Accès au Site
 FAQFAQ   RechercherCharte   RechercherRechercher   MembresMembres   UtilisateursUtilisateurs   S'enregistrerS'enregistrer   ProfilProfil   Vérifier ses messages privésVérifier ses messages privés   ConnexionConnexion
 
Virus BDS/Agent.YZB [Résolu]
Aller à la page 1, 2, 3  Suivante
 
Répondre au sujet Le site -> Assiste PC Index du Forum -> Désinfection des virus & analyses de logs HijackThisCréer un flux RSS 2.0
Auteur Message
actus
Habitué
Habitué


Inscrit le: 04 Jan 2008
Message(s): 55
MessagePosté le: 04 Jan 2008 14:12    Sujet du message: Virus BDS/Agent.YZB [Résolu] Répondre en citant
Bonjour et bonne année!

Pour moi, elle commence plutôt mal avec un virus coriace que je 'narrive aps à éliminer malgré mes diverses tentatives depuis 2j. J'ai AntiVir PE et Sygate comme protection et mon PC fonctionne sous XP.

AntiVir a semble-t-il éliminé avec succès TR.Dldr.tibs.TN7 et TR.Rootkit.Gen mais n'arrive aps à se débarrasser de BDS/Agent.YZB (bien qu'au dernier scan qui s'est terminé il y a 1 mn il apparaisse en quarantaine). Outre que mon PC est d'une lenteur remarquable, j'ai toujours au moins 2 fois le même message d'alerte d'AntiVir:

C:\WINDOWS\system32\sol718.txt

qui revient toujours quand je le supprime manuellement.

Par ailleurs il ne m'était plus possible d'accéder à "windows task manager" en faisant CTRL+ALT+DEL (je suis administrateur de mon PC mais l'accès m'était dénié par l'administrateur); ce problème semble résolu depuis tôt ce matin après avoir suivi le processus indiqué sur le forum. Cependant, le problème indiqué ci-dessus demeure.

voici les logs:

AntiVir
AntiVir PersonalEdition Classic
Report file date: 03 January 2008  21:13

Scanning for 999037 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         Pascal Morin
Computer name:    PC-D8300

Version information:
BUILD.DAT    : 270           15603 Bytes   9/19/2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes   9/10/2007 15:45:12
AVSCAN.DLL   : 7.0.6.0       49192 Bytes   9/10/2007 15:45:12
LUKE.DLL     : 7.0.5.3      147496 Bytes   9/10/2007 15:45:13
LUKERES.DLL  : 7.0.6.1       10280 Bytes   9/10/2007 15:45:13
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes   7/18/2007 15:41:40
ANTIVIR1.VDF : 7.0.1.95    3367424 Bytes  12/14/2007 06:56:36
ANTIVIR2.VDF : 7.0.1.170    311296 Bytes  12/28/2007 07:47:27
ANTIVIR3.VDF : 7.0.1.186     71168 Bytes    1/2/2008 20:48:05
AVEWIN32.DLL : 7.6.0.46    3084800 Bytes  12/20/2007 06:56:56
AVWINLL.DLL  : 1.0.0.7       14376 Bytes   4/22/2007 05:18:52
AVPREF.DLL   : 7.0.2.2       25640 Bytes   9/10/2007 15:45:12
AVREP.DLL    : 7.0.0.1      155688 Bytes   4/22/2007 05:18:53
AVPACK32.DLL : 7.6.0.2      360488 Bytes  12/20/2007 06:56:56
AVREG.DLL    : 7.0.1.6       30760 Bytes   9/10/2007 15:45:12
AVARKT.DLL   : 1.0.0.20     278568 Bytes   9/10/2007 15:45:11
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes   9/10/2007 15:45:11
NETNT.DLL    : 7.0.0.0        7720 Bytes   4/22/2007 05:18:53
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes   9/10/2007 15:45:07
RCTEXT.DLL   : 7.0.62.0      86056 Bytes   9/10/2007 15:45:07
SQLITE3.DLL  : 3.3.17.1     339968 Bytes   9/10/2007 15:45:13

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 03 January 2008  21:13

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
10 processes with 10 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
      [NOTE]      No virus was found!
Master boot sector HD1
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0015
Master boot sector HD2
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0015
Master boot sector HD3
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0015
Master boot sector HD4
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0015

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!
Boot sector 'D:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '47' files ).


