Mon ordi est infecté...
Résolu
Blade84
-
ep44 Messages postés 7432 Statut Contributeur -
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,
mon ordi semble infecté par plusieurs virus
voici mon rapport de HiJackThis:
merci pour votre aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41:03, on 2007-11-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {23f57559-b236-f0aa-78a4-d1cf26209ca0} - {0ac90262-fc1d-4a87-aa0f-632b95575f32} - C:\WINDOWS\system32\jkwfopof.dll
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Ofncpmqr\ncmgcqjn.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Her - {971D5B7B-F7DF-43ee-B771-6B7FA09975C3} - C:\WINDOWS\system32\sipov.dll (file missing)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27} - C:\WINDOWS\system32\vtutu.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: ssqoppm - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
mon ordi semble infecté par plusieurs virus
voici mon rapport de HiJackThis:
merci pour votre aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41:03, on 2007-11-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {23f57559-b236-f0aa-78a4-d1cf26209ca0} - {0ac90262-fc1d-4a87-aa0f-632b95575f32} - C:\WINDOWS\system32\jkwfopof.dll
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Ofncpmqr\ncmgcqjn.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Her - {971D5B7B-F7DF-43ee-B771-6B7FA09975C3} - C:\WINDOWS\system32\sipov.dll (file missing)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27} - C:\WINDOWS\system32\vtutu.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: ssqoppm - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
A voir également:
- Mon ordi est infecté...
- Ordi qui rame - Guide
- Comment reinitialiser un ordi - Guide
- Mon ordi ne reconnait pas ma clé usb - Guide
- Plus de son sur mon ordi - Guide
- Ordi scrabble - Télécharger - Jeux vidéo
13 réponses
Bonsoir
suis les étapes
relance hijack et coche ceci
ensuite clic sur fix checked
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
----------------------------------------------------------------------------------------------
ensuite
Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4
=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt
-------------------------------------------------------------------------------------------------
ensuite
Télécharge sur le bureau
http://sosvirus.changelog.fr/MSNFix.zip
= Clic-Droit sur MSNFix.zip
= Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
= Double-Clic sur le dossier MSNfix qui vient de se créer
= Double-Clic MSNfix ==> Symbole roue dentée
= Choisir R
= Choisir ensuite N ( si infection)
= Enregistre le rapport
redémarre le PC et relancer MSN tu sauras ainsi si tout est supprimé
-----------------------------------------------------------------------------------------------
poste tes rapports et refais un nouveau hijack une fois que tu auras suivis la procédure
@+
suis les étapes
relance hijack et coche ceci
ensuite clic sur fix checked
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
----------------------------------------------------------------------------------------------
ensuite
Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4
=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt
-------------------------------------------------------------------------------------------------
ensuite
Télécharge sur le bureau
http://sosvirus.changelog.fr/MSNFix.zip
= Clic-Droit sur MSNFix.zip
= Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
= Double-Clic sur le dossier MSNfix qui vient de se créer
= Double-Clic MSNfix ==> Symbole roue dentée
= Choisir R
= Choisir ensuite N ( si infection)
= Enregistre le rapport
redémarre le PC et relancer MSN tu sauras ainsi si tout est supprimé
-----------------------------------------------------------------------------------------------
poste tes rapports et refais un nouveau hijack une fois que tu auras suivis la procédure
@+
Bonjour,
Télécharger sur le bureau
[url=http://downloads.andymanchesta.com/RemovalTools/SDFix.exe]SDFix[/url]
= Double-clic SDFix.
= Clic Install
=ensuite redémarre en mode sans échec
=Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes. Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
------
= Double-clic SDFix.
= Clic Install
= Double-clic sur le nouveau dossier SDFix qui est dans C:\
= Double-clic RunThis.cmd
= Presser Y
= A l’invitation ==> appuyer sur une touche pour redémarrer
= Redémarrage ( qui sera plus long ,car nettoyage en cours )
Continuer si un message d’erreurs apparaît ,dans ce cas aller directement au rapport dans SDfix
= apparition de Finished
= Appuyer sur une touche
= Dans SDFix , un rapport Report.ge]Redémarrer en mode Sans Échec[/rouge] (le démarrage peut prendre plusieurs minutes)
--------------------------------------------------------------
ensuite
Télécharge:
http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware
= Installer
= Le lancer
= Clic : Mise à jour
------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
= Dans ANALYSE ( en forme de loupe )
==> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
==> Clic : Analyse complète du système
En fin de scan ( qui est assez long)
==> Clic Appliquer toutes les actions <== ceci Très important
==> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
En mode normal
colle le rapport
@+
Télécharger sur le bureau
[url=http://downloads.andymanchesta.com/RemovalTools/SDFix.exe]SDFix[/url]
= Double-clic SDFix.
= Clic Install
=ensuite redémarre en mode sans échec
=Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes. Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
------
= Double-clic SDFix.
= Clic Install
= Double-clic sur le nouveau dossier SDFix qui est dans C:\
= Double-clic RunThis.cmd
= Presser Y
= A l’invitation ==> appuyer sur une touche pour redémarrer
= Redémarrage ( qui sera plus long ,car nettoyage en cours )
Continuer si un message d’erreurs apparaît ,dans ce cas aller directement au rapport dans SDfix
= apparition de Finished
= Appuyer sur une touche
= Dans SDFix , un rapport Report.ge]Redémarrer en mode Sans Échec[/rouge] (le démarrage peut prendre plusieurs minutes)
--------------------------------------------------------------
ensuite
Télécharge:
http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware
= Installer
= Le lancer
= Clic : Mise à jour
------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
= Dans ANALYSE ( en forme de loupe )
==> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
==> Clic : Analyse complète du système
En fin de scan ( qui est assez long)
==> Clic Appliquer toutes les actions <== ceci Très important
==> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
En mode normal
colle le rapport
@+
Voici les deux rapports en commençant par SDFix et ensuite celui de AVG anti-spyware
merci encore
Blade84
SDFix: Version 1.115
Run by Blaise on 2007-11-24 at 10:57
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\134843~1 - Deleted
C:\Program Files\E404 Helper\e404.v1.dll - Deleted
C:\res.txt - Deleted
C:\WINDOWS\system32\adult.txt - Deleted
C:\WINDOWS\system32\finance.txt - Deleted
C:\WINDOWS\system32\lt.res - Deleted
C:\WINDOWS\system32\other.txt - Deleted
C:\WINDOWS\system32\pharma.txt - Deleted
C:\WINDOWS\system32\sft.res - Deleted
Folder C:\Program Files\E404 Helper - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 11:03:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:dcb04352
"s1"=dword:d5208bea
"s2"=dword:8de5f01d
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Downloads\Daemon Tools 4.00\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:21,21,9f,73,2b,c0,54,9c,ab,8b,bb,79,06,02,97,e2,aa,81,49,2f,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4b,45,71,b8,b0,87,50,48,d7,6a,92,ae,8d,bd,cb,91,5d,..
"khjeh"=hex:b2,30,eb,0b,fe,21,74,8c,37,ac,3a,81,ae,4f,ac,88,94,8c,fb,aa,eb,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,80,0a,08,30,e5,43,a4,5b,e9,21,26,21,d6,12,68,30,38,c4,26,80,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Downloads\Daemon Tools 4.00\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:21,21,9f,73,2b,c0,54,9c,ab,8b,bb,79,06,02,97,e2,aa,81,49,2f,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4b,45,71,b8,b0,87,50,48,d7,6a,92,ae,8d,bd,cb,91,5d,..
"khjeh"=hex:b2,30,eb,0b,fe,21,74,8c,37,ac,3a,81,ae,4f,ac,88,94,8c,fb,aa,eb,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,80,0a,08,30,e5,43,a4,5b,e9,21,26,21,d6,12,68,30,38,c4,26,80,..
scanning hidden registry entries ...
scanning hidden files ...
