Marre de toute les pubs
freds30
Messages postés
13
Statut
Membre
-
freds30 Messages postés 13 Statut Membre -
freds30 Messages postés 13 Statut Membre -
Bonjour,
Bonjour,
je sais que je ne suis pas le seul dans ce cas et pourtant moi hormis le fait que j'ai beaucoups de pub qui s'affichent et de tout les styles
sexe,voyance,casino ,svexla etc etc bref aujourd'hui je tire la sonnette d'alarme et je recherche une ame charitable qui saura me depatouillé de tout cela de plus mon winrar ne marche plus c est la misere ni mon ad-aware se a chaque fois que j'essai d'ouvrir cela me met que ca a rencontré un probleme et que mes programmes doivent etre fermé grrrrr j'ai tout tenté j ai meme essayer de retelecharger mais rien n y fait je suis desesperé que faire
Configuration: Windows XP
Internet Explorer 6.0
Bonjour,
je sais que je ne suis pas le seul dans ce cas et pourtant moi hormis le fait que j'ai beaucoups de pub qui s'affichent et de tout les styles
sexe,voyance,casino ,svexla etc etc bref aujourd'hui je tire la sonnette d'alarme et je recherche une ame charitable qui saura me depatouillé de tout cela de plus mon winrar ne marche plus c est la misere ni mon ad-aware se a chaque fois que j'essai d'ouvrir cela me met que ca a rencontré un probleme et que mes programmes doivent etre fermé grrrrr j'ai tout tenté j ai meme essayer de retelecharger mais rien n y fait je suis desesperé que faire
Configuration: Windows XP
Internet Explorer 6.0
A voir également:
- Marre de toute les pubs
- Bloquer les pubs youtube - Accueil - Streaming
- Supprimer les pubs - Guide
- Bloqueur de pub m6 - Forum Windows 10
- Pourquoi j'ai des pubs de site de rencontre ✓ - Forum Virus
- Comment couper le son des pubs dans les jeux - Forum Enceintes / HiFi
10 réponses
Bonjour,
Comme pour tous les autres,
N'utiliser pas internet explorer / Mais firefox avec un plug in tierce adblock plus
En ce qui concerne ta machine il est fort probable qu'elle soit infecté de spyware.
va sur le site de filehippo.com et recupere hijackthis
et post le resultat
Merci
Comme pour tous les autres,
N'utiliser pas internet explorer / Mais firefox avec un plug in tierce adblock plus
En ce qui concerne ta machine il est fort probable qu'elle soit infecté de spyware.
va sur le site de filehippo.com et recupere hijackthis
et post le resultat
Merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:08, on 09/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avast\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\WinRAR\WinRAR.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4URSC81Q\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-018845CDF059} - C:\Program Files\Invyyifm\elstwaal.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7EFF4F77-8C6F-49BC-B6BA-BD693C496DF0} - C:\WINDOWS\system32\mllih.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\fphkgghw.dll
O2 - BHO: (no name) - {8DC13F33-719B-46C9-A590-6FA097E0570F} - C:\WINDOWS\system32\opnkhig.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B8CFE439-3388-46A6-94D8-5D67F1719D24} - C:\WINDOWS\system32\opnop.dll
O2 - BHO: CAdBlocker Object - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ovkwnroy.dll",sitypnow
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: º£ÐÅÎÞÏßÍø¿¨ÉèÖóÌÐò.url
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Micro Application Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - (no file)
O20 - Winlogon Notify: iifgeec - iifgeec.dll (file missing)
O20 - Winlogon Notify: mllih - C:\WINDOWS\system32\mllih.dll (file missing)
O20 - Winlogon Notify: opnkhig - C:\WINDOWS\SYSTEM32\opnkhig.dll
O20 - Winlogon Notify: opnop - C:\WINDOWS\system32\opnop.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\kslmkvge.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF
Scan saved at 16:34:08, on 09/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avast\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\WinRAR\WinRAR.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4URSC81Q\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-018845CDF059} - C:\Program Files\Invyyifm\elstwaal.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7EFF4F77-8C6F-49BC-B6BA-BD693C496DF0} - C:\WINDOWS\system32\mllih.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\fphkgghw.dll
O2 - BHO: (no name) - {8DC13F33-719B-46C9-A590-6FA097E0570F} - C:\WINDOWS\system32\opnkhig.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B8CFE439-3388-46A6-94D8-5D67F1719D24} - C:\WINDOWS\system32\opnop.dll
O2 - BHO: CAdBlocker Object - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ovkwnroy.dll",sitypnow
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: º£ÐÅÎÞÏßÍø¿¨ÉèÖóÌÐò.url
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Micro Application Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - (no file)
O20 - Winlogon Notify: iifgeec - iifgeec.dll (file missing)
O20 - Winlogon Notify: mllih - C:\WINDOWS\system32\mllih.dll (file missing)
O20 - Winlogon Notify: opnkhig - C:\WINDOWS\SYSTEM32\opnkhig.dll
