Bonsoir,
j'ai exécuté :
- vundofix
- virtumondebegone
- combofix
ci-dessous les rapports de chaque scan
j'ai aussi exécuté hijackthis après chacun des scans ci-dessus
pour moi le contenu des rapports c'est de l'hébreux lol
j'ai aussi lancé bitdefender en ligne mais le scan c'est bloqué au bout de 2 heures environ , j'ai stoppé l'analyse
j'ai l'intention d'essayer panda et secuser après
faut il que j'essaye a nouveau bitdefender ?
les 2 icones qui se trouvaient sur le bureau et la barre security toolbar 7 ainsi que le triangle jaune dans la barre du bas ont disparu
les infections seraient telles supprimées ?
que dois je faire pour etre sur de ne plus avoir à nouveau ces pbs ?
le pb qui reste : j'ai l'appli limewire qui démarre toute seule sur le bureau et je me demande si ce n'est pas par là que j'ai chopé toutes ces merdes...
comment virer limewire?
une fois que tout sera nickel j'ai l'intention d'installer avast ?
encore merci pour ton aide.
______________________________________________
Rapport du scan de Vundofix
VundoFix V6.5.11
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Scan started at 20:35:08 13/11/2007
Listing files found while scanning....
C:\WINDOWS\system32\atmfshua.dll
Beginning removal...
Beginning removal...
Attempting to delete C:\WINDOWS\system32\atmfshua.dll
C:\WINDOWS\system32\atmfshua.dll Has been deleted!
Performing Repairs to the registry.
Done!
____________________________________
Rapport de virtumondebegone
[11/13/2007, 21:11:56] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Brice DANIEL\Mes documents\Mes Programmes\Antivirus\VirtumundoBeGone.exe" )
[11/13/2007, 21:12:12] - Detected System Information:
[11/13/2007, 21:12:13] - Windows Version: 5.1.2600, Service Pack 1
[11/13/2007, 21:12:13] - Current Username: Brice DANIEL (Admin)
[11/13/2007, 21:12:13] - Windows is in NORMAL mode.
[11/13/2007, 21:12:13] - Searching for Browser Helper Objects:
[11/13/2007, 21:12:13] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/13/2007, 21:12:13] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/13/2007, 21:12:13] - BHO 3: {1C1DD717-53B2-485E-A17B-C9977C205E10} ()
[11/13/2007, 21:12:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:13] - Checking for HKLM\...\Winlogon\Notify\gebbabx
[11/13/2007, 21:12:13] - Found: HKLM\...\Winlogon\Notify\gebbabx - This is probably Virtumundo.
[11/13/2007, 21:12:13] - Assigning {1C1DD717-53B2-485E-A17B-C9977C205E10} MSEvents Object
[11/13/2007, 21:12:13] - BHO list has been changed! Starting over...
[11/13/2007, 21:12:13] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/13/2007, 21:12:13] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/13/2007, 21:12:13] - BHO 3: {1C1DD717-53B2-485E-A17B-C9977C205E10} (MSEvents Object)
[11/13/2007, 21:12:13] - ALERT: Found MSEvents Object!
[11/13/2007, 21:12:13] - BHO 4: {2BF7CDA0-872B-4164-A239-98DDDEB09E56} ()
[11/13/2007, 21:12:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:13] - Checking for HKLM\...\Winlogon\Notify\pmkjh
[11/13/2007, 21:12:14] - Key not found: HKLM\...\Winlogon\Notify\pmkjh, continuing.
[11/13/2007, 21:12:14] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/13/2007, 21:12:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:14] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/13/2007, 21:12:14] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/13/2007, 21:12:14] - BHO 6: {549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
[11/13/2007, 21:12:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:14] - No filename found. Continuing.
[11/13/2007, 21:12:14] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/13/2007, 21:12:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:14] - No filename found. Continuing.
[11/13/2007, 21:12:14] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/13/2007, 21:12:14] - BHO 9: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[11/13/2007, 21:12:14] - BHO 10: {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} (Camfrog Toolbar)
[11/13/2007, 21:12:14] - BHO 11: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/13/2007, 21:12:14] - BHO 12: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[11/13/2007, 21:12:14] - BHO 13: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[11/13/2007, 21:12:14] - BHO 14: {daf2e1aa-af87-40b5-8173-e735cf6f431a} ()
[11/13/2007, 21:12:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:14] - Checking for HKLM\...\Winlogon\Notify\qjknuajl
[11/13/2007, 21:12:14] - Key not found: HKLM\...\Winlogon\Notify\qjknuajl, continuing.