C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\jajaja_jan@hotmail.com\SharingMetadata\mariecote9@hotmail.com\DFSR\Staging\CS{E4A61C40-F45F-7380-4E10-470CB6BD710A}\01\11-{E4A61C40-F45F-7380-4E10-470CB6BD710A}-v1-{C507C0CC-B754-4788-8990-D8AB845D146F}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\jajaja_jan@hotmail.com\SharingMetadata\mariecote9@hotmail.com\DFSR\Staging\CS{E4A61C40-F45F-7380-4E10-470CB6BD710A}\17\19-{58D85A18-E875-4C2A-9661-70A3815B5373}-v17-{58D85A18-E875-4C2A-9661-70A3815B5373}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 720 bytes hidden from API
C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\amnezik17@hotmail.com\DFSR\Staging\CS{AD25E6F1-E9BB-F3EE-76BB-E699F6ED7199}\01\14-{AD25E6F1-E9BB-F3EE-76BB-E699F6ED7199}-v1-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\amnezik17@hotmail.com\DFSR\Staging\CS{AD25E6F1-E9BB-F3EE-76BB-E699F6ED7199}\22\23-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v22-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 750 bytes hidden from API
C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\amnezik17@hotmail.com\DFSR\Staging\CS{AD25E6F1-E9BB-F3EE-76BB-E699F6ED7199}\22\23-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v22-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 88 bytes hidden from API
C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\cath_pf@hotmail.com\DFSR\Staging\CS{EED4CE83-4995-DAF0-E927-D71D41498D7A}\01\10-{EED4CE83-4995-DAF0-E927-D71D41498D7A}-v1-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\cath_pf@hotmail.com\DFSR\Staging\CS{EED4CE83-4995-DAF0-E927-D71D41498D7A}\11\11-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v11-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 66396 bytes hidden from API
C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\cath_pf@hotmail.com\DFSR\Staging\CS{EED4CE83-4995-DAF0-E927-D71D41498D7A}\11\11-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v11-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 4728 bytes hidden from API
C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\cath_pf@hotmail.com\DFSR\Staging\CS{EED4CE83-4995-DAF0-E927-D71D41498D7A}\11\11-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v11-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 7432 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 9
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 9 Jan 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 2 Nov 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Fri 8 Dec 2006 46,080 ...H. --- "C:\Documents and Settings\Blaise\Bureau\~WRL3664.tmp"
Sun 4 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv02.tmp"
Thu 22 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT3.tmp"
Thu 21 Sep 2006 8 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Finished!
-----------------------------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 12:32:45 2007-11-24
+ Résultat de l'analyse:
C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP18\A0010731.exe -> Adware.IconAds : Nettoyé.
C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP19\A0010756.exe -> Adware.IconAds : Nettoyé.
C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP20\A0010771.exe -> Adware.IconAds : Nettoyé.
C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP20\A0010784.exe -> Adware.IconAds : Nettoyé.
C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP20\A0011785.exe -> Adware.IconAds : Nettoyé.
C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP20\A0011825.exe -> Adware.IconAds : Nettoyé.
C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP22\A0011908.exe -> Adware.IconAds : Nettoyé.
C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP23\A0012053.exe -> Adware.IconAds : Nettoyé.
C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\index.dat -> Adware.WinAntiVirus : Nettoyé.
C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\phigh.bin -> Adware.WinAntiVirus : Nettoyé.
C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\pmedium.bin -> Adware.WinAntiVirus : Nettoyé.
C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\prc.dat -> Adware.WinAntiVirus : Nettoyé.
C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\ps.dat -> Adware.WinAntiVirus : Nettoyé.
C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\st.dat -> Adware.WinAntiVirus : Nettoyé.
C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\up.dat -> Adware.WinAntiVirus : Nettoyé.
C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\worldmap.swf -> Adware.WinAntiVirus : Nettoyé.
C:\System Volume Information\_restore{F75543A6-0FC9-476C-B3BD-E7337603418C}\RP380\A0071481.exe -> Downloader.Adload.ni : Nettoyé.
C:\qoobox\Quarantine\C\Program Files\WinAble\winable.exe.vir -> Downloader.Adload.ni : Nettoyé.
C:\System Volume Information\_restore{F75543A6-0FC9-476C-B3BD-E7337603418C}\RP380\A0071477.exe -> Downloader.Agent.erf : Nettoyé.
C:\qoobox\Quarantine\C\WINDOWS\b122.exe.vir -> Downloader.Agent.erf : Nettoyé.
C:\System Volume Information\_restore{F75543A6-0FC9-476C-B3BD-E7337603418C}\RP380\A0072536.dll -> Downloader.VB.bpt : Nettoyé.
C:\System Volume Information\_restore{F75543A6-0FC9-476C-B3BD-E7337603418C}\RP380\A0072459.sys -> Rootkit.Agent.kb : Nettoyé.
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\Xne26.sys.vir -> Rootkit.Agent.kb : Nettoyé.
C:\qoobox\Quarantine\catchme2007-11-22_180807.45.zip/symavc32.sys -> Rootkit.Agent.kb : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@nhl.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@shopping.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@rotator.dex.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@thunderbolt.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@findwhat[1].txt -> TrackingCookie.Findwhat : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\System Volume Information\_restore{F75543A6-0FC9-476C-B3BD-E7337603418C}\RP380\A0071480.exe -> Trojan.Agent.crf : Nettoyé.
C:\qoobox\Quarantine\C\Program Files\Temporary\wininstall.exe.vir -> Trojan.Agent.crf : Nettoyé.
Fin du rapport
merci encore
Blade84
SDFix: Version 1.115
Run by Blaise on 2007-11-24 at 10:57
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\134843~1 - Deleted
C:\Program Files\E404 Helper\e404.v1.dll - Deleted
C:\res.txt - Deleted
C:\WINDOWS\system32\adult.txt - Deleted
C:\WINDOWS\system32\finance.txt - Deleted
C:\WINDOWS\system32\lt.res - Deleted
C:\WINDOWS\system32\other.txt - Deleted
C:\WINDOWS\system32\pharma.txt - Deleted
C:\WINDOWS\system32\sft.res - Deleted
Folder C:\Program Files\E404 Helper - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 11:03:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:dcb04352
"s1"=dword:d5208bea
"s2"=dword:8de5f01d
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Downloads\Daemon Tools 4.00\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:21,21,9f,73,2b,c0,54,9c,ab,8b,bb,79,06,02,97,e2,aa,81,49,2f,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4b,45,71,b8,b0,87,50,48,d7,6a,92,ae,8d,bd,cb,91,5d,..
"khjeh"=hex:b2,30,eb,0b,fe,21,74,8c,37,ac,3a,81,ae,4f,ac,88,94,8c,fb,aa,eb,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,80,0a,08,30,e5,43,a4,5b,e9,21,26,21,d6,12,68,30,38,c4,26,80,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Downloads\Daemon Tools 4.00\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:21,21,9f,73,2b,c0,54,9c,ab,8b,bb,79,06,02,97,e2,aa,81,49,2f,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4b,45,71,b8,b0,87,50,48,d7,6a,92,ae,8d,bd,cb,91,5d,..
"khjeh"=hex:b2,30,eb,0b,fe,21,74,8c,37,ac,3a,81,ae,4f,ac,88,94,8c,fb,aa,eb,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,80,0a,08,30,e5,43,a4,5b,e9,21,26,21,d6,12,68,30,38,c4,26,80,..
scanning hidden registry entries ...
scanning hidden files ...