O20 - Winlogon Notify: opnop - C:\WINDOWS\system32\opnop.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\kslmkvge.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF
Bonjour,
Ouaaa ya du monde ,,
Relance hijackthis et coche ceci
et click sur fix checked
O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-018845CDF059} - C:\Program Files\Invyyifm\elstwaal.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7EFF4F77-8C6F-49BC-B6BA-BD693C496DF0} - C:\WINDOWS\system32\mllih.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\fphkgghw.dll
O2 - BHO: (no name) - {8DC13F33-719B-46C9-A590-6FA097E0570F} - C:\WINDOWS\system32\opnkhig.dll
O2 - BHO: (no name) - {B8CFE439-3388-46A6-94D8-5D67F1719D24} - C:\WINDOWS\system32\opnop.dll
As tu windows defender ?
Lance le
Fais un scan nettoye et re post un log d'hijackthis
Merci
Ouaaa ya du monde ,,
Relance hijackthis et coche ceci
et click sur fix checked
O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-018845CDF059} - C:\Program Files\Invyyifm\elstwaal.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7EFF4F77-8C6F-49BC-B6BA-BD693C496DF0} - C:\WINDOWS\system32\mllih.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\fphkgghw.dll
O2 - BHO: (no name) - {8DC13F33-719B-46C9-A590-6FA097E0570F} - C:\WINDOWS\system32\opnkhig.dll
O2 - BHO: (no name) - {B8CFE439-3388-46A6-94D8-5D67F1719D24} - C:\WINDOWS\system32\opnop.dll
As tu windows defender ?
Lance le
Fais un scan nettoye et re post un log d'hijackthis
Merci
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
slt peux tu aussi nous coller les resultats suivant svp
scan avec vundofix
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
puis :
---------
virtumondebegone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
----------
combofix (colle le rapport)
http://mickael.barroux.free.fr/securite/combofix.php
_____________
recolle ensuite un hijackhtis mais il ne faut pas qu'il soit dans un fichier temporaire
scan avec vundofix
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
puis :
---------
virtumondebegone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
----------
combofix (colle le rapport)
http://mickael.barroux.free.fr/securite/combofix.php
_____________
recolle ensuite un hijackhtis mais il ne faut pas qu'il soit dans un fichier temporaire
euh en relancant le hijackthis j'ai recherché les clé precedement cité mais je ne les trouve pas on dirais que le rapport a changer regardé !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:10, on 09/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avast\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\etnbggdb.dll",sitypnow
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: º£ÐÅÎÞÏßÍø¿¨ÉèÖóÌÐò.url
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Micro Application Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - (no file)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\kslmkvge.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:10, on 09/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avast\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\etnbggdb.dll",sitypnow
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: º£ÐÅÎÞÏßÍø¿¨ÉèÖóÌÐò.url
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Micro Application Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - (no file)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\kslmkvge.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF
c'est par ce que tu as une infection vundo et que tu n'as pas renommer hijackthis
et que tu as peut etre fixé des cases
renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
colle les rapports de mon message 5
a plus
et que tu as peut etre fixé des cases
renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
colle les rapports de mon message 5
a plus
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:20:46, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\wifi\CW210Cfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\etnbggdb.dll",sitypnow
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: º£ÐÅÎÞÏßÍø¿¨ÉèÖóÌÐò.url
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Micro Application Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - (no file)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\kslmkvge.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF
Scan saved at 00:20:46, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\wifi\CW210Cfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\etnbggdb.dll",sitypnow
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: º£ÐÅÎÞÏßÍø¿¨ÉèÖóÌÐò.url
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Micro Application Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - (no file)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\kslmkvge.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF
rapport combofix
ComboFix 07-10-10.1 - Administrateur 2007-10-10 1:32:51.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.196 [GMT 2:00]
* Created a new restore point
.