[11/13/2007, 21:12:14] - BHO 15: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[11/13/2007, 21:12:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:15] - No filename found. Continuing.
[11/13/2007, 21:12:15] - Finished Searching Browser Helper Objects
[11/13/2007, 21:12:15] - *** Detected MSEvents Object
[11/13/2007, 21:12:15] - Trying to remove MSEvents Object...
[11/13/2007, 21:12:16] - Terminating Process: IEXPLORE.EXE
[11/13/2007, 21:12:17] - Terminating Process: RUNDLL32.EXE
[11/13/2007, 21:12:17] - Disabling Automatic Shell Restart
[11/13/2007, 21:12:17] - Terminating Process: EXPLORER.EXE
[11/13/2007, 21:12:17] - Suspending the NT Session Manager System Service
[11/13/2007, 21:12:17] - Terminating Windows NT Logon/Logoff Manager
[11/13/2007, 21:12:18] - Re-enabling Automatic Shell Restart
[11/13/2007, 21:12:18] - File to disable: C:\WINDOWS\System32\gebbabx.dll
[11/13/2007, 21:12:18] - Renaming C:\WINDOWS\System32\gebbabx.dll -> C:\WINDOWS\System32\gebbabx.dll.vir
[11/13/2007, 21:12:19] - File successfully renamed!
[11/13/2007, 21:12:19] - Removing HKLM\...\Browser Helper Objects\{1C1DD717-53B2-485E-A17B-C9977C205E10}
[11/13/2007, 21:12:19] - Removing HKCR\CLSID\{1C1DD717-53B2-485E-A17B-C9977C205E10}
[11/13/2007, 21:12:19] - Adding Kill Bit for ActiveX for GUID: {1C1DD717-53B2-485E-A17B-C9977C205E10}
[11/13/2007, 21:12:19] - Deleting ATLEvents/MSEvents Registry entries
[11/13/2007, 21:12:19] - Removing HKLM\...\Winlogon\Notify\gebbabx
[11/13/2007, 21:12:19] - Searching for Browser Helper Objects:
[11/13/2007, 21:12:19] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/13/2007, 21:12:19] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/13/2007, 21:12:19] - BHO 3: {2BF7CDA0-872B-4164-A239-98DDDEB09E56} ()
[11/13/2007, 21:12:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:19] - Checking for HKLM\...\Winlogon\Notify\pmkjh
[11/13/2007, 21:12:20] - Key not found: HKLM\...\Winlogon\Notify\pmkjh, continuing.
[11/13/2007, 21:12:20] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/13/2007, 21:12:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:20] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/13/2007, 21:12:20] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/13/2007, 21:12:20] - BHO 5: {549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
[11/13/2007, 21:12:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:20] - No filename found. Continuing.
[11/13/2007, 21:12:20] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/13/2007, 21:12:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:20] - No filename found. Continuing.
[11/13/2007, 21:12:20] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/13/2007, 21:12:20] - BHO 8: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[11/13/2007, 21:12:20] - BHO 9: {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} (Camfrog Toolbar)
[11/13/2007, 21:12:20] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/13/2007, 21:12:20] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[11/13/2007, 21:12:20] - BHO 12: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[11/13/2007, 21:12:20] - BHO 13: {daf2e1aa-af87-40b5-8173-e735cf6f431a} ()
[11/13/2007, 21:12:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:20] - Checking for HKLM\...\Winlogon\Notify\qjknuajl
[11/13/2007, 21:12:20] - Key not found: HKLM\...\Winlogon\Notify\qjknuajl, continuing.
[11/13/2007, 21:12:20] - BHO 14: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[11/13/2007, 21:12:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:21] - No filename found. Continuing.
[11/13/2007, 21:12:21] - Finished Searching Browser Helper Objects
[11/13/2007, 21:12:21] - Finishing up...
[11/13/2007, 21:12:21] - A restart is needed.
[11/13/2007, 21:12:33] - Attempting to Restart via STOP error (Blue Screen!)