C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\jajaja_jan@hotmail.com\SharingMetadata\mariecote9@hotmail.com\DFSR\Staging\CS{E4A61C40-F45F-7380-4E10-470CB6BD710A}\01\11-{E4A61C40-F45F-7380-4E10-470CB6BD710A}-v1-{C507C0CC-B754-4788-8990-D8AB845D146F}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\jajaja_jan@hotmail.com\SharingMetadata\mariecote9@hotmail.com\DFSR\Staging\CS{E4A61C40-F45F-7380-4E10-470CB6BD710A}\17\19-{58D85A18-E875-4C2A-9661-70A3815B5373}-v17-{58D85A18-E875-4C2A-9661-70A3815B5373}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 720 bytes hidden from API
C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\amnezik17@hotmail.com\DFSR\Staging\CS{AD25E6F1-E9BB-F3EE-76BB-E699F6ED7199}\01\14-{AD25E6F1-E9BB-F3EE-76BB-E699F6ED7199}-v1-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\amnezik17@hotmail.com\DFSR\Staging\CS{AD25E6F1-E9BB-F3EE-76BB-E699F6ED7199}\22\23-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v22-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 750 bytes hidden from API
C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\amnezik17@hotmail.com\DFSR\Staging\CS{AD25E6F1-E9BB-F3EE-76BB-E699F6ED7199}\22\23-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v22-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 88 bytes hidden from API
C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\cath_pf@hotmail.com\DFSR\Staging\CS{EED4CE83-4995-DAF0-E927-D71D41498D7A}\01\10-{EED4CE83-4995-DAF0-E927-D71D41498D7A}-v1-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\cath_pf@hotmail.com\DFSR\Staging\CS{EED4CE83-4995-DAF0-E927-D71D41498D7A}\11\11-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v11-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 66396 bytes hidden from API
C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\cath_pf@hotmail.com\DFSR\Staging\CS{EED4CE83-4995-DAF0-E927-D71D41498D7A}\11\11-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v11-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 4728 bytes hidden from API
C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\cath_pf@hotmail.com\DFSR\Staging\CS{EED4CE83-4995-DAF0-E927-D71D41498D7A}\11\11-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v11-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 7432 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 9
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 9 Jan 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 2 Nov 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Fri 8 Dec 2006 46,080 ...H. --- "C:\Documents and Settings\Blaise\Bureau\~WRL3664.tmp"
Sun 4 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv02.tmp"
Thu 22 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT3.tmp"
Thu 21 Sep 2006 8 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Finished!
-----------------------------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 12:32:45 2007-11-24
+ Résultat de l'analyse:
C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP18\A0010731.exe -> Adware.IconAds : Nettoyé.
C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP19\A0010756.exe -> Adware.IconAds : Nettoyé.
C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP20\A0010771.exe -> Adware.IconAds : Nettoyé.
C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP20\A0010784.exe -> Adware.IconAds : Nettoyé.
C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP20\A0011785.exe -> Adware.IconAds : Nettoyé.
C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP20\A0011825.exe -> Adware.IconAds : Nettoyé.
C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP22\A0011908.exe -> Adware.IconAds : Nettoyé.
C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP23\A0012053.exe -> Adware.IconAds : Nettoyé.
C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\index.dat -> Adware.WinAntiVirus : Nettoyé.
C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\phigh.bin -> Adware.WinAntiVirus : Nettoyé.
C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\pmedium.bin -> Adware.WinAntiVirus : Nettoyé.
C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\prc.dat -> Adware.WinAntiVirus : Nettoyé.
C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\ps.dat -> Adware.WinAntiVirus : Nettoyé.
C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\st.dat -> Adware.WinAntiVirus : Nettoyé.
C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\up.dat -> Adware.WinAntiVirus : Nettoyé.
C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\worldmap.swf -> Adware.WinAntiVirus : Nettoyé.
C:\System Volume Information\_restore{F75543A6-0FC9-476C-B3BD-E7337603418C}\RP380\A0071481.exe -> Downloader.Adload.ni : Nettoyé.
C:\qoobox\Quarantine\C\Program Files\WinAble\winable.exe.vir -> Downloader.Adload.ni : Nettoyé.
C:\System Volume Information\_restore{F75543A6-0FC9-476C-B3BD-E7337603418C}\RP380\A0071477.exe -> Downloader.Agent.erf : Nettoyé.
C:\qoobox\Quarantine\C\WINDOWS\b122.exe.vir -> Downloader.Agent.erf : Nettoyé.
C:\System Volume Information\_restore{F75543A6-0FC9-476C-B3BD-E7337603418C}\RP380\A0072536.dll -> Downloader.VB.bpt : Nettoyé.
C:\System Volume Information\_restore{F75543A6-0FC9-476C-B3BD-E7337603418C}\RP380\A0072459.sys -> Rootkit.Agent.kb : Nettoyé.
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\Xne26.sys.vir -> Rootkit.Agent.kb : Nettoyé.
C:\qoobox\Quarantine\catchme2007-11-22_180807.45.zip/symavc32.sys -> Rootkit.Agent.kb : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@nhl.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@shopping.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@rotator.dex.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@thunderbolt.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@findwhat[1].txt -> TrackingCookie.Findwhat : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Blaise\Cookies\blaise@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\System Volume Information\_restore{F75543A6-0FC9-476C-B3BD-E7337603418C}\RP380\A0071480.exe -> Trojan.Agent.crf : Nettoyé.
C:\qoobox\Quarantine\C\Program Files\Temporary\wininstall.exe.vir -> Trojan.Agent.crf : Nettoyé.
Fin du rapport
voilà:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:51, on 2007-11-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {23f57559-b236-f0aa-78a4-d1cf26209ca0} - {0ac90262-fc1d-4a87-aa0f-632b95575f32} - C:\WINDOWS\system32\jkwfopof.dll
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Ofncpmqr\ncmgcqjn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27} - C:\WINDOWS\system32\vtutu.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: ssqoppm - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:51, on 2007-11-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {23f57559-b236-f0aa-78a4-d1cf26209ca0} - {0ac90262-fc1d-4a87-aa0f-632b95575f32} - C:\WINDOWS\system32\jkwfopof.dll
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Ofncpmqr\ncmgcqjn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27} - C:\WINDOWS\system32\vtutu.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: ssqoppm - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
tu ma dit que vundofix
n'a rien trouvé
donc fait ceci
Télécharge Combofix sUBs : http://www.pc-xpress.ca/download/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
@+
n'a rien trouvé
donc fait ceci
Télécharge Combofix sUBs : http://www.pc-xpress.ca/download/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
@+
Le premier coup que j'avais activé vundofix, il avait trouvé quelque chose et j'avais fait "remove vundo" Mais après avoir suivi tes consignes je l'ai refait et cette fois, il n'avait rien trouvé.
