Pc Infecté !!!!!
Fermé
kobz
Messages postés
36
Date d'inscription
dimanche 13 mai 2007
Statut
Membre
Dernière intervention
14 février 2013
-
5 févr. 2008 à 11:45
kobz Messages postés 36 Date d'inscription dimanche 13 mai 2007 Statut Membre Dernière intervention 14 février 2013 - 12 févr. 2008 à 22:46
kobz Messages postés 36 Date d'inscription dimanche 13 mai 2007 Statut Membre Dernière intervention 14 février 2013 - 12 févr. 2008 à 22:46
A voir également:
- Pc Infecté !!!!!
- Test performance pc - Guide
- Reinitialiser pc - Guide
- Pc lent - Guide
- Audacity enregistrer son pc - Guide
- Whatsapp pc - Télécharger - Messagerie
12 réponses
guillaumebic
Messages postés
298
Date d'inscription
dimanche 30 décembre 2007
Statut
Membre
Dernière intervention
29 juin 2009
23
5 févr. 2008 à 12:29
5 févr. 2008 à 12:29
je sais qu'ad aware marche très bien.
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
5 févr. 2008 à 12:38
5 févr. 2008 à 12:38
Salut
Ad-Aware ne fera pas grand chose
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse
ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
A++
Ad-Aware ne fera pas grand chose
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse
ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
A++
kobz
Messages postés
36
Date d'inscription
dimanche 13 mai 2007
Statut
Membre
Dernière intervention
14 février 2013
5 févr. 2008 à 14:02
5 févr. 2008 à 14:02
Avec VundoFix, il n'y a aucun fichier trouvé ...
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
5 févr. 2008 à 15:54
5 févr. 2008 à 15:54
Continue
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
kobz
Messages postés
36
Date d'inscription
dimanche 13 mai 2007
Statut
Membre
Dernière intervention
14 février 2013
7 févr. 2008 à 16:38
7 févr. 2008 à 16:38
Ok, merci de m'aider, j'poste donc les differents rapports
VundoFix V6.7.7
Checking Java version...
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 12:41:39 05/02/2008
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.7.7
02/07/2008, 16:30:25] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Nassim\Bureau\VirtumundoBeGone.exe" )
[02/07/2008, 16:30:28] - Detected System Information:
[02/07/2008, 16:30:28] - Windows Version: 5.1.2600, Service Pack 2
[02/07/2008, 16:30:28] - Current Username: Nassim (Admin)
[02/07/2008, 16:30:28] - Windows is in NORMAL mode.
[02/07/2008, 16:30:28] - Searching for Browser Helper Objects:
[02/07/2008, 16:30:28] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[02/07/2008, 16:30:28] - BHO 2: {037C7B8A-151A-49E6-BAED-CC05FCB50328} (&Research)
[02/07/2008, 16:30:28] - BHO 3: {1441C9B1-0552-08AD-0A15-5800CBBB8BB7} ()
[02/07/2008, 16:30:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:30:28] - Checking for HKLM\...\Winlogon\Notify\onwlggqa
[02/07/2008, 16:30:28] - Key not found: HKLM\...\Winlogon\Notify\onwlggqa, continuing.
[02/07/2008, 16:30:28] - BHO 4: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} (Winamp Toolbar BHO)
[02/07/2008, 16:30:28] - BHO 5: {3292FD14-65A3-6E5E-F24F-6DE34A92AAE1} ()
[02/07/2008, 16:30:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:30:28] - Checking for HKLM\...\Winlogon\Notify\lohuht
[02/07/2008, 16:30:28] - Key not found: HKLM\...\Winlogon\Notify\lohuht, continuing.
[02/07/2008, 16:30:28] - BHO 6: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[02/07/2008, 16:30:28] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/07/2008, 16:30:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:30:28] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/07/2008, 16:30:28] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/07/2008, 16:30:28] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/07/2008, 16:30:28] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/07/2008, 16:30:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:30:28] - No filename found. Continuing.
[02/07/2008, 16:30:28] - BHO 10: {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} (BndDrive2 BHO Class)
[02/07/2008, 16:30:28] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/07/2008, 16:30:28] - BHO 12: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/07/2008, 16:30:28] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[02/07/2008, 16:30:28] - BHO 14: {C69C8004-1BFB-4DFF-A4FE-C3534D3CE89A} ()
[02/07/2008, 16:30:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:30:28] - Checking for HKLM\...\Winlogon\Notify\powebegu455101
[02/07/2008, 16:30:28] - Key not found: HKLM\...\Winlogon\Notify\powebegu455101, continuing.
[02/07/2008, 16:30:28] - Finished Searching Browser Helper Objects
[02/07/2008, 16:30:28] - Finishing up...
[02/07/2008, 16:30:28] - Nothing found! Exiting...