___________________________________________________________________
Rapport de combofix
ComboFix 07-11-08.1 - Brice DANIEL 2007-11-13 21:38:52.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.100 [GMT 1:00]Running from: C:\Documents and Settings\Brice DANIEL\Mes documents\Mes Programmes\Antivirus\ComboFix.exe
* Created a new restore point
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\Brice DANIEL\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Brice DANIEL\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Brice DANIEL\Favoris\Online Security Guide.lnk
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\atmfshua.dllbox
C:\WINDOWS\system32\gtwlkikb.dll
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.bak2
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\rasthsju.dll
C:\WINDOWS\system32\yklssrqa.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))))))))
.
2007-11-13 21:35 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-13 21:34 89,664 --a------ C:\WINDOWS\system32\flehifvy.dll
2007-11-13 21:33 <REP> d-------- C:\Documents and Settings\Brice DANIEL\Incomplete
2007-11-13 21:31 81,472 --a------ C:\WINDOWS\system32\wqvvtnos.dll
2007-11-13 21:28 71,232 --a------ C:\WINDOWS\system32\wuwmbsdj.exe
2007-11-13 21:22 81,472 --a------ C:\WINDOWS\system32\nnwcajcg.dll
2007-11-13 21:15 71,232 --a------ C:\WINDOWS\system32\bbxwnlee.exe
2007-11-13 20:50 81,472 --a------ C:\WINDOWS\system32\qjknuajl.dll
2007-11-13 20:47 71,232 --a------ C:\WINDOWS\system32\ppmxehee.exe
2007-11-13 20:35 <REP> d-------- C:\VundoFix Backups
2007-11-13 20:22 81,472 --a------ C:\WINDOWS\system32\opopbdrr.dll
2007-11-13 00:48 81,472 --a------ C:\WINDOWS\system32\huhsawuh.dll
2007-11-13 00:42 71,232 --a------ C:\WINDOWS\system32\ycacdmgs.exe
2007-11-12 21:57 81,472 --a------ C:\WINDOWS\system32\vbxieobi.dll
2007-11-12 21:07 <REP> d-------- C:\Documents and Settings\Brice DANIEL\Shared
2007-11-12 21:06 <REP> d-------- C:\Documents and Settings\Brice DANIEL\Application Data\LimeWire
2007-11-12 01:00 <REP> d-------- C:\Program Files\Navilog1
2007-11-11 18:10 6,028 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 17:58 <REP> d-------- C:\Documents and Settings\Brice DANIEL\Application Data\Grisoft
2007-11-11 17:53 <REP> C:\Documents and Settings\Administrateur\Application Data\Dossier de t‚l‚chargement Share-to-Web
2007-11-11 17:50 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2007-11-11 17:50 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-11-11 17:50 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-11 17:50 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-11-11 17:50 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-11-11 17:50 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-11-11 17:50 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-11-11 17:50 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-11-11 17:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2007-11-11 17:44 <REP> d-------- C:\Program Files\a-squared Free
2007-11-11 17:43 <REP> d-------- C:\Program Files\RegCleaner
2007-11-11 17:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-11 17:41 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-11 13:59 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-11 11:30 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-11 11:02 79,936 --a------ C:\WINDOWS\system32\eltaqxdw.dll
2007-11-11 09:02 79,936 --a------ C:\WINDOWS\system32\tjynpyck.dll
2007-11-09 00:02 <REP> d-------- C:\Documents and Settings\Brice DANIEL\Application Data\CamfrogWEB
2007-11-08 21:48 145,984 --a------ C:\WINDOWS\system32\rwykldft.dll
2007-11-06 22:47 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-06 22:44 35,328 --a------ C:\WINDOWS\system32\gebbabx.dll.vir
2007-11-06 22:44 82 --a------ C:\n.bat
2007-11-06 22:44 0 --a------ C:\z.dat
2007-11-06 22:43 <REP> d-------- C:\WINDOWS\system32\Mz18r
2007-11-06 22:43 <REP> d-------- C:\Temp\mZOr
2007-11-06 21:33 700,416 --a------ C:\WINDOWS\system32\mcs_cor1.dll
2007-11-06 21:33 245,760 --a------ C:\WINDOWS\system32\mcs_cor2.dll
2007-11-06 21:33 147,456 --a------ C:\WINDOWS\system32\mcs_vfw.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 20:26 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-13 19:33 --------- d-----w C:\Program Files\Wanadoo
2007-11-13 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-12 20:49 17,332 ----a-w C:\Documents and Settings\Brice DANIEL\Application Data\wklnhst.dat
2007-11-12 20:06 --------- d-----w C:\Program Files\LimeWire
2007-11-11 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-11 16:53 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web
