|
|
|
Auteur
|
Message
|
1
|
|
|
|
Bonjour,
J'ai depuis 2 jours un pop up qui s'ouvre tres souvent sur mon ordinateur Le nom est "http://adserving.cpxinteractive.com" me vantant les merites de nimporte quel produits
J'ai essaye pour m'en debarasser :
SmitfraudFix
clean
Ccleaner
SpySweeper
HiJackThis
Avg
Blacklight
Spybot
Mais rien n'y fait, j'ai remarque que dans gestionnaire des taches j'avais trois fois IEXPLORE.EXE alors que je n'ai aucune fenetre internet explorer d'ouverte ses taches sont apparu depuis que j'ai se pop up donc je pense que cela vient de là,
Si quelqun serait m'aider je lui en serais reconnaisant
merci beaucoup
Ps:Spy Sweeper me dit de temps en temps : The spy communication shield has blocked access to :ADNS.DNS-LOOK-UP.COM
-->Message édité par Ocat le 08/10/2006 16:18:05<--
|
|
|
|
|
Bonjour,
- Télécharge HijackThis de Merijn sur ton bureau.
- Renomme le fichier HijackThis.exe en Scanner.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
- Tape Scanner.exe et Appuye sur la touche Entrée.
- Génère un rapport en suivant ces indications :
- Double-clic sur Scanner.exe
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur leBloc-Note
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Aide : N'hésite pas à consulter l'aide HijackThis -
|
|
|
|
|
Logfile of HijackThis v1.99.1
Scan saved at 16:18:58, on 08/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Ocat\Bureau\Scanner.exe
R3 - URLSearchHook: (no name) - {A991F46F-6C8C-3B7A-A0AE-121348A9309D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {B75A5078-3C0C-4C34-8B0A-A9EDCF280D92} - C:\WINDOWS\system32\ddcyy.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [HopeStopHtmPart] "C:\Documents and Settings\All Users\Application Data\platform store hope stop\WindowPure.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [mail meet] C:\DOCUME~1\Ocat\APPLIC~1\INTRAE~1\winteamkeep.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O18 - Protocol: bw+0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs:
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Voila 
|
|
|
|
|
- Télécharge Vundoxfix de Atribune - mirror si le lien ne fonctionne pas : http://www.softpedia.com/get/Antivirus/VundoFix.shtml
- Double-clique VundoFix.exe afin de le lancer.
- Clique sur le bouton Scan for Vundo.
- Lorsque le scan est complété, clique sur le bouton Remove Vundo.
- Une invite te demandera si tu veux supprimer les fichiers, clique YES
- Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
- Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
- Démarre ton PC à nouveau.
- Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
|
|
|
|
|
VundoxFix ::
VundoFix V6.2.0
Checking Java version...
Java version is 1.5.0.6
Java version is 1.5.0.7
Scan started at 15:36:23 08/10/2006
Listing files found while scanning....
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\yycdd.bak1
Beginning removal...
Attempting to delete C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\yycdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.bak1 Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.0
Checking Java version...
Java version is 1.5.0.6
Java version is 1.5.0.7
Scan started at 16:24:26 08/10/2006
Listing files found while scanning....
C:\WINDOWS\system32\ddcyy.dll
Beginning removal...
Performing Repairs to the registry.
Done!
HiJackThis ::
Logfile of HijackThis v1.99.1
Scan saved at 16:46:18, on 08/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ocat\Bureau\Scanner.exe
R3 - URLSearchHook: (no name) - {A991F46F-6C8C-3B7A-A0AE-121348A9309D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {B75A5078-3C0C-4C34-8B0A-A9EDCF280D92} - C:\WINDOWS\system32\ddcyy.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [HopeStopHtmPart] "C:\Documents and Settings\All Users\Application Data\platform store hope stop\WindowPure.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [mail meet] C:\DOCUME~1\Ocat\APPLIC~1\INTRAE~1\winteamkeep.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O18 - Protocol: bw+0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {69849A69-9730-4694-B42B-92EB07F81BD1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs:
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
|
|
|
|
|
Sur HijackThis, coche ces lignes :
O2 - BHO: (no name) - {B75A5078-3C0C-4C34-8B0A-A9EDCF280D92} - C:\WINDOWS\system32\ddcyy.dll (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs:
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll (file missing)
--> clic sur fix checked
- Télécharge DiagHelp.zip sur ton bureau
- Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller
|
|
|
|
|
Pour HiJackThis ca me dit ca 
An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: )
Error #5 - Argument ou appel de procédure incorrect
Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible
Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1
This message has been copied to your clipboard.
Click OK to continue the rest of the scan.