Starting the file scan:

Begin scan in 'C:\' <Boot>
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\WINDOWS\system32\sol718.txt
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.YZB Backdoor server programs
      [INFO]      The file was moved to '47e9585e.qua'!
Begin scan in 'D:\' <Data>


End of the scan: 04 January 2008  00:14
Used time:  3:01:58 min

The scan has been done completely.

  12919 Scanning directories
 620059 Files were scanned
      1 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 620058 Files not concerned
   3015 Archives were scanned
      1 Warnings
     25 Notes


SmirtfraudFix 1

SmitFraudFix v2.274

Scan done at 14:05:21.50, 03/01/2008
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\derc32xz.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kitco\Kcast\Kcast.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Pascal Morin


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Pascal Morin\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PASCAL~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\sol718.txt"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5AABD963-74D5-4FFE-94D6-CD8FE87D02E8}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C8C37557-D11A-4DFF-8639-DC264C5CD392}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5AABD963-74D5-4FFE-94D6-CD8FE87D02E8}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C8C37557-D11A-4DFF-8639-DC264C5CD392}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5AABD963-74D5-4FFE-94D6-CD8FE87D02E8}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C8C37557-D11A-4DFF-8639-DC264C5CD392}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


SmirtfraudFix 2

SmitFraudFix v2.274

Scan done at  0:28:29.45, 04/01/2008
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost



»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5AABD963-74D5-4FFE-94D6-CD8FE87D02E8}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C8C37557-D11A-4DFF-8639-DC264C5CD392}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5AABD963-74D5-4FFE-94D6-CD8FE87D02E8}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C8C37557-D11A-4DFF-8639-DC264C5CD392}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5AABD963-74D5-4FFE-94D6-CD8FE87D02E8}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C8C37557-D11A-4DFF-8639-DC264C5CD392}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Hijack
Logfile of HijackThis v1.99.1
Scan saved at 02:48:35, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\derc32xz.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kitco\Kcast\Kcast.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgets.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgets.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgets.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AntiVir PersonalEdition Classic\update.exe
C:\HijackThis.exe
C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp\ae9176\setup.exe
C:\HijackThis.exe
C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp\ae10652\setup.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - d:\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: ADVFN Toolbar - {6CE062EA-B8FB-47C0-BCD7-1470A1063D7E} - C:\PROGRA~1\ADVFNT~1\tbu46\advfn.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\\USB 2.0 Card Reader Driver v2.2\FlashIcon.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [frun] C:\WINDOWS\derc32xz.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KITCO] C:\Program Files\Kitco\Kcast\Kcast
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Pascal Morin\Application Data\Mozilla\Firefox\Profiles\6jh3qy59.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Pascal Morin\Application Data\Mozilla\Firefox\Profiles/6jh3qy59.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgets.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://d:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://d:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://d:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - d:\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://ca.moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162983257093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170807373890
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sol718.txt
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe


Merci de votre aide car je en sais pas comment des néophytes comme nous ferions sans des forums comme celui-ci.

Actus
Revenir en haut de page
Voir le profil de l'utilisateur Envoyer un message privé Envoyer un e-mail
APC
Invité
MessagePosté le: 04 Jan 2008 15:04    Sujet du message: Répondre en citant
Bonjour & bienvenue,

  • Télécharge combofix.exe, de sUBs, sur ton Bureau,

      Exclamation Désactive ton antivirus et toutes tes autres protections pour que l'outil puisse s'exécuter normalement.

