C:\RI4M_v501d_setup.exe 2007-08-11 13:32 245,047 --a------ C:\cc_20070811_1332.reg 2007-08-11 12:49 d-------- C:\BFU 2007-08-11 12:46 d-------- C:\!KillBox 2007-08-11 12:45 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-08-11 12:44 12,413,440 --a------ C:\avgas-setup-7.5.1.43.exe 2007-08-11 10:36 75,328 --a------ C:\WINDOWS\system32\mhpsgabd.exe 2007-08-11 00:18 dr------- C:\DOCUME~1\LOCALS~1\Favoris 2007-08-11 00:18 d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Talkback 2007-08-10 23:29 164 --a------ C:\install.dat 2007-08-10 23:26 391,080 --a------ C:\Download SpySweeperSNRSetup_EN now.exe 2007-08-10 23:26 d-------- C:\DOCUME~1\jon\APPLIC~1\GetRightToGo 2007-08-10 00:15 682,864 --a------ C:\fsblc.exe 2007-08-09 23:20 75,328 --a------ C:\WINDOWS\system32 gwppbiw.exe 2007-08-09 22:33 75,328 --a------ C:\WINDOWS\system32\qwjelelx.exe 2007-08-09 10:10 d-------- C:\Program Files\Video mp3 Extractor 2007-08-08 17:34 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead 2007-08-08 17:30 d-------- C:\Program Files\Nero 2007-08-08 17:30 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero 2007-08-07 14:52 d-------- C:\PHOTOS 2007-08-07 10:29 d-------- C:\AnyDVD & AnyDVD HD 6.1.3.6 2007-08-06 18:47 217,088 --a------ C:\Solid Converter PDF v3.0 keygen.exe 2007-08-06 17:27 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SolidDocuments 2007-08-06 17:24 15,496,704 --a------ C:\solidconverterpdf.exe 2007-08-06 16:57 20,569 --a------ C:\WINDOWS\system32\pxc25pm.dll 2007-08-06 16:56 d-------- C:\Program Files\SolidDocuments 2007-08-06 16:56 d-------- C:\DOCUME~1\jon\APPLIC~1\SolidDocuments 2007-08-06 16:28 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL 2007-08-06 16:28 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll 2007-08-06 16:28 d-------- C:\Program Files\PDFCreator 2007-08-06 16:26 13,256,032 --a------ C:\PDFCreator-0_9_3_GPLGhostscript.exe 2007-08-06 15:59 73,216 --a------ C:\WINDOWS\cadkasdeinst01f.exe 2007-08-06 15:59 d-------- C:\Program Files\PDF Editeur 2 2007-08-06 15:58 1,943,418 --a------ C:\pdfediteur!.exe 2007-08-06 15:16 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-08-06 14:02 d-------- C:\Program Files\Tomb Raider - Anniversary 2007-08-05 12:47 d-------- C:\Program Files\FDRLab 2007-08-05 12:41 d-------- C:\AnyDVD v6.1.3.6 2007-08-05 11:56 d-------- C:\Program Files\DVD Region+CSS Free 2007-08-05 11:55 d-------- C:\DOCUME~1\jon\APPLIC~1\SlySoft 2007-08-05 11:54 d-------- C:\Program Files\Elaborate Bytes 2007-08-05 11:54 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft 2007-08-05 11:51 d-------- C:\Program Files\DVD Decrypter 2007-08-05 11:50 d-------- C:\DOCUME~1\jon\APPLIC~1\RipIt4Me 2007-08-05 10:48 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-08-05 10:45 d-------- C:\Program Files\MSBuild 2007-08-05 10:45 d-------- C:\Program Files\Microsoft Works 2007-08-04 15:31 dr-h----- C:\MSOCache 2007-08-04 01:44 24,904 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys 2007-08-04 01:41 96,704 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys 2007-08-03 16:52 d-------- C: ero 2007-08-03 16:47 d-------- C:\DOCUME~1\jon\APPLIC~1\WinRAR 2007-08-02 20:29 d-------- C:\wamp 2007-08-02 20:16 d-------- C:\Program Files\Microsoft Visual Studio 8 2007-08-02 20:16 d-------- C:\Program Files\Fichiers communs\Merge Modules 2007-08-02 20:16 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help 2007-08-02 16:21 d-------- C:\Program Files\LaBoiteACouleurs 2007-08-02 15:27 93,128 --a------ C:\WINDOWS\system32\ElbyCDIO.dll 2007-08-01 12:07 d-------- C:\Program Files\Notepad++ 2007-08-01 12:07 d-------- C:\DOCUME~1\jon\APPLIC~1\Notepad++ 2007-08-01 02:09 d-------- C:\Program Files\KarmaRoDesire2.0 2007-07-30 01:02 156,307,456 --a------ C:\command_conquer_3_les_guerres_du_tiberium_patch_v1.06_francais_40558.exe 2007-07-26 17:37 d-------- C:\Divx 2007-07-26 05:06 144,704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-07-26 04:53 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-07-26 04:53 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-26 04:53 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-07-26 04:50 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-07-26 04:50 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-07-26 04:50 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-07-26 04:50 740,442 --a------ C:\WINDOWS\system32\DivX.dll 2007-07-26 04:50 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-07-26 04:50 294,912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-07-26 04:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-26 01:52 41 ---h----- C:\WINDOWS\dsez2409.dat 2007-07-26 01:44 d-------- C:\Program Files\PhotoFiltre 2007-07-25 22:49 d-------- C:\Program Files\Media Player Classic 2007-07-25 22:49 d-------- C:\DOCUME~1\jon\APPLIC~1\Media Player Classic 2007-07-23 16:02 d-------- C:\Program Files\Easy GIF Animator 2007-07-23 15:08 d-------- C:\Program Files\Nouveau dossier (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-12 22:09 --------- d-------- C:\Program Files\DivX 2007-08-12 20:43 --------- d-------- C:\DOCUME~1\jon\APPLIC~1\dvdcss 2007-08-10 23:31 --------- d-------- C:\DOCUME~1\jon\APPLIC~1\uTorrent 2007-08-08 17:33 --------- d-------- C:\Program Files\Fichiers communs\Ahead 2007-08-07 09:52 --------- d-------- C:\Program Files\Tower Buddy 2007-08-07 09:52 --------- d-------- C:\Program Files\Heart Buddy Yahoo 2007-08-07 09:52 --------- d-------- C:\Program Files\Block Buddy 2007-08-07 09:51 --------- d-------- C:\Program Files\Domino Buddy Yahoo 2007-08-07 09:47 --------- d-------- C:\Program Files\EasyPHP 2.0b1 2007-08-07 09:47 --------- d-------- C:\Program Files\BitTorrent 2007-08-07 09:45 --------- d-------- C:\Program Files\WolfRo 2007-08-06 15:16 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-06 15:12 --------- d-------- C:\Program Files\Activision 2007-08-05 11:54 --------- d-------- C:\Program Files\SlySoft 2007-08-05 11:48 --------- d-------- C:\Program Files\DVDFab HD Decrypter 3 2007-07-31 10:00 --------- d-------- C:\Program Files\Electronic Arts 2007-07-29 10:20 --------- d-------- C:\Program Files\Yahoo! 2007-07-29 10:18 --------- d-------- C:\Program Files\Winamp 2007-07-29 10:18 --------- d-------- C:\Program Files\Free Download Manager 2007-07-29 10:18 --------- d-------- C:\Program Files\eMule 2007-07-28 00:06 --------- d-------- C:\DOCUME~1\jon\APPLIC~1\Skype 2007-07-27 10:45 --------- d-------- C:\Program Files\TrackMania Nations ESWC 2007-07-26 04:53 129784 --------- C:\WINDOWS\system32\PxAFS.DLL 2007-07-23 23:54 --------- d-------- C:\Program Files\FlashFXP 2007-07-22 19:49 --------- d-------- C:\Program Files\QuickTime 2007-07-20 19:40 --------- d-------- C:\Program Files\Fichiers communs\InstallShield 2007-07-16 16:28 --------- d-------- C:\DOCUME~1\jon\APPLIC~1\Apple Computer 2007-07-13 20:39 --------- d-------- C:\Program Files\Fichiers communs\Logitech 2007-07-13 20:37 --------- d-------- C:\Program Files\CCleaner 2007-07-11 20:20 72126 --a------ C:\WINDOWS\system32\perfc00C.dat 2007-07-11 20:20 460986 --a------ C:\WINDOWS\system32\perfh00C.dat 2007-07-11 14:13 --------- d-------- C:\Program Files\Flyff 2007-07-10 11:52 --------- d-------- C:\DOCUME~1\jon\APPLIC~1\Vso 2007-07-07 01:18 --------- d-------- C:\Program Files\uTorrent 2007-07-06 11:15 --------- d-------- C:\DOCUME~1\jon\APPLIC~1\BitTorrent 2007-07-05 19:26 --------- d-------- C:\DOCUME~1\jon\APPLIC~1\gtk-2.0 2007-06-28 01:24 --------- d-------- C:\DOCUME~1\jon\APPLIC~1\.ABC 2007-06-27 19:49 --------- d-------- C:\Program Files\DVDFab Platinum 3 2007-06-27 18:20 --------- d-------- C:\Program Files\Ro-Desire 2007-06-23 16:07 --------- d-------- C:\Program Files\XviD 2007-06-23 16:04 --------- d-------- C:\Program Files\WinAVI Video Converter 2007-06-23 15:11 --------- d-------- C:\Program Files\Fraps 2007-06-22 19:17 --------- d-------- C:\Program Files\mIRC 2007-06-21 21:50 --------- d-------- C:\DOCUME~1\jon\APPLIC~1\ImgBurn 2007-06-21 20:14 --------- d-------- C:\Program Files\ImgBurn 2007-06-21 19:45 --------- d-------- C:\Program Files\DVD Shrink 2007-06-17 09:27 --------- d-------- C:\Program Files\avijoin 2007-06-17 09:14 --------- d-------- C:\Program Files\PeckJoin 2007-05-22 19:14 8784 --a------ C:\WINDOWS\system32 actrlkeyhook.dll 2007-05-16 17:13 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 17:13 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 17:13 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 17:13 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 17:13 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-16 09:42 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe 2007-05-15 09:45 972336 --a------ C:\WINDOWS\UNNeroVision.exe 2007-03-27 18:58 87608 --a------ C:\DOCUME~1\jon\APPLIC~1\ezpinst.exe 2007-03-27 18:58 47360 --a------ C:\DOCUME~1\jon\APPLIC~1\pcouffin.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-10-24 08:45 C:\WINDOWS\soundman.exe] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 02:36] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26] "nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32 wiz.