PC infecté par Win32:BHO-KD [Trj]
Hicham
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:47, on 4/01/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\wltray.exe
C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow1.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C894EA2-B4E0-4213-A3D7-784CE3AF4EA8} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {11961F58-3A3C-4813-AE8D-AAB9076BC3B0} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {19AF3C8F-DBC0-4320-8404-8146FAE880AF} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {2DD14095-31BB-4E43-BB42-7771B93775AA} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {3FA968B3-A2A5-497A-94B2-2A298C7CDAA3} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {43CC72A2-495C-4ECC-9734-C54EE429E9DB} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {47F9BC1D-723D-4126-87CE-12851B80642A} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {4B9EA5AA-5AD6-4D7A-AB6C-639625310387} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {4F053323-617E-40CC-B4A2-C2A31DC7C802} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {4FBC0CE7-8766-4127-8B05-DA0DD83A1BC5} - C:\WINDOWS\System32\vssap.dll (file missing)
O2 - BHO: (no name) - {51D4BECE-34E0-4297-8848-5483F25F402D} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {555E165D-5E8F-4D56-B558-D503FA92AE45} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {575DA58A-6FF1-4D7A-9E61-7897BB10A012} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {587A33BB-5C9D-420E-9D26-1D69B4F28C0E} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {59474C8E-ACF1-4DF6-BC9B-304606CB4A44} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {66817C9D-8EC2-470C-9A9D-30FCECDB3FFF} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {689AB593-004A-4A9E-990A-0CCE9610876B} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {6D6D6802-551C-4F48-8190-070D67E639A7} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {733D1BC7-1019-4023-9422-E7691AF10181} - c:\windows\system32\bfkabfk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8622EC6A-47E3-4B2F-989F-B95C74E07744} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {8D9B7DDB-4536-42A0-8BC7-6D0CB5FC2997} - c:\windows\system32\bfkabfk.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {90805281-B920-46E3-B8C7-6B0C05F3BCB9} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {91528EA0-5348-4C50-ADB2-415EFB3773E6} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {93178308-9A3E-4181-8B65-97AA5FC66B06} - c:\windows\system32\bfkabfk.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {A886A6A1-3F22-42C6-BC1B-10B94D93BD60} - c:\windows\system32\bfkabfk.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AF56D6EE-A3E2-4C26-9D67-FF5EAAF8D1EC} - c:\windows\system32\bfkabfk.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C4F08759-8527-4549-AF97-D13B23F9D702} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {C97DC1BE-14A8-415A-812C-8A2026831421} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {E1410F4E-1EAB-47FA-BEFF-7B0C7AC5660F} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {E2F4D56E-8283-4833-94A3-85F6160E5F46} - c:\windows\system32\bfkabfk.dll
O2 - BHO: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow1.dll
O2 - BHO: (no name) - {E73840F3-BE35-4EDF-816B-450435E2320E} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {E9917BD0-3E76-43B4-998D-115AC49EFE0B} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {EA3FA1B3-A268-4049-96B4-8230F3990315} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {EFBBA8C3-37FD-4C69-AA6E-BAF271218AAE} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {F2B4CF45-7CC3-405A-856D-80BD5E73E0F6} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {F9E91DCB-307E-4764-AE2E-E56551F2D52B} - c:\windows\system32\bfkabfk.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [dpsni7w4htu] C:\WINDOWS\system32\dpsni7w4htu.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\VirusGarde\stmon.exe" dm=http://virusgarde.com; ad=http://virusgarde.com
O4 - HKLM\..\Run: [rtasks] C:\Program Files\VirusGarde\rtasks.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\System32\wltray.exe
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" dm=http://moncontenuassistant.com; ad=http://moncontenuassistant.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [dpsni7w4htu] C:\WINDOWS\system32\dpsni7w4htu.exe
O4 - HKCU\..\Run: [VirusGarde] C:\Program Files\VirusGarde\pgs.exe /min
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Salestart] "C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" dm=http://moncontenuassistant.com; ad=http://moncontenuassistant.com
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O20 - Winlogon Notify: pjfcqtpy - C:\WINDOWS\SYSTEM32\bfkabfk.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 0: (no name) - https://www.toucharger.com/img/graphiques/dessins--arts-divers/art-numerique/3d/rechauffement-climatique.70897.jpg
O24 - Desktop Component 1: (no name) - https://www.linternaute.com/sortir/magazine/1358366-fond-d-ecran-gratuit-choisissez-votre-wallpaper-parmi-nos-selections/
O24 - Desktop Component 2: (no name) - https://www.linternaute.com/sortir/magazine/1358366-fond-d-ecran-gratuit-choisissez-votre-wallpaper-parmi-nos-selections/
O24 - Desktop Component 3: (no name) - https://www.linternaute.com/sortir/magazine/1358366-fond-d-ecran-gratuit-choisissez-votre-wallpaper-parmi-nos-selections/
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:47, on 4/01/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\wltray.exe
C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow1.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C894EA2-B4E0-4213-A3D7-784CE3AF4EA8} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {11961F58-3A3C-4813-AE8D-AAB9076BC3B0} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {19AF3C8F-DBC0-4320-8404-8146FAE880AF} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {2DD14095-31BB-4E43-BB42-7771B93775AA} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {3FA968B3-A2A5-497A-94B2-2A298C7CDAA3} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {43CC72A2-495C-4ECC-9734-C54EE429E9DB} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {47F9BC1D-723D-4126-87CE-12851B80642A} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {4B9EA5AA-5AD6-4D7A-AB6C-639625310387} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {4F053323-617E-40CC-B4A2-C2A31DC7C802} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {4FBC0CE7-8766-4127-8B05-DA0DD83A1BC5} - C:\WINDOWS\System32\vssap.dll (file missing)
