Infection!! Trojan-Spy.Win32.VBStat.h
Dernière réponse : dans Sécurité
Bonjour a tous,
Depuis quelques temps je suis infécté par un virus nommé Trojan-Spy.Win32.VBStat.h
Mon antivirus Kparsky me rappelle son infection à chaque démarage et depuis que je suis infécté des fenetres internet s'ouvrent toutes seules et mon pc est lent.
J'ai lu des marches à suivre pour se désinfecter de ce virus mais j'imagine que cette marche a suivre est differente pour chaque pc.
Ece que quelqu'un pourrait s'occuper de moi svp?
Je suis assez bon en informatique
Depuis quelques temps je suis infécté par un virus nommé Trojan-Spy.Win32.VBStat.h
Mon antivirus Kparsky me rappelle son infection à chaque démarage et depuis que je suis infécté des fenetres internet s'ouvrent toutes seules et mon pc est lent.
J'ai lu des marches à suivre pour se désinfecter de ce virus mais j'imagine que cette marche a suivre est differente pour chaque pc.
Ece que quelqu'un pourrait s'occuper de moi svp?
Je suis assez bon en informatique
Autres pages sur : infection trojan spy win32 vbstat
Lassé par la pub ? Créez un compte
Bonjour,
Quel est l'emplacement du fichier ?
Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.
Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :
-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse
AIDE : Tuto en vidéo sur Hijackthis
Quel est l'emplacement du fichier ?
Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.
Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :
-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse
AIDE : Tuto en vidéo sur Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 03:32:33, on 10/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Stardock\SDMCP.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
D:\Documents and Settings\NiCoRaZoN.NICO\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vente-privee.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [kav] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "D:\WINDOWS\system32\wwkretbi.dll",realset
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://D:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AD033C-D1EF-4CD3-8111-047399C6E79C}: NameServer = 212.27.32.177,213.228.0.212
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbt_device - Dell - D:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Scan saved at 03:32:33, on 10/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Stardock\SDMCP.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
D:\Documents and Settings\NiCoRaZoN.NICO\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vente-privee.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [kav] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "D:\WINDOWS\system32\wwkretbi.dll",realset
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://D:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AD033C-D1EF-4CD3-8111-047399C6E79C}: NameServer = 212.27.32.177,213.228.0.212
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbt_device - Dell - D:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Désolé, mais j'ai le droit d'avoir une vie ?
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
VundoFix V6.5.0
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 10:03:32 11/06/2007
Listing files found while scanning....
D:\windows\system32\aberedfo.dll
D:\windows\system32\ahhrqskf.dll
D:\windows\system32\cjpwfocm.dll
D:\windows\system32\dabljylp.ini
D:\WINDOWS\system32\ddccyvt.dll
D:\WINDOWS\system32\ddqhgfit.dll
D:\windows\system32\dnftunab.exe
D:\WINDOWS\system32\egvburtm.dll
D:\windows\system32\elrrndpw.dll
D:\windows\system32\fhtttjvh.exe
D:\windows\system32\ilwtmjdb.exe
D:\windows\system32\j2261131.dll
D:\windows\system32\jhgthoca.dll
D:\windows\system32\khkeadro.ini
D:\windows\system32\lmnmp.bak1
D:\windows\system32\lmnmp.bak2
D:\windows\system32\lmnmp.ini
D:\windows\system32\lmnmp.ini2
D:\windows\system32\lmnmp.tmp
D:\windows\system32\lxbmatnu.exe
D:\windows\system32\mcofwpjc.ini
D:\windows\system32\mcofwpjc.ini2
D:\windows\system32\nskyjaue.dll
D:\windows\system32\oohinqcd.exe
D:\windows\system32\ordaekhk.dll
D:\windows\system32\pfxhphkj.exe
D:\windows\system32\plyjlbad.dll
D:\WINDOWS\system32\pmnml.dll
D:\windows\system32\qjqasphu.dll
D:\windows\system32\smxoriwc.dll
D:\windows\system32\tuxbedjb.dll
D:\windows\system32\uncsikko.dll
D:\windows\system32\vmpgllbh.exe
D:\windows\system32\whwqtxlf.exe
D:\windows\system32\wvhltggw.exe
D:\WINDOWS\system32\wwkretbi.dll
D:\windows\system32\xufldisn.dll
Beginning removal...
Attempting to delete D:\windows\system32\aberedfo.dll
D:\windows\system32\aberedfo.dll Has been deleted!
Attempting to delete D:\windows\system32\ahhrqskf.dll
D:\windows\system32\ahhrqskf.dll Has been deleted!
Attempting to delete D:\windows\system32\cjpwfocm.dll
D:\windows\system32\cjpwfocm.dll Has been deleted!
Attempting to delete D:\windows\system32\dabljylp.ini
D:\windows\system32\dabljylp.ini Has been deleted!
Attempting to delete D:\WINDOWS\system32\ddccyvt.dll
D:\WINDOWS\system32\ddccyvt.dll Has been deleted!
Attempting to delete D:\WINDOWS\system32\ddqhgfit.dll
D:\WINDOWS\system32\ddqhgfit.dll Has been deleted!
Attempting to delete D:\windows\system32\dnftunab.exe
D:\windows\system32\dnftunab.exe Has been deleted!
Attempting to delete D:\WINDOWS\system32\egvburtm.dll
D:\WINDOWS\system32\egvburtm.dll Has been deleted!
Attempting to delete D:\windows\system32\elrrndpw.dll
D:\windows\system32\elrrndpw.dll Has been deleted!
Attempting to delete D:\windows\system32\fhtttjvh.exe
D:\windows\system32\fhtttjvh.exe Has been deleted!
Attempting to delete D:\windows\system32\ilwtmjdb.exe
D:\windows\system32\ilwtmjdb.exe Has been deleted!
Attempting to delete D:\windows\system32\j2261131.dll
D:\windows\system32\j2261131.dll Has been deleted!
Attempting to delete D:\windows\system32\jhgthoca.dll
D:\windows\system32\jhgthoca.dll Has been deleted!
Attempting to delete D:\windows\system32\khkeadro.ini
D:\windows\system32\khkeadro.ini Has been deleted!
Attempting to delete D:\windows\system32\lmnmp.bak1
D:\windows\system32\lmnmp.bak1 Has been deleted!
Attempting to delete D:\windows\system32\lmnmp.bak2
D:\windows\system32\lmnmp.bak2 Has been deleted!
Attempting to delete D:\windows\system32\lmnmp.ini
D:\windows\system32\lmnmp.ini Has been deleted!
Attempting to delete D:\windows\system32\lmnmp.ini2
D:\windows\system32\lmnmp.ini2 Has been deleted!
Attempting to delete D:\windows\system32\lmnmp.tmp
D:\windows\system32\lmnmp.tmp Has been deleted!
Attempting to delete D:\windows\system32\lxbmatnu.exe
D:\windows\system32\lxbmatnu.exe Has been deleted!
Attempting to delete D:\windows\system32\mcofwpjc.ini
D:\windows\system32\mcofwpjc.ini Has been deleted!
Attempting to delete D:\windows\system32\mcofwpjc.ini2
D:\windows\system32\mcofwpjc.ini2 Has been deleted!
Attempting to delete D:\windows\system32\nskyjaue.dll
D:\windows\system32\nskyjaue.dll Has been deleted!
Attempting to delete D:\windows\system32\oohinqcd.exe
D:\windows\system32\oohinqcd.exe Has been deleted!
Attempting to delete D:\windows\system32\ordaekhk.dll
D:\windows\system32\ordaekhk.dll Has been deleted!
Attempting to delete D:\windows\system32\pfxhphkj.exe
D:\windows\system32\pfxhphkj.exe Has been deleted!
Attempting to delete D:\windows\system32\plyjlbad.dll
D:\windows\system32\plyjlbad.dll Has been deleted!
Attempting to delete D:\WINDOWS\system32\pmnml.dll
D:\WINDOWS\system32\pmnml.dll Has been deleted!
Attempting to delete D:\windows\system32\qjqasphu.dll
D:\windows\system32\qjqasphu.dll Has been deleted!
Attempting to delete D:\windows\system32\smxoriwc.dll
D:\windows\system32\smxoriwc.dll Has been deleted!
Attempting to delete D:\windows\system32\tuxbedjb.dll
D:\windows\system32\tuxbedjb.dll Has been deleted!
Attempting to delete D:\windows\system32\uncsikko.dll
D:\windows\system32\uncsikko.dll Has been deleted!
Attempting to delete D:\windows\system32\vmpgllbh.exe
D:\windows\system32\vmpgllbh.exe Has been deleted!
Attempting to delete D:\windows\system32\whwqtxlf.exe
D:\windows\system32\whwqtxlf.exe Has been deleted!
Attempting to delete D:\windows\system32\wvhltggw.exe
D:\windows\system32\wvhltggw.exe Has been deleted!
Attempting to delete D:\windows\system32\xufldisn.dll
D:\windows\system32\xufldisn.dll Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 10:10:09, on 11/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Soft4Ever\looknstop\looknstop.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
D:\Documents and Settings\NiCoRaZoN.NICO\Bureau\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {79DD5A9F-AC43-4B4A-A356-2FC54F1C6559} - D:\WINDOWS\system32\nskyjaue.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - D:\WINDOWS\system32\nbcnfadk.dll
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - D:\WINDOWS\system32\tuxbedjb.dll (file missing)
O2 - BHO: (no name) - {EF9129C0-CA4B-4D68-9508-33F450270ED1} - D:\WINDOWS\system32\pmnml.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [kav] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [j2261131] rundll32 D:\WINDOWS\system32\j2261131.dll sook
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "D:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "D:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Look 'n' Stop] "D:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: E-Compagnon.lnk = D:\Program Files\ColiPoste\e-COMO\e-COMO.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://D:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AD033C-D1EF-4CD3-8111-047399C6E79C}: NameServer = 212.27.32.177,213.228.0.212
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbt_device - Dell - D:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
Scan saved at 10:10:09, on 11/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Soft4Ever\looknstop\looknstop.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
D:\Documents and Settings\NiCoRaZoN.NICO\Bureau\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {79DD5A9F-AC43-4B4A-A356-2FC54F1C6559} - D:\WINDOWS\system32\nskyjaue.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - D:\WINDOWS\system32\nbcnfadk.dll
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - D:\WINDOWS\system32\tuxbedjb.dll (file missing)
O2 - BHO: (no name) - {EF9129C0-CA4B-4D68-9508-33F450270ED1} - D:\WINDOWS\system32\pmnml.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [kav] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [j2261131] rundll32 D:\WINDOWS\system32\j2261131.dll sook
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "D:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "D:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Look 'n' Stop] "D:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: E-Compagnon.lnk = D:\Program Files\ColiPoste\e-COMO\e-COMO.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://D:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AD033C-D1EF-4CD3-8111-047399C6E79C}: NameServer = 212.27.32.177,213.228.0.212
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbt_device - Dell - D:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
Re,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
ComboFix 07-06-11.3 - D:\Documents and Settings\NiCoRaZoN.NICO\Bureau\ComboFix.exe
"NiCoRaZoN" - 2007-06-11 22:19:43 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
D:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00001.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NM
-------\LEGACY_NPF
-------\nm
((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))
2007-06-11 22:19 49,152 --a------ D:\WINDOWS\nircmd.exe
2007-06-11 10:03 <REP> d-------- D:\VundoFix Backups