voici donc le rapport de Combofix:
ComboFix 07-08-09.3 - "Blaise" 2007-11-24 15:07:33.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.151 [GMT -5:00]
((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 )))))))))))))))))))))))))))))))
2007-11-24 10:56 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-23 18:15 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-22 20:35 <REP> d-------- C:\Program Files\CCleaner
2007-11-22 20:19 <REP> d-------- C:\Program Files\Trend Micro
2007-11-22 17:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-22 16:25 <REP> d-------- C:\VundoFix Backups
2007-11-22 16:12 85,056 --a------ C:\WINDOWS\system32\lhmeetkp.dll
2007-11-22 16:06 79,936 --a------ C:\WINDOWS\system32\jkwfopof.dll
2007-11-22 16:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-22 13:52 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-22 13:52 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-22 13:52 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-22 13:52 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-22 13:52 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-22 13:52 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-22 13:52 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-22 13:52 <REP> d-------- C:\Program Files\Alwil Software
2007-11-16 13:44 <REP> d-------- C:\Program Files\EA Sports
2007-11-15 11:58 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab Setup Files
2007-10-27 21:11 <REP> d-------- C:\Program Files\Lavasoft
2007-10-27 21:11 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
2007-10-27 21:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-27 18:16 <REP> d-------- C:\WINDOWS\system32\lidkfqkv
2007-10-27 18:16 <REP> d-------- C:\Program Files\ohsrkryf
2007-10-27 18:16 <REP> d-------- C:\Program Files\Ofncpmqr
2007-10-27 18:10 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-27 18:09 26,624 --a------ C:\WINDOWS\system32\ace16win.dll
2007-10-27 18:09 <REP> d-------- C:\WINDOWS\system32\acespy
2007-10-27 17:59 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-11-15 12:09 --------- d-------- C:\Program Files\Norton AntiVirus
2007-11-15 12:09 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-11-15 12:07 --------- d-------- C:\Program Files\Symantec
2007-11-06 19:25 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\Roxio
2007-11-05 16:41 64732 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-11-05 16:41 448190 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-10-27 14:29 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\uTorrent
2007-10-25 11:56 8510976 --a--c--- C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-12 09:43 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\OpenOffice.org2
2007-10-10 07:37 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-28 09:45 --------- d-------- C:\Program Files\iTunes
2007-09-28 09:45 --------- d-------- C:\Program Files\iPod
2007-09-28 09:36 --------- d-------- C:\Program Files\Apple Software Update
2007-09-16 19:09 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ac90262-fc1d-4a87-aa0f-632b95575f32}]
2007-11-22 16:06 79936 --a------ C:\WINDOWS\system32\jkwfopof.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
2007-10-27 18:16 94208 --a------ C:\Program Files\Ofncpmqr\ncmgcqjn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27}]
C:\WINDOWS\system32\vtutu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" [2005-11-08 17:00]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-01-13 13:05]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 10:19]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 09:21]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 11:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"505f8344"="C:\WINDOWS\system32\lhmeetkp.dll" [2007-11-22 16:12]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2003-09-20 12:48]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoppm]
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
S3 usbvideo;Périphérique vidéo USB (WDM);C:\WINDOWS\system32\Drivers\usbvideo.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 15:09:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-11-24 15:11:12
C:\ComboFix-quarantined-files.txt ... 2007-11-24 15:10
C:\ComboFix2.txt ... 2007-11-22 20:13
C:\ComboFix3.txt ... 2007-11-22 18:11
--- E O F ---
MERCI
voici donc le rapport de Combofix:
ComboFix 07-08-09.3 - "Blaise" 2007-11-24 15:07:33.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.151 [GMT -5:00]
((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 )))))))))))))))))))))))))))))))
2007-11-24 10:56 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-23 18:15 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-22 20:35 <REP> d-------- C:\Program Files\CCleaner
2007-11-22 20:19 <REP> d-------- C:\Program Files\Trend Micro
2007-11-22 17:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-22 16:25 <REP> d-------- C:\VundoFix Backups
2007-11-22 16:12 85,056 --a------ C:\WINDOWS\system32\lhmeetkp.dll
2007-11-22 16:06 79,936 --a------ C:\WINDOWS\system32\jkwfopof.dll
2007-11-22 16:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-22 13:52 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-22 13:52 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-22 13:52 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-22 13:52 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-22 13:52 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-22 13:52 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-22 13:52 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-22 13:52 <REP> d-------- C:\Program Files\Alwil Software
2007-11-16 13:44 <REP> d-------- C:\Program Files\EA Sports
2007-11-15 11:58 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab Setup Files
2007-10-27 21:11 <REP> d-------- C:\Program Files\Lavasoft
2007-10-27 21:11 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
2007-10-27 21:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-27 18:16 <REP> d-------- C:\WINDOWS\system32\lidkfqkv
2007-10-27 18:16 <REP> d-------- C:\Program Files\ohsrkryf
2007-10-27 18:16 <REP> d-------- C:\Program Files\Ofncpmqr
2007-10-27 18:10 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-27 18:09 26,624 --a------ C:\WINDOWS\system32\ace16win.dll
2007-10-27 18:09 <REP> d-------- C:\WINDOWS\system32\acespy
2007-10-27 17:59 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-11-15 12:09 --------- d-------- C:\Program Files\Norton AntiVirus
2007-11-15 12:09 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-11-15 12:07 --------- d-------- C:\Program Files\Symantec
2007-11-06 19:25 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\Roxio
2007-11-05 16:41 64732 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-11-05 16:41 448190 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-10-27 14:29 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\uTorrent
2007-10-25 11:56 8510976 --a--c--- C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-12 09:43 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\OpenOffice.org2
2007-10-10 07:37 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-28 09:45 --------- d-------- C:\Program Files\iTunes
2007-09-28 09:45 --------- d-------- C:\Program Files\iPod
2007-09-28 09:36 --------- d-------- C:\Program Files\Apple Software Update
2007-09-16 19:09 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ac90262-fc1d-4a87-aa0f-632b95575f32}]
2007-11-22 16:06 79936 --a------ C:\WINDOWS\system32\jkwfopof.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
2007-10-27 18:16 94208 --a------ C:\Program Files\Ofncpmqr\ncmgcqjn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27}]
C:\WINDOWS\system32\vtutu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" [2005-11-08 17:00]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-01-13 13:05]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 10:19]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 09:21]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 11:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"505f8344"="C:\WINDOWS\system32\lhmeetkp.dll" [2007-11-22 16:12]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2003-09-20 12:48]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoppm]
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
S3 usbvideo;Périphérique vidéo USB (WDM);C:\WINDOWS\system32\Drivers\usbvideo.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 15:09:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-11-24 15:11:12
C:\ComboFix-quarantined-files.txt ... 2007-11-24 15:10
C:\ComboFix2.txt ... 2007-11-22 20:13
C:\ComboFix3.txt ... 2007-11-22 18:11
--- E O F ---
MERCI
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
sélectionne ceci
File::
C:\WINDOWS\system32\lhmeetkp.dll
C:\WINDOWS\system32\jkwfopof.dll
C:\WINDOWS\system32\lidkfqkv
C:\Program Files\Ofncpmqr
C:\WINDOWS\system32\dpqaqlqx.bin
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
ensuite refais un hijack
File::
C:\WINDOWS\system32\lhmeetkp.dll
C:\WINDOWS\system32\jkwfopof.dll
C:\WINDOWS\system32\lidkfqkv
C:\Program Files\Ofncpmqr
C:\WINDOWS\system32\dpqaqlqx.bin
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
ensuite refais un hijack
J'espère avoir fait la bonne manoeuvre.
Voici donc dans un premier temps le scan de ComboFix et celui de HiJack ensuite.
