.:!? Defense Net Surfage ?!:.
deconnexion
-
Pat -
Pat -
Bonjour tout le monde,
Voila je vais vous expliquez mon probleme, depuis hier je suis infécté par le virus "Defense-Net-Surfage", j'ais deja essayé spybot et la pluparts des anti-virus que j'avais sous la main et ils n'ont rien arrangés vis a vis de l'infection -.-'
Alors si vous avez une idée pour me debarasser de cette s***** surtout n'hésiter pas car je commence a desesperé la ^^'
Voila je vais vous expliquez mon probleme, depuis hier je suis infécté par le virus "Defense-Net-Surfage", j'ais deja essayé spybot et la pluparts des anti-virus que j'avais sous la main et ils n'ont rien arrangés vis a vis de l'infection -.-'
Alors si vous avez une idée pour me debarasser de cette s***** surtout n'hésiter pas car je commence a desesperé la ^^'
18 réponses
Bonsoir,
télécharge HijackThis ici:
https://www.zebulon.fr/telechargements/securite/systeme/hijackthis.html
Clique sur "do a system scan and save logfile"
faire un copier coller du log entier sur le forum
Une démo si c'est compliqué :
http://pageperso.aol.fr/balltrap34/demohijack.htm
télécharge HijackThis ici:
https://www.zebulon.fr/telechargements/securite/systeme/hijackthis.html
Clique sur "do a system scan and save logfile"
faire un copier coller du log entier sur le forum
Une démo si c'est compliqué :
http://pageperso.aol.fr/balltrap34/demohijack.htm
Voili voilou, bonne lecture ^^'
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15:07, on 20/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\System32\CTSvcCDA.exe
I:\_INSTALLEDs - XP\_NORTON-av\DefWatch.exe
H:\WINDOWS\System32\_svchost.exe
H:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
H:\WINDOWS\system32\Ati2evxx.exe
I:\_INSTALLEDs - XP\_Daemon Tools\daemon.exe
H:\Program Files\Saitek\Software\ProfilerU.exe
H:\Program Files\Saitek\Software\SaiMfd.exe
H:\WINDOWS\Mixer.exe
H:\Program Files\Creative\ShareDLL\CtNotify.exe
H:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
H:\WINDOWS\TEMP\winlogan.exe
I:\_INSTALLEDs - XP\_Omnichat\OmniChat.exe
H:\Program Files\MSI\Common\ApUI.exe
H:\WINDOWS\explorer.exe
I:\_INSTALLEDs - XP\_Antipub\antipub.exe
I:\_INSTALLEDs - XP\_Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe
H:\WINDOWS\System32\taskmgr.exe
I:\_INSTA~1\_MozillaFireFox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - I:\_BTL\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - I:\_INSTA~1\_ASHAM~1\PopUp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\_INSTA~1\_SPYBO~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: H:\WINDOWS\System32\Dhgthfg.dll - {B5AC49A2-94F3-42BD-F434-2604812C897D} - H:\WINDOWS\System32\Dhgthfg.dll
O2 - BHO: H:\WINDOWS\System32\S7dsf4g.dll - {B5AF0562-94F3-42BD-F434-2604812C297D} - H:\WINDOWS\System32\S7dsf4g.dll
O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - H:\WINDOWS\system32\ramtmb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - I:\_BTL\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Détecteur de disque] H:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "I:\_INSTALLEDs - XP\_Daemon Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "H:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Profiler] H:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] H:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [clcl14] H:\WINDOWS\System32\clcl14.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Disc Detector] H:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Internet Explorer] H:\WINDOWS\System32\_svchost.exe
O4 - HKLM\..\Run: [f94mggfhfghodftdf] H:\WINDOWS\TEMP\winlogan.exe