[02/07/2008, 16:31:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Nassim\Bureau\VirtumundoBeGone.exe" )
[02/07/2008, 16:31:07] - Detected System Information:
[02/07/2008, 16:31:07] - Windows Version: 5.1.2600, Service Pack 2
[02/07/2008, 16:31:07] - Current Username: Nassim (Admin)
[02/07/2008, 16:31:07] - Windows is in NORMAL mode.
[02/07/2008, 16:31:07] - Searching for Browser Helper Objects:
[02/07/2008, 16:31:07] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[02/07/2008, 16:31:07] - BHO 2: {037C7B8A-151A-49E6-BAED-CC05FCB50328} (&Research)
[02/07/2008, 16:31:07] - BHO 3: {1441C9B1-0552-08AD-0A15-5800CBBB8BB7} ()
[02/07/2008, 16:31:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:31:07] - Checking for HKLM\...\Winlogon\Notify\onwlggqa
[02/07/2008, 16:31:07] - Key not found: HKLM\...\Winlogon\Notify\onwlggqa, continuing.
[02/07/2008, 16:31:07] - BHO 4: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} (Winamp Toolbar BHO)
[02/07/2008, 16:31:07] - BHO 5: {3292FD14-65A3-6E5E-F24F-6DE34A92AAE1} ()
[02/07/2008, 16:31:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:31:07] - Checking for HKLM\...\Winlogon\Notify\lohuht
[02/07/2008, 16:31:07] - Key not found: HKLM\...\Winlogon\Notify\lohuht, continuing.
[02/07/2008, 16:31:07] - BHO 6: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[02/07/2008, 16:31:07] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/07/2008, 16:31:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:31:07] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/07/2008, 16:31:07] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/07/2008, 16:31:07] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/07/2008, 16:31:07] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/07/2008, 16:31:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:31:07] - No filename found. Continuing.
[02/07/2008, 16:31:07] - BHO 10: {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} (BndDrive2 BHO Class)
[02/07/2008, 16:31:07] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/07/2008, 16:31:07] - BHO 12: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/07/2008, 16:31:07] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[02/07/2008, 16:31:07] - BHO 14: {C69C8004-1BFB-4DFF-A4FE-C3534D3CE89A} ()
[02/07/2008, 16:31:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:31:07] - Checking for HKLM\...\Winlogon\Notify\powebegu455101
[02/07/2008, 16:31:07] - Key not found: HKLM\...\Winlogon\Notify\powebegu455101, continuing.
[02/07/2008, 16:31:07] - Finished Searching Browser Helper Objects
[02/07/2008, 16:31:07] - Finishing up...
[02/07/2008, 16:31:07] - Nothing found! Exiting...
Checking Java version...
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 13:20:09 05/02/2008
Listing files found while scanning....
No infected files were found.
Beginning removal...
Logfile of HijackThis v1.99.1
Scan saved at 16:37:33, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sv3968\svchost.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\8A898B8D898C8B.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\{14FFB3E6-0B6E-1036-1128-050511230021}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\WINDOWS\??curity\?vchost.exe
C:\PROGRA~1\COMMON~1\STEM32~1\nslookup.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\QdrPack\QdrPack12.exe
C:\Program Files\xInsIDE\xInsIDE.exe
C:\Program Files\Octoshape Streaming Services\Nassim\OctoshapeClient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\Sogou PXP\p2psvr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nassim\Bureau\non utilisé\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\sv3968\svchost.exe
F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
O2 - BHO: (no name) - {1441C9B1-0552-08AD-0A15-5800CBBB8BB7} - C:\WINDOWS\system32\onwlggqa.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {3292FD14-65A3-6E5E-F24F-6DE34A92AAE1} - C:\WINDOWS\system32\lohuht.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C69C8004-1BFB-4DFF-A4FE-C3534D3CE89A} - C:\Program Files\NetMeeting\powebegu455101.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &WinSec Toolbar - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\system32\wscmp.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Piolet] C:\PROGRA~1\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [4D4C4E504C4F4E52] 8A898B8D898C8B.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453945 14
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [QuickBar] C:\Program Files\Quikbar\quikbar.exe
O4 - HKCU\..\Run: [Context] C:\Program Files\Fichiers communs\{44FFB3E6-0B6E-1036-1128-050511230021}\context.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Nassim\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Hmwox] "C:\Documents and Settings\Nassim\Mes documents\F?nts\m?hta.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Ocxe] C:\WINDOWS\??curity\?vchost.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Orep] "C:\PROGRA~1\COMMON~1\STEM32~1\nslookup.exe" -vt ndrv
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [QdrPack12] "C:\Program Files\QdrPack\QdrPack12.exe"
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AIM (AIMMSN) - Unknown owner - C:\WINDOWS\aimmsn.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Security Service (HQRQ) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Fichiers communs\Sogou PXP\p2psvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
VundoFix V6.7.7
Checking Java version...