2007-11-11 08:39 --------- d-----w C:\Program Files\TuneUp Utilities 2004
2007-11-09 20:54 49 ----a-w C:\Documents and Settings\Brice DANIEL\Application Data\internaldb41.dat
2007-11-09 20:54 381 ----a-w C:\Documents and Settings\Brice DANIEL\Application Data\internaldb1942.dat
2007-11-09 20:29 18,432 ----a-w C:\Documents and Settings\Brice DANIEL\Application Data\internaldb4827.dat
2007-11-09 20:28 523 ----a-w C:\Documents and Settings\Brice DANIEL\Application Data\internaldb292.dat
2007-11-08 22:16 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-08 21:29 --------- d-----w C:\Program Files\eMule
2007-11-08 21:29 --------- d-----w C:\Documents and Settings\Brice DANIEL\Application Data\uTorrent
2007-11-08 21:29 --------- d-----w C:\Documents and Settings\Brice DANIEL\Application Data\Camfrog
2007-11-06 21:47 278,544 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-11-06 21:42 278,543 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-10-25 18:47 --------- d-----w C:\Program Files\carasexe
2007-09-16 09:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-16 09:36 --------- d-----w C:\Program Files\Voile
2007-09-13 22:44 --------- d-----w C:\Program Files\MSN Messenger
2007-09-13 20:16 --------- d-----w C:\Program Files\Google
2006-12-19 20:48 6,144 ----a-w C:\Documents and Settings\Brice DANIEL\Application Data\internaldb8467.dat
2004-04-05 18:37:28 32 --sha-w C:\WINDOWS\{23BC0138-1F89-4B44-8FB4-98FCA06184F6}.dat
2002-08-30 11:00:00 77,824 --sha-w C:\WINDOWS\system32\asycfilt.dll
2002-08-30 11:00:00 557,056 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-04-18 00:00:50 13 -csha-r C:\WINDOWS\system32\IEcacher.dll
2002-08-30 11:00:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2002-08-30 11:00:00 401,462 --sha-w C:\WINDOWS\system32\msvcp60.dll
2002-08-30 11:00:00 323,072 --sha-w C:\WINDOWS\system32\msvcrt.dll
2002-08-30 11:00:00 253,952 -csha-w C:\WINDOWS\system32\msvcrt20.dll
2002-08-30 11:00:00 569,344 --sha-w C:\WINDOWS\system32\oleaut32.dll
2002-08-30 11:00:00 106,496 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-03-16 19:44:16 30,749 -csha-w C:\WINDOWS\system32\vbajet32.dll
2004-04-05 18:37:28 32 --sha-w C:\WINDOWS\system32\{1A68DC72-8E74-45DE-B57D-C4370C25788B}.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{176d9a7f-bd96-4c84-b354-0ecc9a0e1b12}]
2007-11-13 21:31 81472 --a------ C:\WINDOWS\System32\wqvvtnos.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-10-13 16:12]
"WOOTASKBARICON"="C:\PROGRA~1\WANADOO\TaskbarIcon.exe" [2004-10-13 16:12]
"WooCnxMon"="C:\PROGRA~1\WANADOO\CnxMon.exe" [2004-10-13 16:12]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2003-06-30 14:30]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 16:51]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 16:44]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-11 00:49]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2002-11-25 10:23]
"LaunchApp"="LaunApp" []
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2003-05-12 14:28]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-29 22:31]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2003-05-16 11:49]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-05-12 15:05]
"ccRegVfy"="C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2003-07-15 14:42]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-07-15 14:36]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 21:10]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 11:59 C:\WINDOWS\AGRSMMSG.exe]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-02-25 16:15]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-25 17:15]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-25 17:06]
"SSC_UserPrompt"="C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-10 11:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-03-16 16:56]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-07 21:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 18:14]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-09 19:12]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 06:37]
"AS00_WPN511"="C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe" [2006-01-20 13:15]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 15:52]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-11-06 22:42]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"1c207607"="C:\WINDOWS\System32\flehifvy.dll" [2007-11-13 21:34]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTEGPRS"="C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" [2004-05-11 09:43]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-03 20:22]
"Microsoft NetMeeting"="C:\Program Files\NetMeeting\conf.exe" [2002-08-30 12:00]