ComboFix 07-08-09.3 - "Blaise" 2007-11-24 17:27:11.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.177 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Blaise\Bureau\CFScript.txt
* Created a new restore point
((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 )))))))))))))))))))))))))))))))
2007-11-24 10:56 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-23 18:15 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-22 20:35 <REP> d-------- C:\Program Files\CCleaner
2007-11-22 20:19 <REP> d-------- C:\Program Files\Trend Micro
2007-11-22 17:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-22 16:25 <REP> d-------- C:\VundoFix Backups
2007-11-22 16:12 85,056 --a------ C:\WINDOWS\system32\lhmeetkp.dll
2007-11-22 16:06 79,936 --a------ C:\WINDOWS\system32\jkwfopof.dll
2007-11-22 16:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-22 13:52 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-22 13:52 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-22 13:52 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-22 13:52 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-22 13:52 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-22 13:52 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-22 13:52 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-22 13:52 <REP> d-------- C:\Program Files\Alwil Software
2007-11-16 13:44 <REP> d-------- C:\Program Files\EA Sports
2007-11-15 11:58 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab Setup Files
2007-10-27 21:11 <REP> d-------- C:\Program Files\Lavasoft
2007-10-27 21:11 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
2007-10-27 21:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-27 18:16 <REP> d-------- C:\WINDOWS\system32\lidkfqkv
2007-10-27 18:16 <REP> d-------- C:\Program Files\ohsrkryf
2007-10-27 18:16 <REP> d-------- C:\Program Files\Ofncpmqr
2007-10-27 18:10 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-27 18:09 26,624 --a------ C:\WINDOWS\system32\ace16win.dll
2007-10-27 18:09 <REP> d-------- C:\WINDOWS\system32\acespy
2007-10-27 17:59 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-11-15 12:09 --------- d-------- C:\Program Files\Norton AntiVirus
2007-11-15 12:09 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-11-15 12:07 --------- d-------- C:\Program Files\Symantec
2007-11-06 19:25 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\Roxio
2007-11-05 16:41 64732 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-11-05 16:41 448190 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-10-27 14:29 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\uTorrent
2007-10-25 11:56 8510976 --a--c--- C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-12 09:43 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\OpenOffice.org2
2007-10-10 07:37 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-28 09:45 --------- d-------- C:\Program Files\iTunes
2007-09-28 09:45 --------- d-------- C:\Program Files\iPod
2007-09-28 09:36 --------- d-------- C:\Program Files\Apple Software Update
2007-09-16 19:09 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ac90262-fc1d-4a87-aa0f-632b95575f32}]
2007-11-22 16:06 79936 --a------ C:\WINDOWS\system32\jkwfopof.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
2007-10-27 18:16 94208 --a------ C:\Program Files\Ofncpmqr\ncmgcqjn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27}]
C:\WINDOWS\system32\vtutu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" [2005-11-08 17:00]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-01-13 13:05]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 10:19]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 09:21]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 11:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"505f8344"="C:\WINDOWS\system32\lhmeetkp.dll" [2007-11-22 16:12]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2003-09-20 12:48]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoppm]
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
S3 usbvideo;Périphérique vidéo USB (WDM);C:\WINDOWS\system32\Drivers\usbvideo.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 17:29:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-11-24 17:30:36
C:\ComboFix-quarantined-files.txt ... 2007-11-24 17:30
C:\ComboFix2.txt ... 2007-11-24 15:11
C:\ComboFix3.txt ... 2007-11-22 20:13
--- E O F ---
_____________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:45, on 2007-11-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {23f57559-b236-f0aa-78a4-d1cf26209ca0} - {0ac90262-fc1d-4a87-aa0f-632b95575f32} - C:\WINDOWS\system32\jkwfopof.dll
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Ofncpmqr\ncmgcqjn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27} - C:\WINDOWS\system32\vtutu.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://iaccess.lgs.com/lgs_qc/dwa7W.cab
O20 - Winlogon Notify: ssqoppm - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Voici donc dans un premier temps le scan de ComboFix et celui de HiJack ensuite.
ComboFix 07-08-09.3 - "Blaise" 2007-11-24 17:27:11.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.177 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Blaise\Bureau\CFScript.txt
* Created a new restore point
((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 )))))))))))))))))))))))))))))))
2007-11-24 10:56 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-23 18:15 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-22 20:35 <REP> d-------- C:\Program Files\CCleaner
2007-11-22 20:19 <REP> d-------- C:\Program Files\Trend Micro
2007-11-22 17:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-22 16:25 <REP> d-------- C:\VundoFix Backups
2007-11-22 16:12 85,056 --a------ C:\WINDOWS\system32\lhmeetkp.dll
2007-11-22 16:06 79,936 --a------ C:\WINDOWS\system32\jkwfopof.dll
2007-11-22 16:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-22 13:52 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-22 13:52 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-22 13:52 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-22 13:52 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-22 13:52 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-22 13:52 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-22 13:52 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-22 13:52 <REP> d-------- C:\Program Files\Alwil Software
2007-11-16 13:44 <REP> d-------- C:\Program Files\EA Sports
2007-11-15 11:58 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab Setup Files
2007-10-27 21:11 <REP> d-------- C:\Program Files\Lavasoft
2007-10-27 21:11 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
2007-10-27 21:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-27 18:16 <REP> d-------- C:\WINDOWS\system32\lidkfqkv
2007-10-27 18:16 <REP> d-------- C:\Program Files\ohsrkryf
2007-10-27 18:16 <REP> d-------- C:\Program Files\Ofncpmqr
2007-10-27 18:10 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-27 18:09 26,624 --a------ C:\WINDOWS\system32\ace16win.dll
2007-10-27 18:09 <REP> d-------- C:\WINDOWS\system32\acespy
2007-10-27 17:59 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-11-15 12:09 --------- d-------- C:\Program Files\Norton AntiVirus
2007-11-15 12:09 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-11-15 12:07 --------- d-------- C:\Program Files\Symantec
2007-11-06 19:25 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\Roxio
2007-11-05 16:41 64732 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-11-05 16:41 448190 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-10-27 14:29 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\uTorrent
2007-10-25 11:56 8510976 --a--c--- C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-12 09:43 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\OpenOffice.org2
2007-10-10 07:37 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-28 09:45 --------- d-------- C:\Program Files\iTunes
2007-09-28 09:45 --------- d-------- C:\Program Files\iPod
2007-09-28 09:36 --------- d-------- C:\Program Files\Apple Software Update
2007-09-16 19:09 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ac90262-fc1d-4a87-aa0f-632b95575f32}]
2007-11-22 16:06 79936 --a------ C:\WINDOWS\system32\jkwfopof.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
2007-10-27 18:16 94208 --a------ C:\Program Files\Ofncpmqr\ncmgcqjn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27}]
C:\WINDOWS\system32\vtutu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" [2005-11-08 17:00]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-01-13 13:05]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 10:19]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 09:21]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 11:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"505f8344"="C:\WINDOWS\system32\lhmeetkp.dll" [2007-11-22 16:12]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2003-09-20 12:48]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoppm]
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
S3 usbvideo;Périphérique vidéo USB (WDM);C:\WINDOWS\system32\Drivers\usbvideo.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 17:29:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-11-24 17:30:36
C:\ComboFix-quarantined-files.txt ... 2007-11-24 17:30
C:\ComboFix2.txt ... 2007-11-24 15:11
C:\ComboFix3.txt ... 2007-11-22 20:13
--- E O F ---
_____________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:45, on 2007-11-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {23f57559-b236-f0aa-78a4-d1cf26209ca0} - {0ac90262-fc1d-4a87-aa0f-632b95575f32} - C:\WINDOWS\system32\jkwfopof.dll
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Ofncpmqr\ncmgcqjn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27} - C:\WINDOWS\system32\vtutu.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://iaccess.lgs.com/lgs_qc/dwa7W.cab
O20 - Winlogon Notify: ssqoppm - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
on va essaye avec ceci
Télécharger sur le bureau
[url= http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe] OTMoveIt.exe[/url]
= Copier ce texte en gras
C:\WINDOWS\system32\lhmeetkp.dll
C:\WINDOWS\system32\jkwfopof.dll
C:\WINDOWS\system32\lidkfqkv
C:\Program Files\Ofncpmqr
C:\WINDOWS\system32\dpqaqlqx.bin
= Double-clic sur OTMoveIt.exe
= Dans le cadre de Gauche ==> clic-droit ==> coller
= Clic MoveIt!
= si redémarrage demandé==> Clic : YES
= Un rapport dans ==> C:_\OTMoveItMovedFilesdate du jour à copier/coller dans la réponse + refaire un nouveau scan de clean en option 1 + nouveau rapport hijackthis.
@+
Télécharger sur le bureau
[url= http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe] OTMoveIt.exe[/url]
= Copier ce texte en gras
C:\WINDOWS\system32\lhmeetkp.dll
C:\WINDOWS\system32\jkwfopof.dll
C:\WINDOWS\system32\lidkfqkv
C:\Program Files\Ofncpmqr
C:\WINDOWS\system32\dpqaqlqx.bin
= Double-clic sur OTMoveIt.exe
= Dans le cadre de Gauche ==> clic-droit ==> coller
= Clic MoveIt!
= si redémarrage demandé==> Clic : YES
= Un rapport dans ==> C:_\OTMoveItMovedFilesdate du jour à copier/coller dans la réponse + refaire un nouveau scan de clean en option 1 + nouveau rapport hijackthis.
@+
Voici le rapport de OTMoveIt. Cependant, je ne comprenais pas cette consigne: "refaire un nouveau scan de clean en option 1" ???
Voici aussi le rapport hijackthis par la suite
DllUnregisterServer procedure not found in C:\WINDOWS\system32\lhmeetkp.dll
C:\WINDOWS\system32\lhmeetkp.dll NOT unregistered.