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 12:41:39 05/02/2008
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.7.7
02/07/2008, 16:30:25] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Nassim\Bureau\VirtumundoBeGone.exe" )
[02/07/2008, 16:30:28] - Detected System Information:
[02/07/2008, 16:30:28] - Windows Version: 5.1.2600, Service Pack 2
[02/07/2008, 16:30:28] - Current Username: Nassim (Admin)
[02/07/2008, 16:30:28] - Windows is in NORMAL mode.
[02/07/2008, 16:30:28] - Searching for Browser Helper Objects:
[02/07/2008, 16:30:28] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[02/07/2008, 16:30:28] - BHO 2: {037C7B8A-151A-49E6-BAED-CC05FCB50328} (&Research)
[02/07/2008, 16:30:28] - BHO 3: {1441C9B1-0552-08AD-0A15-5800CBBB8BB7} ()
[02/07/2008, 16:30:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:30:28] - Checking for HKLM\...\Winlogon\Notify\onwlggqa
[02/07/2008, 16:30:28] - Key not found: HKLM\...\Winlogon\Notify\onwlggqa, continuing.
[02/07/2008, 16:30:28] - BHO 4: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} (Winamp Toolbar BHO)
[02/07/2008, 16:30:28] - BHO 5: {3292FD14-65A3-6E5E-F24F-6DE34A92AAE1} ()
[02/07/2008, 16:30:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:30:28] - Checking for HKLM\...\Winlogon\Notify\lohuht
[02/07/2008, 16:30:28] - Key not found: HKLM\...\Winlogon\Notify\lohuht, continuing.
[02/07/2008, 16:30:28] - BHO 6: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[02/07/2008, 16:30:28] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/07/2008, 16:30:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:30:28] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/07/2008, 16:30:28] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/07/2008, 16:30:28] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/07/2008, 16:30:28] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/07/2008, 16:30:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:30:28] - No filename found. Continuing.
[02/07/2008, 16:30:28] - BHO 10: {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} (BndDrive2 BHO Class)
[02/07/2008, 16:30:28] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/07/2008, 16:30:28] - BHO 12: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/07/2008, 16:30:28] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[02/07/2008, 16:30:28] - BHO 14: {C69C8004-1BFB-4DFF-A4FE-C3534D3CE89A} ()
[02/07/2008, 16:30:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:30:28] - Checking for HKLM\...\Winlogon\Notify\powebegu455101
[02/07/2008, 16:30:28] - Key not found: HKLM\...\Winlogon\Notify\powebegu455101, continuing.
[02/07/2008, 16:30:28] - Finished Searching Browser Helper Objects
[02/07/2008, 16:30:28] - Finishing up...
[02/07/2008, 16:30:28] - Nothing found! Exiting...
[02/07/2008, 16:31:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Nassim\Bureau\VirtumundoBeGone.exe" )
[02/07/2008, 16:31:07] - Detected System Information:
[02/07/2008, 16:31:07] - Windows Version: 5.1.2600, Service Pack 2
[02/07/2008, 16:31:07] - Current Username: Nassim (Admin)
[02/07/2008, 16:31:07] - Windows is in NORMAL mode.
[02/07/2008, 16:31:07] - Searching for Browser Helper Objects:
[02/07/2008, 16:31:07] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[02/07/2008, 16:31:07] - BHO 2: {037C7B8A-151A-49E6-BAED-CC05FCB50328} (&Research)
[02/07/2008, 16:31:07] - BHO 3: {1441C9B1-0552-08AD-0A15-5800CBBB8BB7} ()
[02/07/2008, 16:31:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:31:07] - Checking for HKLM\...\Winlogon\Notify\onwlggqa
[02/07/2008, 16:31:07] - Key not found: HKLM\...\Winlogon\Notify\onwlggqa, continuing.
[02/07/2008, 16:31:07] - BHO 4: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} (Winamp Toolbar BHO)
[02/07/2008, 16:31:07] - BHO 5: {3292FD14-65A3-6E5E-F24F-6DE34A92AAE1} ()
[02/07/2008, 16:31:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:31:07] - Checking for HKLM\...\Winlogon\Notify\lohuht
[02/07/2008, 16:31:07] - Key not found: HKLM\...\Winlogon\Notify\lohuht, continuing.
[02/07/2008, 16:31:07] - BHO 6: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[02/07/2008, 16:31:07] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/07/2008, 16:31:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:31:07] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/07/2008, 16:31:07] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/07/2008, 16:31:07] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/07/2008, 16:31:07] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/07/2008, 16:31:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:31:07] - No filename found. Continuing.