[color=red][b] Le Rootkit driver pe386 est présent... tentative de désinfection [/b][/color]
[color=blue] pe386 ...... driver déchargé avec succès.[/color]
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Fichiers communs\{48421~1
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\SecCenter\scprot4.exe.bak
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\WebMediaPlayer.url
C:\WINDOWS\cookies.ini
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\amydpdgsdj.dat
C:\WINDOWS\system32\amydpdgsdj_nav.dat
C:\WINDOWS\system32\amydpdgsdj_navps.dat
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\iqnbvpd.dat
C:\WINDOWS\system32\iqnbvpd_nav.dat
C:\WINDOWS\system32\iqnbvpd_navps.dat
C:\WINDOWS\system32\lzx32.sys
C:\WINDOWS\system32\packet.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NM
-------\LEGACY_NPF
-------\LEGACY_WINDOWS_LOG
-------\DomainService
-------\nm
-------\NPF
((((((((((((((((((((((((((((( Fichiers créés 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))))))))
.
2007-10-10 01:29 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 00:29 <REP> d-------- C:\VundoFix Backups
2007-10-09 19:48 <REP> d-------- C:\Program Files\Navilog1
2007-10-09 19:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-10-09 17:11 <REP> d-------- C:\Program Files\Trend Micro
2007-09-30 19:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\pixelStorm
2007-09-24 10:43 <REP> d-------- C:\Program Files\TomTom DesktopSuite
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 22:16 --------- d-----w C:\Program Files\Invyyifm
2007-10-09 17:39 --------- d-----w C:\Program Files\Avast
2007-10-09 00:03 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
2007-10-08 22:38 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
2007-10-08 22:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-08 22:37 --------- d-----w C:\Program Files\Google
2007-10-07 11:38 --------- d-----w C:\Program Files\xwvwrsfs
2007-10-06 14:27 --------- d-----w C:\Program Files\The Logo Creator v3
2007-10-06 07:45 --------- d-----w C:\Program Files\Ulead Systems
2007-10-03 07:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-30 12:46 --------- d-----w C:\Program Files\Dl_cats
2007-09-25 12:00 --------- d-----w C:\Program Files\Maxthon
2007-09-20 19:46 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2007-09-19 17:39 --------- d-----w C:\Program Files\uTorrent
2007-08-30 18:27 --------- d-----w C:\Program Files\xqzolwpi
2007-08-30 18:16 --------- d-----w C:\Program Files\Maxthon2
2007-08-30 14:31 --------- d-----w C:\Program Files\Yahoo!
