A voir également:
- PC infecte par cheval de troie
- Test performance pc - Guide
- Reinitialiser pc - Guide
- Pc lent - Guide
- Whatsapp pc - Télécharger - Messagerie
- Double ecran pc - Guide
51 réponses
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
30 nov. 2007 à 15:12
30 nov. 2007 à 15:12
salut tomsnow,
belle infection...
- Télécharge sur ton bureau DiagHelp.zip sur ton bureau - Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
- !!! Ne double-clic pas dessus !!! Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le dossier DiagHelp.
- Double-clic sur catchme.exe (le .exe peut ne pas apparaître).
Une fenêtre va s'ouvrir, vas dans l'onglet Script.
Copie/colle ceci :
files to kill:
C:\Program Files\SecCenter\scprot4.exe
Clic sur Run.
Relance HijackThis, coche ces lignes :
O2 - BHO: (no name) - {343B8228-617E-4342-840B-0057E20D3003} - C:\WINDOWS\system32\tuvurqo.dll
O2 - BHO: (no name) - {8CE1F2D7-C980-47E8-B22B-BDBDF0DF44BB} - C:\WINDOWS\system32\pmnll.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O20 - Winlogon Notify: crehcjid - C:\WINDOWS\SYSTEM32\crehcjid.dll
O20 - Winlogon Notify: tuvurqo - C:\WINDOWS\SYSTEM32\tuvurqo.dll
O20 - Winlogon Notify: winkve32 - C:\WINDOWS\SYSTEM32\winkve32.dll
Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-click sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Program Files\SecCenter\scprot4.exe
Click sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
click sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Ps : il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
alors dans ta prochaine reponse post le rapport de ot-move it celui de vundofix et un nouveau rapport hijack this
_______________________________________________________
instale un par feu :
par feu : kerio
http://www.malekal.com/kerio_firewall.php#mozTocId721480
https://www.vulgarisation-informatique.com/kerio.php
ou zone alarm plus facil a configurer mais moins performant
http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html
________________________________________________________
@+
belle infection...
- Télécharge sur ton bureau DiagHelp.zip sur ton bureau - Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
- !!! Ne double-clic pas dessus !!! Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le dossier DiagHelp.
- Double-clic sur catchme.exe (le .exe peut ne pas apparaître).
Une fenêtre va s'ouvrir, vas dans l'onglet Script.
Copie/colle ceci :
files to kill:
C:\Program Files\SecCenter\scprot4.exe
Clic sur Run.
Relance HijackThis, coche ces lignes :
O2 - BHO: (no name) - {343B8228-617E-4342-840B-0057E20D3003} - C:\WINDOWS\system32\tuvurqo.dll
O2 - BHO: (no name) - {8CE1F2D7-C980-47E8-B22B-BDBDF0DF44BB} - C:\WINDOWS\system32\pmnll.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O20 - Winlogon Notify: crehcjid - C:\WINDOWS\SYSTEM32\crehcjid.dll
O20 - Winlogon Notify: tuvurqo - C:\WINDOWS\SYSTEM32\tuvurqo.dll
O20 - Winlogon Notify: winkve32 - C:\WINDOWS\SYSTEM32\winkve32.dll
Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-click sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Program Files\SecCenter\scprot4.exe
Click sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
click sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Ps : il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
alors dans ta prochaine reponse post le rapport de ot-move it celui de vundofix et un nouveau rapport hijack this
_______________________________________________________
instale un par feu :
par feu : kerio
http://www.malekal.com/kerio_firewall.php#mozTocId721480
https://www.vulgarisation-informatique.com/kerio.php
ou zone alarm plus facil a configurer mais moins performant
http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html
________________________________________________________
@+
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
30 nov. 2007 à 15:47
30 nov. 2007 à 15:47
ok
G!rly j'ai un soucis! Quand je fais la manip demandé sur Catchme.exe - script + copier coller puis run, il y'a un message du genre " script completed with errors"! Que faire?
Merci
Merci
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
30 nov. 2007 à 16:05
30 nov. 2007 à 16:05
tu as bien copié et collé ceci :
files to kill:
C:\Program Files\SecCenter\scprot4.exe
si c´est le cas fais la suite
files to kill:
C:\Program Files\SecCenter\scprot4.exe
si c´est le cas fais la suite
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
30 nov. 2007 à 16:14
30 nov. 2007 à 16:14
bon ok fais la suite on s´occupera de lui plus tards
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
30 nov. 2007 à 16:26
30 nov. 2007 à 16:26
yes
Alors voici donc les rapports:
OT MOVEIT
C:\Program Files\SecCenter\scprot4.exe moved successfully.
Created on 11/30/2007 16:18:32
VundoFix V6.6.2
Checking Java version...
Scan started at 16:20:24 30/11/2007
Listing files found while scanning....
No infected files were found.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:30:45, on 30/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Calendrier\Cld2000.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\TOM\Bureau\NETTOYAGE\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A47A9A0-83FA-43F7-B924-3BC766640967} - C:\WINDOWS\system32\pmnll.dll
O2 - BHO: (no name) - {343B8228-617E-4342-840B-0057E20D3003} - C:\WINDOWS\system32\tuvurqo.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [zsfizsji] rundll32.exe "C:\Program Files\zsfizsji\huhqlmds.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: crehcjid - C:\WINDOWS\SYSTEM32\crehcjid.dll
O20 - Winlogon Notify: tuvurqo - C:\WINDOWS\SYSTEM32\tuvurqo.dll
O20 - Winlogon Notify: winkve32 - C:\WINDOWS\SYSTEM32\winkve32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Droppix Service - Unknown owner - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
OT MOVEIT
C:\Program Files\SecCenter\scprot4.exe moved successfully.
Created on 11/30/2007 16:18:32
VundoFix V6.6.2
Checking Java version...
Scan started at 16:20:24 30/11/2007
Listing files found while scanning....