chercher v1.0.1 par Malekal_morte
http://www.malekal.com
C:\WINDOWS\System32\wpa.dbl -->08/10/2006 16:44:50
C:\WINDOWS\System32\CmdLineExt03.dll -->03/10/2006 02:20:44
C:\WINDOWS\System32\FNTCACHE.DAT -->09/09/2006 21:05:33
C:\WINDOWS\System32\sirenacm.dll -->29/07/2006 19:32:50
C:\WINDOWS\System32\P2P Networking v126.cpl -->19/07/2006 23:10:33
C:\WINDOWS\System32\WRLogonNtf.dll -->07/07/2006 16:53:54
C:\WINDOWS\System32\ssiefr.EXE -->07/07/2006 16:53:52
C:\WINDOWS\System32\wrlzma.dll -->07/07/2006 16:53:50
C:\WINDOWS\System32\BASSMOD.dll -->27/06/2006 03:34:06
C:\WINDOWS\System32\jupdate-1.5.0_07-b03.log -->22/06/2006 15:07:07
C:\WINDOWS\System32\chkntfs.dll -->20/06/2006 13:21:20
C:\WINDOWS\System32\rmoc3260.dll -->13/06/2006 15:51:37
C:\WINDOWS\System32\pndx5032.dll -->13/06/2006 15:51:30
C:\WINDOWS\System32\pndx5016.dll -->13/06/2006 15:51:30
C:\WINDOWS\System32\pncrt.dll -->13/06/2006 15:51:28
C:\WINDOWS\System32\jupdate-1.5.0_06-b05.log -->07/05/2006 19:17:47
C:\WINDOWS\System32\javaws.exe -->03/05/2006 02:56:58
C:\WINDOWS\System32\jpicpl32.cpl -->03/05/2006 02:56:54
C:\WINDOWS\System32\javaw.exe -->03/05/2006 01:19:40
C:\WINDOWS\System32\java.exe -->03/05/2006 01:19:30
C:\WINDOWS\System32\wpa.bak -->30/04/2006 21:20:27
C:\WINDOWS\System32\h323log.txt -->30/04/2006 21:18:03
C:\WINDOWS\System32\LoopyMusic.wav -->30/04/2006 21:03:44
C:\WINDOWS\System32\BuzzingBee.wav -->30/04/2006 21:03:44
C:\WINDOWS\System32\lhacm.acm -->30/04/2006 20:16:27
C:\WINDOWS\WindowsUpdate.log -->08/10/2006 16:50:55
C:\WINDOWS\0.log -->08/10/2006 16:45:08
C:\WINDOWS\wiadebug.log -->08/10/2006 16:45:07
C:\WINDOWS\wiaservc.log -->08/10/2006 16:45:04
C:\WINDOWS\bootstat.dat -->08/10/2006 16:44:47
C:\WINDOWS\ntbtlog.txt -->08/10/2006 15:31:45
C:\WINDOWS\setupact.log -->08/10/2006 15:27:56
C:\WINDOWS\SchedLgU.Txt -->08/10/2006 14:50:21
C:\WINDOWS\win.ini -->08/10/2006 14:33:25
C:\WINDOWS\wmsetup.log -->03/10/2006 19:09:34
C:\WINDOWS\DirectX.log -->03/10/2006 02:19:44
C:\WINDOWS\setupapi.log -->02/10/2006 03:46:21
C:\WINDOWS\NeroDigital.ini -->16/09/2006 05:46:41
C:\WINDOWS\epsswt_log.txt -->09/09/2006 21:03:35
C:\WINDOWS\EPSTPLOG.TXT -->09/09/2006 20:57:25
C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe |30/04/2006 21:29:19
C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe |08/05/2006 03:52:04
C:\WINDOWS\cadkasdeinst01f.exe |31/05/2006 17:20:20
C:\WINDOWS\mtuninst.exe |17/06/2006 00:27:16
C:\WINDOWS\libeay32.dll |08/10/2006 14:33:20
C:\WINDOWS\ssleay32.dll |08/10/2006 14:33:20
C:\WINDOWS\system32\append.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\ati2sgag.exe |30/04/2006 19:49:34
C:\WINDOWS\system32\ChCfg.exe |30/04/2006 19:36:22
C:\WINDOWS\system32\debug.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\dosx.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\dvdplay.exe |23/08/2001 19:47:34
C:\WINDOWS\system32\edlin.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\exe2bin.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\fastopen.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\mem.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\mscdexnt.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\nlsfunc.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\redir.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\setver.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\share.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\swreg.exe |17/06/2006 13:05:44
C:\WINDOWS\system32\swsc.exe |17/06/2006 13:05:44
C:\WINDOWS\system32\amstream.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\BASSMOD.dll |27/06/2006 03:14:19
C:\WINDOWS\system32\chkntfs.dll |20/06/2006 13:21:20
C:\WINDOWS\system32\CmdLineExt03.dll |13/06/2006 21:27:00
C:\WINDOWS\system32\compatUI.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\cpuinf32.dll |02/05/2006 04:11:52
C:\WINDOWS\system32\encdec.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\ff_vfw.dll |02/05/2006 04:11:53
C:\WINDOWS\system32\ieencode.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\ir32_32.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\Iyvu9_32.dll |02/05/2006 04:11:55
C:\WINDOWS\system32\msdmo.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\msencode.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\nslapi16.dll |20/12/2001 21:18:58
C:\WINDOWS\system32\paqsp.dll |23/08/2001 19:47:16
C:\WINDOWS\system32\pthreadVC.dll |02/08/2005 23:24:01
C:\WINDOWS\system32\qedwipes.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\qt-dx331.dll |02/05/2006 04:11:54
C:\WINDOWS\system32\RTLCPAPI.dll |30/04/2006 19:36:22
C:\WINDOWS\system32\sbe.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\tsd32.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\unrar.dll |02/05/2006 04:11:57
C:\WINDOWS\system32\win87em.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\wrlzma.dll |08/10/2006 14:33:21
C:\WINDOWS\system32\x264vfw.dll |02/05/2006 04:11:55
C:\WINDOWS\system32\xvidcore.dll |02/05/2006 04:11:54
C:\WINDOWS\system32\xvidvfw.dll |02/05/2006 04:11:54
C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe |30/04/2006 21:29:19
C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe |08/05/2006 03:52:04
C:\WINDOWS\cadkasdeinst01f.exe |31/05/2006 17:20:20
C:\WINDOWS\mtuninst.exe |17/06/2006 00:27:16
C:\WINDOWS\libeay32.dll |08/10/2006 14:33:20
C:\WINDOWS\ssleay32.dll |08/10/2006 14:33:20
C:\WINDOWS\system32\append.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\ChCfg.exe |30/04/2006 19:36:22
C:\WINDOWS\system32\debug.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\dosx.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\edlin.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\exe2bin.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\fastopen.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\mem.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\mscdexnt.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\nlsfunc.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\redir.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\setver.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\share.exe |05/08/2004 14:00:00
C:\WINDOWS\system32\SrchSTS.exe |17/06/2006 13:05:44
C:\WINDOWS\system32\swreg.exe |17/06/2006 13:05:44
C:\WINDOWS\system32\swsc.exe |17/06/2006 13:05:44
C:\WINDOWS\system32\amstream.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\BASSMOD.dll |27/06/2006 03:14:19
C:\WINDOWS\system32\chkntfs.dll |20/06/2006 13:21:20
C:\WINDOWS\system32\CmdLineExt03.dll |13/06/2006 21:27:00
C:\WINDOWS\system32\cpuinf32.dll |02/05/2006 04:11:52
C:\WINDOWS\system32\encdec.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\ff_vfw.dll |02/05/2006 04:11:53
C:\WINDOWS\system32\ieencode.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\ir32_32.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\Iyvu9_32.dll |02/05/2006 04:11:55
C:\WINDOWS\system32\msdmo.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\msencode.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\nslapi16.dll |20/12/2001 21:18:58
C:\WINDOWS\system32\pthreadVC.dll |02/08/2005 23:24:01
C:\WINDOWS\system32\qedwipes.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\qt-dx331.dll |02/05/2006 04:11:54
C:\WINDOWS\system32\sbe.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\tsd32.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\unrar.dll |02/05/2006 04:11:57
C:\WINDOWS\system32\win87em.dll |05/08/2004 14:00:00
C:\WINDOWS\system32\wrlzma.dll |08/10/2006 14:33:21
C:\WINDOWS\system32\x264vfw.dll |02/05/2006 04:11:55
C:\WINDOWS\system32\xvidcore.dll |02/05/2006 04:11:54
C:\WINDOWS\system32\xvidvfw.dll |02/05/2006 04:11:54
Le volume dans le lecteur C s'appelle c://
Le numéro de série du volume est 647C-9684
Répertoire de C:\WINDOWS\system32
05/08/2004 14:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 107 654 639 616 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle c://
Le numéro de série du volume est 647C-9684
Répertoire de C:\WINDOWS\Downloaded Program Files
08/10/2006 15:26 <REP> .
08/10/2006 15:26 <REP> ..
30/04/2006 19:22 65 desktop.ini
25/07/2002 17:13 24 576 dwusplay.dll
25/07/2002 17:13 196 608 dwusplay.exe
24/01/2005 12:38 1 249 erma.inf
25/07/2002 17:05 172 032 isusweb.dll
29/05/2003 15:00 160 864 messengerstatsclient.dll
06/04/2004 19:03 172 072 MessengerStatsPAClient.dll
29/05/2003 15:00 84 064 minesweeper.dll
29/05/2003 15:00 77 408 msgrchkr.dll
27/03/2006 13:00 5 019 swflash.inf
19/07/2006 23:10 88 576 WebP2PInstaller.dll
18/07/2006 14:35 151 080 ZIntro.ocx
12 fichier(s) 1 133 613 octets
Total des fichiers listés :
12 fichier(s) 1 133 613 octets
2 Rép(s) 107 654 635 520 octets libres
Recherche de rootkit (merci S!Ri !)
Liste des programmes installes
AccessDiver v4.260
Adobe After Effects 6.5
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Archiveur WinRAR
ATI - Utilitaire de désinstallation du logiciel
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
AV Music Morpher Gold
AV Voice Changer Software DIAMOND 4.0
AVG Free Edition
Azureus
Battlefield 2 édition Deluxe
BSplayer
Camfrog IE Toolbar 1.0
Camfrog Video Chat 3.71 (remove only)
CCleaner (remove only)
CDex extraction audio
Creative PC-CAM Center
Creative WebCam Monitor
Creative WebCam NX Pro Driver (1.00.06.0512)
Decal Converter
Diner Dash 2
Dofus-Arena beta 11
Dofus 1.14.1
DotaKeys 1.31.81
dtNotes 3.1 Beta 1
Earth's Special Forces
Easy PDF to Text Converter v2.0
EPSON Attach To Email
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Image Clip Palette
EPSON Logiciel imprimante
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESDX3800 Guide d'utilisation
Firebird 1.5.2.4731
FlashFXP v3
FpTest 2.0
GG E-Sports Platform
GhostMouse 2.0
GrabIt 1.5.3 Beta (build 909)
Groom Toox Chat
GunboundWC
HijackThis 1.99.1
HyperCam
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
K-Lite Codec Pack 2.71 Full
Lineage II
Logitech Desktop Messenger
Logitech SetPoint
Macromedia Flash Player 8
Macromedia Shockwave Player
Manuel d'utilisation de Creative WebCam NX Pro (Français)
Messenger Plus! Live & Sponsor
Microsoft .NET Framework 1.1
mIRC
Mozilla Firefox (1.5.0.7)
MP3 WAV Converter 3.12
MSN Webcam Recorder
Need2Find Bar
NVIDIA Drivers
Opera 9.01
P2P Networking
PDF Editeur 2
PIF DESIGNER
PokerStars
Pro Evolution Soccer 5
Pro Evolution Soccer 5
Quake 4(TM)
Quake 4(TM)
Quake 4(TM) 1.2 Patch
QuickPar 0.9
RealPlayer
Realtek AC'97 Audio
SAM3 (remove only)
Skype 2.5
Sony Vegas 5.0d
SpeechRedist
Spy Sweeper
Spybot - Search & Destroy 1.4
Steam
TeamSpeak 2 RC2
TrackMania Nations ESWC 0.1.7.5
Unreal Tournament 2004
Ventrilo Client
VideoLAN VLC media player 0.8.5-freehd
Warkeys 0.20.1.0a
WC3Banlist
WebFldrs XP
Windows Live Messenger
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
WinPcap 3.1
World of Warcraft
Liste des dossiers de C:\Program Files
Le volume dans le lecteur C s'appelle c://
Le numéro de série du volume est 647C-9684
Répertoire de C:\Program Files
08/10/2006 15:27 <REP> .
08/10/2006 15:27 <REP> ..
08/08/2006 01:58 <REP> Accessdiver
09/09/2006 05:47 <REP> Adobe
27/07/2006 03:48 <REP> American Systems
30/04/2006 19:51 <REP> ATI Technologies
08/06/2006 22:48 <REP> AV Music Morpher Gold
25/08/2006 19:59 <REP> AV Vcs 4.0 DIAMOND
30/04/2006 19:36 <REP> AvRack
30/08/2006 20:22 <REP> Azureus
06/05/2006 04:30 <REP> Camfrog
08/10/2006 14:30 <REP> CCleaner
11/05/2006 18:13 <REP> CDex_150
30/04/2006 19:20 <REP> ComPlus Applications
24/07/2006 18:13 <REP> Copie (2) de Lineage II
08/06/2006 02:08 <REP> Copie de Lineage II
30/04/2006 20:13 <REP> Creative
23/05/2006 22:03 <REP> Custom-Strike
30/05/2006 12:28 54 delir.gio
30/06/2006 15:21 <REP> directx
18/07/2006 21:05 <REP> Dofus
04/08/2006 05:39 <REP> Dofus-Arena
09/06/2006 23:39 <REP> dtNotes 3
30/06/2006 22:04 <REP> EA GAMES
29/06/2006 19:59 <REP> Easy PDF to Text Converter
09/09/2006 20:59 <REP> epson
08/10/2006 07:26 <REP> Fichiers communs
05/10/2006 01:11 <REP> Firebird
08/10/2006 05:40 <REP> FlashFXP
01/06/2006 18:51 <REP> FpTest
22/06/2006 15:10 <REP> F?nts
06/05/2006 17:51 <REP> GrabIt
04/05/2006 00:13 <REP> Gravity
17/06/2006 00:28 <REP> Grisoft
15/06/2006 21:17 <REP> HyperCam
08/07/2006 15:21 <REP> id Software
08/10/2006 14:22 <REP> Internet Explorer
08/10/2006 01:11 <REP> intra enc does
22/06/2006 15:07 <REP> Java
02/05/2006 04:11 <REP> K-Lite Codec Pack
18/09/2006 01:32 <REP> Kazaa
13/06/2006 21:19 <REP> KONAMI
19/08/2006 14:54 <REP> Lineage II
30/04/2006 21:29 <REP> Logitech
30/04/2006 19:20 <REP> Messenger
08/10/2006 01:10 <REP> Messenger Plus! Live
30/04/2006 19:23 <REP> microsoft frontpage
08/10/2006 16:47 <REP> mIRC
26/08/2006 00:01 <REP> Mirc2
30/04/2006 19:21 <REP> Movie Maker
08/10/2006 05:35 <REP> Mozilla Firefox
11/05/2006 18:30 <REP> MP3 WAV Converter
30/04/2006 19:19 <REP> MSN
30/04/2006 19:20 <REP> MSN Gaming Zone
08/10/2006 01:10 <REP> MSN Messenger
15/06/2006 21:57 <REP> MSN Webcam Recorder
12/06/2006 17:44 <REP> MyFreeTV
26/05/2006 21:20 <REP> Nero
30/04/2006 19:21 <REP> NetMeeting
24/06/2006 22:55 <REP> Ocean Technology
30/04/2006 19:20 <REP> Online Services
03/08/2006 05:47 <REP> Opera
30/04/2006 19:21 <REP> Outlook Express
30/06/2006 14:25 <REP> PDF Editeur 2
07/05/2006 14:06 <REP> QuickPar
13/06/2006 15:51 <REP> Real
30/04/2006 19:36 <REP> Realtek Sound Manager
08/10/2006 05:44 <REP> RegistrySmart
30/04/2006 19:22 <REP> Services en ligne
19/08/2006 00:42 <REP> Skype
27/07/2006 21:32 <REP> softnyx
09/09/2006 03:54 <REP> Sony
09/09/2006 03:45 <REP> Sony Setup
05/10/2006 01:11 <REP> SpacialAudio
17/06/2006 00:44 <REP> Spybot - Search & Destroy
08/10/2006 16:45 <REP> Steam
30/04/2006 20:16 <REP> Teamspeak2_RC2
18/07/2006 14:49 <REP> THQ
28/05/2006 22:40 <REP> TooX
09/08/2006 01:18 <REP> TrackMania Nations ESWC
28/08/2006 14:42 <REP> Ventrilo
02/05/2006 04:07 <REP> VideoLAN
08/10/2006 04:56 <REP> Warcraft III
07/09/2006 06:29 <REP> Warkeys
25/06/2006 20:43 <REP> WC3Banlist
08/10/2006 14:33 <REP> Webroot
04/09/2006 14:09 <REP> Webteh
15/06/2006 21:20 <REP> Windows Media Components
15/05/2006 18:32 <REP> Windows Media Player
30/04/2006 19:20 <REP> Windows NT
26/05/2006 21:04 <REP> winMd5Sum
23/06/2006 05:01 <REP> WinPcap
30/04/2006 20:16 <REP> WinRAR
24/09/2006 17:48 <REP> World of Warcraft
30/04/2006 19:23 <REP> xerox
30/06/2006 00:29 <REP> Yahoo!
04/07/2006 18:07 <REP> ?dobe
03/07/2006 17:13 <REP> ??crosoft
20/07/2006 18:13 <REP> ?ecurity
23/08/2006 21:19 <REP> ?ymbols
1 fichier(s) 54 octets
99 Rép(s) 107 654 598 656 octets libres
Le volume dans le lecteur C s'appelle c://
Le numéro de série du volume est 647C-9684
Répertoire de C:\Program Files\fichiers communs
08/10/2006 07:26 <REP> .
08/10/2006 07:26 <REP> ..
09/09/2006 05:38 <REP> Adobe
09/09/2006 05:37 <REP> Adobe Systems Shared
18/09/2006 01:30 <REP> Ahead
22/06/2006 04:18 <REP> Blizzard Entertainment
09/09/2006 21:02 <REP> InstallShield
07/05/2006 19:17 <REP> Java
30/04/2006 21:28 <REP> Logitech
21/06/2006 23:53 <REP> Microsoft Shared
30/04/2006 19:21 <REP> MSSoap
30/04/2006 20:55 <REP> ODBC
13/06/2006 15:51 <REP> Real
30/04/2006 19:21 <REP> Services
30/04/2006 20:55 <REP> SpeechEngines
30/04/2006 19:21 <REP> System
09/09/2006 05:09 <REP> Vbox
28/08/2006 14:42 <REP> Wise Installation Wizard
13/06/2006 15:51 <REP> xing shared
0 fichier(s) 0 octets
19 Rép(s) 107 654 594 560 octets libres
c:\Documents and Settings\All Users\Application Data\platform store hope stop\WindowPure.exe
c:\Documents and Settings\Ocat\TBONWnd.EXE
c:\Documents and Settings\Ocat\Application Data\intra enc does\bodygridfor.exe
c:\Documents and Settings\Ocat\Application Data\intra enc does\moofqjbj.exe
c:\Documents and Settings\Ocat\Application Data\intra enc does\OnlinePokeInfoLoud.exe
c:\Documents and Settings\Ocat\Application Data\intra enc does\winteamkeep.exe
c:\Documents and Settings\Ocat\Application Data\Microsoft\Installer\{0049F6AE-4FE2-4C43-A039-60FCE98A1986}\ARPPRODUCTICON.exe
c:\Documents and Settings\Ocat\Bureau\Scanner.exe
c:\Documents and Settings\Ocat\Bureau\VundoFix.exe
c:\Documents and Settings\Ocat\Bureau\adobe photoshop\Photoshop_CS2_F_TryOut.exe
c:\Documents and Settings\Ocat\Bureau\adobe photoshop\Photoshop_CS2_F_TryOut\instmsia.exe
c:\Documents and Settings\Ocat\Bureau\adobe photoshop\Photoshop_CS2_F_TryOut\instmsiw.exe
c:\Documents and Settings\Ocat\Bureau\adobe photoshop\Photoshop_CS2_F_TryOut\setup.exe
c:\Documents and Settings\Ocat\Bureau\afterEffect\setup.exe
c:\Documents and Settings\Ocat\Bureau\clean\pskill.exe
c:\Documents and Settings\Ocat\Bureau\diaghelp\FilesInfoCmd.exe
c:\Documents and Settings\Ocat\Bureau\diaghelp\Fport.exe
c:\Documents and Settings\Ocat\Bureau\diaghelp\grep.exe
c:\Documents and Settings\Ocat\Bureau\diaghelp\LFiles.exe
c:\Documents and Settings\Ocat\Bureau\diaghelp\LISTDLLS.exe
c:\Documents and Settings\Ocat\Bureau\diaghelp\pslist.exe
c:\Documents and Settings\Ocat\Bureau\diaghelp\streams.exe
c:\Documents and Settings\Ocat\Bureau\diaghelp\swreg.exe
c:\Documents and Settings\Ocat\Bureau\dossier cs\birth_video\codec-wmv9.exe
c:\Documents and Settings\Ocat\Bureau\dossier cs\goodgame_eswc_2005(us)\goodgame ESWC 2005.exe
c:\Documents and Settings\Ocat\Bureau\dossier cs\goodgame_eswc_2005(us)\src\XFIRE.exe
c:\Documents and Settings\Ocat\Bureau\fake voice\keygen.exe
c:\Documents and Settings\Ocat\Bureau\fake voice\AV Voice Changer Software Diamond v4.0.51\updatefull.exe
c:\Documents and Settings\Ocat\Bureau\fake voice\AV Voice Changer Software Diamond v4.0.51\vcs_diamond.exe
c:\Documents and Settings\Ocat\Bureau\others\Copie de steaminstall_cs.exe
c:\Documents and Settings\Ocat\Bureau\others\CS 1.6 original skins & English sounds.exe
c:\Documents and Settings\Ocat\Bureau\others\Gunbound_GIS_WC_518.exe
c:\Documents and Settings\Ocat\Bureau\others\MsgPlusLive-401.exe
c:\Documents and Settings\Ocat\Bureau\others\Revolution-Script 4.2 - CS1.6.exe
c:\Documents and Settings\Ocat\Bureau\others\trackmania_nations_eswc_jeu_complet_anglais_18669.exe
c:\Documents and Settings\Ocat\Bureau\others\w3hph.exe
c:\Documents and Settings\Ocat\Bureau\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\Ocat\Bureau\SmitfraudFix\Process.exe
c:\Documents and Settings\Ocat\Bureau\SmitfraudFix\Reboot.exe
c:\Documents and Settings\Ocat\Bureau\SmitfraudFix\restart.exe
c:\Documents and Settings\Ocat\Bureau\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\Ocat\Bureau\SmitfraudFix\swreg.exe
c:\Documents and Settings\Ocat\Bureau\SmitfraudFix\swsc.exe
c:\Documents and Settings\Ocat\Bureau\virtual dumb\auxsetup.exe
c:\Documents and Settings\Ocat\Bureau\virtual dumb\vdub.exe
c:\Documents and Settings\Ocat\Bureau\virtual dumb\VirtualDub.exe