2007-08-20 16:10 --------- d-----w C:\Program Files\VirtualDJ
2007-08-19 23:20 --------- d-----w C:\Program Files\Siber Systems
2007-08-19 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2007-08-17 23:42 --------- d-----w C:\Program Files\Pinnacle
2007-08-17 23:34 --------- d-----w C:\Program Files\3GP Video Converter 3
2007-08-17 18:17 --------- d-----w C:\Program Files\AliveMedia
2007-07-23 11:40 1,022 ----a-w C:\Documents and Settings\Administrateur\Application Data\wklnhst.dat
2002-01-30 19:22 464 ----a-w C:\Documents and Settings\USB CF Reader\layout.bin
2000-05-16 15:36 139,264 ----a-w C:\Documents and Settings\USB CF Reader\Setup.exe
1999-06-09 12:25 28,672 ----a-w C:\Documents and Settings\USB CF Reader\LAUNCH.EXE
2006-11-12 08:38:31 11,740 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F5E9987-FD12-408E-3612-018845CDF059}]
C:\Program Files\Invyyifm\elstwaal.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73264A54-ACA0-425A-A0A2-ED58369A9DA8}]
C:\WINDOWS\system32\opnop.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 04:55 C:\WINDOWS\system32\bthprops.cpl]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 20:55]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-09 19:33]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-18 19:08]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Mn@iboddPubswLfov"=0 (0x0)
"Mn@mlrf"=0 (0x0)
"MnOndNeg"=0 (0x0)
"MnQtm"=0 (0x0)
"NoLogOff"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgeec]
iifgeec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^AquariumDesktop2006.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^__delete_on_reboot__i_e_x_p_l_o_r_e_._e_x_e_]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\__delete_on_reboot__i_e_x_p_l_o_r_e_._e_x_e_
backup=C:\WINDOWS\pss\__delete_on_reboot__i_e_x_p_l_o_r_e_._e_x_e_Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bchidqhs]
regsvr32 /u "C:\Documents and Settings\All Users\Application Data\bchidqhs.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvlil.dll,startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Emule Speed Booster]
"C:\Program Files\Emule Speed Booster\Emule Speed Booster.exe" -tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryManager]
rundll32.exe "C:\WINDOWS\system32\qdmqnevp.dll",forkonce
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mlexkjat]
rundll32.exe "C:\Program Files\xwvwrsfs\hqtyjazy.dll",Init
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
rundll32.exe "C:\WINDOWS\system32\ofhumogg.dll",sitypnow
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stonedrv]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xqzolwpi]
rundll32.exe "C:\Program Files\xqzolwpi\xqpmbkxy.dll",Init
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys
R2 Vcs;Vcs support;\??\C:\WINDOWS\system32\Drivers\Vcs.sys
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\CBTNDIS5.SYS
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys
R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
S1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
S3 CW210g;Hi-link CW210g Cardbus Adapter Driver;C:\WINDOWS\system32\DRIVERS\CW210XP.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e7be511-a35f-11db-9997-0001360a6d97}]
AutoRun\command - F:\InstallTomTomHOME.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-08 22:00:00 C:\WINDOWS\Tasks\At1.job"
"2007-09-27 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-08 08:00:00 C:\WINDOWS\Tasks\At11.job"
"2007-10-08 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-08 10:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-08 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-08 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-08 13:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-09 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-08 15:00:00 C:\WINDOWS\Tasks\At18.job"
"2007-10-09 16:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-09 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-09 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-09 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-07 19:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-07 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-08 21:00:00 C:\WINDOWS\Tasks\At24.job"
"2007-10-08 22:00:00 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-09 23:00:00 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-09 00:00:00 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-09 01:00:02 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-09 02:00:00 C:\WINDOWS\Tasks\At29.job"
"2007-10-09 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-08-20 13:28:15 C:\WINDOWS\Tasks\At30.job"
"2007-08-20 13:28:15 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-08-20 13:28:15 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-09-14 06:00:00 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-09-27 07:00:00 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-08 08:00:00 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-08 09:00:00 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-08 10:00:00 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-08 11:00:00 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-08 12:00:00 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-09 01:00:03 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-08 13:00:00 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-09 14:00:00 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-08 15:00:00 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-09 16:00:00 C:\WINDOWS\Tasks\At43.job"