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 13:01 C:\WINDOWS\KHALMNPR.Exe] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2006-09-13 21:23] "Adobe_ID0EYTHM"="C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2006-01-18 21:47] "RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2006-01-19 10:17] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:54] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-17 22:36] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-08-04 01:44] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-17 22:36:33] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-08-02 18:26:33] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 15:18 49152] R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\system32\drivers\sfsync02.sys R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys R1 ISODrive;ISO CD-ROM Device Driver;\??\C:\Program Files\UltraISO\drivers\ISODrive.sys R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys R1 RxFilter;RxFilter;C:\WINDOWS\system32\DRIVERS\RxFilter.sys R3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys R3 ElbyCDFL;ElbyCDFL;C:\WINDOWS\system32\Drivers\ElbyCDFL.sys R3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidKE.Sys R3 LHidUsbK;Logitech SetPoint USB Receiver device driver;C:\WINDOWS\system32\Drivers\LHidUsbK.Sys R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys S3 chkproc1;chkproc1;\??\C:\Documents and Settings\jon\Local Settings\Temp\Rar$EX00.281\Helios\chkproc.sys S3 GMSIPCI;GMSIPCI;\??\D:\INSTALL\GMSIPCI.SYS S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys S3 LUsbKbd;Logitech SetPoint USB Filter Driver;C:\WINDOWS\system32\drivers\LUsbKbd.sys S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys S3 MSICPL;MSICPL;\??\D:\install4\MSICPL.sys S3 npkycryp;npkycryp;\??\C:\Program Files\Gravity\RO pkycryp.sys S3 NTACCESS;NTACCESS;\??\D:\NTACCESS.sys S3 QCMerced;Logitech QuickCam Communicate;C:\WINDOWS\system32\DRIVERS\LVCM.sys S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld S4 BCIMIZONEXP;BCIMIZONEXP;C:\DOCUME~1\jon\LOCALS~1\Temp\BCIMIZONEXP.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6195407b-3c8d-11d8-925f-806d6172696f}] AutoRun\command- D:\Setup.exe Contents of the 'Scheduled Tasks' folder 2007-08-12 17:31:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-13 11:22:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID] "\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x2022\xd1w\2] "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:000001b7 scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-13 11:26:22 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-13 11:25 --- E O F --- LOG HIJACKTHIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:28:02, on 13/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\system32 vsvc32.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\SOUNDMAN.EXE c:\program files\mcafee.com\agent\mcagent.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\CPSHelpRunner.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32 otepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://french.eazel.com/index.php?rvs=hompag R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: JT's Blocks - http://download2.games.yahoo.com/games/clients/y/blt1_x.cab O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab O16 - DPF: Yahoo! Blackjack - http://download2.games.yahoo.com/games/clients/y/jt0_x.cab O16 - DPF: Yahoo! Bridge - http://download2.games.yahoo.com/games/clients/y/bt1_x.cab O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab O16 - DPF: Yahoo! Euchre - http://download2.games.yahoo.com/games/clients/y/et3_x.cab O16 - DPF: Yahoo! Games Voice Chat - http://presence.games.yahoo.com/yog/y/va1_x.cab O16 - DPF: Yahoo! Go - http://download2.games.yahoo.com/games/clients/y/gt2_x.cab O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt4_x.cab O16 - DPF: Yahoo! MahJong Solitaire - http://download2.games.yahoo.com/games/clients/y/mjst4_x.cab O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab O16 - DPF: Yahoo! Pyramids - http://download2.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: Yahoo! Towers 2.0 - http://download2.games.yahoo.com/games/clients/y/ywt0_x.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32 vsvc32.exe O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCom\RoxUpnpRenderer.exe O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe Voila Merci :)