2007-06-10 15:52 55,316 --a------ D:\WINDOWS\system32\nbcnfadk.dll
2007-06-10 15:48 77,184 --a------ D:\WINDOWS\system32\drivers\lnsfw1.sys
2007-06-10 15:48 45,824 --a------ D:\WINDOWS\system32\drivers\lnsfw.sys
2007-06-10 15:48 36,924 --a------ D:\WINDOWS\system32\fwapi.dll
2007-06-10 15:48 <REP> d-------- D:\Program Files\Soft4Ever
2007-06-10 13:54 <REP> d-------- D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Styler
2007-06-10 13:38 <REP> d-------- D:\Program Files\UxTheme Multipatcher Fr
2007-06-10 13:19 <REP> d-------- D:\Program Files\IVCsoft
2007-06-10 13:19 <REP> d-------- D:\Program Files\BitComet
2007-06-10 13:16 <REP> d-------- D:\Program Files\CCleaner
2007-06-10 03:35 <REP> d-------- D:\Program Files\PKR
2007-06-07 15:44 4,212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2007-06-07 15:33 <REP> d-------- D:\WINDOWS\Internet Logs
2007-06-07 09:35 55,316 --a------ D:\WINDOWS\system32\cgfxhjye.dll
2007-06-06 20:30 <REP> d-------- D:\Program Files\Windows Live
2007-06-06 15:57 <REP> d-------- D:\Program Files\Fichiers communs\TI Shared
2007-06-06 15:54 <REP> d-------- D:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-04 12:20 <REP> d-------- D:\Program Files\Lavasoft
2007-06-04 12:20 <REP> d-------- D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Lavasoft
2007-06-03 09:05 <REP> d-------- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-05-31 12:16 68,888 --a------ D:\WINDOWS\system32\xinput1_3.dll
2007-05-31 12:16 62,744 --a------ D:\WINDOWS\system32\xinput1_2.dll
2007-05-31 12:16 3,426,072 --a------ D:\WINDOWS\system32\d3dx9_32.dll
2007-05-31 12:16 255,848 --a------ D:\WINDOWS\system32\xactengine2_6.dll
2007-05-31 12:16 251,672 --a------ D:\WINDOWS\system32\xactengine2_5.dll
2007-05-31 12:16 237,848 --a------ D:\WINDOWS\system32\xactengine2_4.dll
2007-05-31 12:16 236,824 --a------ D:\WINDOWS\system32\xactengine2_3.dll
2007-05-31 12:16 2,414,360 --a------ D:\WINDOWS\system32\d3dx9_31.dll
2007-05-31 12:16 15,128 --a------ D:\WINDOWS\system32\x3daudio1_1.dll
2007-05-28 21:31 2,708 --a------ D:\WINDOWS\system32\ealregsnapshot1.reg
2007-05-28 21:23 438,272 --a------ D:\WINDOWS\system32\vp6vfw.dll
2007-05-28 21:23 118,832 --a------ D:\WINDOWS\system32\SHW32.DLL
2007-05-27 15:40 <REP> d-------- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Zylom
2007-05-26 12:42 <REP> d-------- D:\Program Files\MSBuild
2007-05-26 12:32 <REP> d-------- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help
2007-05-26 12:30 <REP> dr-h----- D:\MSOCache
2007-05-25 16:04 49,536 --a------ D:\WINDOWS\system32\drivers\tiehdusb.sys
2007-05-25 16:04 21,456 --a------ D:\WINDOWS\system32\drivers\SilvrLnk.sys
2007-05-25 15:53 9,152 --a------ D:\WINDOWS\system32\drivers\Ticalc.sys
2007-05-25 15:53 <REP> d-------- D:\Program Files\TI Education
2007-05-25 15:38 299,520 --a------ D:\WINDOWS\uninst.exe
2007-05-25 12:55 <REP> d-------- D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Real
2007-05-25 12:52 <REP> d-------- D:\Program Files\Real
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-11 20:22:43 -------- d-----w D:\Program Files\eChanblard
2007-06-10 18:46:03 -------- d-----w D:\Program Files\EA SPORTS
2007-06-10 18:36:32 163,644 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys
2007-06-10 16:57:48 -------- d-----w D:\Program Files\MSN Messenger
2007-06-10 12:30:27 2,560 ----a-w D:\WINDOWS\system32\BitCometRes.dll
2007-06-10 11:47:26 -------- d-----w D:\Program Files\Movie Maker
2007-06-07 14:07:10 63,614 ----a-w D:\WINDOWS\system32\perfc00C.dat
2007-06-07 14:07:10 445,016 ----a-w D:\WINDOWS\system32\perfh00C.dat
2007-06-06 21:06:52 -------- d-----w D:\Program Files\Everest Poker.net
2007-06-06 18:30:17 -------- d-----w D:\Program Files\Messenger Plus! Live
2007-06-02 19:36:39 -------- d-----w D:\Program Files\Winamp
2007-06-01 20:35:37 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-05-27 10:30:27 737,280 ----a-w D:\WINDOWS\iun6002.exe
2007-05-25 10:57:45 -------- d-----w D:\Program Files\Fichiers communs\Real
2007-04-29 20:10:45 -------- d-----w D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Ahead
2007-04-29 16:57:16 -------- d-----w D:\Program Files\WinAVI Video Converter
2007-04-29 16:55:19 -------- d-----w D:\Program Files\Nero
2007-04-19 11:13:48 -------- d-----w D:\Program Files\MSXML 4.0
2007-04-18 23:13:31 71 ---h--w D:\WINDOWS\dsez5019.dat
2007-04-18 16:14:18 2,854,400 ----a-w D:\WINDOWS\system32\msi.dll
2007-04-18 15:45:55 -------- d-----w D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\ScanSoft
2007-04-18 15:36:15 -------- d-----w D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Zeon
2007-04-18 15:33:22 -------- d-----w D:\Program Files\Fichiers communs\ScanSoft Shared
2007-04-18 15:33:21 -------- d-----w D:\Program Files\ScanSoft
2007-04-18 15:33:21 -------- d-----w D:\Program Files\Fichiers communs\InstallShield
2007-04-13 08:31:12 -------- d-----w D:\Program Files\Fichiers communs\Stardock
2007-04-05 22:08:52 219,648 ----a-w D:\WINDOWS\system32\uxtheme.dll
2007-03-17 13:44:47 293,376 ----a-w D:\WINDOWS\system32\winsrv.dll
2005-07-14 19:31:20 27,648 --sha-w D:\WINDOWS\system32\AVSredirect.dll
2005-06-26 22:32:28 616,448 --sha-r D:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37:42 45,568 --sha-r D:\WINDOWS\system32\cygz.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=D:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll [2007-05-18 20:17]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{79DD5A9F-AC43-4B4A-A356-2FC54F1C6559}=D:\WINDOWS\system32\nskyjaue.dll []
{EF9129C0-CA4B-4D68-9508-33F450270ED1}=D:\WINDOWS\system32\pmnml.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Cmaudio"="cmicnfg.cpl" []
"type32"="D:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51]
"ISUSPM Startup"="D:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41]
"SSBkgdUpdate"="D:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14]
"ISUSScheduler"="D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07]
"TkBellExe"="D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-25 12:56]
"PDF4 Registry Controller"="D:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe" [2006-08-22 19:09]
"NeroFilterCheck"="D:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"Dell Photo AIO Printer 922"="D:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 09:45]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Look 'n' Stop"="D:\Program Files\Soft4Ever\looknstop\looknstop.exe" [2007-06-10 15:48]
"kav"="D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 20:09]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" []
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-11 22:25:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-11 22:27:35 - machine was rebooted
D:\ComboFix-quarantined-files.txt ... 2007-06-11 22:27
--- E O F ---
"NiCoRaZoN" - 2007-06-11 22:19:43 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
D:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00001.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NM
-------\LEGACY_NPF
-------\nm
((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))
2007-06-11 22:19 49,152 --a------ D:\WINDOWS\nircmd.exe
2007-06-11 10:03 <REP> d-------- D:\VundoFix Backups
2007-06-10 15:52 55,316 --a------ D:\WINDOWS\system32\nbcnfadk.dll
2007-06-10 15:48 77,184 --a------ D:\WINDOWS\system32\drivers\lnsfw1.sys
2007-06-10 15:48 45,824 --a------ D:\WINDOWS\system32\drivers\lnsfw.sys
2007-06-10 15:48 36,924 --a------ D:\WINDOWS\system32\fwapi.dll
2007-06-10 15:48 <REP> d-------- D:\Program Files\Soft4Ever
2007-06-10 13:54 <REP> d-------- D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Styler
2007-06-10 13:38 <REP> d-------- D:\Program Files\UxTheme Multipatcher Fr
2007-06-10 13:19 <REP> d-------- D:\Program Files\IVCsoft
2007-06-10 13:19 <REP> d-------- D:\Program Files\BitComet
2007-06-10 13:16 <REP> d-------- D:\Program Files\CCleaner
2007-06-10 03:35 <REP> d-------- D:\Program Files\PKR
2007-06-07 15:44 4,212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2007-06-07 15:33 <REP> d-------- D:\WINDOWS\Internet Logs
2007-06-07 09:35 55,316 --a------ D:\WINDOWS\system32\cgfxhjye.dll
2007-06-06 20:30 <REP> d-------- D:\Program Files\Windows Live
2007-06-06 15:57 <REP> d-------- D:\Program Files\Fichiers communs\TI Shared
2007-06-06 15:54 <REP> d-------- D:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-04 12:20 <REP> d-------- D:\Program Files\Lavasoft
2007-06-04 12:20 <REP> d-------- D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Lavasoft
2007-06-03 09:05 <REP> d-------- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-05-31 12:16 68,888 --a------ D:\WINDOWS\system32\xinput1_3.dll
2007-05-31 12:16 62,744 --a------ D:\WINDOWS\system32\xinput1_2.dll
2007-05-31 12:16 3,426,072 --a------ D:\WINDOWS\system32\d3dx9_32.dll
2007-05-31 12:16 255,848 --a------ D:\WINDOWS\system32\xactengine2_6.dll
2007-05-31 12:16 251,672 --a------ D:\WINDOWS\system32\xactengine2_5.dll
2007-05-31 12:16 237,848 --a------ D:\WINDOWS\system32\xactengine2_4.dll
2007-05-31 12:16 236,824 --a------ D:\WINDOWS\system32\xactengine2_3.dll
2007-05-31 12:16 2,414,360 --a------ D:\WINDOWS\system32\d3dx9_31.dll
2007-05-31 12:16 15,128 --a------ D:\WINDOWS\system32\x3daudio1_1.dll
2007-05-28 21:31 2,708 --a------ D:\WINDOWS\system32\ealregsnapshot1.reg
2007-05-28 21:23 438,272 --a------ D:\WINDOWS\system32\vp6vfw.dll
2007-05-28 21:23 118,832 --a------ D:\WINDOWS\system32\SHW32.DLL
2007-05-27 15:40 <REP> d-------- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Zylom
2007-05-26 12:42 <REP> d-------- D:\Program Files\MSBuild
2007-05-26 12:32 <REP> d-------- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help
2007-05-26 12:30 <REP> dr-h----- D:\MSOCache
2007-05-25 16:04 49,536 --a------ D:\WINDOWS\system32\drivers\tiehdusb.sys
2007-05-25 16:04 21,456 --a------ D:\WINDOWS\system32\drivers\SilvrLnk.sys
2007-05-25 15:53 9,152 --a------ D:\WINDOWS\system32\drivers\Ticalc.sys
2007-05-25 15:53 <REP> d-------- D:\Program Files\TI Education
2007-05-25 15:38 299,520 --a------ D:\WINDOWS\uninst.exe
2007-05-25 12:55 <REP> d-------- D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Real
2007-05-25 12:52 <REP> d-------- D:\Program Files\Real
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-11 20:22:43 -------- d-----w D:\Program Files\eChanblard
2007-06-10 18:46:03 -------- d-----w D:\Program Files\EA SPORTS
2007-06-10 18:36:32 163,644 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys
2007-06-10 16:57:48 -------- d-----w D:\Program Files\MSN Messenger
2007-06-10 12:30:27 2,560 ----a-w D:\WINDOWS\system32\BitCometRes.dll
2007-06-10 11:47:26 -------- d-----w D:\Program Files\Movie Maker
2007-06-07 14:07:10 63,614 ----a-w D:\WINDOWS\system32\perfc00C.dat
2007-06-07 14:07:10 445,016 ----a-w D:\WINDOWS\system32\perfh00C.dat
2007-06-06 21:06:52 -------- d-----w D:\Program Files\Everest Poker.net
2007-06-06 18:30:17 -------- d-----w D:\Program Files\Messenger Plus! Live
2007-06-02 19:36:39 -------- d-----w D:\Program Files\Winamp
2007-06-01 20:35:37 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-05-27 10:30:27 737,280 ----a-w D:\WINDOWS\iun6002.exe
2007-05-25 10:57:45 -------- d-----w D:\Program Files\Fichiers communs\Real