C:\WINDOWS\system32\lhmeetkp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jkwfopof.dll
C:\WINDOWS\system32\jkwfopof.dll NOT unregistered.
C:\WINDOWS\system32\jkwfopof.dll moved successfully.
C:\WINDOWS\system32\lidkfqkv moved successfully.
C:\Program Files\Ofncpmqr moved successfully.
C:\WINDOWS\system32\dpqaqlqx.bin moved successfully.
Created on 11-25-2007 12:48:36
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:39, on 2007-11-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {23f57559-b236-f0aa-78a4-d1cf26209ca0} - {0ac90262-fc1d-4a87-aa0f-632b95575f32} - C:\WINDOWS\system32\jkwfopof.dll (file missing)
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Ofncpmqr\ncmgcqjn.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27} - C:\WINDOWS\system32\vtutu.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://iaccess.lgs.com/lgs_qc/dwa7W.cab
O20 - Winlogon Notify: ssqoppm - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Voici aussi le rapport hijackthis par la suite
DllUnregisterServer procedure not found in C:\WINDOWS\system32\lhmeetkp.dll
C:\WINDOWS\system32\lhmeetkp.dll NOT unregistered.
C:\WINDOWS\system32\lhmeetkp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jkwfopof.dll
C:\WINDOWS\system32\jkwfopof.dll NOT unregistered.
C:\WINDOWS\system32\jkwfopof.dll moved successfully.
C:\WINDOWS\system32\lidkfqkv moved successfully.
C:\Program Files\Ofncpmqr moved successfully.
C:\WINDOWS\system32\dpqaqlqx.bin moved successfully.
Created on 11-25-2007 12:48:36
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:39, on 2007-11-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {23f57559-b236-f0aa-78a4-d1cf26209ca0} - {0ac90262-fc1d-4a87-aa0f-632b95575f32} - C:\WINDOWS\system32\jkwfopof.dll (file missing)
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Ofncpmqr\ncmgcqjn.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27} - C:\WINDOWS\system32\vtutu.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://iaccess.lgs.com/lgs_qc/dwa7W.cab
O20 - Winlogon Notify: ssqoppm - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
toujours présent
il faut refaire la manip avec combofix sur le poste 9
regarde ici pour voir comment on procède
pour Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/probleme-virus-garde-sujet_34246_2.htm
@+
il faut refaire la manip avec combofix sur le poste 9
regarde ici pour voir comment on procède
pour Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/probleme-virus-garde-sujet_34246_2.htm
@+
voici le rapport de ComboFix avec le fichier CFScript:
merci
ComboFix 07-08-09.3 - "Blaise" 2007-11-25 16:47:23.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.200 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Blaise\Bureau\CFScript.txt
* Created a new restore point
((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
2007-11-24 10:56 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-23 18:15 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-22 20:35 <REP> d-------- C:\Program Files\CCleaner
2007-11-22 20:19 <REP> d-------- C:\Program Files\Trend Micro
2007-11-22 17:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-22 16:25 <REP> d-------- C:\VundoFix Backups
2007-11-22 16:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-22 13:52 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-22 13:52 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-22 13:52 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-22 13:52 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-22 13:52 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-22 13:52 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-22 13:52 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-22 13:52 <REP> d-------- C:\Program Files\Alwil Software
2007-11-16 13:44 <REP> d-------- C:\Program Files\EA Sports
2007-11-15 11:58 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab Setup Files
2007-10-27 21:11 <REP> d-------- C:\Program Files\Lavasoft
2007-10-27 21:11 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
2007-10-27 21:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-27 18:16 <REP> d-------- C:\Program Files\ohsrkryf
2007-10-27 18:10 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-27 18:09 26,624 --a------ C:\WINDOWS\system32\ace16win.dll
2007-10-27 18:09 <REP> d-------- C:\WINDOWS\system32\acespy
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-11-15 12:09 --------- d-------- C:\Program Files\Norton AntiVirus
2007-11-15 12:09 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-11-15 12:07 --------- d-------- C:\Program Files\Symantec
2007-11-06 19:25 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\Roxio
2007-11-05 16:41 64732 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-11-05 16:41 448190 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-10-27 14:29 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\uTorrent
2007-10-25 11:56 8510976 --a--c--- C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-12 09:43 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\OpenOffice.org2
2007-10-10 07:37 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-28 09:45 --------- d-------- C:\Program Files\iTunes
2007-09-28 09:45 --------- d-------- C:\Program Files\iPod
2007-09-28 09:36 --------- d-------- C:\Program Files\Apple Software Update
2007-09-16 19:09 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ac90262-fc1d-4a87-aa0f-632b95575f32}]
C:\WINDOWS\system32\jkwfopof.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
C:\Program Files\Ofncpmqr\ncmgcqjn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27}]
C:\WINDOWS\system32\vtutu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" [2005-11-08 17:00]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-01-13 13:05]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 10:19]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 09:21]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 11:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"505f8344"="C:\WINDOWS\system32\lhmeetkp.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2003-09-20 12:48]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoppm]
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
S3 usbvideo;Périphérique vidéo USB (WDM);C:\WINDOWS\system32\Drivers\usbvideo.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 16:49:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-11-25 16:50:46
C:\ComboFix-quarantined-files.txt ... 2007-11-25 16:50
C:\ComboFix2.txt ... 2007-11-24 17:30
C:\ComboFix3.txt ... 2007-11-24 15:11
--- E O F ---
merci
ComboFix 07-08-09.3 - "Blaise" 2007-11-25 16:47:23.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.200 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Blaise\Bureau\CFScript.txt
* Created a new restore point
((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
2007-11-24 10:56 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-23 18:15 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-22 20:35 <REP> d-------- C:\Program Files\CCleaner
2007-11-22 20:19 <REP> d-------- C:\Program Files\Trend Micro
2007-11-22 17:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-22 16:25 <REP> d-------- C:\VundoFix Backups
2007-11-22 16:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-22 13:52 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-22 13:52 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-22 13:52 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-22 13:52 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-22 13:52 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-22 13:52 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-22 13:52 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-22 13:52 <REP> d-------- C:\Program Files\Alwil Software
2007-11-16 13:44 <REP> d-------- C:\Program Files\EA Sports
2007-11-15 11:58 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab Setup Files
2007-10-27 21:11 <REP> d-------- C:\Program Files\Lavasoft
2007-10-27 21:11 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
2007-10-27 21:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-27 18:16 <REP> d-------- C:\Program Files\ohsrkryf
2007-10-27 18:10 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-27 18:09 26,624 --a------ C:\WINDOWS\system32\ace16win.dll
2007-10-27 18:09 <REP> d-------- C:\WINDOWS\system32\acespy
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-11-15 12:09 --------- d-------- C:\Program Files\Norton AntiVirus
2007-11-15 12:09 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-11-15 12:07 --------- d-------- C:\Program Files\Symantec
2007-11-06 19:25 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\Roxio
2007-11-05 16:41 64732 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-11-05 16:41 448190 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-10-27 14:29 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\uTorrent
2007-10-25 11:56 8510976 --a--c--- C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-12 09:43 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\OpenOffice.org2
2007-10-10 07:37 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-28 09:45 --------- d-------- C:\Program Files\iTunes
2007-09-28 09:45 --------- d-------- C:\Program Files\iPod
2007-09-28 09:36 --------- d-------- C:\Program Files\Apple Software Update
2007-09-16 19:09 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ac90262-fc1d-4a87-aa0f-632b95575f32}]
C:\WINDOWS\system32\jkwfopof.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
C:\Program Files\Ofncpmqr\ncmgcqjn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27}]
C:\WINDOWS\system32\vtutu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" [2005-11-08 17:00]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-01-13 13:05]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 10:19]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 09:21]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 11:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"505f8344"="C:\WINDOWS\system32\lhmeetkp.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2003-09-20 12:48]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoppm]
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
S3 usbvideo;Périphérique vidéo USB (WDM);C:\WINDOWS\system32\Drivers\usbvideo.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 16:49:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-11-25 16:50:46
C:\ComboFix-quarantined-files.txt ... 2007-11-25 16:50
C:\ComboFix2.txt ... 2007-11-24 17:30
C:\ComboFix3.txt ... 2007-11-24 15:11
--- E O F ---
Refais la même manip avec combofix sauf que cette fois ci
tu copies en gras ces lignes
File::
C:\WINDOWS\system32\lhmeetkp.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ac90262-fc1d-4a87-aa0f-632b95575f32}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"505f8344"="-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoppm]
tu copies en gras ces lignes
File::
C:\WINDOWS\system32\lhmeetkp.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ac90262-fc1d-4a87-aa0f-632b95575f32}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"505f8344"="-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoppm]
C'est fait !