    • Double clique combofix.exe,
    • Tape sur la touche 1 (Yes) pour démarrer le scan,
    • Lorsque le scan sera complété, un rapport apparaîtra. poste le contenu de ce rapport dans ta prochaine réponse.


    NB : Le rapport se trouve également là : C:\Combofix.txt.

  • Renomme HijackThis.exe en actus.exe

  • Poste un nouveau log HijackThis renommé, avec le rapport de Combofix


Et bonne année à toi aussi,
Bye
Revenir en haut de page
actus
Habitué
Habitué


Inscrit le: 04 Jan 2008
Message(s): 55
MessagePosté le: 04 Jan 2008 19:37    Sujet du message: Répondre en citant
J'ai fait une petite erreur de manip, mais bon, j'ai recommencé le processus et voici le résultat:

Combofix

ComboFix 08-01-04.1 - Pascal Morin 2008-01-04 18:22:39.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1515 [GMT 1:00]
Running from: C:\Documents and Settings\Pascal Morin\Desktop\ComboFix(2).exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\Downloaded Program Files\Temp
C:\WINDOWS\OPTIONS\CABS\_desktop.ini
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DRIVER
-------\Driver




(((((((((((((((((((((((((   Files Created from 2007-12-04 to 2008-01-04  )))))))))))))))))))))))))))))))
.