2007-04-29 20:10:45 -------- d-----w D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Ahead
2007-04-29 16:57:16 -------- d-----w D:\Program Files\WinAVI Video Converter
2007-04-29 16:55:19 -------- d-----w D:\Program Files\Nero
2007-04-19 11:13:48 -------- d-----w D:\Program Files\MSXML 4.0
2007-04-18 23:13:31 71 ---h--w D:\WINDOWS\dsez5019.dat
2007-04-18 16:14:18 2,854,400 ----a-w D:\WINDOWS\system32\msi.dll
2007-04-18 15:45:55 -------- d-----w D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\ScanSoft
2007-04-18 15:36:15 -------- d-----w D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Zeon
2007-04-18 15:33:22 -------- d-----w D:\Program Files\Fichiers communs\ScanSoft Shared
2007-04-18 15:33:21 -------- d-----w D:\Program Files\ScanSoft
2007-04-18 15:33:21 -------- d-----w D:\Program Files\Fichiers communs\InstallShield
2007-04-13 08:31:12 -------- d-----w D:\Program Files\Fichiers communs\Stardock
2007-04-05 22:08:52 219,648 ----a-w D:\WINDOWS\system32\uxtheme.dll
2007-03-17 13:44:47 293,376 ----a-w D:\WINDOWS\system32\winsrv.dll
2005-07-14 19:31:20 27,648 --sha-w D:\WINDOWS\system32\AVSredirect.dll
2005-06-26 22:32:28 616,448 --sha-r D:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37:42 45,568 --sha-r D:\WINDOWS\system32\cygz.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=D:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll [2007-05-18 20:17]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{79DD5A9F-AC43-4B4A-A356-2FC54F1C6559}=D:\WINDOWS\system32\nskyjaue.dll []
{EF9129C0-CA4B-4D68-9508-33F450270ED1}=D:\WINDOWS\system32\pmnml.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Cmaudio"="cmicnfg.cpl" []
"type32"="D:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51]
"ISUSPM Startup"="D:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41]
"SSBkgdUpdate"="D:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14]
"ISUSScheduler"="D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07]
"TkBellExe"="D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-25 12:56]
"PDF4 Registry Controller"="D:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe" [2006-08-22 19:09]
"NeroFilterCheck"="D:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"Dell Photo AIO Printer 922"="D:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 09:45]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Look 'n' Stop"="D:\Program Files\Soft4Ever\looknstop\looknstop.exe" [2007-06-10 15:48]
"kav"="D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 20:09]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" []
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-11 22:25:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-11 22:27:35 - machine was rebooted
D:\ComboFix-quarantined-files.txt ... 2007-06-11 22:27
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 22:41:22, on 11/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\eChanblard\emule.exe
D:\Program Files\Soft4Ever\looknstop\looknstop.exe
D:\Documents and Settings\NiCoRaZoN.NICO\Bureau\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {79DD5A9F-AC43-4B4A-A356-2FC54F1C6559} - D:\WINDOWS\system32\nskyjaue.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {EF9129C0-CA4B-4D68-9508-33F450270ED1} - D:\WINDOWS\system32\pmnml.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "D:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "D:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Look 'n' Stop] "D:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: E-Compagnon.lnk = D:\Program Files\ColiPoste\e-COMO\e-COMO.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://D:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AD033C-D1EF-4CD3-8111-047399C6E79C}: NameServer = 212.27.32.177,213.228.0.212
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbt_device - Dell - D:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
Scan saved at 22:41:22, on 11/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\eChanblard\emule.exe
D:\Program Files\Soft4Ever\looknstop\looknstop.exe
D:\Documents and Settings\NiCoRaZoN.NICO\Bureau\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {79DD5A9F-AC43-4B4A-A356-2FC54F1C6559} - D:\WINDOWS\system32\nskyjaue.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {EF9129C0-CA4B-4D68-9508-33F450270ED1} - D:\WINDOWS\system32\pmnml.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "D:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "D:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Look 'n' Stop] "D:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: E-Compagnon.lnk = D:\Program Files\ColiPoste\e-COMO\e-COMO.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://D:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AD033C-D1EF-4CD3-8111-047399C6E79C}: NameServer = 212.27.32.177,213.228.0.212
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbt_device - Dell - D:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
Re,
Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES
O2 - BHO: (no name) - {79DD5A9F-AC43-4B4A-A356-2FC54F1C6559} - D:\WINDOWS\system32\nskyjaue.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {EF9129C0-CA4B-4D68-9508-33F450270ED1} - D:\WINDOWS\system32\pmnml.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
Refais un scan Combofix.
Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES
O2 - BHO: (no name) - {79DD5A9F-AC43-4B4A-A356-2FC54F1C6559} - D:\WINDOWS\system32\nskyjaue.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {EF9129C0-CA4B-4D68-9508-33F450270ED1} - D:\WINDOWS\system32\pmnml.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
Refais un scan Combofix.
ComboFix 07-06-11.3 - D:\Documents and Settings\NiCoRaZoN.NICO\Bureau\ComboFix.exe
"NiCoRaZoN" - 2007-06-12 12:23:57 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-05-12 to 2007-06-12 )))))))))))))))))))))))))))))))
2007-06-11 22:19 49,152 --a------ D:\WINDOWS\nircmd.exe
2007-06-11 10:03 <REP> d-------- D:\VundoFix Backups
2007-06-10 15:52 55,316 --a------ D:\WINDOWS\system32\nbcnfadk.dll
2007-06-10 15:48 77,184 --a------ D:\WINDOWS\system32\drivers\lnsfw1.sys
2007-06-10 15:48 45,824 --a------ D:\WINDOWS\system32\drivers\lnsfw.sys
2007-06-10 15:48 36,924 --a------ D:\WINDOWS\system32\fwapi.dll
2007-06-10 15:48 <REP> d-------- D:\Program Files\Soft4Ever
2007-06-10 13:54 <REP> d-------- D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Styler
2007-06-10 13:38 <REP> d-------- D:\Program Files\UxTheme Multipatcher Fr
2007-06-10 13:19 <REP> d-------- D:\Program Files\IVCsoft
2007-06-10 13:19 <REP> d-------- D:\Program Files\BitComet
2007-06-10 13:16 <REP> d-------- D:\Program Files\CCleaner
2007-06-10 03:35 <REP> d-------- D:\Program Files\PKR
2007-06-07 15:44 4,212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2007-06-07 15:33 <REP> d-------- D:\WINDOWS\Internet Logs
2007-06-07 09:35 55,316 --a------ D:\WINDOWS\system32\cgfxhjye.dll
2007-06-06 20:30 <REP> d-------- D:\Program Files\Windows Live
2007-06-06 15:57 <REP> d-------- D:\Program Files\Fichiers communs\TI Shared
2007-06-06 15:54 <REP> d-------- D:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-04 12:20 <REP> d-------- D:\Program Files\Lavasoft
2007-06-04 12:20 <REP> d-------- D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Lavasoft
2007-06-03 09:05 <REP> d-------- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-05-31 12:16 68,888 --a------ D:\WINDOWS\system32\xinput1_3.dll
2007-05-31 12:16 62,744 --a------ D:\WINDOWS\system32\xinput1_2.dll
2007-05-31 12:16 3,426,072 --a------ D:\WINDOWS\system32\d3dx9_32.dll
2007-05-31 12:16 255,848 --a------ D:\WINDOWS\system32\xactengine2_6.dll
2007-05-31 12:16 251,672 --a------ D:\WINDOWS\system32\xactengine2_5.dll
2007-05-31 12:16 237,848 --a------ D:\WINDOWS\system32\xactengine2_4.dll
2007-05-31 12:16 236,824 --a------ D:\WINDOWS\system32\xactengine2_3.dll
2007-05-31 12:16 2,414,360 --a------ D:\WINDOWS\system32\d3dx9_31.dll
2007-05-31 12:16 15,128 --a------ D:\WINDOWS\system32\x3daudio1_1.dll
2007-05-28 21:31 2,708 --a------ D:\WINDOWS\system32\ealregsnapshot1.reg
2007-05-28 21:23 438,272 --a------ D:\WINDOWS\system32\vp6vfw.dll
2007-05-28 21:23 118,832 --a------ D:\WINDOWS\system32\SHW32.DLL
2007-05-27 15:40 <REP> d-------- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Zylom
2007-05-26 12:42 <REP> d-------- D:\Program Files\MSBuild
2007-05-26 12:32 <REP> d-------- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help
2007-05-26 12:30 <REP> dr-h----- D:\MSOCache
2007-05-25 16:04 49,536 --a------ D:\WINDOWS\system32\drivers\tiehdusb.sys
2007-05-25 16:04 21,456 --a------ D:\WINDOWS\system32\drivers\SilvrLnk.sys
2007-05-25 15:53 9,152 --a------ D:\WINDOWS\system32\drivers\Ticalc.sys
2007-05-25 15:53 <REP> d-------- D:\Program Files\TI Education
2007-05-25 15:38 299,520 --a------ D:\WINDOWS\uninst.exe
2007-05-25 12:55 <REP> d-------- D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Real
2007-05-25 12:52 <REP> d-------- D:\Program Files\Real
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-12 09:59:29 -------- d-----w D:\Program Files\eChanblard
2007-06-11 20:26:49 -------- d-----w D:\Program Files\Kaspersky Lab
2007-06-10 18:46:03 -------- d-----w D:\Program Files\EA SPORTS
2007-06-10 18:36:32 163,644 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys
2007-06-10 16:57:48 -------- d-----w D:\Program Files\MSN Messenger
2007-06-10 12:30:27 2,560 ----a-w D:\WINDOWS\system32\BitCometRes.dll
2007-06-10 11:47:26 -------- d-----w D:\Program Files\Movie Maker
2007-06-07 14:07:10 63,614 ----a-w D:\WINDOWS\system32\perfc00C.dat
2007-06-07 14:07:10 445,016 ----a-w D:\WINDOWS\system32\perfh00C.dat
2007-06-06 21:06:52 -------- d-----w D:\Program Files\Everest Poker.net
2007-06-06 18:30:17 -------- d-----w D:\Program Files\Messenger Plus! Live
2007-06-02 19:36:39 -------- d-----w D:\Program Files\Winamp
2007-06-01 20:35:37 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-05-27 10:30:27 737,280 ----a-w D:\WINDOWS\iun6002.exe
2007-05-25 10:57:45 -------- d-----w D:\Program Files\Fichiers communs\Real
2007-04-29 20:10:45 -------- d-----w D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Ahead
2007-04-29 16:57:16 -------- d-----w D:\Program Files\WinAVI Video Converter
2007-04-29 16:55:19 -------- d-----w D:\Program Files\Nero
2007-04-19 11:13:48 -------- d-----w D:\Program Files\MSXML 4.0
2007-04-18 23:13:31 71 ---h--w D:\WINDOWS\dsez5019.dat
2007-04-18 16:14:18 2,854,400 ----a-w D:\WINDOWS\system32\msi.dll
2007-04-18 15:45:55 -------- d-----w D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\ScanSoft
2007-04-18 15:36:15 -------- d-----w D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Zeon
2007-04-18 15:33:22 -------- d-----w D:\Program Files\Fichiers communs\ScanSoft Shared
2007-04-18 15:33:21 -------- d-----w D:\Program Files\ScanSoft
2007-04-18 15:33:21 -------- d-----w D:\Program Files\Fichiers communs\InstallShield
2007-04-13 08:31:12 -------- d-----w D:\Program Files\Fichiers communs\Stardock
2007-04-05 22:08:52 219,648 ----a-w D:\WINDOWS\system32\uxtheme.dll
2007-03-17 13:44:47 293,376 ----a-w D:\WINDOWS\system32\winsrv.dll
2005-07-14 19:31:20 27,648 --sha-w D:\WINDOWS\system32\AVSredirect.dll
2005-06-26 22:32:28 616,448 --sha-r D:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37:42 45,568 --sha-r D:\WINDOWS\system32\cygz.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=D:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll [2007-05-18 20:17]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Cmaudio"="cmicnfg.cpl" []
"type32"="D:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51]
"ISUSPM Startup"="D:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41]
"SSBkgdUpdate"="D:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14]
"ISUSScheduler"="D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07]
"TkBellExe"="D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-25 12:56]
"PDF4 Registry Controller"="D:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe" [2006-08-22 19:09]
"NeroFilterCheck"="D:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"Dell Photo AIO Printer 922"="D:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 09:45]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Look 'n' Stop"="D:\Program Files\Soft4Ever\looknstop\looknstop.exe" [2007-06-10 15:48]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" []
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-12 12:27:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-12 12:28:10
D:\ComboFix-quarantined-files.txt ... 2007-06-12 12:28
D:\ComboFix2.txt ... 2007-06-11 22:27
--- E O F ---
"NiCoRaZoN" - 2007-06-12 12:23:57 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-05-12 to 2007-06-12 )))))))))))))))))))))))))))))))
2007-06-11 22:19 49,152 --a------ D:\WINDOWS\nircmd.exe
2007-06-11 10:03 <REP> d-------- D:\VundoFix Backups
2007-06-10 15:52 55,316 --a------ D:\WINDOWS\system32\nbcnfadk.dll
2007-06-10 15:48 77,184 --a------ D:\WINDOWS\system32\drivers\lnsfw1.sys
2007-06-10 15:48 45,824 --a------ D:\WINDOWS\system32\drivers\lnsfw.sys
2007-06-10 15:48 36,924 --a------ D:\WINDOWS\system32\fwapi.dll
2007-06-10 15:48 <REP> d-------- D:\Program Files\Soft4Ever
2007-06-10 13:54 <REP> d-------- D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Styler
2007-06-10 13:38 <REP> d-------- D:\Program Files\UxTheme Multipatcher Fr
2007-06-10 13:19 <REP> d-------- D:\Program Files\IVCsoft
2007-06-10 13:19 <REP> d-------- D:\Program Files\BitComet
2007-06-10 13:16 <REP> d-------- D:\Program Files\CCleaner
2007-06-10 03:35 <REP> d-------- D:\Program Files\PKR
2007-06-07 15:44 4,212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2007-06-07 15:33 <REP> d-------- D:\WINDOWS\Internet Logs
2007-06-07 09:35 55,316 --a------ D:\WINDOWS\system32\cgfxhjye.dll
2007-06-06 20:30 <REP> d-------- D:\Program Files\Windows Live
2007-06-06 15:57 <REP> d-------- D:\Program Files\Fichiers communs\TI Shared
2007-06-06 15:54 <REP> d-------- D:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-04 12:20 <REP> d-------- D:\Program Files\Lavasoft
2007-06-04 12:20 <REP> d-------- D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Lavasoft
2007-06-03 09:05 <REP> d-------- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-05-31 12:16 68,888 --a------ D:\WINDOWS\system32\xinput1_3.dll
2007-05-31 12:16 62,744 --a------ D:\WINDOWS\system32\xinput1_2.dll
2007-05-31 12:16 3,426,072 --a------ D:\WINDOWS\system32\d3dx9_32.dll
2007-05-31 12:16 255,848 --a------ D:\WINDOWS\system32\xactengine2_6.dll
2007-05-31 12:16 251,672 --a------ D:\WINDOWS\system32\xactengine2_5.dll
2007-05-31 12:16 237,848 --a------ D:\WINDOWS\system32\xactengine2_4.dll
2007-05-31 12:16 236,824 --a------ D:\WINDOWS\system32\xactengine2_3.dll
2007-05-31 12:16 2,414,360 --a------ D:\WINDOWS\system32\d3dx9_31.dll
2007-05-31 12:16 15,128 --a------ D:\WINDOWS\system32\x3daudio1_1.dll
2007-05-28 21:31 2,708 --a------ D:\WINDOWS\system32\ealregsnapshot1.reg
2007-05-28 21:23 438,272 --a------ D:\WINDOWS\system32\vp6vfw.dll
2007-05-28 21:23 118,832 --a------ D:\WINDOWS\system32\SHW32.DLL
2007-05-27 15:40 <REP> d-------- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Zylom
2007-05-26 12:42 <REP> d-------- D:\Program Files\MSBuild
2007-05-26 12:32 <REP> d-------- D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help
2007-05-26 12:30 <REP> dr-h----- D:\MSOCache
2007-05-25 16:04 49,536 --a------ D:\WINDOWS\system32\drivers\tiehdusb.sys
2007-05-25 16:04 21,456 --a------ D:\WINDOWS\system32\drivers\SilvrLnk.sys
2007-05-25 15:53 9,152 --a------ D:\WINDOWS\system32\drivers\Ticalc.sys
2007-05-25 15:53 <REP> d-------- D:\Program Files\TI Education
2007-05-25 15:38 299,520 --a------ D:\WINDOWS\uninst.exe
2007-05-25 12:55 <REP> d-------- D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Real
2007-05-25 12:52 <REP> d-------- D:\Program Files\Real
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-12 09:59:29 -------- d-----w D:\Program Files\eChanblard
2007-06-11 20:26:49 -------- d-----w D:\Program Files\Kaspersky Lab
2007-06-10 18:46:03 -------- d-----w D:\Program Files\EA SPORTS
2007-06-10 18:36:32 163,644 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys
2007-06-10 16:57:48 -------- d-----w D:\Program Files\MSN Messenger
2007-06-10 12:30:27 2,560 ----a-w D:\WINDOWS\system32\BitCometRes.dll
2007-06-10 11:47:26 -------- d-----w D:\Program Files\Movie Maker
2007-06-07 14:07:10 63,614 ----a-w D:\WINDOWS\system32\perfc00C.dat
2007-06-07 14:07:10 445,016 ----a-w D:\WINDOWS\system32\perfh00C.dat
2007-06-06 21:06:52 -------- d-----w D:\Program Files\Everest Poker.net
2007-06-06 18:30:17 -------- d-----w D:\Program Files\Messenger Plus! Live
2007-06-02 19:36:39 -------- d-----w D:\Program Files\Winamp
2007-06-01 20:35:37 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-05-27 10:30:27 737,280 ----a-w D:\WINDOWS\iun6002.exe
2007-05-25 10:57:45 -------- d-----w D:\Program Files\Fichiers communs\Real
2007-04-29 20:10:45 -------- d-----w D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Ahead
2007-04-29 16:57:16 -------- d-----w D:\Program Files\WinAVI Video Converter
2007-04-29 16:55:19 -------- d-----w D:\Program Files\Nero
2007-04-19 11:13:48 -------- d-----w D:\Program Files\MSXML 4.0
2007-04-18 23:13:31 71 ---h--w D:\WINDOWS\dsez5019.dat
2007-04-18 16:14:18 2,854,400 ----a-w D:\WINDOWS\system32\msi.dll
2007-04-18 15:45:55 -------- d-----w D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\ScanSoft
2007-04-18 15:36:15 -------- d-----w D:\DOCUME~1\NICORA~1.NIC\APPLIC~1\Zeon
2007-04-18 15:33:22 -------- d-----w D:\Program Files\Fichiers communs\ScanSoft Shared
2007-04-18 15:33:21 -------- d-----w D:\Program Files\ScanSoft
2007-04-18 15:33:21 -------- d-----w D:\Program Files\Fichiers communs\InstallShield
2007-04-13 08:31:12 -------- d-----w D:\Program Files\Fichiers communs\Stardock
2007-04-05 22:08:52 219,648 ----a-w D:\WINDOWS\system32\uxtheme.dll
2007-03-17 13:44:47 293,376 ----a-w D:\WINDOWS\system32\winsrv.dll
2005-07-14 19:31:20 27,648 --sha-w D:\WINDOWS\system32\AVSredirect.dll
2005-06-26 22:32:28 616,448 --sha-r D:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37:42 45,568 --sha-r D:\WINDOWS\system32\cygz.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=D:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll [2007-05-18 20:17]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Cmaudio"="cmicnfg.cpl" []
"type32"="D:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51]
"ISUSPM Startup"="D:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41]
"SSBkgdUpdate"="D:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14]
"ISUSScheduler"="D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07]
"TkBellExe"="D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-25 12:56]
"PDF4 Registry Controller"="D:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe" [2006-08-22 19:09]
"NeroFilterCheck"="D:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"Dell Photo AIO Printer 922"="D:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 09:45]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Look 'n' Stop"="D:\Program Files\Soft4Ever\looknstop\looknstop.exe" [2007-06-10 15:48]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" []
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-12 12:27:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-12 12:28:10
D:\ComboFix-quarantined-files.txt ... 2007-06-12 12:28
D:\ComboFix2.txt ... 2007-06-11 22:27
--- E O F ---
Re,
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :
D:\WINDOWS\system32\nbcnfadk.dll
D:\WINDOWS\system32\cgfxhjye.dll
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :
D:\WINDOWS\system32\nbcnfadk.dll
D:\WINDOWS\system32\cgfxhjye.dll
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
DllUnregisterServer procedure not found in D:\WINDOWS\system32\nbcnfadk.dll
D:\WINDOWS\system32\nbcnfadk.dll NOT unregistered.
D:\WINDOWS\system32\nbcnfadk.dll moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\system32\cgfxhjye.dll
D:\WINDOWS\system32\cgfxhjye.dll NOT unregistered.
D:\WINDOWS\system32\cgfxhjye.dll moved successfully.
Created on 06/12/2007 14:51:42
D:\WINDOWS\system32\nbcnfadk.dll NOT unregistered.
D:\WINDOWS\system32\nbcnfadk.dll moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\system32\cgfxhjye.dll
D:\WINDOWS\system32\cgfxhjye.dll NOT unregistered.
D:\WINDOWS\system32\cgfxhjye.dll moved successfully.
Created on 06/12/2007 14:51:42
Logfile of HijackThis v1.99.1
Scan saved at 17:03:04, on 12/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
D:\Program Files\Soft4Ever\looknstop\looknstop.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\explorer.exe
D:\Program Files\eChanblard\emule.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\NiCoRaZoN.NICO\Bureau\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "D:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "D:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Look 'n' Stop] "D:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: E-Compagnon.lnk = D:\Program Files\ColiPoste\e-COMO\e-COMO.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://D:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AD033C-D1EF-4CD3-8111-047399C6E79C}: NameServer = 212.27.32.177,213.228.0.212
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbt_device - Dell - D:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
Scan saved at 17:03:04, on 12/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
D:\Program Files\Soft4Ever\looknstop\looknstop.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\explorer.exe
D:\Program Files\eChanblard\emule.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\NiCoRaZoN.NICO\Bureau\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "D:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "D:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Look 'n' Stop] "D:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: E-Compagnon.lnk = D:\Program Files\ColiPoste\e-COMO\e-COMO.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://D:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AD033C-D1EF-4CD3-8111-047399C6E79C}: NameServer = 212.27.32.177,213.228.0.212
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbt_device - Dell - D:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
Re,
Fais un scan en ligne Kaspersky avec Internet Explorer :
Clique sur ![]()
Clique maintenant sur J'accepte.
Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
Patiente pendant l'installation des Mises à jour.
Choisis par la suite l'analyse du Poste de travail
Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Tuto sur le scan en ligne
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
AIDE : Tuto sur le scan en ligne
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumTrojan infecte par trojanspy win32 vbstat.e
- ForumPc infecte par trojan-spy win32
- ForumInfection trojan win32 renos.jw
- ForumInfection trojan win32 zlob.jn
- ForumVirus infection win32 trojan
- ForumInfection par win32 trojan-gen vc
- ForumInfection trojan win32 renos.mq
- ForumInfection trojan dropper win32
- ForumInfection par trojan win32 reno.jm
- ForumInfection avec trojan dropper win32
- Voir plus