"2007-10-09 17:00:00 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-09 18:00:00 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-07 19:00:00 C:\WINDOWS\Tasks\At46.job"
"2007-10-07 20:00:00 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-08 21:00:00 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-08 22:00:00 C:\WINDOWS\Tasks\At49.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-09 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-09 23:00:00 C:\WINDOWS\Tasks\At50.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-09 00:00:00 C:\WINDOWS\Tasks\At51.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-09 01:00:03 C:\WINDOWS\Tasks\At52.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-09 02:00:00 C:\WINDOWS\Tasks\At53.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-08-29 01:49:23 C:\WINDOWS\Tasks\At54.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-08-29 01:49:23 C:\WINDOWS\Tasks\At55.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-08-29 01:49:23 C:\WINDOWS\Tasks\At56.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-09-14 06:00:00 C:\WINDOWS\Tasks\At57.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-09-27 07:00:00 C:\WINDOWS\Tasks\At58.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-08 08:00:00 C:\WINDOWS\Tasks\At59.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-08-18 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-08 09:00:00 C:\WINDOWS\Tasks\At60.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-08 10:00:00 C:\WINDOWS\Tasks\At61.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-08 11:00:00 C:\WINDOWS\Tasks\At62.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-08 12:00:00 C:\WINDOWS\Tasks\At63.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-08 13:00:00 C:\WINDOWS\Tasks\At64.job"
"2007-10-09 14:00:00 C:\WINDOWS\Tasks\At65.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-08 15:00:00 C:\WINDOWS\Tasks\At66.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-09 16:00:00 C:\WINDOWS\Tasks\At67.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-09 17:00:00 C:\WINDOWS\Tasks\At68.job"
"2007-10-09 18:00:00 C:\WINDOWS\Tasks\At69.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-08-02 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-07 19:00:00 C:\WINDOWS\Tasks\At70.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-07 20:00:00 C:\WINDOWS\Tasks\At71.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-08 21:00:00 C:\WINDOWS\Tasks\At72.job"
"2007-08-02 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-09-14 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-09 23:41:13 C:\WINDOWS\Tasks\Symantec NetDetect.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 01:42:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-10-10 1:44:50 - machine was rebooted
.
--- E O F ---
et le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:49:26, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\wifi\CW210Cfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-018845CDF059} - C:\Program Files\Invyyifm\elstwaal.dll (file missing)
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {73264A54-ACA0-425A-A0A2-ED58369A9DA8} - C:\WINDOWS\system32\opnop.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CAdBlocker Object - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: º£ÐÅÎÞÏßÍø¿¨ÉèÖóÌÐò.url
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Micro Application Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - (no file)
O20 - Winlogon Notify: iifgeec - iifgeec.dll (file missing)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF
ComboFix 07-10-10.1 - Administrateur 2007-10-10 1:32:51.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.196 [GMT 2:00]
* Created a new restore point
.
[color=red][b] Le Rootkit driver pe386 est présent... tentative de désinfection [/b][/color]
[color=blue] pe386 ...... driver déchargé avec succès.[/color]
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Fichiers communs\{48421~1
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\SecCenter\scprot4.exe.bak
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\WebMediaPlayer.url
C:\WINDOWS\cookies.ini
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\amydpdgsdj.dat
C:\WINDOWS\system32\amydpdgsdj_nav.dat
C:\WINDOWS\system32\amydpdgsdj_navps.dat
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\iqnbvpd.dat
C:\WINDOWS\system32\iqnbvpd_nav.dat
C:\WINDOWS\system32\iqnbvpd_navps.dat
C:\WINDOWS\system32\lzx32.sys
C:\WINDOWS\system32\packet.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NM
-------\LEGACY_NPF
-------\LEGACY_WINDOWS_LOG
-------\DomainService
-------\nm
-------\NPF
((((((((((((((((((((((((((((( Fichiers créés 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))))))))
.