ComboFix 07-08-09.3 - "Blaise" 2007-11-25 17:33:41.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.178 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Blaise\Bureau\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\lhmeetkp.dll
((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
2007-11-24 10:56 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-23 18:15 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-22 20:35 <REP> d-------- C:\Program Files\CCleaner
2007-11-22 20:19 <REP> d-------- C:\Program Files\Trend Micro
2007-11-22 17:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-22 16:25 <REP> d-------- C:\VundoFix Backups
2007-11-22 16:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-22 13:52 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-22 13:52 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-22 13:52 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-22 13:52 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-22 13:52 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-22 13:52 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-22 13:52 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-22 13:52 <REP> d-------- C:\Program Files\Alwil Software
2007-11-16 13:44 <REP> d-------- C:\Program Files\EA Sports
2007-11-15 11:58 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab Setup Files
2007-10-27 21:11 <REP> d-------- C:\Program Files\Lavasoft
2007-10-27 21:11 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
2007-10-27 21:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-27 18:16 <REP> d-------- C:\Program Files\ohsrkryf
2007-10-27 18:10 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-27 18:09 26,624 --a------ C:\WINDOWS\system32\ace16win.dll
2007-10-27 18:09 <REP> d-------- C:\WINDOWS\system32\acespy
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-11-15 12:09 --------- d-------- C:\Program Files\Norton AntiVirus
2007-11-15 12:09 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-11-15 12:07 --------- d-------- C:\Program Files\Symantec
2007-11-06 19:25 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\Roxio
2007-11-05 16:41 64732 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-11-05 16:41 448190 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-10-27 14:29 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\uTorrent
2007-10-25 11:56 8510976 --a--c--- C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-12 09:43 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\OpenOffice.org2
2007-10-10 07:37 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-28 09:45 --------- d-------- C:\Program Files\iTunes
2007-09-28 09:45 --------- d-------- C:\Program Files\iPod
2007-09-28 09:36 --------- d-------- C:\Program Files\Apple Software Update
2007-09-16 19:09 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" [2005-11-08 17:00]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-01-13 13:05]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 10:19]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 09:21]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 11:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"505f8344"="C:\WINDOWS\system32\lhmeetkp.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2003-09-20 12:48]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
S3 usbvideo;Périphérique vidéo USB (WDM);C:\WINDOWS\system32\Drivers\usbvideo.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 17:35:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-11-25 17:36:45
C:\ComboFix-quarantined-files.txt ... 2007-11-25 17:36
C:\ComboFix2.txt ... 2007-11-25 16:50
C:\ComboFix3.txt ... 2007-11-24 17:30
--- E O F ---
ComboFix 07-08-09.3 - "Blaise" 2007-11-25 17:33:41.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.178 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Blaise\Bureau\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\lhmeetkp.dll
((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
2007-11-24 10:56 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-23 18:15 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-22 20:35 <REP> d-------- C:\Program Files\CCleaner
2007-11-22 20:19 <REP> d-------- C:\Program Files\Trend Micro
2007-11-22 17:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-22 16:25 <REP> d-------- C:\VundoFix Backups
2007-11-22 16:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-22 13:52 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-22 13:52 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-22 13:52 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-22 13:52 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-22 13:52 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-22 13:52 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-22 13:52 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-22 13:52 <REP> d-------- C:\Program Files\Alwil Software
2007-11-16 13:44 <REP> d-------- C:\Program Files\EA Sports
2007-11-15 11:58 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab Setup Files
2007-10-27 21:11 <REP> d-------- C:\Program Files\Lavasoft
2007-10-27 21:11 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
2007-10-27 21:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-27 18:16 <REP> d-------- C:\Program Files\ohsrkryf
2007-10-27 18:10 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-27 18:09 26,624 --a------ C:\WINDOWS\system32\ace16win.dll
2007-10-27 18:09 <REP> d-------- C:\WINDOWS\system32\acespy
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-11-15 12:09 --------- d-------- C:\Program Files\Norton AntiVirus
2007-11-15 12:09 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-11-15 12:07 --------- d-------- C:\Program Files\Symantec
2007-11-06 19:25 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\Roxio
2007-11-05 16:41 64732 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-11-05 16:41 448190 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-10-27 14:29 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\uTorrent
2007-10-25 11:56 8510976 --a--c--- C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-12 09:43 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\OpenOffice.org2
2007-10-10 07:37 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-28 09:45 --------- d-------- C:\Program Files\iTunes
2007-09-28 09:45 --------- d-------- C:\Program Files\iPod
2007-09-28 09:36 --------- d-------- C:\Program Files\Apple Software Update
2007-09-16 19:09 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" [2005-11-08 17:00]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-01-13 13:05]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 10:19]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 09:21]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 11:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"505f8344"="C:\WINDOWS\system32\lhmeetkp.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2003-09-20 12:48]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
S3 usbvideo;Périphérique vidéo USB (WDM);C:\WINDOWS\system32\Drivers\usbvideo.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 17:35:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-11-25 17:36:45
C:\ComboFix-quarantined-files.txt ... 2007-11-25 17:36
C:\ComboFix2.txt ... 2007-11-25 16:50
C:\ComboFix3.txt ... 2007-11-24 17:30
--- E O F ---
voilà:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:18, on 2007-11-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://iaccess.lgs.com/lgs_qc/dwa7W.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:18, on 2007-11-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://iaccess.lgs.com/lgs_qc/dwa7W.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Bonsoir blade 84
relance hijack et coche ceci
ensuite clic sue fix checked
O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
ensuite
fais un scan avec bitdefender et colle le rapport
https://www.bitdefender.com/toolbox/
un tuto (merci Balltrap34)
https://kerio.probb.fr/t673-bitdefender-antivirus-en-ligne
@+
relance hijack et coche ceci
ensuite clic sue fix checked
O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
ensuite
fais un scan avec bitdefender et colle le rapport
https://www.bitdefender.com/toolbox/
un tuto (merci Balltrap34)
https://kerio.probb.fr/t673-bitdefender-antivirus-en-ligne
@+
voici le rapport de Hijackthis après avoir fixé l'élément demandé. Ensuite, le rapport de BtDefender.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:49, on 2007-11-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://iaccess.lgs.com/lgs_qc/dwa7W.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:49, on 2007-11-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://iaccess.lgs.com/lgs_qc/dwa7W.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Bonsoir Blade84,
bien, enfin voilà un rapport qui fait plaisir
dit moi ou en sont tes soucis
@+
bien, enfin voilà un rapport qui fait plaisir
dit moi ou en sont tes soucis
@+
Bonsoir,
Au fur et à mesure que nous procédions aux différentes opérations, mon ordi se portait de mieux en mieux, à mon grand bonheur. Maitenant, je crois bien qu'elle est OK, il n'y plus de fenêtre qui s'ouvre tout seul et plus de mauvaises recherches.
Par ailleurs, j'ai Avast et AVG anti-spyware d'installés est-ce que je les garde les deux en plus de tous les logiciels (Combofix,Vundo,Hijackthis, etc.) que vous m'avez fait downloader. Bref, qu'est-ce que vous me conseillez de garder ?
Mille mercis, votre aide fut énomément apprécié.