[02/07/2008, 16:31:07] - BHO 10: {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} (BndDrive2 BHO Class)
[02/07/2008, 16:31:07] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/07/2008, 16:31:07] - BHO 12: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/07/2008, 16:31:07] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[02/07/2008, 16:31:07] - BHO 14: {C69C8004-1BFB-4DFF-A4FE-C3534D3CE89A} ()
[02/07/2008, 16:31:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 16:31:07] - Checking for HKLM\...\Winlogon\Notify\powebegu455101
[02/07/2008, 16:31:07] - Key not found: HKLM\...\Winlogon\Notify\powebegu455101, continuing.
[02/07/2008, 16:31:07] - Finished Searching Browser Helper Objects
[02/07/2008, 16:31:07] - Finishing up...
[02/07/2008, 16:31:07] - Nothing found! Exiting...
Checking Java version...
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 13:20:09 05/02/2008
Listing files found while scanning....
No infected files were found.
Beginning removal...
Logfile of HijackThis v1.99.1
Scan saved at 16:37:33, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sv3968\svchost.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\8A898B8D898C8B.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\{14FFB3E6-0B6E-1036-1128-050511230021}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\WINDOWS\??curity\?vchost.exe
C:\PROGRA~1\COMMON~1\STEM32~1\nslookup.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\QdrPack\QdrPack12.exe
C:\Program Files\xInsIDE\xInsIDE.exe
C:\Program Files\Octoshape Streaming Services\Nassim\OctoshapeClient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\Sogou PXP\p2psvr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nassim\Bureau\non utilisé\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\sv3968\svchost.exe
F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
O2 - BHO: (no name) - {1441C9B1-0552-08AD-0A15-5800CBBB8BB7} - C:\WINDOWS\system32\onwlggqa.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {3292FD14-65A3-6E5E-F24F-6DE34A92AAE1} - C:\WINDOWS\system32\lohuht.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C69C8004-1BFB-4DFF-A4FE-C3534D3CE89A} - C:\Program Files\NetMeeting\powebegu455101.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &WinSec Toolbar - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\system32\wscmp.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Piolet] C:\PROGRA~1\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [4D4C4E504C4F4E52] 8A898B8D898C8B.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453945 14
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [QuickBar] C:\Program Files\Quikbar\quikbar.exe
O4 - HKCU\..\Run: [Context] C:\Program Files\Fichiers communs\{44FFB3E6-0B6E-1036-1128-050511230021}\context.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Nassim\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Hmwox] "C:\Documents and Settings\Nassim\Mes documents\F?nts\m?hta.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Ocxe] C:\WINDOWS\??curity\?vchost.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Orep] "C:\PROGRA~1\COMMON~1\STEM32~1\nslookup.exe" -vt ndrv
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [QdrPack12] "C:\Program Files\QdrPack\QdrPack12.exe"
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AIM (AIMMSN) - Unknown owner - C:\WINDOWS\aimmsn.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Security Service (HQRQ) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Fichiers communs\Sogou PXP\p2psvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
kobz
Messages postés
36
Date d'inscription
dimanche 13 mai 2007
Statut
Membre
Dernière intervention
14 février 2013
10 févr. 2008 à 14:16
10 févr. 2008 à 14:16
Bonjour, il y a quelqu'un pour me guider?
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
10 févr. 2008 à 22:42
10 févr. 2008 à 22:42
Re
Télécharge SmitfraudFix
Utilitaire de S!Ri: Moe et balltrap34
http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.
Regarde le tuto
Exécute le en choisissant l’option 1,
il va générer un rapport
Copie/colle le sur le poste stp.
Bon courage
A++
Télécharge SmitfraudFix
Utilitaire de S!Ri: Moe et balltrap34
http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.
Regarde le tuto
Exécute le en choisissant l’option 1,
il va générer un rapport
Copie/colle le sur le poste stp.
Bon courage
A++
kobz
Messages postés
36
Date d'inscription
dimanche 13 mai 2007
Statut
Membre
Dernière intervention
14 février 2013
12 févr. 2008 à 00:03
12 févr. 2008 à 00:03
Bonsoir, voici le rapport
SmitFraudFix v2.287
Rapport fait à 0:00:50,25, 12/02/2008
Executé à partir de C:\Documents and Settings\Nassim\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sv3968\svchost.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\8A898B8D898C8B.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\{14FFB3E6-0B6E-1036-1128-050511230021}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\svchost.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nassim
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nassim\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Nassim\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Video ActiveX Object\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\ComPlus Applications\\wuory.html"
"SubscribedURL"=""
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3F9718BA-8CFA-410B-AD02-ABB0DEF0F341}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3F9718BA-8CFA-410B-AD02-ABB0DEF0F341}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3F9718BA-8CFA-410B-AD02-ABB0DEF0F341}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.287
Rapport fait à 0:00:50,25, 12/02/2008
Executé à partir de C:\Documents and Settings\Nassim\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sv3968\svchost.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\8A898B8D898C8B.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\{14FFB3E6-0B6E-1036-1128-050511230021}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\svchost.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nassim
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nassim\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Nassim\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Video ActiveX Object\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\ComPlus Applications\\wuory.html"
"SubscribedURL"=""
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3F9718BA-8CFA-410B-AD02-ABB0DEF0F341}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3F9718BA-8CFA-410B-AD02-ABB0DEF0F341}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3F9718BA-8CFA-410B-AD02-ABB0DEF0F341}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
12 févr. 2008 à 09:48
12 févr. 2008 à 09:48
Re
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal,
copie/colle le rapport sauvegardé sur le forum
Et un nouveau log hijacthis
A++
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal,
copie/colle le rapport sauvegardé sur le forum
Et un nouveau log hijacthis
A++
kobz
Messages postés
36
Date d'inscription
dimanche 13 mai 2007
Statut
Membre
Dernière intervention
14 février 2013
12 févr. 2008 à 12:00
12 févr. 2008 à 12:00
Re,
J'ai donc suivi toutes les instructions, voici le rapport Smitfraud:
SmitFraudFix v2.287
Rapport fait à 11:39:53,95, 12/02/2008
Executé à partir de C:\Documents and Settings\Nassim\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3F9718BA-8CFA-410B-AD02-ABB0DEF0F341}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3F9718BA-8CFA-410B-AD02-ABB0DEF0F341}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3F9718BA-8CFA-410B-AD02-ABB0DEF0F341}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Et le rapport HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 11:57:57, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sv3968\svchost.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\8A898B8D898C8B.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\{14FFB3E6-0B6E-1036-1128-050511230021}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\??curity\?vchost.exe
C:\PROGRA~1\COMMON~1\STEM32~1\nslookup.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\QdrPack\QdrPack12.exe
C:\Program Files\xInsIDE\xInsIDE.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\Sogou PXP\p2psvr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nassim\Bureau\non utilisé\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\sv3968\svchost.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
O2 - BHO: (no name) - {1441C9B1-0552-08AD-0A15-5800CBBB8BB7} - C:\WINDOWS\system32\onwlggqa.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {3292FD14-65A3-6E5E-F24F-6DE34A92AAE1} - C:\WINDOWS\system32\lohuht.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C69C8004-1BFB-4DFF-A4FE-C3534D3CE89A} - C:\Program Files\NetMeeting\powebegu455101.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &WinSec Toolbar - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\system32\wscmp.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Piolet] C:\PROGRA~1\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [4D4C4E504C4F4E52] 8A898B8D898C8B.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453945 14
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [QuickBar] C:\Program Files\Quikbar\quikbar.exe
O4 - HKCU\..\Run: [Context] C:\Program Files\Fichiers communs\{44FFB3E6-0B6E-1036-1128-050511230021}\context.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Nassim\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Hmwox] "C:\Documents and Settings\Nassim\Mes documents\F?nts\m?hta.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Ocxe] C:\WINDOWS\??curity\?vchost.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Orep] "C:\PROGRA~1\COMMON~1\STEM32~1\nslookup.exe" -vt ndrv
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [QdrPack12] "C:\Program Files\QdrPack\QdrPack12.exe"
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AIM (AIMMSN) - Unknown owner - C:\WINDOWS\aimmsn.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Security Service (HQRQ) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Fichiers communs\Sogou PXP\p2psvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
J'ai donc suivi toutes les instructions, voici le rapport Smitfraud:
SmitFraudFix v2.287
Rapport fait à 11:39:53,95, 12/02/2008
Executé à partir de C:\Documents and Settings\Nassim\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3F9718BA-8CFA-410B-AD02-ABB0DEF0F341}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3F9718BA-8CFA-410B-AD02-ABB0DEF0F341}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3F9718BA-8CFA-410B-AD02-ABB0DEF0F341}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Et le rapport HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 11:57:57, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sv3968\svchost.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\8A898B8D898C8B.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\{14FFB3E6-0B6E-1036-1128-050511230021}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\??curity\?vchost.exe
C:\PROGRA~1\COMMON~1\STEM32~1\nslookup.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\QdrPack\QdrPack12.exe
C:\Program Files\xInsIDE\xInsIDE.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\Sogou PXP\p2psvr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nassim\Bureau\non utilisé\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\sv3968\svchost.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
O2 - BHO: (no name) - {1441C9B1-0552-08AD-0A15-5800CBBB8BB7} - C:\WINDOWS\system32\onwlggqa.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {3292FD14-65A3-6E5E-F24F-6DE34A92AAE1} - C:\WINDOWS\system32\lohuht.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C69C8004-1BFB-4DFF-A4FE-C3534D3CE89A} - C:\Program Files\NetMeeting\powebegu455101.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &WinSec Toolbar - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\system32\wscmp.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Piolet] C:\PROGRA~1\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [4D4C4E504C4F4E52] 8A898B8D898C8B.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453945 14
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [QuickBar] C:\Program Files\Quikbar\quikbar.exe
O4 - HKCU\..\Run: [Context] C:\Program Files\Fichiers communs\{44FFB3E6-0B6E-1036-1128-050511230021}\context.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Nassim\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Hmwox] "C:\Documents and Settings\Nassim\Mes documents\F?nts\m?hta.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Ocxe] C:\WINDOWS\??curity\?vchost.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Orep] "C:\PROGRA~1\COMMON~1\STEM32~1\nslookup.exe" -vt ndrv
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [QdrPack12] "C:\Program Files\QdrPack\QdrPack12.exe"
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AIM (AIMMSN) - Unknown owner - C:\WINDOWS\aimmsn.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Security Service (HQRQ) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Fichiers communs\Sogou PXP\p2psvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
12 févr. 2008 à 19:06
12 févr. 2008 à 19:06
Re
Elle est officielle ta version Windows XP ???