2007-10-10 01:29 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 00:29 <REP> d-------- C:\VundoFix Backups
2007-10-09 19:48 <REP> d-------- C:\Program Files\Navilog1
2007-10-09 19:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-10-09 17:11 <REP> d-------- C:\Program Files\Trend Micro
2007-09-30 19:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\pixelStorm
2007-09-24 10:43 <REP> d-------- C:\Program Files\TomTom DesktopSuite
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 22:16 --------- d-----w C:\Program Files\Invyyifm
2007-10-09 17:39 --------- d-----w C:\Program Files\Avast
2007-10-09 00:03 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
2007-10-08 22:38 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
2007-10-08 22:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-08 22:37 --------- d-----w C:\Program Files\Google
2007-10-07 11:38 --------- d-----w C:\Program Files\xwvwrsfs
2007-10-06 14:27 --------- d-----w C:\Program Files\The Logo Creator v3
2007-10-06 07:45 --------- d-----w C:\Program Files\Ulead Systems
2007-10-03 07:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-30 12:46 --------- d-----w C:\Program Files\Dl_cats
2007-09-25 12:00 --------- d-----w C:\Program Files\Maxthon
2007-09-20 19:46 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2007-09-19 17:39 --------- d-----w C:\Program Files\uTorrent
2007-08-30 18:27 --------- d-----w C:\Program Files\xqzolwpi
2007-08-30 18:16 --------- d-----w C:\Program Files\Maxthon2
2007-08-30 14:31 --------- d-----w C:\Program Files\Yahoo!
2007-08-20 16:10 --------- d-----w C:\Program Files\VirtualDJ
2007-08-19 23:20 --------- d-----w C:\Program Files\Siber Systems
2007-08-19 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2007-08-17 23:42 --------- d-----w C:\Program Files\Pinnacle
2007-08-17 23:34 --------- d-----w C:\Program Files\3GP Video Converter 3
2007-08-17 18:17 --------- d-----w C:\Program Files\AliveMedia
2007-07-23 11:40 1,022 ----a-w C:\Documents and Settings\Administrateur\Application Data\wklnhst.dat
2002-01-30 19:22 464 ----a-w C:\Documents and Settings\USB CF Reader\layout.bin
2000-05-16 15:36 139,264 ----a-w C:\Documents and Settings\USB CF Reader\Setup.exe
1999-06-09 12:25 28,672 ----a-w C:\Documents and Settings\USB CF Reader\LAUNCH.EXE
2006-11-12 08:38:31 11,740 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F5E9987-FD12-408E-3612-018845CDF059}]
C:\Program Files\Invyyifm\elstwaal.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73264A54-ACA0-425A-A0A2-ED58369A9DA8}]
C:\WINDOWS\system32\opnop.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 04:55 C:\WINDOWS\system32\bthprops.cpl]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 20:55]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-09 19:33]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-18 19:08]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Mn@iboddPubswLfov"=0 (0x0)
"Mn@mlrf"=0 (0x0)
"MnOndNeg"=0 (0x0)
"MnQtm"=0 (0x0)
"NoLogOff"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgeec]
iifgeec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^AquariumDesktop2006.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^__delete_on_reboot__i_e_x_p_l_o_r_e_._e_x_e_]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\__delete_on_reboot__i_e_x_p_l_o_r_e_._e_x_e_
backup=C:\WINDOWS\pss\__delete_on_reboot__i_e_x_p_l_o_r_e_._e_x_e_Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bchidqhs]
regsvr32 /u "C:\Documents and Settings\All Users\Application Data\bchidqhs.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvlil.dll,startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Emule Speed Booster]
"C:\Program Files\Emule Speed Booster\Emule Speed Booster.exe" -tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryManager]
rundll32.exe "C:\WINDOWS\system32\qdmqnevp.dll",forkonce
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mlexkjat]
rundll32.exe "C:\Program Files\xwvwrsfs\hqtyjazy.dll",Init
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
rundll32.exe "C:\WINDOWS\system32\ofhumogg.dll",sitypnow
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stonedrv]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xqzolwpi]
rundll32.exe "C:\Program Files\xqzolwpi\xqpmbkxy.dll",Init
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys
R2 Vcs;Vcs support;\??\C:\WINDOWS\system32\Drivers\Vcs.sys
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\CBTNDIS5.SYS
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys
R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
S1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
S3 CW210g;Hi-link CW210g Cardbus Adapter Driver;C:\WINDOWS\system32\DRIVERS\CW210XP.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e7be511-a35f-11db-9997-0001360a6d97}]
AutoRun\command - F:\InstallTomTomHOME.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-08 22:00:00 C:\WINDOWS\Tasks\At1.job"
"2007-09-27 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-08 08:00:00 C:\WINDOWS\Tasks\At11.job"
"2007-10-08 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-08 10:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-08 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-08 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-08 13:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-09 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-08 15:00:00 C:\WINDOWS\Tasks\At18.job"