O4 - HKCU\..\Run: [OmniChat] I:\_INSTALLEDs - XP\_Omnichat\OmniChat.exe
O4 - HKCU\..\Run: [Windows Rescue System] H:\DOCUME~1\ATHANA~1.DUR\LOCALS~1\Temp\winsto.exe
O4 - HKCU\..\Run: [f94mggfhfghodftdf] H:\WINDOWS\TEMP\winlogan.exe
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] H:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = D:\_INSTALLEDs\_Antipub\antipub.exe
O4 - Global Startup: MSI Wireless Utility.lnk = H:\Program Files\MSI\Common\ApUI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\WINDOWS\web\related.htm
O12 - Plugin for .mp3: H:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAF80C01-1B89-4648-A6FE-5AE61B436E5F}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: H:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: Ieeixrp - H:\WINDOWS\SYSTEM32\ieeixrp.dll
O21 - SSODL: printers - {A747088C-A1F5-4610-8666-D65862BFAF5A} - libcintle2.dll (file missing)
O22 - SharedTaskScheduler: sdf4dr4gfdgeetj - {B5AC49A2-94F3-42BD-F434-2604812C897D} - H:\WINDOWS\System32\Dhgthfg.dll
O22 - SharedTaskScheduler: JGhjddf9dtj - {B5AF0562-94F3-42BD-F434-2604812C297D} - H:\WINDOWS\System32\S7dsf4g.dll
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - I:\_INSTALLEDs - XP\_NORTON-av\DefWatch.exe
O23 - Service: GoogleDesktopManager - Unknown owner - H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft Internet Explorer - Unknown owner - H:\WINDOWS\System32\_svchost.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - h:\windows\system32\msvcrtd.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - I:\_INSTALLEDs - XP\_NORTON-av\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - I:\_INSTALLEDs - XP\_NORTON-av\Rtvscan.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - I:\_INSTALLEDs - XP\_TUNE_UP\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - H:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15:07, on 20/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\System32\CTSvcCDA.exe
I:\_INSTALLEDs - XP\_NORTON-av\DefWatch.exe
H:\WINDOWS\System32\_svchost.exe
H:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
H:\WINDOWS\system32\Ati2evxx.exe
I:\_INSTALLEDs - XP\_Daemon Tools\daemon.exe
H:\Program Files\Saitek\Software\ProfilerU.exe
H:\Program Files\Saitek\Software\SaiMfd.exe
H:\WINDOWS\Mixer.exe
H:\Program Files\Creative\ShareDLL\CtNotify.exe
H:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
H:\WINDOWS\TEMP\winlogan.exe
I:\_INSTALLEDs - XP\_Omnichat\OmniChat.exe
H:\Program Files\MSI\Common\ApUI.exe
H:\WINDOWS\explorer.exe
I:\_INSTALLEDs - XP\_Antipub\antipub.exe
I:\_INSTALLEDs - XP\_Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe
H:\WINDOWS\System32\taskmgr.exe
I:\_INSTA~1\_MozillaFireFox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - I:\_BTL\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - I:\_INSTA~1\_ASHAM~1\PopUp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\_INSTA~1\_SPYBO~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: H:\WINDOWS\System32\Dhgthfg.dll - {B5AC49A2-94F3-42BD-F434-2604812C897D} - H:\WINDOWS\System32\Dhgthfg.dll
O2 - BHO: H:\WINDOWS\System32\S7dsf4g.dll - {B5AF0562-94F3-42BD-F434-2604812C297D} - H:\WINDOWS\System32\S7dsf4g.dll
O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - H:\WINDOWS\system32\ramtmb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - I:\_BTL\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Détecteur de disque] H:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "I:\_INSTALLEDs - XP\_Daemon Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "H:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Profiler] H:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] H:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [clcl14] H:\WINDOWS\System32\clcl14.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Disc Detector] H:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Internet Explorer] H:\WINDOWS\System32\_svchost.exe
O4 - HKLM\..\Run: [f94mggfhfghodftdf] H:\WINDOWS\TEMP\winlogan.exe
O4 - HKCU\..\Run: [OmniChat] I:\_INSTALLEDs - XP\_Omnichat\OmniChat.exe
O4 - HKCU\..\Run: [Windows Rescue System] H:\DOCUME~1\ATHANA~1.DUR\LOCALS~1\Temp\winsto.exe
O4 - HKCU\..\Run: [f94mggfhfghodftdf] H:\WINDOWS\TEMP\winlogan.exe
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] H:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = D:\_INSTALLEDs\_Antipub\antipub.exe
O4 - Global Startup: MSI Wireless Utility.lnk = H:\Program Files\MSI\Common\ApUI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\WINDOWS\web\related.htm
O12 - Plugin for .mp3: H:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAF80C01-1B89-4648-A6FE-5AE61B436E5F}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: H:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: Ieeixrp - H:\WINDOWS\SYSTEM32\ieeixrp.dll
O21 - SSODL: printers - {A747088C-A1F5-4610-8666-D65862BFAF5A} - libcintle2.dll (file missing)
O22 - SharedTaskScheduler: sdf4dr4gfdgeetj - {B5AC49A2-94F3-42BD-F434-2604812C897D} - H:\WINDOWS\System32\Dhgthfg.dll
O22 - SharedTaskScheduler: JGhjddf9dtj - {B5AF0562-94F3-42BD-F434-2604812C297D} - H:\WINDOWS\System32\S7dsf4g.dll
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - I:\_INSTALLEDs - XP\_NORTON-av\DefWatch.exe
O23 - Service: GoogleDesktopManager - Unknown owner - H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft Internet Explorer - Unknown owner - H:\WINDOWS\System32\_svchost.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - h:\windows\system32\msvcrtd.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - I:\_INSTALLEDs - XP\_NORTON-av\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - I:\_INSTALLEDs - XP\_NORTON-av\Rtvscan.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - I:\_INSTALLEDs - XP\_TUNE_UP\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - H:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
re,
donc coche les cases puis fait fix checked :
H:\WINDOWS\System32\_svchost.exe
H:\WINDOWS\TEMP\winlogan.exe
O2 - BHO: H:\WINDOWS\System32\Dhgthfg.dll - {B5AC49A2-94F3-42BD-F434-2604812C897D} - H:\WINDOWS\System32\Dhgthfg.dll
O2 - BHO: H:\WINDOWS\System32\S7dsf4g.dll - {B5AF0562-94F3-42BD-F434-2604812C297D} - H:\WINDOWS\System32\S7dsf4g.dll
O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - H:\WINDOWS\system32\ramtmb.dll
O4 - HKLM\..\Run: [clcl14] H:\WINDOWS\System32\clcl14.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] H:\WINDOWS\System32\_svchost.exe
O4 - HKLM\..\Run: [f94mggfhfghodftdf] H:\WINDOWS\TEMP\winlogan.exe
O4 - HKCU\..\Run: [f94mggfhfghodftdf] H:\WINDOWS\TEMP\winlogan.exe
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] H:\WINDOWS\svchost.exe
O20 - Winlogon Notify: Ieeixrp - H:\WINDOWS\SYSTEM32\ieeixrp.dll
O21 - SSODL: printers - {A747088C-A1F5-4610-8666-D65862BFAF5A} - libcintle2.dll (file missing)
O22 - SharedTaskScheduler: sdf4dr4gfdgeetj - {B5AC49A2-94F3-42BD-F434-2604812C897D} - H:\WINDOWS\System32\Dhgthfg.dll
O22 - SharedTaskScheduler: JGhjddf9dtj - {B5AF0562-94F3-42BD-F434-2604812C297D} - H:\WINDOWS\System32\S7dsf4g.dll
O23 - Service: Microsoft Internet Explorer - Unknown owner - H:\WINDOWS\System32\_svchost.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - h:\windows\system32\msvcrtd.exe (file missing)
Ouff redemarre le pc je te dit la suite...
donc coche les cases puis fait fix checked :
H:\WINDOWS\System32\_svchost.exe
H:\WINDOWS\TEMP\winlogan.exe
O2 - BHO: H:\WINDOWS\System32\Dhgthfg.dll - {B5AC49A2-94F3-42BD-F434-2604812C897D} - H:\WINDOWS\System32\Dhgthfg.dll
O2 - BHO: H:\WINDOWS\System32\S7dsf4g.dll - {B5AF0562-94F3-42BD-F434-2604812C297D} - H:\WINDOWS\System32\S7dsf4g.dll
O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - H:\WINDOWS\system32\ramtmb.dll
O4 - HKLM\..\Run: [clcl14] H:\WINDOWS\System32\clcl14.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] H:\WINDOWS\System32\_svchost.exe
O4 - HKLM\..\Run: [f94mggfhfghodftdf] H:\WINDOWS\TEMP\winlogan.exe
O4 - HKCU\..\Run: [f94mggfhfghodftdf] H:\WINDOWS\TEMP\winlogan.exe
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] H:\WINDOWS\svchost.exe
O20 - Winlogon Notify: Ieeixrp - H:\WINDOWS\SYSTEM32\ieeixrp.dll
O21 - SSODL: printers - {A747088C-A1F5-4610-8666-D65862BFAF5A} - libcintle2.dll (file missing)
O22 - SharedTaskScheduler: sdf4dr4gfdgeetj - {B5AC49A2-94F3-42BD-F434-2604812C897D} - H:\WINDOWS\System32\Dhgthfg.dll
O22 - SharedTaskScheduler: JGhjddf9dtj - {B5AF0562-94F3-42BD-F434-2604812C297D} - H:\WINDOWS\System32\S7dsf4g.dll
O23 - Service: Microsoft Internet Explorer - Unknown owner - H:\WINDOWS\System32\_svchost.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - h:\windows\system32\msvcrtd.exe (file missing)
Ouff redemarre le pc je te dit la suite...
Supprime les fichiers maintenant :
H:\WINDOWS\System32\_svchost.exe
H:\WINDOWS\TEMP\winlogan.exe
H:\WINDOWS\System32\Dhgthfg.dll
H:\WINDOWS\System32\S7dsf4g.dll
H:\WINDOWS\system32\ramtmb.dll
H:\WINDOWS\System32\clcl14.exe
H:\WINDOWS\System32\_svchost.exe
H:\WINDOWS\svchost.exe
H:\WINDOWS\SYSTEM32\ieeixrp.dll
H:\WINDOWS\System32\Dhgthfg.dll
H:\WINDOWS\System32\S7dsf4g.dll
voila certain fichiers peuvent etre caché pour cela :
Outils->option-> affichages -> coche : affiché les fichiers et dossier cachés.
Vu l'importance de l'infection je te recommande un scan en ligne :
connecte toi sur :
https://www.eset.com/
ensuite : Scanner en ligne.
Coche la case et puis clique sur start.
Accepte l'active X
Coche les 2 options du scan et fait un scan complet.
H:\WINDOWS\System32\_svchost.exe
H:\WINDOWS\TEMP\winlogan.exe
H:\WINDOWS\System32\Dhgthfg.dll
H:\WINDOWS\System32\S7dsf4g.dll
H:\WINDOWS\system32\ramtmb.dll
H:\WINDOWS\System32\clcl14.exe
H:\WINDOWS\System32\_svchost.exe
H:\WINDOWS\svchost.exe
H:\WINDOWS\SYSTEM32\ieeixrp.dll
H:\WINDOWS\System32\Dhgthfg.dll
H:\WINDOWS\System32\S7dsf4g.dll
voila certain fichiers peuvent etre caché pour cela :
Outils->option-> affichages -> coche : affiché les fichiers et dossier cachés.
Vu l'importance de l'infection je te recommande un scan en ligne :
connecte toi sur :
https://www.eset.com/
ensuite : Scanner en ligne.
Coche la case et puis clique sur start.
Accepte l'active X
Coche les 2 options du scan et fait un scan complet.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
La je suis en train de tenter le scan en ligne néanmois j'as eut quelque soucis avec l'etape precedente, la "dhgthfg.dll" est en "cour d'utilisation'', windows refuse de la surprimé. Quand a "clcl14.exe" il est introuvable ...
le rapport hijackthis est mis ici : http://www.hijackthis.de/fr
permette de savoir ce qui est vailde ou pas
permette de savoir ce qui est vailde ou pas
lol en parlant de dormir je crois que je vais y aller je regarderai demain ton rapport... ma copine ma épuisé lol
Houla, je veut même pas savoir les details ( :p ), et puisque tu m'abandonne a mon triste sort je vais en profité pour faire un pti somme de mon coté aussi ^^
ben fibit le sacn supprime ce qui trouve
pour le fichier que ta pas pu supprimer redemarre en mode sans echec.
(touche F8 avant le chargement de windows) et va le supprimer.
voilà,
bonne nuit.
pour le fichier que ta pas pu supprimer redemarre en mode sans echec.
(touche F8 avant le chargement de windows) et va le supprimer.
voilà,
bonne nuit.
slt
j ai eu le meme probleme, j ai fait un point de restauration, et plus de probleme, pour aujourd hui, si probleme par la suite, je vous tiens au courant.
j ai eu le meme probleme, j ai fait un point de restauration, et plus de probleme, pour aujourd hui, si probleme par la suite, je vous tiens au courant.
Bonjour dorgane pourrais-tu m'aider?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:06, on 01/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1175109665\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Windows\Ctregrun.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Creative Professional\Enregistrement du produit\French\EMUORReg.exe
C:\Program Files\Creative Professional\Enregistrement du produit\French\INETREG.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Jihem\AppData\Local\Temp\Rar$EX00.218\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: MSVPS System - {24038BE3-4EF2-41E2-A603-4CE3BDD9E874} - C:\Windows\movctrlqtn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: The nssfrch - {1699137C-B90E-4488-97BC-575C896C2B5C} - C:\Windows\nssfrch.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175109665\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: NeonPan.lnk = C:\Program Files\ESI\NeON\UNWISE.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: bxsbang - {52B3B13A-36AB-4B8A-9B27-1E3609E06111} - C:\Windows\bxsbang.dll
O21 - SSODL: ocgrep - {EADC69B1-F742-4B74-8886-F866516D6BBD} - C:\Windows\ocgrep.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:06, on 01/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1175109665\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Windows\Ctregrun.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Creative Professional\Enregistrement du produit\French\EMUORReg.exe
C:\Program Files\Creative Professional\Enregistrement du produit\French\INETREG.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Jihem\AppData\Local\Temp\Rar$EX00.218\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: MSVPS System - {24038BE3-4EF2-41E2-A603-4CE3BDD9E874} - C:\Windows\movctrlqtn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: The nssfrch - {1699137C-B90E-4488-97BC-575C896C2B5C} - C:\Windows\nssfrch.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175109665\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: NeonPan.lnk = C:\Program Files\ESI\NeON\UNWISE.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: bxsbang - {52B3B13A-36AB-4B8A-9B27-1E3609E06111} - C:\Windows\bxsbang.dll
O21 - SSODL: ocgrep - {EADC69B1-F742-4B74-8886-F866516D6BBD} - C:\Windows\ocgrep.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:38:04, on 30/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\user\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BM4ff27f48] Rundll32.exe "C:\WINDOWS\system32\sintsmah.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Add-on\icthis.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6B5E4C-B7FA-4132-AE3C-2631D5E4C176}: NameServer = 212.217.1.17 212.217.0.3
O22 - SharedTaskScheduler: didact - {747e1fbe-b70f-441d-bbca-6e536c04924a} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
Scan saved at 23:38:04, on 30/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\user\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BM4ff27f48] Rundll32.exe "C:\WINDOWS\system32\sintsmah.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Add-on\icthis.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6B5E4C-B7FA-4132-AE3C-2631D5E4C176}: NameServer = 212.217.1.17 212.217.0.3
O22 - SharedTaskScheduler: didact - {747e1fbe-b70f-441d-bbca-6e536c04924a} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