No infected files were found.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:30:45, on 30/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Calendrier\Cld2000.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\TOM\Bureau\NETTOYAGE\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A47A9A0-83FA-43F7-B924-3BC766640967} - C:\WINDOWS\system32\pmnll.dll
O2 - BHO: (no name) - {343B8228-617E-4342-840B-0057E20D3003} - C:\WINDOWS\system32\tuvurqo.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [zsfizsji] rundll32.exe "C:\Program Files\zsfizsji\huhqlmds.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: crehcjid - C:\WINDOWS\SYSTEM32\crehcjid.dll
O20 - Winlogon Notify: tuvurqo - C:\WINDOWS\SYSTEM32\tuvurqo.dll
O20 - Winlogon Notify: winkve32 - C:\WINDOWS\SYSTEM32\winkve32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Droppix Service - Unknown owner - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
30 nov. 2007 à 16:47
30 nov. 2007 à 16:47
re,
c´est etrange que vundofix n´ai rien trouvé
oui jetico te demande ca car tu est infecté par des trojant du type vundoo logé dans le winlogon...
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu
c´est etrange que vundofix n´ai rien trouvé
oui jetico te demande ca car tu est infecté par des trojant du type vundoo logé dans le winlogon...
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu
Voici le rapport:
[11/30/2007, 16:49:20] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\TOM\Bureau\VirtumundoBeGone.exe" )
[11/30/2007, 16:49:37] - Detected System Information:
[11/30/2007, 16:49:37] - Windows Version: 5.1.2600, Service Pack 2
[11/30/2007, 16:49:37] - Current Username: TOM (Admin)
[11/30/2007, 16:49:37] - Windows is in NORMAL mode.
[11/30/2007, 16:49:37] - Searching for Browser Helper Objects:
[11/30/2007, 16:49:37] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/30/2007, 16:49:37] - BHO 2: {1A47A9A0-83FA-43F7-B924-3BC766640967} ()
[11/30/2007, 16:49:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/30/2007, 16:49:37] - Checking for HKLM\...\Winlogon\Notify\pmnll
[11/30/2007, 16:49:37] - Key not found: HKLM\...\Winlogon\Notify\pmnll, continuing.
[11/30/2007, 16:49:37] - BHO 3: {343B8228-617E-4342-840B-0057E20D3003} ()
[11/30/2007, 16:49:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/30/2007, 16:49:37] - Checking for HKLM\...\Winlogon\Notify\tuvurqo
[11/30/2007, 16:49:37] - Found: HKLM\...\Winlogon\Notify\tuvurqo - This is probably Virtumundo.
[11/30/2007, 16:49:37] - Assigning {343B8228-617E-4342-840B-0057E20D3003} MSEvents Object
[11/30/2007, 16:49:37] - BHO list has been changed! Starting over...
[11/30/2007, 16:49:37] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/30/2007, 16:49:37] - BHO 2: {1A47A9A0-83FA-43F7-B924-3BC766640967} ()
[11/30/2007, 16:49:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/30/2007, 16:49:37] - Checking for HKLM\...\Winlogon\Notify\pmnll
[11/30/2007, 16:49:37] - Key not found: HKLM\...\Winlogon\Notify\pmnll, continuing.
[11/30/2007, 16:49:37] - BHO 3: {343B8228-617E-4342-840B-0057E20D3003} (MSEvents Object)
[11/30/2007, 16:49:37] - ALERT: Found MSEvents Object!
[11/30/2007, 16:49:37] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/30/2007, 16:49:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/30/2007, 16:49:37] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/30/2007, 16:49:37] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/30/2007, 16:49:37] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/30/2007, 16:49:37] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/30/2007, 16:49:37] - Finished Searching Browser Helper Objects
[11/30/2007, 16:49:37] - *** Detected MSEvents Object
[11/30/2007, 16:49:37] - Trying to remove MSEvents Object...
[11/30/2007, 16:49:38] - Terminating Process: IEXPLORE.EXE
[11/30/2007, 16:49:39] - Terminating Process: RUNDLL32.EXE
[11/30/2007, 16:49:39] - Disabling Automatic Shell Restart
[11/30/2007, 16:49:39] - Terminating Process: EXPLORER.EXE
[11/30/2007, 16:49:39] - Suspending the NT Session Manager System Service
[11/30/2007, 16:49:39] - Terminating Windows NT Logon/Logoff Manager
[11/30/2007, 16:49:39] - Re-enabling Automatic Shell Restart
[11/30/2007, 16:49:39] - File to disable: C:\WINDOWS\system32\tuvurqo.dll
[11/30/2007, 16:49:39] - Renaming C:\WINDOWS\system32\tuvurqo.dll -> C:\WINDOWS\system32\tuvurqo.dll.vir
[11/30/2007, 16:49:39] - File successfully renamed!
[11/30/2007, 16:49:39] - Removing HKLM\...\Browser Helper Objects\{343B8228-617E-4342-840B-0057E20D3003}
[11/30/2007, 16:49:39] - Removing HKCR\CLSID\{343B8228-617E-4342-840B-0057E20D3003}
[11/30/2007, 16:49:39] - Adding Kill Bit for ActiveX for GUID: {343B8228-617E-4342-840B-0057E20D3003}
[11/30/2007, 16:49:39] - Deleting ATLEvents/MSEvents Registry entries
[11/30/2007, 16:49:39] - Removing HKLM\...\Winlogon\Notify\tuvurqo
[11/30/2007, 16:49:39] - Searching for Browser Helper Objects:
[11/30/2007, 16:49:39] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/30/2007, 16:49:39] - BHO 2: {1A47A9A0-83FA-43F7-B924-3BC766640967} ()
[11/30/2007, 16:49:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/30/2007, 16:49:39] - Checking for HKLM\...\Winlogon\Notify\pmnll
[11/30/2007, 16:49:40] - Key not found: HKLM\...\Winlogon\Notify\pmnll, continuing.
[11/30/2007, 16:49:40] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/30/2007, 16:49:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/30/2007, 16:49:40] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/30/2007, 16:49:40] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/30/2007, 16:49:40] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/30/2007, 16:49:40] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/30/2007, 16:49:40] - Finished Searching Browser Helper Objects
[11/30/2007, 16:49:40] - Finishing up...
[11/30/2007, 16:49:40] - A restart is needed.
[11/30/2007, 16:49:40] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[11/30/2007, 16:49:46] - Attempting to Restart via STOP error (Blue Screen!)
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:59:38, on 30/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\TOM\Bureau\NETTOYAGE\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C9C390AE-77BC-439D-A063-BD22A55DC251} - C:\WINDOWS\system32\pmnll.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [zsfizsji] rundll32.exe "C:\Program Files\zsfizsji\huhqlmds.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: crehcjid - C:\WINDOWS\SYSTEM32\crehcjid.dll
O20 - Winlogon Notify: winkve32 - C:\WINDOWS\SYSTEM32\winkve32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Droppix Service - Unknown owner - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
[11/30/2007, 16:49:20] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\TOM\Bureau\VirtumundoBeGone.exe" )
[11/30/2007, 16:49:37] - Detected System Information:
[11/30/2007, 16:49:37] - Windows Version: 5.1.2600, Service Pack 2
[11/30/2007, 16:49:37] - Current Username: TOM (Admin)
[11/30/2007, 16:49:37] - Windows is in NORMAL mode.
[11/30/2007, 16:49:37] - Searching for Browser Helper Objects:
[11/30/2007, 16:49:37] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/30/2007, 16:49:37] - BHO 2: {1A47A9A0-83FA-43F7-B924-3BC766640967} ()
[11/30/2007, 16:49:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/30/2007, 16:49:37] - Checking for HKLM\...\Winlogon\Notify\pmnll
[11/30/2007, 16:49:37] - Key not found: HKLM\...\Winlogon\Notify\pmnll, continuing.
[11/30/2007, 16:49:37] - BHO 3: {343B8228-617E-4342-840B-0057E20D3003} ()
[11/30/2007, 16:49:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/30/2007, 16:49:37] - Checking for HKLM\...\Winlogon\Notify\tuvurqo
[11/30/2007, 16:49:37] - Found: HKLM\...\Winlogon\Notify\tuvurqo - This is probably Virtumundo.
[11/30/2007, 16:49:37] - Assigning {343B8228-617E-4342-840B-0057E20D3003} MSEvents Object
[11/30/2007, 16:49:37] - BHO list has been changed! Starting over...
[11/30/2007, 16:49:37] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/30/2007, 16:49:37] - BHO 2: {1A47A9A0-83FA-43F7-B924-3BC766640967} ()
[11/30/2007, 16:49:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/30/2007, 16:49:37] - Checking for HKLM\...\Winlogon\Notify\pmnll
[11/30/2007, 16:49:37] - Key not found: HKLM\...\Winlogon\Notify\pmnll, continuing.
[11/30/2007, 16:49:37] - BHO 3: {343B8228-617E-4342-840B-0057E20D3003} (MSEvents Object)
[11/30/2007, 16:49:37] - ALERT: Found MSEvents Object!
[11/30/2007, 16:49:37] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/30/2007, 16:49:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/30/2007, 16:49:37] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/30/2007, 16:49:37] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/30/2007, 16:49:37] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/30/2007, 16:49:37] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/30/2007, 16:49:37] - Finished Searching Browser Helper Objects
[11/30/2007, 16:49:37] - *** Detected MSEvents Object
[11/30/2007, 16:49:37] - Trying to remove MSEvents Object...
[11/30/2007, 16:49:38] - Terminating Process: IEXPLORE.EXE
[11/30/2007, 16:49:39] - Terminating Process: RUNDLL32.EXE
[11/30/2007, 16:49:39] - Disabling Automatic Shell Restart
[11/30/2007, 16:49:39] - Terminating Process: EXPLORER.EXE
[11/30/2007, 16:49:39] - Suspending the NT Session Manager System Service
[11/30/2007, 16:49:39] - Terminating Windows NT Logon/Logoff Manager
[11/30/2007, 16:49:39] - Re-enabling Automatic Shell Restart
[11/30/2007, 16:49:39] - File to disable: C:\WINDOWS\system32\tuvurqo.dll
[11/30/2007, 16:49:39] - Renaming C:\WINDOWS\system32\tuvurqo.dll -> C:\WINDOWS\system32\tuvurqo.dll.vir
[11/30/2007, 16:49:39] - File successfully renamed!
[11/30/2007, 16:49:39] - Removing HKLM\...\Browser Helper Objects\{343B8228-617E-4342-840B-0057E20D3003}
[11/30/2007, 16:49:39] - Removing HKCR\CLSID\{343B8228-617E-4342-840B-0057E20D3003}
[11/30/2007, 16:49:39] - Adding Kill Bit for ActiveX for GUID: {343B8228-617E-4342-840B-0057E20D3003}
[11/30/2007, 16:49:39] - Deleting ATLEvents/MSEvents Registry entries
[11/30/2007, 16:49:39] - Removing HKLM\...\Winlogon\Notify\tuvurqo
[11/30/2007, 16:49:39] - Searching for Browser Helper Objects:
[11/30/2007, 16:49:39] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/30/2007, 16:49:39] - BHO 2: {1A47A9A0-83FA-43F7-B924-3BC766640967} ()
[11/30/2007, 16:49:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/30/2007, 16:49:39] - Checking for HKLM\...\Winlogon\Notify\pmnll
[11/30/2007, 16:49:40] - Key not found: HKLM\...\Winlogon\Notify\pmnll, continuing.
[11/30/2007, 16:49:40] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/30/2007, 16:49:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/30/2007, 16:49:40] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/30/2007, 16:49:40] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/30/2007, 16:49:40] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/30/2007, 16:49:40] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/30/2007, 16:49:40] - Finished Searching Browser Helper Objects
[11/30/2007, 16:49:40] - Finishing up...
[11/30/2007, 16:49:40] - A restart is needed.
[11/30/2007, 16:49:40] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[11/30/2007, 16:49:46] - Attempting to Restart via STOP error (Blue Screen!)
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:59:38, on 30/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\TOM\Bureau\NETTOYAGE\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C9C390AE-77BC-439D-A063-BD22A55DC251} - C:\WINDOWS\system32\pmnll.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [zsfizsji] rundll32.exe "C:\Program Files\zsfizsji\huhqlmds.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: crehcjid - C:\WINDOWS\SYSTEM32\crehcjid.dll
O20 - Winlogon Notify: winkve32 - C:\WINDOWS\SYSTEM32\winkve32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Droppix Service - Unknown owner - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
30 nov. 2007 à 17:05
30 nov. 2007 à 17:05
re,
il y a des clef cachés virtumundobegonne n´arrive pas a les supprimer, il en a supprimé/renommé qu´une seul...
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
il y a des clef cachés virtumundobegonne n´arrive pas a les supprimer, il en a supprimé/renommé qu´une seul...
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
G!rly voici le rapport:
ComboFix 07-11-19.4C - TOM 2007-11-30 17:10:04.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.574 [GMT 1:00]
Running from: C:\Documents and Settings\TOM\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00001.dll
C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00002.dll
C:\Program Files\SecCenter
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.ini2
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\winkve32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NTMLSVC
-------\LEGACY_SYMAVC32
-------\NtmlSvc
-------\poof
-------\symavc32
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))))))))
.
2007-11-30 16:20 <REP> d-------- C:\VundoFix Backups
2007-11-30 14:07 <REP> d-------- C:\Program Files\Sonic Foundry
2007-11-30 13:47 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-30 13:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-30 12:37 <REP> d-------- C:\WINDOWS\system32\skjlrsjp
2007-11-30 12:36 <REP> d-------- C:\Program Files\zsfizsji
2007-11-30 12:36 <REP> d-------- C:\Program Files\Igefrkdb
2007-11-20 23:08 <REP> dr------- C:\Documents and Settings\Mes documents\Mes vid‚os
2007-11-17 18:00 <REP> d-------- C:\Documents and Settings\TOM\Application Data\Media Player Classic
2007-11-17 17:34 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-11-17 17:12 <REP> d-------- C:\Program Files\Okoker All Video Splitter
2007-11-09 21:36 <REP> d-------- C:\Documents and Settings\Mes documents\essai21
2007-11-09 13:02 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
2007-11-07 17:38 <REP> d-------- C:\Program Files\Transcribe
2007-10-30 18:22 <REP> d-------- C:\Documents and Settings\Mes documents\Ang‚lique
2007-10-26 13:11 <REP> d-------- C:\Program Files\Everest Poker
2007-10-23 12:23 <REP> d-------- C:\Documents and Settings\Mes documents\tt
2007-10-23 12:15 <REP> d-------- C:\Documents and Settings\Mes documents\test
2007-10-23 12:11 <REP> d-------- C:\Program Files\Tracktion 3
2007-10-23 12:11 <REP> d-------- C:\Documents and Settings\TOM\Application Data\Tracktion 3
2007-10-23 11:58 <REP> d-------- C:\Documents and Settings\Mes documents\toto
2007-10-23 11:40 <REP> d-------- C:\Documents and Settings\Mes documents\essai 2
2007-10-23 11:28 <REP> d-------- C:\Documents and Settings\Mes documents\essai1
2007-10-23 11:19 <REP> d-------- C:\Documents and Settings\Mes documents\essai
2007-10-23 11:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Tracktion 3
2007-10-22 09:34 <REP> d-------- C:\Program Files\Skype
2007-10-22 09:34 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-10-22 09:34 <REP> d-------- C:\Documents and Settings\TOM\Application Data\Skype
2007-10-22 09:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-22 09:23 23,876,904 --a------ C:\SkypeSetup.exe
2007-10-16 18:50 <REP> d-------- C:\Documents and Settings\Mes documents\AdobeStockPhotos
2007-10-15 21:00 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-13 09:58 <REP> d-------- C:\Documents and Settings\TOM\Application Data\NetMedia Providers
2007-10-13 09:58 <REP> d-------- C:\Documents and Settings\Mes documents\Sony ACID Pro 6.0 Projects
2007-10-13 09:56 <REP> d-------- C:\Program Files\Vstplugins
2007-10-13 09:55 <REP> d-------- C:\Program Files\Sony
2007-10-13 09:55 <REP> d-------- C:\Documents and Settings\Mes documents\Sony
2007-10-10 10:17 <REP> d-------- C:\Documents and Settings\Mes documents\Updater
2007-10-10 10:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-10-10 10:14 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-10-09 22:26 <REP> d-------- C:\Program Files\Calendrier
2007-10-09 22:26 <REP> d-------- C:\Documents and Settings\TOM\Application Data\Calendrier Xtra
2007-10-08 12:07 <REP> d-------- C:\Program Files\Fichiers communs\Vbox
2007-10-07 12:03 2,628,296 --a------ C:\Program Files\ccsetup201.exe
2007-10-07 11:24 304,160 --a------ C:\StiImg.dat
2007-10-07 10:24 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2007-10-07 10:24 20,480 --a--c--- C:\WINDOWS\system32\dllcache\usbuhci.sys
2007-10-03 10:36 <REP> d-------- C:\Program Files\Sonic Foundry Setup
2007-10-01 16:37 63,804 --a------ C:\WINDOWS\system32\nvapps.xml
2007-10-01 16:36 <REP> d-------- C:\WINDOWS\nview
2007-10-01 15:24 <REP> d-------- C:\WINDOWS\system32\Data
2007-10-01 15:22 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-01 15:22 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-01 15:22 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-10-01 15:22 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-10-01 15:22 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 12:01 --------- d-----w C:\Program Files\RegClean
2007-11-30 11:39 1,037,879 ----a-w C:\WINDOWS\explorer.exe
2007-11-30 01:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-23 07:59 --------- d-----w C:\Documents and Settings\TOM\Application Data\OpenOffice.org2
2007-11-06 15:49 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2007-11-05 19:12 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-11-05 19:12 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2007-10-13 09:33 --------- d-----w C:\Documents and Settings\TOM\Application Data\dvdcss
2007-10-12 15:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-10 09:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-09 21:33 32 ----a-w C:\Program Files\log.txt
2007-10-07 11:10 --------- d-----w C:\Program Files\Google
2007-10-07 11:07 --------- d-----w C:\Program Files\WinISO
2007-09-22 14:11 48,237,752 ----a-w C:\SetupDroppixRecorder2(2).exe
2007-07-01 14:07 12,759,940 ----a-w C:\Program Files\cnx11_fr.exe
2007-06-30 15:26 12,413,440 ------w C:\Program Files\avgas-setup-7.5.1.43.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 15:58]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2004-06-25 09:21]
"Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe" [2007-10-03 16:22]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"JeticoPFStartup"="C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 06:22]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 15:55]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 10:44 C:\WINDOWS\RTHDCPL.exe]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 14:21]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-06-01 10:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crehcjid]
crehcjid.dll 2007-11-30 12:39 89088 C:\WINDOWS\system32\crehcjid.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnll.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-03-28 14:21 57344 --a------ C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-30 15:58 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S1 bcbus;BestCrypt bus driver;C:\WINDOWS\system32\DRIVERS\bcbus.sys
S3 DPFilter;USB Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DPFilter.sys
S3 Droppix Service;Droppix Service;"C:\Program Files\Fichiers communs\Droppix\DxService.exe"
S3 KBNTXP;Standard PS/2 Multi-Keyboard Filter Driver for WinXp;C:\WINDOWS\system32\DRIVERS\KBNTXP.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpip_patcher]
"ImagePath"="\??\C:\WINDOWS\system32\tcpip_patcher.sys"
.
Completion time: 2007-11-30 17:15:48 - machine was rebooted
.
--- E O F ---
ComboFix 07-11-19.4C - TOM 2007-11-30 17:10:04.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.574 [GMT 1:00]
Running from: C:\Documents and Settings\TOM\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00001.dll
C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00002.dll
C:\Program Files\SecCenter
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.ini2
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\winkve32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NTMLSVC
-------\LEGACY_SYMAVC32
-------\NtmlSvc
-------\poof
-------\symavc32
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))))))))
.
2007-11-30 16:20 <REP> d-------- C:\VundoFix Backups
2007-11-30 14:07 <REP> d-------- C:\Program Files\Sonic Foundry
2007-11-30 13:47 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-30 13:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-30 12:37 <REP> d-------- C:\WINDOWS\system32\skjlrsjp
2007-11-30 12:36 <REP> d-------- C:\Program Files\zsfizsji
2007-11-30 12:36 <REP> d-------- C:\Program Files\Igefrkdb
2007-11-20 23:08 <REP> dr------- C:\Documents and Settings\Mes documents\Mes vid‚os
2007-11-17 18:00 <REP> d-------- C:\Documents and Settings\TOM\Application Data\Media Player Classic
2007-11-17 17:34 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-11-17 17:12 <REP> d-------- C:\Program Files\Okoker All Video Splitter
2007-11-09 21:36 <REP> d-------- C:\Documents and Settings\Mes documents\essai21
2007-11-09 13:02 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
2007-11-07 17:38 <REP> d-------- C:\Program Files\Transcribe
2007-10-30 18:22 <REP> d-------- C:\Documents and Settings\Mes documents\Ang‚lique
2007-10-26 13:11 <REP> d-------- C:\Program Files\Everest Poker
2007-10-23 12:23 <REP> d-------- C:\Documents and Settings\Mes documents\tt
2007-10-23 12:15 <REP> d-------- C:\Documents and Settings\Mes documents\test
2007-10-23 12:11 <REP> d-------- C:\Program Files\Tracktion 3
2007-10-23 12:11 <REP> d-------- C:\Documents and Settings\TOM\Application Data\Tracktion 3
2007-10-23 11:58 <REP> d-------- C:\Documents and Settings\Mes documents\toto
2007-10-23 11:40 <REP> d-------- C:\Documents and Settings\Mes documents\essai 2
2007-10-23 11:28 <REP> d-------- C:\Documents and Settings\Mes documents\essai1
2007-10-23 11:19 <REP> d-------- C:\Documents and Settings\Mes documents\essai
2007-10-23 11:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Tracktion 3
2007-10-22 09:34 <REP> d-------- C:\Program Files\Skype
2007-10-22 09:34 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-10-22 09:34 <REP> d-------- C:\Documents and Settings\TOM\Application Data\Skype
2007-10-22 09:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-22 09:23 23,876,904 --a------ C:\SkypeSetup.exe
2007-10-16 18:50 <REP> d-------- C:\Documents and Settings\Mes documents\AdobeStockPhotos
2007-10-15 21:00 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-13 09:58 <REP> d-------- C:\Documents and Settings\TOM\Application Data\NetMedia Providers
2007-10-13 09:58 <REP> d-------- C:\Documents and Settings\Mes documents\Sony ACID Pro 6.0 Projects
2007-10-13 09:56 <REP> d-------- C:\Program Files\Vstplugins
2007-10-13 09:55 <REP> d-------- C:\Program Files\Sony
2007-10-13 09:55 <REP> d-------- C:\Documents and Settings\Mes documents\Sony
2007-10-10 10:17 <REP> d-------- C:\Documents and Settings\Mes documents\Updater
2007-10-10 10:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-10-10 10:14 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-10-09 22:26 <REP> d-------- C:\Program Files\Calendrier
2007-10-09 22:26 <REP> d-------- C:\Documents and Settings\TOM\Application Data\Calendrier Xtra
2007-10-08 12:07 <REP> d-------- C:\Program Files\Fichiers communs\Vbox
2007-10-07 12:03 2,628,296 --a------ C:\Program Files\ccsetup201.exe
2007-10-07 11:24 304,160 --a------ C:\StiImg.dat
2007-10-07 10:24 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2007-10-07 10:24 20,480 --a--c--- C:\WINDOWS\system32\dllcache\usbuhci.sys
2007-10-03 10:36 <REP> d-------- C:\Program Files\Sonic Foundry Setup
2007-10-01 16:37 63,804 --a------ C:\WINDOWS\system32\nvapps.xml
2007-10-01 16:36 <REP> d-------- C:\WINDOWS\nview
2007-10-01 15:24 <REP> d-------- C:\WINDOWS\system32\Data
2007-10-01 15:22 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-01 15:22 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-01 15:22 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-10-01 15:22 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-10-01 15:22 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 12:01 --------- d-----w C:\Program Files\RegClean
2007-11-30 11:39 1,037,879 ----a-w C:\WINDOWS\explorer.exe
2007-11-30 01:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-23 07:59 --------- d-----w C:\Documents and Settings\TOM\Application Data\OpenOffice.org2
2007-11-06 15:49 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2007-11-05 19:12 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-11-05 19:12 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2007-10-13 09:33 --------- d-----w C:\Documents and Settings\TOM\Application Data\dvdcss
2007-10-12 15:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-10 09:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-09 21:33 32 ----a-w C:\Program Files\log.txt
2007-10-07 11:10 --------- d-----w C:\Program Files\Google
2007-10-07 11:07 --------- d-----w C:\Program Files\WinISO
2007-09-22 14:11 48,237,752 ----a-w C:\SetupDroppixRecorder2(2).exe
2007-07-01 14:07 12,759,940 ----a-w C:\Program Files\cnx11_fr.exe
2007-06-30 15:26 12,413,440 ------w C:\Program Files\avgas-setup-7.5.1.43.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 15:58]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2004-06-25 09:21]
"Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe" [2007-10-03 16:22]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"JeticoPFStartup"="C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 06:22]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 15:55]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 10:44 C:\WINDOWS\RTHDCPL.exe]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 14:21]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-06-01 10:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crehcjid]
crehcjid.dll 2007-11-30 12:39 89088 C:\WINDOWS\system32\crehcjid.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnll.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-03-28 14:21 57344 --a------ C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-30 15:58 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S1 bcbus;BestCrypt bus driver;C:\WINDOWS\system32\DRIVERS\bcbus.sys
S3 DPFilter;USB Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DPFilter.sys
S3 Droppix Service;Droppix Service;"C:\Program Files\Fichiers communs\Droppix\DxService.exe"
S3 KBNTXP;Standard PS/2 Multi-Keyboard Filter Driver for WinXp;C:\WINDOWS\system32\DRIVERS\KBNTXP.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpip_patcher]
"ImagePath"="\??\C:\WINDOWS\system32\tcpip_patcher.sys"
.
Completion time: 2007-11-30 17:15:48 - machine was rebooted
.
--- E O F ---
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
30 nov. 2007 à 17:37
30 nov. 2007 à 17:37
re,
Copie le texte se situant ci-dessous :
File::
C:\WINDOWS\system32\crehcjid.dll
Folder::
C:\VundoFix Backups
C:\Program Files\zsfizsji
C:\Program Files\Igefrkdb
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crehcjid]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
Copie le texte se situant ci-dessous :
File::
C:\WINDOWS\system32\crehcjid.dll
Folder::
C:\VundoFix Backups
C:\Program Files\zsfizsji
C:\Program Files\Igefrkdb
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crehcjid]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
30 nov. 2007 à 17:46
30 nov. 2007 à 17:46
oui
Voici le rapport que tu m'as demandé
ComboFix 07-11-19.4C - TOM 2007-11-30 17:53:49.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.517 [GMT 1:00]
Running from: C:\Documents and Settings\TOM\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\TOM\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\crehcjid.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Igefrkdb
C:\Program Files\zsfizsji
C:\Program Files\zsfizsji\huhqlmds.dll
C:\VundoFix Backups
C:\WINDOWS\system32\crehcjid.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))))))))
.
2007-11-30 14:07 <REP> d-------- C:\Program Files\Sonic Foundry
2007-11-30 13:47 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-30 13:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-30 12:37 <REP> d-------- C:\WINDOWS\system32\skjlrsjp
2007-11-20 23:08 <REP> dr------- C:\Documents and Settings\Mes documents\Mes vid‚os
2007-11-17 18:00 <REP> d-------- C:\Documents and Settings\TOM\Application Data\Media Player Classic
2007-11-17 17:34 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-11-17 17:34 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2007-11-17 17:34 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2007-11-17 17:12 <REP> d-------- C:\Program Files\Okoker All Video Splitter
2007-11-09 21:36 <REP> d-------- C:\Documents and Settings\Mes documents\essai21
2007-11-09 13:02 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
2007-11-07 17:38 <REP> d-------- C:\Program Files\Transcribe
2007-10-30 18:22 <REP> d-------- C:\Documents and Settings\Mes documents\Ang‚lique
2007-10-26 13:11 <REP> d-------- C:\Program Files\Everest Poker
2007-10-23 12:23 <REP> d-------- C:\Documents and Settings\Mes documents\tt
2007-10-23 12:15 <REP> d-------- C:\Documents and Settings\Mes documents\test
2007-10-23 12:11 <REP> d-------- C:\Program Files\Tracktion 3
2007-10-23 12:11 <REP> d-------- C:\Documents and Settings\TOM\Application Data\Tracktion 3
2007-10-23 11:58 <REP> d-------- C:\Documents and Settings\Mes documents\toto
2007-10-23 11:40 <REP> d-------- C:\Documents and Settings\Mes documents\essai 2
2007-10-23 11:28 <REP> d-------- C:\Documents and Settings\Mes documents\essai1
2007-10-23 11:19 <REP> d-------- C:\Documents and Settings\Mes documents\essai
2007-10-23 11:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Tracktion 3
2007-10-22 09:34 <REP> d-------- C:\Program Files\Skype
2007-10-22 09:34 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-10-22 09:34 <REP> d-------- C:\Documents and Settings\TOM\Application Data\Skype
2007-10-22 09:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-22 09:23 23,876,904 --a------ C:\SkypeSetup.exe
2007-10-16 18:50 <REP> d-------- C:\Documents and Settings\Mes documents\AdobeStockPhotos
2007-10-15 21:00 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-13 09:58 <REP> d-------- C:\Documents and Settings\TOM\Application Data\NetMedia Providers
2007-10-13 09:58 <REP> d-------- C:\Documents and Settings\Mes documents\Sony ACID Pro 6.0 Projects
2007-10-13 09:56 <REP> d-------- C:\Program Files\Vstplugins
2007-10-13 09:55 <REP> d-------- C:\Program Files\Sony
2007-10-13 09:55 <REP> d-------- C:\Documents and Settings\Mes documents\Sony
2007-10-10 10:17 <REP> d-------- C:\Documents and Settings\Mes documents\Updater
2007-10-10 10:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-10-10 10:14 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-10-09 22:26 <REP> d-------- C:\Program Files\Calendrier
2007-10-09 22:26 <REP> d-------- C:\Documents and Settings\TOM\Application Data\Calendrier Xtra
2007-10-08 12:07 <REP> d-------- C:\Program Files\Fichiers communs\Vbox
2007-10-07 12:03 2,628,296 --a------ C:\Program Files\ccsetup201.exe
2007-10-07 11:24 304,160 --a------ C:\StiImg.dat
2007-10-07 10:24 20,480 --a--c--- C:\WINDOWS\system32\dllcache\usbuhci.sys
2007-10-03 10:36 <REP> d-------- C:\Program Files\Sonic Foundry Setup
2007-10-01 16:37 63,804 --a------ C:\WINDOWS\system32\nvapps.xml
2007-10-01 16:36 <REP> d-------- C:\WINDOWS\nview
2007-10-01 15:24 <REP> d-------- C:\WINDOWS\system32\Data
2007-10-01 15:22 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-01 15:22 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-10-01 15:22 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-10-01 15:22 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 12:01 --------- d-----w C:\Program Files\RegClean
2007-11-30 11:39 1,037,879 ----a-w C:\WINDOWS\explorer.exe
2007-11-30 01:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-23 07:59 --------- d-----w C:\Documents and Settings\TOM\Application Data\OpenOffice.org2
2007-11-06 15:49 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2007-11-05 19:12 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-11-05 19:12 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2007-10-13 09:33 --------- d-----w C:\Documents and Settings\TOM\Application Data\dvdcss
2007-10-12 15:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-10 09:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-09 21:33 32 ----a-w C:\Program Files\log.txt
2007-10-07 11:10 --------- d-----w C:\Program Files\Google
2007-10-07 11:07 --------- d-----w C:\Program Files\WinISO
2007-09-22 14:11 48,237,752 ----a-w C:\SetupDroppixRecorder2(2).exe
2007-07-01 14:07 12,759,940 ----a-w C:\Program Files\cnx11_fr.exe
2007-06-30 15:26 12,413,440 ------w C:\Program Files\avgas-setup-7.5.1.43.exe
.
((((((((((((((((((((((((((((( snapshot@2007-11-30_17.14.55.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 17:03:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_71c.dat
+ 2007-11-30 17:04:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_ccc.dat
- 2007-11-30 16:14:34 40,960 ----a-w C:\WINDOWS\Temp\rtdrvmon.exe
+ 2007-11-30 17:04:11 40,960 ----a-w C:\WINDOWS\Temp\rtdrvmon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 15:58]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2004-06-25 09:21]
"Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe" [2007-10-03 16:22]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"JeticoPFStartup"="C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 06:22]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 15:55]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 10:44 C:\WINDOWS\RTHDCPL.exe]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 14:21]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-06-01 10:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-03-28 14:21 57344 --a------ C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-30 15:58 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S1 bcbus;BestCrypt bus driver;C:\WINDOWS\system32\DRIVERS\bcbus.sys
S3 DPFilter;USB Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DPFilter.sys
S3 Droppix Service;Droppix Service;"C:\Program Files\Fichiers communs\Droppix\DxService.exe"
S3 KBNTXP;Standard PS/2 Multi-Keyboard Filter Driver for WinXp;C:\WINDOWS\system32\DRIVERS\KBNTXP.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 18:04:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-30 18:05:04 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-30 17:15
.
--- E O F ---
ComboFix 07-11-19.4C - TOM 2007-11-30 17:53:49.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.517 [GMT 1:00]
Running from: C:\Documents and Settings\TOM\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\TOM\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\crehcjid.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Igefrkdb
C:\Program Files\zsfizsji
C:\Program Files\zsfizsji\huhqlmds.dll
C:\VundoFix Backups
C:\WINDOWS\system32\crehcjid.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))))))))
.
2007-11-30 14:07 <REP> d-------- C:\Program Files\Sonic Foundry
2007-11-30 13:47 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-30 13:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-30 12:37 <REP> d-------- C:\WINDOWS\system32\skjlrsjp
2007-11-20 23:08 <REP> dr------- C:\Documents and Settings\Mes documents\Mes vid‚os
2007-11-17 18:00 <REP> d-------- C:\Documents and Settings\TOM\Application Data\Media Player Classic
2007-11-17 17:34 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-11-17 17:34 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2007-11-17 17:34 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2007-11-17 17:12 <REP> d-------- C:\Program Files\Okoker All Video Splitter
2007-11-09 21:36 <REP> d-------- C:\Documents and Settings\Mes documents\essai21
2007-11-09 13:02 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
2007-11-07 17:38 <REP> d-------- C:\Program Files\Transcribe
2007-10-30 18:22 <REP> d-------- C:\Documents and Settings\Mes documents\Ang‚lique
2007-10-26 13:11 <REP> d-------- C:\Program Files\Everest Poker
2007-10-23 12:23 <REP> d-------- C:\Documents and Settings\Mes documents\tt
2007-10-23 12:15 <REP> d-------- C:\Documents and Settings\Mes documents\test
2007-10-23 12:11 <REP> d-------- C:\Program Files\Tracktion 3
2007-10-23 12:11 <REP> d-------- C:\Documents and Settings\TOM\Application Data\Tracktion 3
2007-10-23 11:58 <REP> d-------- C:\Documents and Settings\Mes documents\toto
2007-10-23 11:40 <REP> d-------- C:\Documents and Settings\Mes documents\essai 2
2007-10-23 11:28 <REP> d-------- C:\Documents and Settings\Mes documents\essai1
2007-10-23 11:19 <REP> d-------- C:\Documents and Settings\Mes documents\essai
2007-10-23 11:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Tracktion 3
2007-10-22 09:34 <REP> d-------- C:\Program Files\Skype
2007-10-22 09:34 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-10-22 09:34 <REP> d-------- C:\Documents and Settings\TOM\Application Data\Skype
2007-10-22 09:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-22 09:23 23,876,904 --a------ C:\SkypeSetup.exe
2007-10-16 18:50 <REP> d-------- C:\Documents and Settings\Mes documents\AdobeStockPhotos
2007-10-15 21:00 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-13 09:58 <REP> d-------- C:\Documents and Settings\TOM\Application Data\NetMedia Providers
2007-10-13 09:58 <REP> d-------- C:\Documents and Settings\Mes documents\Sony ACID Pro 6.0 Projects
2007-10-13 09:56 <REP> d-------- C:\Program Files\Vstplugins
2007-10-13 09:55 <REP> d-------- C:\Program Files\Sony
2007-10-13 09:55 <REP> d-------- C:\Documents and Settings\Mes documents\Sony
2007-10-10 10:17 <REP> d-------- C:\Documents and Settings\Mes documents\Updater
2007-10-10 10:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-10-10 10:14 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-10-09 22:26 <REP> d-------- C:\Program Files\Calendrier
2007-10-09 22:26 <REP> d-------- C:\Documents and Settings\TOM\Application Data\Calendrier Xtra
2007-10-08 12:07 <REP> d-------- C:\Program Files\Fichiers communs\Vbox
2007-10-07 12:03 2,628,296 --a------ C:\Program Files\ccsetup201.exe
2007-10-07 11:24 304,160 --a------ C:\StiImg.dat
2007-10-07 10:24 20,480 --a--c--- C:\WINDOWS\system32\dllcache\usbuhci.sys
2007-10-03 10:36 <REP> d-------- C:\Program Files\Sonic Foundry Setup
2007-10-01 16:37 63,804 --a------ C:\WINDOWS\system32\nvapps.xml
2007-10-01 16:36 <REP> d-------- C:\WINDOWS\nview
2007-10-01 15:24 <REP> d-------- C:\WINDOWS\system32\Data
2007-10-01 15:22 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-01 15:22 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-10-01 15:22 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-10-01 15:22 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 12:01 --------- d-----w C:\Program Files\RegClean
2007-11-30 11:39 1,037,879 ----a-w C:\WINDOWS\explorer.exe
2007-11-30 01:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-23 07:59 --------- d-----w C:\Documents and Settings\TOM\Application Data\OpenOffice.org2
2007-11-06 15:49 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2007-11-05 19:12 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-11-05 19:12 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2007-10-13 09:33 --------- d-----w C:\Documents and Settings\TOM\Application Data\dvdcss
2007-10-12 15:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-10 09:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-09 21:33 32 ----a-w C:\Program Files\log.txt
2007-10-07 11:10 --------- d-----w C:\Program Files\Google
2007-10-07 11:07 --------- d-----w C:\Program Files\WinISO
2007-09-22 14:11 48,237,752 ----a-w C:\SetupDroppixRecorder2(2).exe
2007-07-01 14:07 12,759,940 ----a-w C:\Program Files\cnx11_fr.exe
2007-06-30 15:26 12,413,440 ------w C:\Program Files\avgas-setup-7.5.1.43.exe
.
((((((((((((((((((((((((((((( snapshot@2007-11-30_17.14.55.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 17:03:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_71c.dat
+ 2007-11-30 17:04:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_ccc.dat
- 2007-11-30 16:14:34 40,960 ----a-w C:\WINDOWS\Temp\rtdrvmon.exe
+ 2007-11-30 17:04:11 40,960 ----a-w C:\WINDOWS\Temp\rtdrvmon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 15:58]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2004-06-25 09:21]
"Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe" [2007-10-03 16:22]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"JeticoPFStartup"="C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 06:22]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 15:55]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 10:44 C:\WINDOWS\RTHDCPL.exe]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 14:21]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-06-01 10:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-03-28 14:21 57344 --a------ C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-30 15:58 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S1 bcbus;BestCrypt bus driver;C:\WINDOWS\system32\DRIVERS\bcbus.sys
S3 DPFilter;USB Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DPFilter.sys
S3 Droppix Service;Droppix Service;"C:\Program Files\Fichiers communs\Droppix\DxService.exe"
S3 KBNTXP;Standard PS/2 Multi-Keyboard Filter Driver for WinXp;C:\WINDOWS\system32\DRIVERS\KBNTXP.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 18:04:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-30 18:05:04 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-30 17:15
.
--- E O F ---
J'avais oublié le rapport Kojak this!!!!
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:07:25, on 30/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Calendrier\Cld2000.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TOM\Bureau\NETTOYAGE\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Droppix Service - Unknown owner - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:07:25, on 30/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Calendrier\Cld2000.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TOM\Bureau\NETTOYAGE\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Droppix Service - Unknown owner - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