2008-01-04 17:28 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\NirCmd.exe
2008-01-04 12:33 . 2008-01-04 12:33   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-04 02:41 . 2008-01-04 18:12   <DIR>   d--------   C:\Hijackthis
2008-01-04 02:24 . 2008-01-04 02:23   505,382   --a------   C:\HijackThis.exe
2008-01-03 14:05 . 2008-01-04 00:30   3,882   --a------   C:\WINDOWS\system32\tmp.reg
2008-01-03 14:04 . 2008-01-04 00:49   <DIR>   d--------   C:\SmitfraudFix
2008-01-03 14:00 . 2008-01-03 14:00   1,129,580   --a------   C:\SmitfraudFix.exe
2008-01-03 13:46 . 2008-01-03 13:46   <DIR>   d--------   C:\Program Files\CCleaner
2007-12-28 00:44 . 2006-11-12 11:39   483,328   --a------   C:\WINDOWS\system32\actskn45.ocx
2007-12-17 09:07 . 2007-12-17 09:07   70,656   --a------   C:\Documents and Settings\Pascal Morin\kolenkor.dll
2007-12-12 08:04 . 2007-12-12 08:04   287,232   --a------   C:\Documents and Settings\Pascal Morin\libcurl.dll
2007-12-11 10:48 . 2007-12-11 10:48   <DIR>   d--------   C:\Program Files\Sygate
2007-12-11 10:48 . 2004-10-15 18:32   83,096   --a------   C:\WINDOWS\system32\SSSensor.dll
2007-12-11 10:48 . 2004-10-15 18:17   60,496   --a------   C:\WINDOWS\system32\drivers\Teefer.sys
2007-12-11 10:48 . 2004-10-15 18:18   21,075   --a------   C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-12-11 10:48 . 2004-10-15 18:32   14,568   --a------   C:\WINDOWS\system32\drivers\wg6n.sys
2007-12-11 10:48 . 2004-10-15 18:32   14,568   --a------   C:\WINDOWS\system32\drivers\wg5n.sys
2007-12-11 10:48 . 2004-10-15 18:32   14,568   --a------   C:\WINDOWS\system32\drivers\wg4n.sys
2007-12-11 10:48 . 2004-10-15 18:32   14,568   --a------   C:\WINDOWS\system32\drivers\wg3n.sys
2007-12-10 08:01 . 2007-12-10 08:01   59,392   --a------   C:\WINDOWS\derc32xz.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 17:14   ---------   d-----w   C:\Documents and Settings\Pascal Morin\Application Data\Skype
2008-01-04 17:01   ---------   d-----w   C:\Program Files\Plaxo
2008-01-04 00:05   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-03 12:05   ---------   d-----w   C:\Program Files\Mozilla Thunderbird
2008-01-03 09:49   ---------   d-----w   C:\Documents and Settings\Pascal Morin\Application Data\OrgPlus5
2008-01-01 22:25   ---------   d-----w   C:\Documents and Settings\Pascal Morin\Application Data\Move Networks
2007-12-17 20:16   ---------   d-----w   C:\Program Files\GeoGebra
2007-12-12 11:19   ---------   d-----w   C:\Documents and Settings\Pascal Morin\Application Data\OpenOffice.org2
2007-11-24 19:19   ---------   d-----w   C:\Program Files\OGSConverter
2007-11-12 14:44   ---------   d-----w   C:\Documents and Settings\Pascal Morin\Application Data\ATI
2007-11-12 14:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\ATI
2007-11-12 14:42   ---------   d-----w   C:\Program Files\ATI Technologies
2007-11-12 14:41   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-11-12 14:01   ---------   d-----w   C:\Program Files\Realtek
2007-11-12 14:00   315,392   ----a-w   C:\WINDOWS\HideWin.exe
2007-11-12 14:00   ---------   d-----w   C:\Documents and Settings\Pascal Morin\Application Data\InstallShield
2007-11-12 13:59   15,600   ----a-w   C:\WINDOWS\gdrv.sys
2007-11-12 12:49   ---------   d-----w   C:\Program Files\Messenger Plus! Live
2007-10-29 16:12   103,736   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2006-11-26 20:33   495,616   ----a-w   C:\Program Files\whosin.mdb
2006-11-26 20:32   23   ----a-w   C:\Program Files\whosin.ini
2006-09-26 19:18   2,625,265   ----a-w   C:\Program Files\openofficeorg4.cab
2006-09-26 19:17   56,053,978   ----a-w   C:\Program Files\openofficeorg3.cab
2006-09-26 19:11   17,831,342   ----a-w   C:\Program Files\openofficeorg1.cab
2006-09-26 19:11   15,305,884   ----a-w   C:\Program Files\openofficeorg2.cab
2006-09-26 19:09   5,289,984   ----a-w   C:\Program Files\openofficeorg20.msi
2006-09-26 19:09   217   ----a-w   C:\Program Files\setup.ini
2006-09-01 18:05   299,008   ----a-w   C:\Program Files\setup.exe
2006-05-23 08:34   41   ----a-w   C:\Program Files\sample-import-file.csv
2006-03-03 11:04   266,714   ----a-w   C:\Program Files\setuplog.txt
2004-08-04 17:56   151,552   ----a-w   C:\Program Files\scrrun.dll
2004-03-08 23:00   260,880   ----a-w   C:\Program Files\msflxgrd.ocx
2004-03-08 23:00   152,848   ----a-w   C:\Program Files\comdlg32.ocx
2004-03-08 23:00   132,880   ----a-w   C:\Program Files\msinet.ocx
2002-03-11 08:06   1,822,520   ----a-w   C:\Program Files\instmsiw.exe
2002-03-11 07:45   1,708,856   ----a-w   C:\Program Files\instmsia.exe
2001-08-23 23:00   557,128   ----a-w   C:\Program Files\DAO360.DLL
1999-03-25 23:00   101,888   ----a-w   C:\Program Files\vb6stkit.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{6CE062EA-B8FB-47C0-BCD7-1470A1063D7E}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_CLASSES_ROOT\clsid\{6ce062ea-b8fb-47c0-bcd7-1470a1063d7e}]
[HKEY_CLASSES_ROOT\XBTB01793.XBTB01793.1]
[HKEY_CLASSES_ROOT\TypeLib\{A67AEBCA-11FC-49df-85BA-4E8CE0BFD67A}]
[HKEY_CLASSES_ROOT\XBTB01793.XBTB01793]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6CE062EA-B8FB-47C0-BCD7-1470A1063D7E}"= C:\PROGRA~1\ADVFNT~1\tbu46\advfn.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{6ce062ea-b8fb-47c0-bcd7-1470a1063d7e}]
[HKEY_CLASSES_ROOT\XBTB01793.XBTB01793.1]
[HKEY_CLASSES_ROOT\TypeLib\{A67AEBCA-11FC-49df-85BA-4E8CE0BFD67A}]
[HKEY_CLASSES_ROOT\XBTB01793.XBTB01793]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-03-23 14:34 1630303]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 13:00 15360]
"KITCO"="C:\Program Files\Kitco\Kcast\Kcast" [ ]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 21:49 4662776]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe" [2007-12-11 17:21 227914]
"ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"="C:\Documents and Settings\Pascal Morin\Application Data\Mozilla\Firefox\Profiles\6jh3qy59.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"FlashIcon"="C:\Program Files\\USB 2.0 Card Reader Driver v2.2\FlashIcon.EXE" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-11 21:10 344064]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-06-04 18:57 188416]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-10 16:41 249896]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-15 01:58 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-15 19:39 155648]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-07-22 01:10 577602]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-09 08:50 28672]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 01:36 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 00:18 57344]
"Adobe Reader Speed Launcher"="D:\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-02-06 13:08 1953792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"frun"="C:\WINDOWS\derc32xz.exe" [2007-12-10 08:01 59392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-07-27 13:00 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-12 01:29 443968]