"2007-10-09 16:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-09 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-09 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-09 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-07 19:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-07 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-08 21:00:00 C:\WINDOWS\Tasks\At24.job"
"2007-10-08 22:00:00 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-09 23:00:00 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-09 00:00:00 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-09 01:00:02 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-09 02:00:00 C:\WINDOWS\Tasks\At29.job"
"2007-10-09 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-08-20 13:28:15 C:\WINDOWS\Tasks\At30.job"
"2007-08-20 13:28:15 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-08-20 13:28:15 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-09-14 06:00:00 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-09-27 07:00:00 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-08 08:00:00 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-08 09:00:00 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-08 10:00:00 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-08 11:00:00 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-08 12:00:00 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-09 01:00:03 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-08 13:00:00 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-09 14:00:00 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-08 15:00:00 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-09 16:00:00 C:\WINDOWS\Tasks\At43.job"
"2007-10-09 17:00:00 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-09 18:00:00 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-07 19:00:00 C:\WINDOWS\Tasks\At46.job"
"2007-10-07 20:00:00 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-08 21:00:00 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\6780jTf8.exe
"2007-10-08 22:00:00 C:\WINDOWS\Tasks\At49.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-09 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-09 23:00:00 C:\WINDOWS\Tasks\At50.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-09 00:00:00 C:\WINDOWS\Tasks\At51.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-09 01:00:03 C:\WINDOWS\Tasks\At52.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-09 02:00:00 C:\WINDOWS\Tasks\At53.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-08-29 01:49:23 C:\WINDOWS\Tasks\At54.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-08-29 01:49:23 C:\WINDOWS\Tasks\At55.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-08-29 01:49:23 C:\WINDOWS\Tasks\At56.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-09-14 06:00:00 C:\WINDOWS\Tasks\At57.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-09-27 07:00:00 C:\WINDOWS\Tasks\At58.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-08 08:00:00 C:\WINDOWS\Tasks\At59.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-08-18 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-08 09:00:00 C:\WINDOWS\Tasks\At60.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-08 10:00:00 C:\WINDOWS\Tasks\At61.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-08 11:00:00 C:\WINDOWS\Tasks\At62.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-08 12:00:00 C:\WINDOWS\Tasks\At63.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-08 13:00:00 C:\WINDOWS\Tasks\At64.job"
"2007-10-09 14:00:00 C:\WINDOWS\Tasks\At65.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-08 15:00:00 C:\WINDOWS\Tasks\At66.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-09 16:00:00 C:\WINDOWS\Tasks\At67.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-09 17:00:00 C:\WINDOWS\Tasks\At68.job"
"2007-10-09 18:00:00 C:\WINDOWS\Tasks\At69.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-08-02 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-07 19:00:00 C:\WINDOWS\Tasks\At70.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-07 20:00:00 C:\WINDOWS\Tasks\At71.job"
- C:\WINDOWS\system32\Q18bV8Cd.exe
"2007-10-08 21:00:00 C:\WINDOWS\Tasks\At72.job"
"2007-08-02 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-09-14 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\c42WKBk8.exe
"2007-10-09 23:41:13 C:\WINDOWS\Tasks\Symantec NetDetect.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 01:42:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-10-10 1:44:50 - machine was rebooted
.
--- E O F ---
et le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:49:26, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\wifi\CW210Cfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-018845CDF059} - C:\Program Files\Invyyifm\elstwaal.dll (file missing)
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {73264A54-ACA0-425A-A0A2-ED58369A9DA8} - C:\WINDOWS\system32\opnop.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CAdBlocker Object - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: º£ÐÅÎÞÏßÍø¿¨ÉèÖóÌÐò.url
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Micro Application Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - (no file)
O20 - Winlogon Notify: iifgeec - iifgeec.dll (file missing)
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF
