Pubs et awtqrqq & awvvw.dll [Résolu] - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
 

Ajouter une réponse



Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : Pubs et awtqrqq & awvvw.dll [Résolu]
 
loys@IDN
Profil : IDNaute
Plus d'informations
n°262183
01-12-2007 à 15:57:42

Bonjour à tous. Cela fait un bon moment que mon ordinateur est, je pense, infecté.
J'explique mon probleme:
En naviguant sur internet avec mozilla firefox, j'ai beaucoup de pop up qui s'ouvrent pour m'afficher des pubs (immobilier, la redoute, centre de sécurité windows ... ect ).
Aussi, mon antivirus (Nod32) me prévient souvent de deux infections, mais il n'arrive jamais à les supprimer :

Code :
  1. c:\windows\system32\awtqrqq.dll - probablement une variante de  Win32/Genetik  cheval de Troie
  2. c:\windows\system32\awvvw.dll - Win32/Adware.Virtumonde application


J'ai aussi remarqué que le mode sans échec de mon PC ne fonctionne plus; apres avoir ouvert ma session, il affiche le bureau quelques secondes, les icones et la bare des taches disparaissent, il ne reste que l'écran noir avec écrit " Mode sans échec" dans chaque coin.

J'espere que vous pourrez m'aider.
Merci d'avance pour votre aide :).


Message édité par loys@IDN le 06-12-2007 Ã  20:39:42
Liens sponsorisés


Inscrivez-vous ou connectez-vous pour masquer ceci.

XmichouX
Profil : Helper
Plus d'informations
n°262197
01-12-2007 à 16:57:04

Salut,

Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce tuto.


---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité/Prévention
loys@IDN
Profil : IDNaute
Plus d'informations
n°262260
01-12-2007 à 18:53:08

Salut, merci beaucoup pour ton aide :)

Voila mon rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:26, on 01/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ESET\nod32kui.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_ [...] TbId=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_ [...] TbId=66006
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: NOD32 Control Center.lnk = C:\Program Files\ESET\nod32kui.exe
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: NOD32 Control Center.lnk = C:\Program Files\ESET\nod32kui.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Loïc\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawfl [...] awflow.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O22 - SharedTaskScheduler: z - {9794859F-875B-40F3-842F-3DBEE5680101} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\psevwdff.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

--
End of file - 9396 bytes

XmichouX
Profil : Helper
Plus d'informations
n°262274
01-12-2007 à 20:00:44

Re,

Infection Vundo :

Fais ces manips dans l’ordre :

1/ Télécharge VundoFix.exe :

Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok

Poste le rapport qui se trouve dans C:\vundofix.txt

2/ Télécharge Combofix (par sUBs) sur ton Bureau. (Tuto)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt

3/ Poste un nouveau rapport HiJackThis (en ayant renommé HiJackthis.exe en scanner.exe)


---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité/Prévention
loys@IDN
Profil : IDNaute
Plus d'informations
n°262363
02-12-2007 à 00:44:28

Re,
Voici les trois rapports que tu m'as demandé :

Rapport VundoFix:

Code :
  1. Checking Java version...
  3. Java version is 1.5.0.6
  5. Scan started at 19:34:31 13/03/2007
  7. Listing files found while scanning....
  9. No infected files were found.
  12. Beginning removal...
  14. VundoFix V6.1.4
  16. Checking Java version...
  18. Java version is 1.5.0.6
  20. Scan started at 19:51:30 13/03/2007
  22. Listing files found while scanning....
  24. No infected files were found.
  27. Beginning removal...
  29. VundoFix V6.3.16
  31. Checking Java version...
  33. Java version is 1.5.0.6
  34. Old versions of java are exploitable and should be removed.
  36. Scan started at 16:56:05 14/03/2007
  38. Listing files found while scanning....
  41. VundoFix V6.3.16
  43. Checking Java version...
  45. Java version is 1.5.0.6
  46. Old versions of java are exploitable and should be removed.
  48. Scan started at 21:03:41 14/03/2007
  50. Listing files found while scanning....
  52. C:\WINDOWS\system32\efcdbbc.dll
  53. C:\WINDOWS\system32\efhkj.bak1
  54. C:\WINDOWS\system32\efhkj.bak2
  55. C:\WINDOWS\system32\efhkj.ini
  56. C:\WINDOWS\system32\efhkj.ini2
  57. C:\WINDOWS\system32\efhkj.tmp
  58. C:\WINDOWS\system32\jkhfe.dll
  59. C:\WINDOWS\system32\pmnmjhe.dll
  60. C:\WINDOWS\system32\rqrollk.dll
  61. C:\WINDOWS\system32\rqromnn.dll
  62. C:\WINDOWS\system32\ssqomlk.dll
  63. C:\WINDOWS\system32\wvurroo.dll
  65. Beginning removal...
  67. Attempting to delete C:\WINDOWS\system32\efcdbbc.dll
  68. C:\WINDOWS\system32\efcdbbc.dll Has been deleted!
  70. Attempting to delete C:\WINDOWS\system32\efhkj.bak1
  71. C:\WINDOWS\system32\efhkj.bak1 Has been deleted!
  73. Attempting to delete C:\WINDOWS\system32\efhkj.bak2
  74. C:\WINDOWS\system32\efhkj.bak2 Has been deleted!
  76. Attempting to delete C:\WINDOWS\system32\efhkj.ini
  77. C:\WINDOWS\system32\efhkj.ini Has been deleted!
  79. Attempting to delete C:\WINDOWS\system32\efhkj.ini2
  80. C:\WINDOWS\system32\efhkj.ini2 Has been deleted!
  82. Attempting to delete C:\WINDOWS\system32\efhkj.tmp
  83. C:\WINDOWS\system32\efhkj.tmp Has been deleted!
  85. Attempting to delete C:\WINDOWS\system32\jkhfe.dll
  86. C:\WINDOWS\system32\jkhfe.dll Has been deleted!
  88. Attempting to delete C:\WINDOWS\system32\pmnmjhe.dll
  89. C:\WINDOWS\system32\pmnmjhe.dll Has been deleted!
  91. Attempting to delete C:\WINDOWS\system32\rqrollk.dll
  92. C:\WINDOWS\system32\rqrollk.dll Has been deleted!
  94. Attempting to delete C:\WINDOWS\system32\rqromnn.dll
  95. C:\WINDOWS\system32\rqromnn.dll Has been deleted!
  97. Attempting to delete C:\WINDOWS\system32\ssqomlk.dll
  98. C:\WINDOWS\system32\ssqomlk.dll Has been deleted!
  100. Attempting to delete C:\WINDOWS\system32\wvurroo.dll
  101. C:\WINDOWS\system32\wvurroo.dll Could not be deleted.
  103. Performing Repairs to the registry.
  104. Done!
  106. Beginning removal...
  108. Attempting to delete C:\WINDOWS\system32\wvurroo.dll
  109. C:\WINDOWS\system32\wvurroo.dll Has been deleted!
  111. Performing Repairs to the registry.
  112. Done!
  114. VundoFix V6.6.2
  116. Checking Java version...
  118. Java version is 1.5.0.6
  119. Old versions of java are exploitable and should be removed.
  121. Java version is 1.5.0.11
  123. Scan started at 00:12:18 02/12/2007
  125. Listing files found while scanning....
  127. C:\WINDOWS\system32\awtqrqq.dll
  128. C:\windows\system32\awvtq.dll
  129. C:\WINDOWS\system32\awvvw.dll
  130. C:\windows\system32\cbxxyyx.dll
  131. C:\windows\system32\ddcya.dll
  132. C:\windows\system32\ddcyx.dll
  133. C:\windows\system32\dfdjhxjf.dll
  134. C:\WINDOWS\system32\dgybneee.dll
  135. C:\windows\system32\efrxlvnj.exe
  136. C:\windows\system32\jkkji.dll
  137. C:\windows\system32\kjkmp.bak1
  138. C:\windows\system32\kjkmp.bak2
  139. C:\windows\system32\kjkmp.ini
  140. C:\WINDOWS\system32\lmllm.bak1
  141. C:\WINDOWS\system32\lmllm.bak2
  142. C:\WINDOWS\system32\lmllm.ini
  143. C:\WINDOWS\system32\lmllm.ini2
  144. C:\WINDOWS\system32\lmllm.tmp
  145. C:\windows\system32\mljgg.dll
  146. C:\WINDOWS\system32\mllml.dll
  147. C:\WINDOWS\system32\ogqtwyjq.dll
  148. C:\windows\system32\pfgqumod.exe
  149. C:\windows\system32\pmkjk.dll
  150. C:\windows\system32\qvttdjpp.dll
  151. C:\windows\system32\vtsqq.dll
  152. C:\windows\system32\vtstu.dll
  153. C:\WINDOWS\system32\wvvwa.bak1
  154. C:\windows\system32\wvvwa.bak2
  155. C:\WINDOWS\system32\wvvwa.ini
  156. C:\WINDOWS\system32\wvvwa.ini2
  157. C:\WINDOWS\system32\wvvwa.tmp
  158. C:\WINDOWS\system32\ysetuvon.dll
  160. Beginning removal...
  162. Attempting to delete C:\WINDOWS\system32\awtqrqq.dll
  163. C:\WINDOWS\system32\awtqrqq.dll Could not be deleted.
  165. Attempting to delete C:\windows\system32\awvtq.dll
  166. C:\windows\system32\awvtq.dll Has been deleted!
  168. Attempting to delete C:\WINDOWS\system32\awvvw.dll
  169. C:\WINDOWS\system32\awvvw.dll Has been deleted!
  171. Attempting to delete C:\windows\system32\cbxxyyx.dll
  172. C:\windows\system32\cbxxyyx.dll Has been deleted!
  174. Attempting to delete C:\windows\system32\ddcya.dll
  175. C:\windows\system32\ddcya.dll Has been deleted!
  177. Attempting to delete C:\windows\system32\ddcyx.dll
  178. C:\windows\system32\ddcyx.dll Has been deleted!
  180. Attempting to delete C:\windows\system32\dfdjhxjf.dll
  181. C:\windows\system32\dfdjhxjf.dll Has been deleted!
  183. Attempting to delete C:\windows\system32\efrxlvnj.exe
  184. C:\windows\system32\efrxlvnj.exe Has been deleted!
  186. Attempting to delete C:\windows\system32\jkkji.dll
  187. C:\windows\system32\jkkji.dll Has been deleted!
  189. Attempting to delete C:\windows\system32\kjkmp.bak1
  190. C:\windows\system32\kjkmp.bak1 Has been deleted!
  192. Attempting to delete C:\windows\system32\kjkmp.bak2
  193. C:\windows\system32\kjkmp.bak2 Has been deleted!
  195. Attempting to delete C:\windows\system32\kjkmp.ini
  196. C:\windows\system32\kjkmp.ini Has been deleted!
  198. Attempting to delete C:\WINDOWS\system32\lmllm.bak1
  199. C:\WINDOWS\system32\lmllm.bak1 Has been deleted!
  201. Attempting to delete C:\WINDOWS\system32\lmllm.bak2
  202. C:\WINDOWS\system32\lmllm.bak2 Has been deleted!
  204. Attempting to delete C:\WINDOWS\system32\lmllm.ini
  205. C:\WINDOWS\system32\lmllm.ini Has been deleted!
  207. Attempting to delete C:\WINDOWS\system32\lmllm.ini2
  208. C:\WINDOWS\system32\lmllm.ini2 Has been deleted!
  210. Attempting to delete C:\WINDOWS\system32\lmllm.tmp
  211. C:\WINDOWS\system32\lmllm.tmp Has been deleted!
  213. Attempting to delete C:\windows\system32\mljgg.dll
  214. C:\windows\system32\mljgg.dll Has been deleted!
  216. Attempting to delete C:\windows\system32\pfgqumod.exe
  217. C:\windows\system32\pfgqumod.exe Has been deleted!
  219. Attempting to delete C:\windows\system32\pmkjk.dll
  220. C:\windows\system32\pmkjk.dll Has been deleted!
  222. Attempting to delete C:\windows\system32\qvttdjpp.dll
  223. C:\windows\system32\qvttdjpp.dll Has been deleted!
  225. Attempting to delete C:\windows\system32\vtsqq.dll
  226. C:\windows\system32\vtsqq.dll Has been deleted!
  228. Attempting to delete C:\windows\system32\vtstu.dll
  229. C:\windows\system32\vtstu.dll Has been deleted!
  231. Attempting to delete C:\WINDOWS\system32\wvvwa.bak1
  232. C:\WINDOWS\system32\wvvwa.bak1 Has been deleted!
  234. Attempting to delete C:\windows\system32\wvvwa.bak2
  235. C:\windows\system32\wvvwa.bak2 Has been deleted!
  237. Attempting to delete C:\WINDOWS\system32\wvvwa.ini
  238. C:\WINDOWS\system32\wvvwa.ini Has been deleted!
  240. Attempting to delete C:\WINDOWS\system32\wvvwa.ini2
  241. C:\WINDOWS\system32\wvvwa.ini2 Has been deleted!
  243. Attempting to delete C:\WINDOWS\system32\wvvwa.tmp
  244. C:\WINDOWS\system32\wvvwa.tmp Has been deleted!
  246. Performing Repairs to the registry.
  247. Done!
  249. Beginning removal...
  251. Attempting to delete C:\WINDOWS\system32\awtqrqq.dll
  252. C:\WINDOWS\system32\awtqrqq.dll Has been deleted!
  254. Performing Repairs to the registry.
  255. Done!



Rapport Combofix:

Code :
  1. ComboFix 07-12-02.4 - Loïc 2007-12-02  0:29:28.1 - NTFSx86
  2. Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.328 [GMT 1:00]
  3. Running from: C:\Documents and Settings\Loïc\Bureau\ComboFix.exe
  4. * Created a new restore point
  5. .
  7. ((((((((((((((((((((((((((((((((((((  Autres suppressions  ))))))))))))))))))))))))))))))))))))))))))))))))
  8. .
  10. C:\Documents and Settings\Eric & Valérie\Application Data\macromedia\Flash Player\#SharedObjects\AQ62P34R\www.broadcaster.com
  11. C:\Documents and Settings\Eric & Valérie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
  12. C:\Documents and Settings\Eric & Valérie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
  13. C:\WINDOWS\system32\nvs2.inf
  14. c:\WINDOWS\system32\rfxxlimbn.dat
  15. c:\windows\system32\rfxxlimbn.exe
  16. c:\WINDOWS\system32\rfxxlimbn_nav.dat
  17. C:\WINDOWS\system32\rfxxlimbn_navps.dat
  18. C:\WINDOWS\system32\unsvchosts.exe
  19. C:\WINDOWS\system32\unsvchosts.lzma
  21. .
  22. (((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
  24. .
  25. -------\LEGACY_DOMAINSERVICE
  26. -------\DomainService
  27. -------\NPF
  30. (((((((((((((((((((((((((((((  Fichiers cr‚‚s 2007-11-01 to 2007-12-01  ))))))))))))))))))))))))))))))))))))
  31. .
  33. 2007-12-01 18:50 . 2007-12-01 18:50    <REP>    d--------    C:\Program Files\Trend Micro
  34. 2007-11-28 15:42 . 2007-11-28 15:59    <REP>    d--------    C:\Program Files\The All-Seeing Eye
  35. 2007-11-27 18:45 . 2007-11-27 18:46    <REP>    d--------    C:\Program Files\Windows Live
  36. 2007-11-25 14:49 . 2007-11-25 14:49    <REP>    d--------    C:\Program Files\Microsoft CAPICOM 2.1.0.2
  37. 2007-11-25 06:52 . 2007-07-30 19:19    271,224    --a------    C:\WINDOWS\system32\mucltui.dll
  38. 2007-11-25 06:52 . 2007-07-30 19:19    207,736    --a------    C:\WINDOWS\system32\muweb.dll
  39. 2007-11-25 06:52 . 2007-07-30 19:18    30,072    --a------    C:\WINDOWS\system32\mucltui.dll.mui
  40. 2007-11-24 20:26 . 2007-11-24 20:29    <REP>    d--hsc---    C:\Program Files\Fichiers communs\WindowsLiveInstaller
  41. 2007-11-24 20:26 . 2007-11-27 19:02    <REP>    d--------    C:\Documents and Settings\All Users\Application Data\WLInstaller
  42. 2007-11-22 08:24 . 2007-11-22 08:24    <REP>    d--------    C:\Documents and Settings\All Users\Application Data\nView_Profiles
  43. 2007-11-20 00:09 . 2007-11-20 00:09    <REP>    d--------    C:\Program Files\mnProjects
  44. 2007-11-18 16:52 . 2007-11-28 14:44    107,832    --a------    C:\WINDOWS\system32\PnkBstrB.exe
  45. 2007-11-18 16:52 . 2007-11-18 16:52    66,872    --a------    C:\WINDOWS\system32\PnkBstrA.exe
  46. 2007-11-18 16:52 . 2007-11-28 14:44    22,328    --a------    C:\WINDOWS\system32\drivers\PnkBstrK.sys
  47. 2007-11-18 16:00 . 2007-11-25 08:52    <REP>    d--------    C:\Program Files\Wolfenstein - Enemy Territory
  48. 2007-11-17 11:35 . 2007-11-18 18:41    <REP>    d--------    C:\Program Files\NCSoft
  49. 2007-11-17 11:35 . 2007-03-12 16:42    3,495,784    --a------    C:\WINDOWS\system32\d3dx9_33.dll
  50. 2007-11-14 07:08 . 2007-11-14 07:08    118    --a------    C:\WINDOWS\system32\MRT.INI
  51. 2007-11-10 21:05 . 2007-11-21 15:06    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
  52. 2007-11-10 21:05 . 2007-11-10 21:05    1,409    --a------    C:\WINDOWS\QTFont.for
  53. 2007-11-05 18:09 . 2007-11-05 18:45    <REP>    d--------    C:\Program Files\Perfect World
  54. 2007-11-05 18:07 . 2007-11-05 17:38    258,352    --a------    C:\WINDOWS\system32\unicows.dll
  55. 2007-11-01 15:21 . 2007-09-28 17:07    129,784    ---------    C:\WINDOWS\system32\pxafs.dll
  56. 2007-11-01 15:21 . 2007-09-28 17:07    9,464    ---------    C:\WINDOWS\system32\drivers\cdralw2k.sys
  57. 2007-11-01 15:21 . 2007-09-28 17:07    9,336    ---------    C:\WINDOWS\system32\drivers\cdr4_xp.sys
  58. 2007-11-01 09:33 . 2007-11-19 08:20    <REP>    d--------    C:\Program Files\Crawler
  59. 2007-11-01 09:33 . 2007-11-18 18:44    <REP>    d--------    C:\Program Files\Beneton Movie GIF
  61. .
  62. ((((((((((((((((((((((((((((((((((  Compte-rendu de Find3M  ))))))))))))))))))))))))))))))))))))))))))))))))
  63. .
  64. 2007-12-01 21:31    ---------    d-----w    C:\Program Files\eMule
  65. 2007-11-24 18:39    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Google Updater
  66. 2007-11-18 17:44    ---------    d-----w    C:\Program Files\vanBasco's Karaoke Player
  67. 2007-11-18 17:44    ---------    d-----w    C:\Program Files\TrackMania Nations ESWC
  68. 2007-11-18 17:44    ---------    d-----w    C:\Program Files\StuffPlug3
  69. 2007-11-18 17:44    ---------    d-----w    C:\Program Files\LimeWire
  70. 2007-11-18 17:44    ---------    d-----w    C:\Program Files\Heroes Ragnarok
  71. 2007-11-18 17:44    ---------    d-----w    C:\Program Files\FrenchOtto
  72. 2007-11-18 17:44    ---------    d-----w    C:\Program Files\FaxTools
  73. 2007-11-18 17:44    ---------    d-----w    C:\Program Files\DivX
  74. 2007-11-18 17:41    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
  75. 2007-11-18 17:39    ---------    d-----w    C:\Program Files\Jasc Software Inc
  76. 2007-10-23 10:29    ---------    d-----w    C:\Program Files\Net Pro Anti-Popup
  77. 2007-10-22 17:10    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)
  78. 2007-10-22 17:08    ---------    d-----w    C:\Program Files\Microsoft
  79. 2007-10-21 15:20    ---------    d-----w    C:\Program Files\Red Kawa
  80. 2006-12-09 22:54    251    ----a-w    C:\Program Files\wt3d.ini
  81. 2007-07-26 08:13    6,486    --sh--w    C:\WINDOWS\system32\bbeeg.bak1
  82. 2007-04-29 11:49    538,529    --sh--w    C:\WINDOWS\system32\egjlm.bak1
  83. 2007-07-12 06:38    505,697    --sh--w    C:\WINDOWS\system32\egjlm.bak2
  84. 2007-07-18 17:14    557,212    --sh--w    C:\WINDOWS\system32\egjlm.ini2
  85. 2007-07-19 08:06    6,545    --sh--w    C:\WINDOWS\system32\fgjlm.bak1
  86. 2007-07-25 14:32    6,526    --sh--w    C:\WINDOWS\system32\fgjlm.bak2
  87. 2007-07-27 09:45    6,655    --sh--w    C:\WINDOWS\system32\fgjlm.ini2
  88. 2007-07-31 08:36    6,486    --sh--w    C:\WINDOWS\system32\fhhkj.bak1
  89. 2007-07-14 17:30    6,362    --sh--w    C:\WINDOWS\system32\gjkkj.bak1
  90. 2007-07-19 13:32    6,362    --sh--w    C:\WINDOWS\system32\gjllm.bak1
  91. 2007-07-12 17:45    6,362    --sh--w    C:\WINDOWS\system32\hjjlm.bak1
  92. 2007-07-20 11:14    6,362    --sh--w    C:\WINDOWS\system32\hjkmp.bak1
  93. 2007-07-20 05:56    6,362    --sh--w    C:\WINDOWS\system32\ijllm.bak1
  94. 2007-07-13 16:02    6,362    --sh--w    C:\WINDOWS\system32\ilnmp.bak1
  95. 2007-07-15 17:38    6,710    --sh--w    C:\WINDOWS\system32\ilnmp.bak2
  96. 2007-07-11 07:48    6,497    --sh--w    C:\WINDOWS\system32\jjllm.bak1
  97. 2007-07-13 09:59    6,402    --sh--w    C:\WINDOWS\system32\jjllm.bak2
  98. 2007-07-30 17:16    6,486    --sh--w    C:\WINDOWS\system32\kjkkj.bak1
  99. 2007-07-13 11:53    6,362    --sh--w    C:\WINDOWS\system32\klkkj.bak1
  100. 2007-07-25 18:35    6,526    --sh--w    C:\WINDOWS\system32\mpqss.bak1
  101. 2007-07-12 18:19    6,482    --sh--w    C:\WINDOWS\system32\nqtss.bak1
  102. 2007-07-30 18:49    6,486    --sh--w    C:\WINDOWS\system32\orutv.bak1
  103. 2007-07-13 08:52    6,362    --sh--w    C:\WINDOWS\system32\pqtss.bak1
  104. 2007-07-16 07:46    6,362    --sh--w    C:\WINDOWS\system32\rqtss.bak1
  105. 2007-07-17 22:08    6,362    --sh--w    C:\WINDOWS\system32\rtutv.bak1
  106. 2007-07-20 08:06    6,362    --sh--w    C:\WINDOWS\system32\srqss.bak1
  107. 2007-07-10 10:30    6,547    --sh--w    C:\WINDOWS\system32\ststv.bak1
  108. 2007-07-31 08:25    6,486    --sh--w    C:\WINDOWS\system32\uttss.bak1
  109. 2007-07-18 07:50    6,568    --sh--w    C:\WINDOWS\system32\wybeg.bak1
  110. 2007-07-23 20:48    6,486    --sh--w    C:\WINDOWS\system32\wybeg.bak2
  111. 2007-07-18 20:58    6,406    --sh--w    C:\WINDOWS\system32\wycdd.bak1
  112. 2007-07-22 08:59    6,526    --sh--w    C:\WINDOWS\system32\wycdd.bak2
  113. 2007-07-28 11:15    6,486    --sh--w    C:\WINDOWS\system32\yccdd.bak1
  114. 2007-07-26 20:50    6,486    --sh--w    C:\WINDOWS\system32\yybeg.bak1
  115. .
  117. (((((((((((((((((((((((((((((((((  Point de chargement Reg  )))))))))))))))))))))))))))))))))))))))))))))))))
  118. .
  119. .
  120. *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
  122. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BE01085-B26D-4F83-8B23-E269C00895F4}]
  123.             C:\WINDOWS\system32\uayeaflv.dll
  125. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11C3004B-1C61-4A14-B43D-870FA5DE49E3}]
  126.             C:\WINDOWS\system32\mllml.dll
  128. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B637DAB-09C1-4509-9C41-B7DEFE0EF726}]
  129.             C:\WINDOWS\system32\wvurroo.dll
  131. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9794859F-875B-40F3-842F-3DBEE5680101}]
  133. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99EB758D-F83E-411B-B831-B1BE84EF9ECF}]
  134.             C:\WINDOWS\system32\mllml.dll
  136. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2DAA879-74EB-43A9-8867-033A6DBA2367}]
  137.             C:\WINDOWS\system32\uayeaflv.dll
  139. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DFE8772C-312C-49EC-9A7B-A9E4BB789A6F}]
  140.             C:\WINDOWS\system32\awvvw.dll
  142. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E108FE29-5684-44FB-896A-443374608B8B}]
  143.             C:\WINDOWS\system32\awvvw.dll
  145. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBB99DBB-9896-4EB0-BC56-844412E8B29d}]
  146.             C:\WINDOWS\system32\uayeaflv.dll
  148. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  149. "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-06 15:03]
  150. "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00]
  151. "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 08:27]
  153. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  154. "NvCplDaemon"="RUNDLL32.exe" [2004-08-10 21:00 C:\WINDOWS\system32\rundll32.exe]
  155. "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-12-05 20:46]
  156. "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
  157. "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57]
  158. "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" []
  160. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  161. "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 21:00]
  163. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  164. "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
  165. "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
  167. [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
  168. "{8B637DAB-09C1-4509-9C41-B7DEFE0EF726}"= C:\WINDOWS\system32\wvurroo.dll [ ]
  170. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccy]
  171. C:\WINDOWS\system32\ddccy.dll
  173. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyw]
  174. C:\WINDOWS\system32\ddcyw.dll
  176. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyw]
  177. C:\WINDOWS\system32\gebyw.dll
  179. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyy]
  180. C:\WINDOWS\system32\gebyy.dll
  182. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geebb]
  183. C:\WINDOWS\system32\geebb.dll
  185. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhf]
  186. C:\WINDOWS\system32\jkhhf.dll
  188. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjg]
  189. C:\WINDOWS\system32\jkkjg.dll
  191. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjk]
  192. C:\WINDOWS\system32\jkkjk.dll
  194. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklk]
  195. C:\WINDOWS\system32\jkklk.dll
  197. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljge]
  198. C:\WINDOWS\system32\mljge.dll
  200. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgf]
  201. C:\WINDOWS\system32\mljgf.dll
  203. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjh]
  204. C:\WINDOWS\system32\mljjh.dll
  206. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljg]
  207. C:\WINDOWS\system32\mlljg.dll
  209. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllji]
  210. C:\WINDOWS\system32\mllji.dll
  212. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljj]
  213. C:\WINDOWS\system32\mlljj.dll
  215. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllml]
  216. C:\WINDOWS\system32\mllml.dll
  218. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhh]
  219. C:\WINDOWS\system32\pmkhh.dll
  221. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkjh]
  222. C:\WINDOWS\system32\pmkjh.dll
  224. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnli]
  225. C:\WINDOWS\system32\pmnli.dll
  227. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpm]
  228. C:\WINDOWS\system32\ssqpm.dll
  230. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrs]
  231. C:\WINDOWS\system32\ssqrs.dll
  233. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqn]
  234. C:\WINDOWS\system32\sstqn.dll
  236. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqp]
  237. C:\WINDOWS\system32\sstqp.dll
  239. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqr]
  240. C:\WINDOWS\system32\sstqr.dll
  242. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttu]
  243. C:\WINDOWS\system32\ssttu.dll
  245. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsts]
  246. C:\WINDOWS\system32\vtsts.dll
  248. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturo]
  249. C:\WINDOWS\system32\vturo.dll
  251. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutr]
  252. C:\WINDOWS\system32\vtutr.dll
  254. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzbd32]
  255. winzbd32.dll
  257. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j4241531]
  258.             rundll32 C:\WINDOWS\system32\j4241531.dll sook
  260. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
  261.             RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  263. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
  264.             rundll32.exe C:\WINDOWS\system32\vlobmjpy.dll,realset
  266. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  267. "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  268. "GPLv3"=rundll32.exe "C:\WINDOWS\system32\xocfstys.dll",realset
  269. "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
  270. "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
  272. R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys
  273. S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys
  274. S3 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
  275. S3 psdfilter;psdfilter;\??\C:\WINDOWS\system32\Drivers\psdfilter.sys
  276. S3 psdvdisk;psdvdisk;\??\C:\WINDOWS\system32\Drivers\psdvdisk.sys
  277. S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys
  278. S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
  280. .
  281. Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
  282. "2007-11-07 09:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
  283. - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
  284. .
  285. **************************************************************************
  287. catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  288. Rootkit scan 2007-12-02 00:34:34
  289. Windows 5.1.2600 Service Pack 2 NTFS
  291. scanning hidden processes ...
  293. scanning hidden autostart entries ...
  295. scanning hidden files ...
  297. scan completed successfully
  298. hidden files: 0
  300. **************************************************************************
  301. .
  302. Completion time: 2007-12-02  0:35:02 - machine was rebooted
  303. .
  304.     --- E O F ---



Rapport HijackThis:

Code :
  1. Logfile of Trend Micro HijackThis v2.0.2
  2. Scan saved at 00:38:03, on 02/12/2007
  3. Platform: Windows XP SP2 (WinNT 5.01.2600)
  4. MSIE: Internet Explorer v7.00 (7.00.6000.16544)
  5. Boot mode: Normal
  7. Running processes:
  8. C:\WINDOWS\System32\smss.exe
  9. C:\WINDOWS\system32\winlogon.exe
  10. C:\WINDOWS\system32\services.exe
  11. C:\WINDOWS\system32\lsass.exe
  12. C:\WINDOWS\system32\svchost.exe
  13. C:\WINDOWS\System32\svchost.exe
  14. C:\WINDOWS\system32\LEXBCES.EXE
  15. C:\WINDOWS\system32\spoolsv.exe
  16. C:\WINDOWS\system32\LEXPPS.EXE
  17. C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  18. C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
  19. C:\WINDOWS\eHome\ehRecvr.exe
  20. C:\WINDOWS\eHome\ehSched.exe
  21. c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
  22. C:\Program Files\Eset\nod32krn.exe
  23. C:\WINDOWS\system32\nvsvc32.exe
  24. C:\Program Files\Kerio\Personal Firewall\persfw.exe
  25. C:\WINDOWS\system32\PnkBstrA.exe
  26. C:\WINDOWS\system32\svchost.exe
  27. C:\WINDOWS\system32\dllhost.exe
  28. C:\WINDOWS\Explorer.EXE
  29. C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
  30. C:\Program Files\QuickTime\qttask.exe
  31. C:\WINDOWS\system32\ctfmon.exe
  32. C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
  33. C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
  34. C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
  35. C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  36. C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
  37. C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
  38. C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
  39. C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  40. C:\Program Files\ESET\nod32kui.exe
  41. C:\WINDOWS\System32\svchost.exe
  42. C:\WINDOWS\system32\wuauclt.exe
  43. C:\Program Files\Mozilla Firefox\firefox.exe
  44. C:\Program Files\Trend Micro\HijackThis\scanner.exe
  46. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
  47. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  48. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
  49. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006
  50. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66006
  51. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  52. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  53. R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
  54. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
  55. R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  56. O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  57. O2 - BHO: (no name) - {0BE01085-B26D-4F83-8B23-E269C00895F4} - C:\WINDOWS\system32\uayeaflv.dll (file missing)
  58. O2 - BHO: (no name) - {11C3004B-1C61-4A14-B43D-870FA5DE49E3} - C:\WINDOWS\system32\mllml.dll (file missing)
  59. O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
  60. O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
  61. O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
  62. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  63. O2 - BHO: (no name) - {8B637DAB-09C1-4509-9C41-B7DEFE0EF726} - C:\WINDOWS\system32\wvurroo.dll (file missing)
  64. O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  65. O2 - BHO: (no name) - {9794859F-875B-40F3-842F-3DBEE5680101} - (no file)
  66. O2 - BHO: (no name) - {99EB758D-F83E-411B-B831-B1BE84EF9ECF} - C:\WINDOWS\system32\mllml.dll (file missing)
  67. O2 - BHO: (no name) - {B2DAA879-74EB-43A9-8867-033A6DBA2367} - C:\WINDOWS\system32\uayeaflv.dll (file missing)
  68. O2 - BHO: (no name) - {DFE8772C-312C-49EC-9A7B-A9E4BB789A6F} - C:\WINDOWS\system32\awvvw.dll (file missing)
  69. O2 - BHO: (no name) - {E108FE29-5684-44FB-896A-443374608B8B} - C:\WINDOWS\system32\awvvw.dll (file missing)
  70. O2 - BHO: (no name) - {EBB99DBB-9896-4EB0-BC56-844412E8B29d} - C:\WINDOWS\system32\uayeaflv.dll (file missing)
  71. O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  72. O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
  73. O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  74. O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
  75. O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
  76. O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
  77. O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  78. O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
  79. O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
  80. O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
  81. O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  82. O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  83. O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
  84. O4 - Startup: NOD32 Control Center.lnk = C:\Program Files\ESET\nod32kui.exe
  85. O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
  86. O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  87. O4 - Global Startup: BlueSoleil.lnk = ?
  88. O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
  89. O4 - Global Startup: Microsoft Office.lnk.disabled
  90. O4 - Global Startup: NOD32 Control Center.lnk = C:\Program Files\ESET\nod32kui.exe
  91. O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
  92. O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
  93. O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
  94. O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
  95. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
  96. O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
  97. O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Loïc\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
  98. O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  99. O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  100. O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  101. O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  102. O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
  103. O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
  104. O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
  105. O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
  106. O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  107. O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  108. O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  109. O20 - Winlogon Notify: ddccy - C:\WINDOWS\system32\ddccy.dll (file missing)
  110. O20 - Winlogon Notify: ddcyw - C:\WINDOWS\system32\ddcyw.dll (file missing)
  111. O20 - Winlogon Notify: gebyw - C:\WINDOWS\system32\gebyw.dll (file missing)
  112. O20 - Winlogon Notify: gebyy - C:\WINDOWS\system32\gebyy.dll (file missing)
  113. O20 - Winlogon Notify: geebb - C:\WINDOWS\system32\geebb.dll (file missing)
  114. O20 - Winlogon Notify: jkhhf - C:\WINDOWS\system32\jkhhf.dll (file missing)
  115. O20 - Winlogon Notify: jkkjg - C:\WINDOWS\system32\jkkjg.dll (file missing)
  116. O20 - Winlogon Notify: jkkjk - C:\WINDOWS\system32\jkkjk.dll (file missing)
  117. O20 - Winlogon Notify: jkklk - C:\WINDOWS\system32\jkklk.dll (file missing)
  118. O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll (file missing)
  119. O20 - Winlogon Notify: mljgf - C:\WINDOWS\system32\mljgf.dll (file missing)
  120. O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll (file missing)
  121. O20 - Winlogon Notify: mlljg - C:\WINDOWS\system32\mlljg.dll (file missing)
  122. O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll (file missing)
  123. O20 - Winlogon Notify: mlljj - C:\WINDOWS\system32\mlljj.dll (file missing)
  124. O20 - Winlogon Notify: mllml - C:\WINDOWS\system32\mllml.dll (file missing)
  125. O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll (file missing)
  126. O20 - Winlogon Notify: pmkjh - C:\WINDOWS\system32\pmkjh.dll (file missing)
  127. O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll (file missing)
  128. O20 - Winlogon Notify: ssqpm - C:\WINDOWS\system32\ssqpm.dll (file missing)
  129. O20 - Winlogon Notify: ssqrs - C:\WINDOWS\system32\ssqrs.dll (file missing)
  130. O20 - Winlogon Notify: sstqn -