"Camfrog"="C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 07:22]
"Wanadoo GPRS"="C:\Program Files\Wanadoo GPRS\WanaGPRS.exe" [2004-01-07 17:15]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"!CleanupNetMeetingDispDriver"="C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\pmkjh.dll
R1 Hotkey;Hotkey;C:\WINDOWS\System32\drivers\Hotkey.sys
R1 Wbutton;Wbutton;C:\WINDOWS\System32\drivers\Wbutton.sys
R3 AWINDIS5;AWINDIS5 Protocol Driver;\??\C:\WINDOWS\System32\AWINDIS5.SYS
R3 POWERKEY;POWERKEY;\??\C:\Program Files\Launch Manager\POWERKEY.sys
S3 Ip6FwHlp;Pare-feu de connexion Internet IPv6;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service;C:\WINDOWS\System32\DRIVERS\wpn511.sys
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\System32\DRIVERS\CamDrL21.sys
S3 SI15CI;SI15CI;\??\C:\WINDOWS\System32\SI15CI.SYS
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\System32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\System32\DRIVERS\sscdmdm.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-07-13 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
"2007-11-13 21:05:02 C:\WINDOWS\Tasks\ABC232D091EDA76C.job"
- c:\docume~1\briced~1\applic~1\thesix~1\JugsBindGram.exe
"2007-09-21 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur.job"
"2007-11-13 19:57:01 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-11-12 21:10:00 C:\WINDOWS\Tasks\WebReg 20041009221026.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-13 21:51:37
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-13 22:07:29 - machine was rebooted
.
--- E O F ---
______________________________________________________________________
Rapport de hijackthis après scan vundofix
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:45, on 13/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\NetMeeting\conf.exe
C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\limewire\limewire.exe
C:\Documents and Settings\Brice DANIEL\Bureau\abcd.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C1DD717-53B2-485E-A17B-C9977C205E10} - C:\WINDOWS\System32\gebbabx.dll
O2 - BHO: (no name) - {2BF7CDA0-872B-4164-A239-98DDDEB09E56} - C:\WINDOWS\System32\pmkjh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: {a134f6fc-537e-3718-5b04-78faaa1e2fad} - {daf2e1aa-af87-40b5-8173-e735cf6f431a} - C:\WINDOWS\System32\qjknuajl.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [1c207607] rundll32.exe "C:\WINDOWS\System32\mpwefxrq.dll",b
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Microsoft NetMeeting] "C:\Program Files\NetMeeting\conf.exe" -Background
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [Wanadoo GPRS] C:\Program Files\Wanadoo GPRS\WanaGPRS.exe /restore
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {A5173EA8-1337-4BAB-A67E-198C9919D9CC} (Loader Class) - http://213.11.100.127/websetup/websetup2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: gebbabx - C:\WINDOWS\SYSTEM32\gebbabx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\ljniiwvf.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
End of file - 15926 bytes
_______________________________________________________________________
Rapport de hijackthis après scan virtumondebegone
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:45, on 13/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\NetMeeting\conf.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Documents and Settings\Brice DANIEL\Bureau\abcd.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {3634f1e8-9cc3-1619-8584-9cc0016d84f8} - {8f48d610-0cc9-4858-9161-3cc98e1f4363} - C:\WINDOWS\System32\nnwcajcg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F065507C-3350-4ABF-9A44-45E9F55DCC50} - C:\WINDOWS\System32\pmkjh.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [1c207607] rundll32.exe "C:\WINDOWS\System32\fudvffgm.dll",b
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Microsoft NetMeeting] "C:\Program Files\NetMeeting\conf.exe" -Background
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [Wanadoo GPRS] C:\Program Files\Wanadoo GPRS\WanaGPRS.exe /restore
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - (file missing) (HKCU)
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) -
O16 - DPF: {A5173EA8-1337-4BAB-A67E-198C9919D9CC} (Loader Class) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\ljniiwvf.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
--
End of file - 15837 bytes
_______________________________________________________________
Rapport de hijackthis après scan combofix
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:07, on 13/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\Hotke
Achat 7.1 home cinema