c:\Documents and Settings\Ocat\Local Settings\Temp\ins1.tmp\LDMClient.exe
c:\Documents and Settings\Ocat\Local Settings\Temp\ins2.tmp\LDMClient.exe
c:\Documents and Settings\Ocat\Local Settings\Temp\NeroDemo9936\SetupX.exe
c:\Documents and Settings\Ocat\Local Settings\Temp\NeroDemo9936\Redist\50comupd.exe
c:\Documents and Settings\Ocat\Local Settings\Temp\NeroDemo9936\Redist\instmsia.exe
c:\Documents and Settings\Ocat\Local Settings\Temp\NeroDemo9936\Redist\ShFolder.Exe
c:\Documents and Settings\Ocat\Local Settings\Temp\NeroDemo9936\Redist\instmsiw\msiexec.exe
c:\Documents and Settings\Ocat\Local Settings\Temp\NeroDemo9936\Redist\instmsiw\msiinst.exe
c:\Documents and Settings\Ocat\Local Settings\Temp\NeroDemo9936\Setup\NeroDelTmp.exe
c:\Documents and Settings\Ocat\Local Settings\Temp\NeroDemo9936\Setup\UninstallNero.exe
c:\Documents and Settings\Ocat\Local Settings\Temp\sam\firebird\firebird-setup.exe
c:\Documents and Settings\Ocat\Local Settings\Temp\sam\sam\sam3.exe
c:\Documents and Settings\Ocat\Local Settings\Temp\{865ADCA8-CA75-4DE4-A0E8-B008549CB481}\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\dxsetup.exe
c:\Documents and Settings\Ocat\Local Settings\Temporary Internet Files\Content.IE5\0DYRGHMR\Install_Messenger[1].exe
c:\Documents and Settings\Ocat\Local Settings\Temporary Internet Files\Content.IE5\CTMRC12J\PokerStarsInstall[1].exe
c:\Documents and Settings\Ocat\Local Settings\Temporary Internet Files\Content.IE5\WXUJS1AZ\ConvertShots[1].exe
c:\Documents and Settings\Ocat\Local Settings\Temporary Internet Files\Content.IE5\WXUJS1AZ\ErrorSafeScannerInstall_fr[1].exe
c:\Documents and Settings\Ocat\Mes documents\6-4_encoder_31959.exe
c:\Documents and Settings\Ocat\Mes documents\6-4_xp-2k_dd_ccc_wdm_enu_31959.exe
c:\Documents and Settings\Ocat\Mes documents\avg71free_394a752.exe
c:\Documents and Settings\Ocat\Mes documents\cdex_151.exe
c:\Documents and Settings\Ocat\Mes documents\cfc.exe
c:\Documents and Settings\Ocat\Mes documents\ChotSteam.exe
c:\Documents and Settings\Ocat\Mes documents\DecalConverterSetup.exe
c:\Documents and Settings\Ocat\Mes documents\dotnetfx.exe
c:\Documents and Settings\Ocat\Mes documents\dtnotes31b1.exe
c:\Documents and Settings\Ocat\Mes documents\FirefoxGoogleToolbarSetup.exe
c:\Documents and Settings\Ocat\Mes documents\FlashFXP_32_Setup.exe
c:\Documents and Settings\Ocat\Mes documents\Fptest-Setup-2.0.exe
c:\Documents and Settings\Ocat\Mes documents\gcinstall.exe
c:\Documents and Settings\Ocat\Mes documents\GrabIt153b.exe
c:\Documents and Settings\Ocat\Mes documents\GrabIt160b.exe
c:\Documents and Settings\Ocat\Mes documents\HC1Setup.exe
c:\Documents and Settings\Ocat\Mes documents\install_flash_player (1).exe
c:\Documents and Settings\Ocat\Mes documents\install_flash_player.exe
c:\Documents and Settings\Ocat\Mes documents\Install-winMd5Sum.exe
c:\Documents and Settings\Ocat\Mes documents\klcodec271f.exe
c:\Documents and Settings\Ocat\Mes documents\mirc617.exe
c:\Documents and Settings\Ocat\Mes documents\mp3wavconverter.exe
c:\Documents and Settings\Ocat\Mes documents\MyFreeTV_2.21.installer.exe
c:\Documents and Settings\Ocat\Mes documents\Nero-7.2.0.3b_fra_no_yt.exe
c:\Documents and Settings\Ocat\Mes documents\Opera 9 Eng Setup.exe
c:\Documents and Settings\Ocat\Mes documents\pdfediteur!.exe
c:\Documents and Settings\Ocat\Mes documents\QuickPar-0.9.1.0-FRA.exe
c:\Documents and Settings\Ocat\Mes documents\RealPlayer10-5GOLD_fr.exe
c:\Documents and Settings\Ocat\Mes documents\spybotsd14.exe
c:\Documents and Settings\Ocat\Mes documents\vcsdemo.exe
c:\Documents and Settings\Ocat\Mes documents\vlc-0.8.4a-win32.exe
c:\Documents and Settings\Ocat\Mes documents\vlc-0.8.5-freehd-win32.exe
c:\Documents and Settings\Ocat\Mes documents\wrar351fr.exe
c:\Documents and Settings\Ocat\Mes documents\zjc.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\Ocat\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\Ocat\Application Data\Mozilla\Firefox\Profiles\96rahr56.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\Ocat\Application Data\Mozilla\Firefox\Profiles\96rahr56.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
|
|
|
|
|
Télécharge ce fichier - combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, Il va te poser une question, réponds yes (touche y) puis attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Copie/colle un nouveau rapport HijackThis avec.
|
|
|
|
|
ComboFix
Ocat - 06-10-08 17:38:49,32 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Ocat\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\chkntfs.dll
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\Ocat\Application Data\APPATC~1
C:\QooBox\Purity\Documents and Settings\Ocat\Application Data\ECURIT~1
C:\QooBox\Purity\Documents and Settings\Ocat\Application Data\RACLE~1
C:\QooBox\Purity\Documents and Settings\Ocat\Application Data\SMANTE~1
C:\QooBox\Purity\Documents and Settings\Ocat\Application Data\RACLE~1\RACLE~1
C:\QooBox\Purity\Documents and Settings\Ocat\Mes documents\CROSOF~1
C:\QooBox\Purity\Documents and Settings\Ocat\Mes documents\CROSOF~1.NET
C:\QooBox\Purity\Documents and Settings\Ocat\Mes documents\DOBE~2
C:\QooBox\Purity\Documents and Settings\Ocat\Mes documents\FNTS~1
C:\QooBox\Purity\Documents and Settings\Ocat\Mes documents\ICROSO~1.NET
C:\QooBox\Purity\Documents and Settings\Ocat\Mes documents\MCROSO~1
C:\QooBox\Purity\Documents and Settings\Ocat\Mes documents\PPATCH~1
C:\QooBox\Purity\Documents and Settings\Ocat\Mes documents\SSEMBL~1
C:\QooBox\Purity\Documents and Settings\Ocat\Mes documents\WNSXS~1
C:\QooBox\Purity\Program Files\CROSOF~1
C:\QooBox\Purity\Program Files\ECURIT~1
C:\QooBox\Purity\Program Files\FNTS~1
C:\QooBox\Purity\Program Files\YMBOLS~1
C:\QooBox\Purity\WINDOWS\ECURIT~1
C:\QooBox\Purity\WINDOWS\MBOLS~1
C:\QooBox\Purity\WINDOWS\SSTEM~1
C:\QooBox\Purity\WINDOWS\YMANTE~1
C:\QooBox\Purity\WINDOWS\YSTEM3~1
C:\QooBox\Purity\WINDOWS\system32\CURITY~1
C:\QooBox\Purity\WINDOWS\system32\DOBE~1
C:\QooBox\Purity\WINDOWS\system32\MCROSO~1.NET
C:\QooBox\Purity\WINDOWS\system32\PPATCH~1
C:\QooBox\Purity\WINDOWS\system32\SSTEM3~1
C:\QooBox\Purity\WINDOWS\system32\STEM32~1
C:\QooBox\Purity\WINDOWS\system32\YMBOLS~1
C:\QooBox\Purity\WINDOWS\system32\YSTEM~1
((((((((((((((((((((((((((((((( Files Created from 2006-09-08 to 2006-10-08 ))))))))))))))))))))))))))))))))))
2006-10-08 14:33 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2006-10-08 14:33 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-10-08 14:33 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS041A.sys
2006-10-08 14:33 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2006-10-05 01:11 356,437 --a------ C:\WINDOWS\system32\GDS32.DLL
2006-09-09 20:58 79,679 --a------ C:\WINDOWS\system32\E_FLMACE.DLL
2006-09-09 20:58 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2006-09-09 20:58 64,000 --a------ C:\WINDOWS\system32\E_FBCBACE.DLL
2006-09-09 20:58 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2006-09-09 20:58 479,232 --a------ C:\WINDOWS\system32\PICSDK.dll
2006-09-09 20:58 34,304 --a------ C:\WINDOWS\system32\E_FBCHACE.DLL
2006-09-09 20:58 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2006-09-09 20:57 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-09-09 20:57 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-09-09 20:57 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-09-09 20:56 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2006-09-09 20:56 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2006-09-09 20:56 22,016 --a------ C:\WINDOWS\system32\esccmd.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-08 17:09 -------- d-------- C:\Program Files\mIRC
2006-10-08 16:45 -------- d-------- C:\Program Files\Steam
2006-10-08 16:45 -------- d-------- C:\Documents and Settings\Ocat\Application Data\Skype
2006-10-08 14:33 -------- d-------- C:\Program Files\Webroot
2006-10-08 14:33 -------- d-------- C:\Documents and Settings\Ocat\Application Data\Webroot
2006-10-08 14:30 -------- d-------- C:\Program Files\CCleaner
2006-10-08 14:22 -------- d-------- C:\Program Files\Internet Explorer
2006-10-08 07:26 -------- d-------- C:\Program Files\Fichiers communs
2006-10-08 05:44 -------- d-------- C:\Program Files\RegistrySmart
2006-10-08 05:40 -------- d-------- C:\Program Files\FlashFXP
2006-10-08 05:35 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-08 04:56 -------- d-------- C:\Program Files\Warcraft III
2006-10-08 01:11 -------- d-------- C:\Program Files\intra enc does
2006-10-08 01:11 -------- d-------- C:\Documents and Settings\Ocat\Application Data\intra enc does
2006-10-08 01:10 -------- d-------- C:\Program Files\MSN Messenger
2006-10-08 01:10 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-10-05 01:11 -------- d-------- C:\Program Files\SpacialAudio
2006-10-05 01:11 -------- d-------- C:\Program Files\Firebird
2006-10-03 02:20 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-09-28 18:23 -------- d-------- C:\Documents and Settings\Ocat\Application Data\Ventrilo
2006-09-28 14:06 -------- d-------- C:\Documents and Settings\Ocat\Application Data\teamspeak2
2006-09-27 09:26 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-24 17:48 -------- d-------- C:\Program Files\World of Warcraft
2006-09-18 01:33 -------- d-------- C:\Documents and Settings\Ocat\Application Data\Adobe
2006-09-18 01:32 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-18 01:32 -------- d-------- C:\Program Files\Kazaa
2006-09-18 01:30 -------- d-------- C:\Program Files\Fichiers communs\Ahead
2006-09-09 21:02 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-09-09 20:59 -------- d-------- C:\Program Files\epson
2006-09-09 05:47 -------- d-------- C:\Program Files\Adobe
2006-09-09 05:38 -------- d-------- C:\Program Files\Fichiers communs\Adobe
2006-09-09 05:37 -------- d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2006-09-09 05:09 -------- d-------- C:\Program Files\Fichiers communs\Vbox
2006-09-09 03:54 -------- d-------- C:\Program Files\Sony
2006-09-09 03:54 -------- d-------- C:\Documents and Settings\Ocat\Application Data\Sony
2006-09-09 03:54 -------- d-------- C:\Documents and Settings\Ocat\Application Data\Publish Providers
2006-09-09 03:54 -------- d-------- C:\Documents and Settings\Ocat\Application Data\NetMedia Providers
2006-09-09 03:45 -------- d-------- C:\Program Files\Sony Setup
2006-09-08 05:11 -------- d-------- C:\Documents and Settings\Ocat\Application Data\Camfrog
2006-09-07 06:29 -------- d-------- C:\Program Files\Warkeys
2006-09-04 22:13 -------- d-------- C:\Documents and Settings\Ocat\Application Data\BSplayer
2006-09-04 14:09 -------- d-------- C:\Program Files\Webteh
2006-09-04 14:04 -------- d-------- C:\Documents and Settings\Ocat\Application Data\Azureus
2006-08-30 20:22 -------- d-------- C:\Program Files\Azureus
2006-08-28 14:42 -------- d-------- C:\Program Files\Ventrilo
2006-08-28 14:42 -------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2006-08-26 00:01 -------- d-------- C:\Program Files\Mirc2
2006-08-25 19:59 -------- d-------- C:\Program Files\AV Vcs 4.0 DIAMOND
2006-08-23 19:53 -------- d-------- C:\Documents and Settings\Ocat\Application Data\çasks
2006-08-19 14:54 -------- d-------- C:\Program Files\Lineage II
2006-08-19 00:42 -------- d-------- C:\Program Files\Skype
2006-08-16 09:26 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-16 01:25 -------- d-------- C:\Documents and Settings\Ocat\Application Data\Creative
2006-08-09 01:18 -------- d-------- C:\Program Files\TrackMania Nations ESWC
2006-08-08 01:58 -------- d-------- C:\Program Files\Accessdiver
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
"mail meet"="C:\\DOCUME~1\\Ocat\\APPLIC~1\\INTRAE~1\\winteamkeep.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"EPSON Stylus DX3800 Series"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE\" /P26 \"EPSON Stylus DX3800 Series\" /O6 \"USB001\" /M \"Stylus DX3800\""
"HopeStopHtmPart"="\"C:\\Documents and Settings\\All Users\\Application Data\\platform store hope stop\\WindowPure.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Logitech SetPoint.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech SetPoint.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\SetPoint\\SetPoint.exe "
"item"="Logitech SetPoint"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Ocat^Menu Démarrer^Programmes^Démarrage^Groom Agent.lnk]
"path"="C:\\Documents and Settings\\Ocat\\Menu Démarrer\\Programmes\\Démarrage\\Groom Agent.lnk"
"backup"="C:\\WINDOWS\\pss\\Groom Agent.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\TooX\\Groom\\GROOMA~1.EXE "
"item"="Groom Agent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogitechDesktopMessenger"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\8C4854488FD7C868.job
Completion time: 08/10/2006 17:52:47.03
ComboFix.txt
hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 17:58:31, on 08/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Ocat\Bureau\Scanner.exe
R3 - URLSearchHook: (no name) - {A991F46F-6C8C-3B7A-A0AE-121348A9309D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.e | | |