Blade84
Au fur et à mesure que nous procédions aux différentes opérations, mon ordi se portait de mieux en mieux, à mon grand bonheur. Maitenant, je crois bien qu'elle est OK, il n'y plus de fenêtre qui s'ouvre tout seul et plus de mauvaises recherches.
Par ailleurs, j'ai Avast et AVG anti-spyware d'installés est-ce que je les garde les deux en plus de tous les logiciels (Combofix,Vundo,Hijackthis, etc.) que vous m'avez fait downloader. Bref, qu'est-ce que vous me conseillez de garder ?
Mille mercis, votre aide fut énomément apprécié.
Blade84
tu peux supprimer tout les logiciels que nous avons télécharger
et à propos le tutoiement et plus approprier ;-)
donc vérifie dans ajout et suppression de programme et dans programmes files
pour supprimer toutes les traces des logiciels utilisés ensemble
ensuite fait ceci (IMPORTANT)
=démarrer
=panneau de configuration
=système
=onglet Restauration système
=coche la case (Désactiver la restauration système)
=redémarre l'ordinateur
=réactive la ensuite
Autre conseils :
--Comportement a adopter http://assiste.com.free.fr/p/abc/a/safe_cex.html
--Essaye le navigateur Firefox plus sur/securisé qu IE
Firefox n utilise pas le dangereux protocole ActiveX
-Téléchargement: http://www.mozilla-europe.org/fr/products/firefox/
-Tutorial pour le sécuriser: https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/
Vérifie tes mises a jours des différents softs régulièrement ici https://www.flexera.com/products/operations/software-vulnerability-management.html
Tuto https://www.malekal.com/tester-la-vulnerabilite-de-son-systeme-2/
Java est a mettre a jour entre autre, puis désinstalle les anciennes versions de java via panneau de config / ajouts et suppression de programme.
Pour que ton pc retrouve un peu de jeunesse
* Pense a lancer une petite défragmentation.
* Utilise CCleaner régulièrement.
* Gère tes services grâce a ces 2 liens
http://speedweb1.free.fr/frames2.php?page=service3 et http://speedweb1.free.fr/frames2.php?page=service4
* Utilise Zeb Utility
une application ne nécessitant pas d’installation, pour optimiser un poil ton pc. (merci a l ami Zebulon)
Téléchargement : https://www.zebulon.fr/telechargements/utilitaires/optimisation/zeb-utility.html
Tuto : https://www.zebulon.fr/dossiers/autres/58-zebutility.html
Logiciels intéressants à avoir
=> Ad-aware SE (scan passif )
https://www.google.com ou http://www.lavasoft.de/support/download/#free
Tutos :
http://home.tiscali.be/schouppeguy/adawarese/adawase.htm
démo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
http://perso.orange.fr/rginformatique/section%20virus/adawrevid.asf
=> SpyBot-Search & Destroy 1.5 (scan passif + protection préventive avec ces 2 résidents, ses vaccinations et sa list Hosts )
https://www.safer-networking.org/download/
démo d utilisation
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm
https://www.malekal.com/spybot-search-destroy-proteger-desinfecter-pc-virus/
Tuto :
http://perso.orange.fr/jesses/Docs/Logiciels/Spybot.htm
=> a² free (anti-trojans) (scan passif )
- Téléchargement : https://www.emsisoft.com/fr/home/antimalware/
- Tuto : http://perso.orange.fr/jesses/Docs/Logiciels/a-squared.htm
=> ZebProtect (application ne nécessitant pas d installation)
https://www.zebulon.fr/dossiers/autres/40-zebprotect.html
http://telechargement.zebulon.fr/123.html
bon courage pour la suite
@+
et à propos le tutoiement et plus approprier ;-)
donc vérifie dans ajout et suppression de programme et dans programmes files
pour supprimer toutes les traces des logiciels utilisés ensemble
ensuite fait ceci (IMPORTANT)
=démarrer
=panneau de configuration
=système
=onglet Restauration système
=coche la case (Désactiver la restauration système)
=redémarre l'ordinateur
=réactive la ensuite
Autre conseils :
--Comportement a adopter http://assiste.com.free.fr/p/abc/a/safe_cex.html
--Essaye le navigateur Firefox plus sur/securisé qu IE
Firefox n utilise pas le dangereux protocole ActiveX
-Téléchargement: http://www.mozilla-europe.org/fr/products/firefox/
-Tutorial pour le sécuriser: https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/
Vérifie tes mises a jours des différents softs régulièrement ici https://www.flexera.com/products/operations/software-vulnerability-management.html
Tuto https://www.malekal.com/tester-la-vulnerabilite-de-son-systeme-2/
Java est a mettre a jour entre autre, puis désinstalle les anciennes versions de java via panneau de config / ajouts et suppression de programme.
Pour que ton pc retrouve un peu de jeunesse
* Pense a lancer une petite défragmentation.
* Utilise CCleaner régulièrement.
* Gère tes services grâce a ces 2 liens
http://speedweb1.free.fr/frames2.php?page=service3 et http://speedweb1.free.fr/frames2.php?page=service4
* Utilise Zeb Utility
une application ne nécessitant pas d’installation, pour optimiser un poil ton pc. (merci a l ami Zebulon)
Téléchargement : https://www.zebulon.fr/telechargements/utilitaires/optimisation/zeb-utility.html
Tuto : https://www.zebulon.fr/dossiers/autres/58-zebutility.html
Logiciels intéressants à avoir
=> Ad-aware SE (scan passif )
https://www.google.com ou http://www.lavasoft.de/support/download/#free
Tutos :
http://home.tiscali.be/schouppeguy/adawarese/adawase.htm
démo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
http://perso.orange.fr/rginformatique/section%20virus/adawrevid.asf
=> SpyBot-Search & Destroy 1.5 (scan passif + protection préventive avec ces 2 résidents, ses vaccinations et sa list Hosts )
https://www.safer-networking.org/download/
démo d utilisation
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm
https://www.malekal.com/spybot-search-destroy-proteger-desinfecter-pc-virus/
Tuto :
http://perso.orange.fr/jesses/Docs/Logiciels/Spybot.htm
=> a² free (anti-trojans) (scan passif )
- Téléchargement : https://www.emsisoft.com/fr/home/antimalware/
- Tuto : http://perso.orange.fr/jesses/Docs/Logiciels/a-squared.htm
=> ZebProtect (application ne nécessitant pas d installation)
https://www.zebulon.fr/dossiers/autres/40-zebprotect.html
http://telechargement.zebulon.fr/123.html
bon courage pour la suite
@+
D'abord, merci beaucoup pour votre aide.
J'ai fait les trois étapes que vous m'avez proposé.
Vondofix n'a rien trouvé, sûrement parce que je l'avais déjà fait le scan précédemment en suivant les indications donner à un autre utilisateur dans ce furum qui semblait avoir un problème semblable. Dois-je te donner quand même le rapport que j'avais fait l'autre jour ???
MSNfix n'a rien trouvé aussi.
Un problème est encore là, lorsque je fais une recherche sur google, la recherche ne se rend pas à la page qu'elle se devrait, elle se rend plutôt sur une page publicitaire. Ensuite, d'autres pages pub (ebay ou autres) apparaissent et/ou des pages vierges ayant pour adresse des chiffres. Cependant, il n'y pas qu'avec google que ça fait ça.
Donc, voici le rapport de hijackthis en premier et msnfix en deuxième.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:06, on 2007-11-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {23f57559-b236-f0aa-78a4-d1cf26209ca0} - {0ac90262-fc1d-4a87-aa0f-632b95575f32} - C:\WINDOWS\system32\jkwfopof.dll
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Ofncpmqr\ncmgcqjn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Her - {971D5B7B-F7DF-43ee-B771-6B7FA09975C3} - C:\WINDOWS\system32\sipov.dll (file missing)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll (file missing)
O2 - BHO: (no name) - {CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27} - C:\WINDOWS\system32\vtutu.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: ssqoppm - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe