Infection de VTURR.DLL par Adaware Virtumonde
Résolu/Fermé
TribuFo
Messages postés
3
Date d'inscription
mercredi 15 février 2006
Statut
Membre
Dernière intervention
15 février 2006
-
15 févr. 2006 à 15:41
billgaffe Messages postés 6 Date d'inscription mercredi 2 juillet 2008 Statut Membre Dernière intervention 5 septembre 2009 - 2 juil. 2008 à 16:22
billgaffe Messages postés 6 Date d'inscription mercredi 2 juillet 2008 Statut Membre Dernière intervention 5 septembre 2009 - 2 juil. 2008 à 16:22
A voir également:
- Infection de VTURR.DLL par Adaware Virtumonde
- Adaware - Télécharger - Sécurité
- Virtumonde ✓ - Forum Virus
- L'ordinateur de samantha a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Antivirus
- Infecte par un virus - Forum Virus
- L'ordinateur de simon a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Cinéma / Télé
4 réponses
Utilisateur anonyme
15 févr. 2006 à 15:43
15 févr. 2006 à 15:43
salut telecharge VirtumundoBegone :
http://www.bleepingcomputer.com/forums/topic18610.html
redemarre en mode sans echec (redemarrage +tappot sans arret sur F8 desque l'ordi s'allume)
double clike sur VirtumundoBeGone.exe et laisse le faire le travail
refait un hijack et colle le resultat ici
@++++++++
http://www.bleepingcomputer.com/forums/topic18610.html
redemarre en mode sans echec (redemarrage +tappot sans arret sur F8 desque l'ordi s'allume)
double clike sur VirtumundoBeGone.exe et laisse le faire le travail
refait un hijack et colle le resultat ici
@++++++++
TribuFo
Messages postés
3
Date d'inscription
mercredi 15 février 2006
Statut
Membre
Dernière intervention
15 février 2006
15 févr. 2006 à 16:09
15 févr. 2006 à 16:09
Rebonjour,
Bigre ! tu sembles avoir vaincu le vilain troyen.
Voici le résultat de Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 16:02:27, on 15/02/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HIJACKTHIS VF\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139757174421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139768035064
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: inetdns (InetDns) (inetdns) - Unknown owner - C:\WINNT\system32\inetdns.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
Qu'en penses-tu ?
Y a-t-il d'autres corrections à apporter ?
Eric
Bigre ! tu sembles avoir vaincu le vilain troyen.
Voici le résultat de Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 16:02:27, on 15/02/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HIJACKTHIS VF\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139757174421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139768035064
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: inetdns (InetDns) (inetdns) - Unknown owner - C:\WINNT\system32\inetdns.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
Qu'en penses-tu ?
Y a-t-il d'autres corrections à apporter ?
Eric
Utilisateur anonyme
15 févr. 2006 à 16:18
15 févr. 2006 à 16:18
salut ton log me semble propre :)
@++++
@++++
TribuFo
Messages postés
3
Date d'inscription
mercredi 15 février 2006
Statut
Membre
Dernière intervention
15 février 2006
15 févr. 2006 à 16:21
15 févr. 2006 à 16:21
Merci beaucoup et à une prochaine (bien que je ne souhaite pas être réinfecté !)
Utilisateur anonyme
15 févr. 2006 à 16:33
15 févr. 2006 à 16:33
de rien :)
@++++++
@++++++
billgaffe
Messages postés
6
Date d'inscription
mercredi 2 juillet 2008
Statut
Membre
Dernière intervention
5 septembre 2009
2 juil. 2008 à 16:04
2 juil. 2008 à 16:04
Salut à toi et tout d'abord merci pour ton assistance...
J'admire le mec qui a créé cette vermine infame de virtumonde, c'est un vrai cauchemard.... J'ai très récemment reformaté mon pc et installé avant toute chose Kaspersky 2009, Spybot et Adaware, tous 3 parfaitement à jour....et devine quoi...Je me retape cette saloperie!
Voici donc les infos que tu demandes contre ton aide:
*Rapports DSS après tentative de désinfection avec VundoFix:
-moved.txt:
Directories/Files moved to C:\Deckard\System Scanner\backup
2008-07-01 17:45:33 46 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\atmadm2.exe.bat
2008-07-01 17:45:32 47 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bindsrv2.exe.bat
2008-07-01 17:47:08 911046 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\caevents.log
2008-06-27 17:49:18 36864 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CmdLineExt02.dll
2008-06-30 18:22:02 8240544 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DivXInstaller.exe <Verified; DivX, Inc.; >
2008-07-01 17:44:41 44 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dssec.exe.bat
2008-06-26 19:54:02 610 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GEARInstall.log
2008-06-30 22:25:59 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hsperfdata_Administrator
2008-06-30 18:22:20 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ICD1.tmp
2008-07-01 17:45:38 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP
2008-07-01 17:45:33 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP001.TMP
2008-06-25 22:00:56 23569 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\java_install.log
2008-07-01 16:57:14 3075 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\java_install_reg.log
2008-06-26 10:55:59 1163 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\java_install_sp.log
2008-06-26 10:47:18 8265 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jinstall.cfg
2008-07-02 14:22:53 9046 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jusched.log
2008-06-30 16:43:29 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jv16PT_2007
2008-06-28 07:57:24 3426690 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-install-2008-06-28-07-55-24.log
2008-06-29 17:15:19 3415000 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-install-2008-06-29-17-14-19.log
2008-07-01 17:47:09 4162078 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-install-2008-07-01-17-44-58.log
2008-06-28 07:57:24 6757 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-setup-2008-06-28-07-55-24.log
2008-06-29 17:15:19 6654 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-setup-2008-06-29-17-14-19.log
2008-07-01 17:47:09 7175 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-setup-2008-07-01-17-44-58.log
2008-06-29 17:14:39 3940 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 1700) 2008-06-29 17-14-38.log
2008-06-29 17:14:32 7531 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 324) 2008-06-29 17-14-32.log
2008-06-29 17:14:34 10481 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 324) 2008-06-29 17-14-34.log
2008-07-01 17:45:17 8181 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3272) 2008-07-01 17-45-17.log
2008-07-01 17:45:18 16668 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3272) 2008-07-01 17-45-18.log
2008-06-28 07:56:26 7711 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3448) 2008-06-28 07-56-26.log
2008-06-28 07:56:28 10726 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3448) 2008-06-28 07-56-28.log
2008-07-01 17:45:23 4100 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3768) 2008-07-01 17-45-23.log
2008-06-28 07:56:38 3940 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 4028) 2008-06-28 07-56-38.log
2008-07-01 17:44:42 44 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\media.php.bat
2008-07-01 16:33:51 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache
2008-06-30 18:20:54 34 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mod4.tmp
2008-06-30 18:22:02 34 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mod5.tmp
2008-06-29 21:26:47 1224 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Silverlight0.log
2008-06-29 21:26:47 176206 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SilverlightMSI.log
2008-06-27 17:49:18 12067 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SIntf16.dll
2008-06-27 17:49:18 19924 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SIntf32.dll
2008-06-27 17:49:22 4592 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SIntfIcn.ani
2008-06-27 17:49:18 24516 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SIntfNT.dll
2008-06-28 07:55:26 2812 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp33.tmp
2008-06-29 17:14:20 2812 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA.tmp
2008-07-01 17:44:59 2812 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB.tmp
2003-05-20 04:22:26 307200 -----n--- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\war3_Install.exe <Not Verified; Blizzard Entertainment; Frozen Throne Installer>
2008-07-02 14:01:30 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER3e83.dir00
2008-06-26 21:20:37 1408 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmplog00.sqm
2008-07-02 14:17:45 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WPDNSE
2008-06-26 11:15:38 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{87849F8C-770E-45CA-8CA9-5E40D5B1773F}
2008-06-30 16:01:14 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{8B3FAD83-CF61-487C-A824-7F565C5A6B69}
2008-07-01 17:47:02 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
2008-06-28 07:51:22 597 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{AC76BA86-7AD7-1036-7B44-A81200000003}.ini
2008-06-30 16:01:14 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{C8E90355-CB9F-42DB-9AEB-4D4B1D4519B1}
2008-06-26 20:32:09 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{E14936DC-6C1E-41EC-9477-295012DB0F25}
2008-07-02 14:06:56 32768 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9F20.tmp
2008-06-25 17:20:39 20865 --a------ C:\WINDOWS\temp\IntelGFX.log
2008-06-24 18:18:27 6019 --a------ C:\WINDOWS\temp\NetFxUpdate_v1.1.4322.log
2008-07-01 17:51:01 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_950.dat
2008-07-02 14:17:24 255 --a------ C:\WINDOWS\temp\WGAErrLog.txt
2008-06-26 20:04:52 0 d-------- C:\WINDOWS\temp\_avast4_
2007-10-18 10:04:16 341296 --a------ C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll <Verified; Hewlett-Packard Co.; HPDEXAXO>
-*- End of Logfile -*-
-extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Genuine Intel(R) CPU T1300 @ 1.66GHz
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 1526.05 MiB / 1170.28 MiB
Pagefile Memory (total/avail): 3422.51 MiB / 3212.81 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1872.11 MiB
C: is Fixed (NTFS) - 19.53 GiB total, 11.62 GiB free.
D: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.
E: is CDROM (UDF)
\\.\PHYSICALDRIVE0 - FUJITSU MHW2080BH - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 54.99 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BILLGAFF-89EFD5
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\BILLGAFF-89EFD5
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=BILLGAFF-89EFD5
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
billgaffe [I](admin)/I
Administrator [I](admin)/I
-- Add/Remove Programs ---------------------------------------------------------
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -Icpl30a5a.inf
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_CPL30A5m\HXFSETUP.EXE -U -ICPL30A5m.inf
HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.9.5 (Full) --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Microsoft Compression Client Pack 1.0 for Windows XP -->
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 -->
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
RegSupreme Pro --> "C:\Program Files\RegSupreme Pro\unins000.exe"
Satsuki Decoder Pack 4000 --> C:\Program Files\Satsuki Decoder Pack\Uninstall.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
VideoLAN VLC media player 0.8.6h --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime -->
-- Application Event Log -------------------------------------------------------
Event Record #/Type293 / Error
Event Submitted/Written: 07/02/2008 02:01:29 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 7.0.5730.13, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type289 / Error
Event Submitted/Written: 07/02/2008 00:29:54 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type285 / Error
Event Submitted/Written: 07/02/2008 02:45:58 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type249 / Success
Event Submitted/Written: 07/01/2008 04:26:31 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type197 / Error
Event Submitted/Written: 06/28/2008 08:12:34 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2055 / Warning
Event Submitted/Written: 07/02/2008 02:22:52 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE7EE42C. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type2010 / Warning
Event Submitted/Written: 07/02/2008 02:02:36 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE7EE42C. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type2009 / Warning
Event Submitted/Written: 07/02/2008 02:02:35 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE7EE42C. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type1937 / Warning
Event Submitted/Written: 07/02/2008 00:31:09 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE7EE42C. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type1928 / Warning
Event Submitted/Written: 07/02/2008 00:17:39 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0018DE7EE42C. The IP address being used is 169.254.187.245.
-- End of Deckard's System Scanner: finished at 2008-07-02 14:39:31 ------------
-main.txt:
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-02 14:35:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
30: 2008-07-02 12:36:03 UTC - RP30 - Deckard's System Scanner Restore Point
29: 2008-07-01 15:51:00 UTC - RP29 - Last known good configuration
28: 2008-07-01 15:50:54 UTC - RP28 - Installed Kaspersky Internet Security 2009.
27: 2008-07-01 15:50:54 UTC - RP27 - Removed Kaspersky Anti-Virus 7.0.
26: 2008-07-01 15:50:53 UTC - RP26 - clean
-- First Restore Point --
1: 2008-07-01 15:50:47 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Administrator.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:17, on 02/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ecogle.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08EC4AD6-5FBB-4E69-9645-2AD3E7B110F8} - (no file)
O2 - BHO: (no name) - {28220052-D9A9-44B1-AB98-EDC594D238B6} - C:\WINDOWS\system32\ljJCsppQ.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {74200AD9-50E4-4965-8CB7-7E70AE26E8F3} - C:\WINDOWS\system32\hgGyyaaA.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BA835039-A72D-4005-A135-2A1AC6EB9F6D} - C:\WINDOWS\system32\fccDuttq.dll (file missing)
O2 - BHO: (no name) - {BDD85FFD-C3B7-444C-A5CD-BC7307E0D887} - C:\WINDOWS\system32\hgGvuSkI.dll (file missing)
O2 - BHO: (no name) - {C3A0808C-F4A4-4CDD-A1C2-A14E66CEB47F} - (no file)
O2 - BHO: (no name) - {EBD82173-92C5-42F9-8A62-B573912E1F7B} - (no file)
O2 - BHO: (no name) - {F8906697-EC80-4E8A-9056-7BB1396F8C86} - C:\WINDOWS\system32\tuvwUNdb.dll (file missing)
O3 - Toolbar: nqgpedlr - {08E11E95-E8E4-43DD-B762-43F2159C8759} - C:\WINDOWS\nqgpedlr.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [e8b8a1d3] rundll32.exe "C:\WINDOWS\system32\yekiwhur.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: ljJCsppQ - C:\WINDOWS\SYSTEM32\ljJCsppQ.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
J'admire le mec qui a créé cette vermine infame de virtumonde, c'est un vrai cauchemard.... J'ai très récemment reformaté mon pc et installé avant toute chose Kaspersky 2009, Spybot et Adaware, tous 3 parfaitement à jour....et devine quoi...Je me retape cette saloperie!
Voici donc les infos que tu demandes contre ton aide:
*Rapports DSS après tentative de désinfection avec VundoFix:
-moved.txt:
Directories/Files moved to C:\Deckard\System Scanner\backup
2008-07-01 17:45:33 46 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\atmadm2.exe.bat
2008-07-01 17:45:32 47 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bindsrv2.exe.bat
2008-07-01 17:47:08 911046 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\caevents.log
2008-06-27 17:49:18 36864 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CmdLineExt02.dll
2008-06-30 18:22:02 8240544 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DivXInstaller.exe <Verified; DivX, Inc.; >
2008-07-01 17:44:41 44 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dssec.exe.bat
2008-06-26 19:54:02 610 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GEARInstall.log
2008-06-30 22:25:59 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hsperfdata_Administrator
2008-06-30 18:22:20 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ICD1.tmp
2008-07-01 17:45:38 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP
2008-07-01 17:45:33 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP001.TMP
2008-06-25 22:00:56 23569 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\java_install.log
2008-07-01 16:57:14 3075 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\java_install_reg.log
2008-06-26 10:55:59 1163 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\java_install_sp.log
2008-06-26 10:47:18 8265 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jinstall.cfg
2008-07-02 14:22:53 9046 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jusched.log
2008-06-30 16:43:29 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jv16PT_2007
2008-06-28 07:57:24 3426690 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-install-2008-06-28-07-55-24.log
2008-06-29 17:15:19 3415000 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-install-2008-06-29-17-14-19.log
2008-07-01 17:47:09 4162078 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-install-2008-07-01-17-44-58.log
2008-06-28 07:57:24 6757 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-setup-2008-06-28-07-55-24.log
2008-06-29 17:15:19 6654 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-setup-2008-06-29-17-14-19.log
2008-07-01 17:47:09 7175 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kl-setup-2008-07-01-17-44-58.log
2008-06-29 17:14:39 3940 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 1700) 2008-06-29 17-14-38.log
2008-06-29 17:14:32 7531 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 324) 2008-06-29 17-14-32.log
2008-06-29 17:14:34 10481 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 324) 2008-06-29 17-14-34.log
2008-07-01 17:45:17 8181 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3272) 2008-07-01 17-45-17.log
2008-07-01 17:45:18 16668 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3272) 2008-07-01 17-45-18.log
2008-06-28 07:56:26 7711 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3448) 2008-06-28 07-56-26.log
2008-06-28 07:56:28 10726 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3448) 2008-06-28 07-56-28.log
2008-07-01 17:45:23 4100 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 3768) 2008-07-01 17-45-23.log
2008-06-28 07:56:38 3940 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kleaner (pid 4028) 2008-06-28 07-56-38.log
2008-07-01 17:44:42 44 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\media.php.bat
2008-07-01 16:33:51 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MessengerCache
2008-06-30 18:20:54 34 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mod4.tmp
2008-06-30 18:22:02 34 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mod5.tmp
2008-06-29 21:26:47 1224 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Silverlight0.log
2008-06-29 21:26:47 176206 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SilverlightMSI.log
2008-06-27 17:49:18 12067 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SIntf16.dll
2008-06-27 17:49:18 19924 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SIntf32.dll
2008-06-27 17:49:22 4592 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SIntfIcn.ani
2008-06-27 17:49:18 24516 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SIntfNT.dll
2008-06-28 07:55:26 2812 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp33.tmp
2008-06-29 17:14:20 2812 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpA.tmp
2008-07-01 17:44:59 2812 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB.tmp
2003-05-20 04:22:26 307200 -----n--- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\war3_Install.exe <Not Verified; Blizzard Entertainment; Frozen Throne Installer>
2008-07-02 14:01:30 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER3e83.dir00
2008-06-26 21:20:37 1408 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmplog00.sqm
2008-07-02 14:17:45 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WPDNSE
2008-06-26 11:15:38 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{87849F8C-770E-45CA-8CA9-5E40D5B1773F}
2008-06-30 16:01:14 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{8B3FAD83-CF61-487C-A824-7F565C5A6B69}
2008-07-01 17:47:02 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
2008-06-28 07:51:22 597 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{AC76BA86-7AD7-1036-7B44-A81200000003}.ini
2008-06-30 16:01:14 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{C8E90355-CB9F-42DB-9AEB-4D4B1D4519B1}
2008-06-26 20:32:09 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{E14936DC-6C1E-41EC-9477-295012DB0F25}
2008-07-02 14:06:56 32768 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9F20.tmp
2008-06-25 17:20:39 20865 --a------ C:\WINDOWS\temp\IntelGFX.log
2008-06-24 18:18:27 6019 --a------ C:\WINDOWS\temp\NetFxUpdate_v1.1.4322.log
2008-07-01 17:51:01 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_950.dat
2008-07-02 14:17:24 255 --a------ C:\WINDOWS\temp\WGAErrLog.txt
2008-06-26 20:04:52 0 d-------- C:\WINDOWS\temp\_avast4_
2007-10-18 10:04:16 341296 --a------ C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll <Verified; Hewlett-Packard Co.; HPDEXAXO>
-*- End of Logfile -*-
-extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Genuine Intel(R) CPU T1300 @ 1.66GHz
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 1526.05 MiB / 1170.28 MiB
Pagefile Memory (total/avail): 3422.51 MiB / 3212.81 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1872.11 MiB
C: is Fixed (NTFS) - 19.53 GiB total, 11.62 GiB free.
D: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.
E: is CDROM (UDF)
\\.\PHYSICALDRIVE0 - FUJITSU MHW2080BH - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 54.99 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BILLGAFF-89EFD5
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\BILLGAFF-89EFD5
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=BILLGAFF-89EFD5
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
billgaffe [I](admin)/I
Administrator [I](admin)/I
-- Add/Remove Programs ---------------------------------------------------------
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -Icpl30a5a.inf
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_CPL30A5m\HXFSETUP.EXE -U -ICPL30A5m.inf
HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.9.5 (Full) --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Microsoft Compression Client Pack 1.0 for Windows XP -->
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 -->
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
RegSupreme Pro --> "C:\Program Files\RegSupreme Pro\unins000.exe"
Satsuki Decoder Pack 4000 --> C:\Program Files\Satsuki Decoder Pack\Uninstall.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
VideoLAN VLC media player 0.8.6h --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime -->
-- Application Event Log -------------------------------------------------------
Event Record #/Type293 / Error
Event Submitted/Written: 07/02/2008 02:01:29 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 7.0.5730.13, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type289 / Error
Event Submitted/Written: 07/02/2008 00:29:54 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type285 / Error
Event Submitted/Written: 07/02/2008 02:45:58 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type249 / Success
Event Submitted/Written: 07/01/2008 04:26:31 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type197 / Error
Event Submitted/Written: 06/28/2008 08:12:34 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2055 / Warning
Event Submitted/Written: 07/02/2008 02:22:52 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE7EE42C. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type2010 / Warning
Event Submitted/Written: 07/02/2008 02:02:36 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE7EE42C. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type2009 / Warning
Event Submitted/Written: 07/02/2008 02:02:35 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE7EE42C. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type1937 / Warning
Event Submitted/Written: 07/02/2008 00:31:09 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE7EE42C. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type1928 / Warning
Event Submitted/Written: 07/02/2008 00:17:39 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0018DE7EE42C. The IP address being used is 169.254.187.245.
-- End of Deckard's System Scanner: finished at 2008-07-02 14:39:31 ------------
-main.txt:
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-02 14:35:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
30: 2008-07-02 12:36:03 UTC - RP30 - Deckard's System Scanner Restore Point
29: 2008-07-01 15:51:00 UTC - RP29 - Last known good configuration
28: 2008-07-01 15:50:54 UTC - RP28 - Installed Kaspersky Internet Security 2009.
27: 2008-07-01 15:50:54 UTC - RP27 - Removed Kaspersky Anti-Virus 7.0.
26: 2008-07-01 15:50:53 UTC - RP26 - clean
-- First Restore Point --
1: 2008-07-01 15:50:47 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Administrator.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:17, on 02/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ecogle.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08EC4AD6-5FBB-4E69-9645-2AD3E7B110F8} - (no file)
O2 - BHO: (no name) - {28220052-D9A9-44B1-AB98-EDC594D238B6} - C:\WINDOWS\system32\ljJCsppQ.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {74200AD9-50E4-4965-8CB7-7E70AE26E8F3} - C:\WINDOWS\system32\hgGyyaaA.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BA835039-A72D-4005-A135-2A1AC6EB9F6D} - C:\WINDOWS\system32\fccDuttq.dll (file missing)
O2 - BHO: (no name) - {BDD85FFD-C3B7-444C-A5CD-BC7307E0D887} - C:\WINDOWS\system32\hgGvuSkI.dll (file missing)
O2 - BHO: (no name) - {C3A0808C-F4A4-4CDD-A1C2-A14E66CEB47F} - (no file)
O2 - BHO: (no name) - {EBD82173-92C5-42F9-8A62-B573912E1F7B} - (no file)
O2 - BHO: (no name) - {F8906697-EC80-4E8A-9056-7BB1396F8C86} - C:\WINDOWS\system32\tuvwUNdb.dll (file missing)
O3 - Toolbar: nqgpedlr - {08E11E95-E8E4-43DD-B762-43F2159C8759} - C:\WINDOWS\nqgpedlr.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [e8b8a1d3] rundll32.exe "C:\WINDOWS\system32\yekiwhur.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: ljJCsppQ - C:\WINDOWS\SYSTEM32\ljJCsppQ.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
billgaffe
Messages postés
6
Date d'inscription
mercredi 2 juillet 2008
Statut
Membre
Dernière intervention
5 septembre 2009
2 juil. 2008 à 16:22
2 juil. 2008 à 16:22
P.S: Mon dernier message était trop long, voici donc le dernier rapport HijackThis en intégralité:
*Rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21:31, on 02/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ecogle.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O3 - Toolbar: nqgpedlr - {08E11E95-E8E4-43DD-B762-43F2159C8759} - C:\WINDOWS\nqgpedlr.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
*Rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21:31, on 02/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ecogle.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O3 - Toolbar: nqgpedlr - {08E11E95-E8E4-43DD-B762-43F2159C8759} - C:\WINDOWS\nqgpedlr.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