Malekal_morte- · Answer

Tu l'as acheté McAfee ?

Vas sur http://upload.malekal.com
clic sur parcourir et sélectionne ce fichier : C:\WINDOWS\system32\iribenuc.exe
clic sur envoyer fichier.

Supprime ces fichiers :
C:\WINDOWS\system32\iribenuc.exe
C:\muxmp4.bat

JoN · Answer

Voila c'est fait

ca sert a koi l'upload sur ton ftp ? :)

mélanie · Answer

bonjour à tous, j ai été pendant longtemps sans antivirus, et maintenant mon PC en est remplit, je ne sais malheureusement pas comment faire pour m en débarasser. J ai donc installé avast, alors quand j ai redémarré le pc après avoir installé il a trouvé plein de virus, j ai réussit à en supprimer plusieurs mais pas tous. et quand tout ça a été terminé (au bout de deux heures) il m ont annoncé qu une erreure était survenue lord de l installation d avast. donc fonctionne t il et surtout est ce que ce que j ai fait à servit à quelque chose ?? merci

Malekal_morte- · Answer

JoN, pour voir comment il est détecté et l'envoyer aux éditeurs selon comment.
Tu n'as pas répondu à ma question concernant McAfee.

mélanie, bonjour, stp créé ton propre sujet pour obtenir de l'aide.

cedric36 · Answer

mille fois désolé JON et millle fois desolé malekal morte de m "introduire" ainsi dans le sujet. J ai mon propre sujet " pc tres lent log hijackthis, help me" et j attend desesperement de l aide depuis cette nuit une heure. 
Je sais que ca se fait pas.... j en suis desole...... mais je desespere un peu.....

Et donc Malekal_morte- pourrais tu m aider malgré l impolitesse dont je fais preuve?

Toutes mes excuses à toi JON!

Merci d avance.

Malekal_morte- · Answer

cedric quelqu'un t'a déjà pris en charge..

JoN tu es encore là? tu peux répondre à la question?

[Rootkit] Infécté par rootkit de pubs

8 réponses

Discussions similaires