O2 - BHO: (no name) - {51D4BECE-34E0-4297-8848-5483F25F402D} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {555E165D-5E8F-4D56-B558-D503FA92AE45} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {575DA58A-6FF1-4D7A-9E61-7897BB10A012} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {587A33BB-5C9D-420E-9D26-1D69B4F28C0E} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {59474C8E-ACF1-4DF6-BC9B-304606CB4A44} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {66817C9D-8EC2-470C-9A9D-30FCECDB3FFF} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {689AB593-004A-4A9E-990A-0CCE9610876B} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {6D6D6802-551C-4F48-8190-070D67E639A7} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {733D1BC7-1019-4023-9422-E7691AF10181} - c:\windows\system32\bfkabfk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8622EC6A-47E3-4B2F-989F-B95C74E07744} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {8D9B7DDB-4536-42A0-8BC7-6D0CB5FC2997} - c:\windows\system32\bfkabfk.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {90805281-B920-46E3-B8C7-6B0C05F3BCB9} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {91528EA0-5348-4C50-ADB2-415EFB3773E6} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {93178308-9A3E-4181-8B65-97AA5FC66B06} - c:\windows\system32\bfkabfk.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {A886A6A1-3F22-42C6-BC1B-10B94D93BD60} - c:\windows\system32\bfkabfk.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AF56D6EE-A3E2-4C26-9D67-FF5EAAF8D1EC} - c:\windows\system32\bfkabfk.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C4F08759-8527-4549-AF97-D13B23F9D702} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {C97DC1BE-14A8-415A-812C-8A2026831421} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {E1410F4E-1EAB-47FA-BEFF-7B0C7AC5660F} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {E2F4D56E-8283-4833-94A3-85F6160E5F46} - c:\windows\system32\bfkabfk.dll
O2 - BHO: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow1.dll
O2 - BHO: (no name) - {E73840F3-BE35-4EDF-816B-450435E2320E} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {E9917BD0-3E76-43B4-998D-115AC49EFE0B} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {EA3FA1B3-A268-4049-96B4-8230F3990315} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {EFBBA8C3-37FD-4C69-AA6E-BAF271218AAE} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {F2B4CF45-7CC3-405A-856D-80BD5E73E0F6} - c:\windows\system32\bfkabfk.dll
O2 - BHO: (no name) - {F9E91DCB-307E-4764-AE2E-E56551F2D52B} - c:\windows\system32\bfkabfk.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [dpsni7w4htu] C:\WINDOWS\system32\dpsni7w4htu.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\VirusGarde\stmon.exe" dm=http://virusgarde.com; ad=http://virusgarde.com
O4 - HKLM\..\Run: [rtasks] C:\Program Files\VirusGarde\rtasks.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\System32\wltray.exe
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" dm=http://moncontenuassistant.com; ad=http://moncontenuassistant.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [dpsni7w4htu] C:\WINDOWS\system32\dpsni7w4htu.exe
O4 - HKCU\..\Run: [VirusGarde] C:\Program Files\VirusGarde\pgs.exe /min
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Salestart] "C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" dm=http://moncontenuassistant.com; ad=http://moncontenuassistant.com
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O20 - Winlogon Notify: pjfcqtpy - C:\WINDOWS\SYSTEM32\bfkabfk.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 0: (no name) - https://www.toucharger.com/img/graphiques/dessins--arts-divers/art-numerique/3d/rechauffement-climatique.70897.jpg
O24 - Desktop Component 1: (no name) - https://www.linternaute.com/sortir/magazine/1358366-fond-d-ecran-gratuit-choisissez-votre-wallpaper-parmi-nos-selections/
O24 - Desktop Component 2: (no name) - https://www.linternaute.com/sortir/magazine/1358366-fond-d-ecran-gratuit-choisissez-votre-wallpaper-parmi-nos-selections/
O24 - Desktop Component 3: (no name) - https://www.linternaute.com/sortir/magazine/1358366-fond-d-ecran-gratuit-choisissez-votre-wallpaper-parmi-nos-selections/
A voir également:
- PC infecté par Win32:BHO-KD [Trj]
- Reinitialiser pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Forcer demarrage pc - Guide
- Double ecran pc - Guide
3 réponses
salut
tu est bourrer de virus
telecharge spyware terminator+a-squared free mes les a jours puis fait un scan en mode normale et mode sans echec puis supprime tous se qu'ils trouvent puis recolle moi un log hijackthis
tu est bourrer de virus
telecharge spyware terminator+a-squared free mes les a jours puis fait un scan en mode normale et mode sans echec puis supprime tous se qu'ils trouvent puis recolle moi un log hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:28, on 10/01/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\tatung\Mes documents\Ma musique\temp\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\System32\ntos.exe,
O2 - BHO: (no name) - {2F6F6370-C85E-433E-A32C-9E1BB172CCBD} - C:\WINDOWS\System32\comre.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
Scan saved at 11:31:28, on 10/01/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\tatung\Mes documents\Ma musique\temp\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\System32\ntos.exe,
O2 - BHO: (no name) - {2F6F6370-C85E-433E-A32C-9E1BB172CCBD} - C:\WINDOWS\System32\comre.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