Télécharge SDFix
(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe
et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt
dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
Elle est officielle ta version Windows XP ???
Télécharge SDFix
(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe
et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt
dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
kobz
Messages postés
36
Date d'inscription
dimanche 13 mai 2007
Statut
Membre
Dernière intervention
14 février 2013
12 févr. 2008 à 22:46
12 févr. 2008 à 22:46
Re
Oui, ma version de Windows est officielle
Voila ce que ça donne avec SDFix
SDFix: Version 1.141
Run by Nassim on 12/02/2008 at 22:10
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Nassim\Bureau\SDFix
Safe Mode:
Checking Services:
Name:
core
ntload
Path:
system32\drivers\core.sys
\??\C:\WINDOWS\system32\ntload.sys
core - Deleted
ntload - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\PROGRA~1\COMPLU~1\WUORY~1.HTM - Deleted
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\QdrPack\carkazupd.exe - Deleted
C:\Program Files\QdrPack\dicts.gz - Deleted
C:\Program Files\QdrPack\QdrPack10.exe - Deleted
C:\Program Files\QdrPack\QdrPack11.exe - Deleted
C:\Program Files\QdrPack\QdrPack12.exe - Deleted
C:\Program Files\QdrPack\trgts.gz - Deleted
C:\Program Files\QdrPack\zhydupd.exe - Deleted
C:\Program Files\Router\UnInstall.exe - Deleted
C:\Program Files\xInsIDE\xInsIDE.exe - Deleted
C:\WINDOWS\system32\CID - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\ieupdates.exe - Deleted
C:\WINDOWS\system32\SvcNm - Deleted
C:\WINDOWS\system32\update32.exe - Deleted
C:\WINDOWS\system32\upds.log - Deleted
C:\WINDOWS\system32\url1 - Deleted
C:\WINDOWS\system32\url2 - Deleted
C:\WINDOWS\system32\url3 - Deleted
C:\WINDOWS\system32\winsrc.dll - Deleted
C:\WINDOWS\system32\winupdate.exe - Deleted
C:\WINDOWS\system32\wscmp.dll - Deleted
C:\WINDOWS\system32\drivers\core.sys - Deleted
C:\WINDOWS\system32\ntload.sys - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\QdrPack - Removed
Folder C:\Program Files\Router - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\xInsIDE - Removed
Folder C:\Temp\tn3 - Removed
Folder C:\WINDOWS\system32\svcd - Removed
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 22:37:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:a57186ca
"s2"=dword:f3c29d2d
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:1c,33,4a,98,4a,fd,12,54,c7,77,3d,45,da,70,e3,81,ec,d3,51,b3,4d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:56,dd,c0,3d,c1,03,00,da,a8,82,fa,95,1b,15,de,b3,45,bc,ba,8c,e4,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:dd,c0,00,7a,98,16,91,cc,9f,2c,57,d2,25,9d,f4,a8,e7,7a,28,37,f0,..
"a0"=hex:20,01,00,00,09,6a,91,45,06,63,52,2f,e9,18,3e,10,37,a0,26,af,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3f,c6,e4,3b,63,b1,a9,0e,ea,15,46,6f,16,90,2a,3c,8c,3e,6a,88,6e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:1c,33,4a,98,4a,fd,12,54,c7,77,3d,45,da,70,e3,81,ec,d3,51,b3,4d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:56,dd,c0,3d,c1,03,00,da,a8,82,fa,95,1b,15,de,b3,45,bc,ba,8c,e4,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:dd,c0,00,7a,98,16,91,cc,9f,2c,57,d2,25,9d,f4,a8,e7,7a,28,37,f0,..
"a0"=hex:20,01,00,00,09,6a,91,45,06,63,52,2f,e9,18,3e,10,37,a0,26,af,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3f,c6,e4,3b,63,b1,a9,0e,ea,15,46,6f,16,90,2a,3c,8c,3e,6a,88,6e,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 31
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Disabled:BitTorrent"
"C:\\Program Files\\PPLive\\PPlive.exe"="C:\\Program Files\\PPLive\\PPlive.exe:*:Disabled:PPLive"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\Octoshape Streaming Services\\Nassim\\OctoshapeClient.exe"="C:\\Program Files\\Octoshape Streaming Services\\Nassim\\OctoshapeClient.exe:*:Disabled:OctoshapeClient"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE:*:Disabled:ActiveSync Application"
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE:*:Disabled:ActiveSync Connection Manager"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Disabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Disabled:Orb Stream Client"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Disabled:OrbTray"
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Documents and Settings\\Nassim\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Nassim\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Disabled:SopCast Main Application"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\Fichiers communs\\Sogou PXP\\p2psvr.exe"="C:\\Program Files\\Fichiers communs\\Sogou PXP\\p2psvr.exe:*:Enabled:Sogou P4P Service"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Documents and Settings\\Nassim\\Bureau\\PES2008.exe"="C:\\Documents and Settings\\Nassim\\Bureau\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\Nassim\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 7 Apr 2005 470,016 ..SHR --- "C:\WINDOWS\system32\windserv.exe"
Mon 28 Jan 2008 230,400 ..SHR --- "C:\WINDOWS\??curity\?vchost.exe"
Sun 27 Aug 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 26 Dec 2007 71,680 ..SHR --- "C:\Program Files\Common Files\??stem32\nslookup.exe"
Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Mon 24 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1.tmp"
Finished!
Et avec HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 22:43:39, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\Sogou PXP\p2psvr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\8A898B8D898C8B.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\??curity\?vchost.exe
C:\PROGRA~1\COMMON~1\STEM32~1\nslookup.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Octoshape Streaming Services\Nassim\OctoshapeClient.exe
C:\Documents and Settings\Nassim\Bureau\non utilisé\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: (no name) - {1441C9B1-0552-08AD-0A15-5800CBBB8BB7} - C:\WINDOWS\system32\onwlggqa.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {3292FD14-65A3-6E5E-F24F-6DE34A92AAE1} - C:\WINDOWS\system32\lohuht.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C69C8004-1BFB-4DFF-A4FE-C3534D3CE89A} - C:\Program Files\NetMeeting\powebegu455101.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Piolet] C:\PROGRA~1\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [4D4C4E504C4F4E52] 8A898B8D898C8B.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453945 14
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [QuickBar] C:\Program Files\Quikbar\quikbar.exe
O4 - HKCU\..\Run: [Context] C:\Program Files\Fichiers communs\{44FFB3E6-0B6E-1036-1128-050511230021}\context.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Nassim\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Hmwox] "C:\Documents and Settings\Nassim\Mes documents\F?nts\m?hta.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Ocxe] C:\WINDOWS\??curity\?vchost.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Orep] "C:\PROGRA~1\COMMON~1\STEM32~1\nslookup.exe" -vt ndrv
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AIM (AIMMSN) - Unknown owner - C:\WINDOWS\aimmsn.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Security Service (HQRQ) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Fichiers communs\Sogou PXP\p2psvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Oui, ma version de Windows est officielle
Voila ce que ça donne avec SDFix
SDFix: Version 1.141
Run by Nassim on 12/02/2008 at 22:10
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Nassim\Bureau\SDFix
Safe Mode:
Checking Services:
Name:
core
ntload
Path:
system32\drivers\core.sys
\??\C:\WINDOWS\system32\ntload.sys
core - Deleted
ntload - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\PROGRA~1\COMPLU~1\WUORY~1.HTM - Deleted
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\QdrPack\carkazupd.exe - Deleted
C:\Program Files\QdrPack\dicts.gz - Deleted
C:\Program Files\QdrPack\QdrPack10.exe - Deleted
C:\Program Files\QdrPack\QdrPack11.exe - Deleted
C:\Program Files\QdrPack\QdrPack12.exe - Deleted
C:\Program Files\QdrPack\trgts.gz - Deleted
C:\Program Files\QdrPack\zhydupd.exe - Deleted
C:\Program Files\Router\UnInstall.exe - Deleted
C:\Program Files\xInsIDE\xInsIDE.exe - Deleted
C:\WINDOWS\system32\CID - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\ieupdates.exe - Deleted
C:\WINDOWS\system32\SvcNm - Deleted
C:\WINDOWS\system32\update32.exe - Deleted
C:\WINDOWS\system32\upds.log - Deleted
C:\WINDOWS\system32\url1 - Deleted
C:\WINDOWS\system32\url2 - Deleted
C:\WINDOWS\system32\url3 - Deleted
C:\WINDOWS\system32\winsrc.dll - Deleted
C:\WINDOWS\system32\winupdate.exe - Deleted
C:\WINDOWS\system32\wscmp.dll - Deleted
C:\WINDOWS\system32\drivers\core.sys - Deleted
C:\WINDOWS\system32\ntload.sys - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\QdrPack - Removed
Folder C:\Program Files\Router - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\xInsIDE - Removed
Folder C:\Temp\tn3 - Removed
Folder C:\WINDOWS\system32\svcd - Removed
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 22:37:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:a57186ca
"s2"=dword:f3c29d2d
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:1c,33,4a,98,4a,fd,12,54,c7,77,3d,45,da,70,e3,81,ec,d3,51,b3,4d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:56,dd,c0,3d,c1,03,00,da,a8,82,fa,95,1b,15,de,b3,45,bc,ba,8c,e4,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:dd,c0,00,7a,98,16,91,cc,9f,2c,57,d2,25,9d,f4,a8,e7,7a,28,37,f0,..
"a0"=hex:20,01,00,00,09,6a,91,45,06,63,52,2f,e9,18,3e,10,37,a0,26,af,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3f,c6,e4,3b,63,b1,a9,0e,ea,15,46,6f,16,90,2a,3c,8c,3e,6a,88,6e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:1c,33,4a,98,4a,fd,12,54,c7,77,3d,45,da,70,e3,81,ec,d3,51,b3,4d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:56,dd,c0,3d,c1,03,00,da,a8,82,fa,95,1b,15,de,b3,45,bc,ba,8c,e4,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:dd,c0,00,7a,98,16,91,cc,9f,2c,57,d2,25,9d,f4,a8,e7,7a,28,37,f0,..
"a0"=hex:20,01,00,00,09,6a,91,45,06,63,52,2f,e9,18,3e,10,37,a0,26,af,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3f,c6,e4,3b,63,b1,a9,0e,ea,15,46,6f,16,90,2a,3c,8c,3e,6a,88,6e,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 31
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Disabled:BitTorrent"
"C:\\Program Files\\PPLive\\PPlive.exe"="C:\\Program Files\\PPLive\\PPlive.exe:*:Disabled:PPLive"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\Octoshape Streaming Services\\Nassim\\OctoshapeClient.exe"="C:\\Program Files\\Octoshape Streaming Services\\Nassim\\OctoshapeClient.exe:*:Disabled:OctoshapeClient"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE:*:Disabled:ActiveSync Application"
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE:*:Disabled:ActiveSync Connection Manager"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Disabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Disabled:Orb Stream Client"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Disabled:OrbTray"
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Documents and Settings\\Nassim\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Nassim\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Disabled:SopCast Main Application"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\Fichiers communs\\Sogou PXP\\p2psvr.exe"="C:\\Program Files\\Fichiers communs\\Sogou PXP\\p2psvr.exe:*:Enabled:Sogou P4P Service"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Documents and Settings\\Nassim\\Bureau\\PES2008.exe"="C:\\Documents and Settings\\Nassim\\Bureau\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\Nassim\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 7 Apr 2005 470,016 ..SHR --- "C:\WINDOWS\system32\windserv.exe"
Mon 28 Jan 2008 230,400 ..SHR --- "C:\WINDOWS\??curity\?vchost.exe"
Sun 27 Aug 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 26 Dec 2007 71,680 ..SHR --- "C:\Program Files\Common Files\??stem32\nslookup.exe"
Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Mon 24 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1.tmp"
Finished!
Et avec HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 22:43:39, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\Sogou PXP\p2psvr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\8A898B8D898C8B.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\??curity\?vchost.exe
C:\PROGRA~1\COMMON~1\STEM32~1\nslookup.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Octoshape Streaming Services\Nassim\OctoshapeClient.exe
C:\Documents and Settings\Nassim\Bureau\non utilisé\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: (no name) - {1441C9B1-0552-08AD-0A15-5800CBBB8BB7} - C:\WINDOWS\system32\onwlggqa.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {3292FD14-65A3-6E5E-F24F-6DE34A92AAE1} - C:\WINDOWS\system32\lohuht.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C69C8004-1BFB-4DFF-A4FE-C3534D3CE89A} - C:\Program Files\NetMeeting\powebegu455101.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Piolet] C:\PROGRA~1\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [4D4C4E504C4F4E52] 8A898B8D898C8B.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453945 14
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [QuickBar] C:\Program Files\Quikbar\quikbar.exe
O4 - HKCU\..\Run: [Context] C:\Program Files\Fichiers communs\{44FFB3E6-0B6E-1036-1128-050511230021}\context.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Nassim\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Hmwox] "C:\Documents and Settings\Nassim\Mes documents\F?nts\m?hta.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Ocxe] C:\WINDOWS\??curity\?vchost.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Orep] "C:\PROGRA~1\COMMON~1\STEM32~1\nslookup.exe" -vt ndrv
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AIM (AIMMSN) - Unknown owner - C:\WINDOWS\aimmsn.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Security Service (HQRQ) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Fichiers communs\Sogou PXP\p2psvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)