C:\Documents and Settings\Pascal Morin\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\WidgetEngine\YahooWidgets.exe [2007-12-11 23:34:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-04-14 16:15:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2003-08-26 10:58 49152]

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2007-09-10 16:45]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-09-10 16:45]
R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys [2007-03-13 05:24]
S3 atidgllk;atidgllk;C:\Program Files\ASUS\SmartDoctor\atidgllk.sys []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-11-12 14:59]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 18:31]
S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\system32\DRIVERS\tj2knd5.sys [2001-11-09 04:13]
S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\system32\DRIVERS\tj2kunic.sys [2001-11-09 04:13]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 18:25:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 18:26:05
ComboFix-quarantined-files.txt  2008-01-04 17:26:03
.
2008-01-04 02:00:58   --- E O F --- 


HijackActus

Logfile of HijackThis v1.99.1
Scan saved at 18:32:11, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\derc32xz.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kitco\Kcast\Kcast.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgets.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgets.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgets.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\HijackThis.exe
C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe
C:\WINDOWS\explorer.exe
C:\Hijackthis\actus.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - d:\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: ADVFN Toolbar - {6CE062EA-B8FB-47C0-BCD7-1470A1063D7E} - C:\PROGRA~1\ADVFNT~1\tbu46\advfn.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\\USB 2.0 Card Reader Driver v2.2\FlashIcon.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [frun] C:\WINDOWS\derc32xz.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KITCO] C:\Program Files\Kitco\Kcast\Kcast
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Pascal Morin\Application Data\Mozilla\Firefox\Profiles\6jh3qy59.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Pascal Morin\Application Data\Mozilla\Firefox\Profiles/6jh3qy59.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgets.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://d:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://d:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://d:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - d:\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://ca.moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162983257093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170807373890
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
Revenir en haut de page
Voir le profil de l'utilisateur Envoyer un message privé Envoyer un e-mail
APC
Invité
MessagePosté le: 04 Jan 2008 22:25    Sujet du message: Répondre en citant
Bonsoir,

Déjà quelques questions :

Ton infection s'attrape principalement avec un crack, est-ce que tu as cracké un logiciel et si oui lequel est-ce ?

« actus » a écrit:
J'ai fait une petite erreur de manip


Laquelle ?

« Combofix » a écrit:
2008-01-04 18:22:39.2 - NTFSx86


Peux-tu me poster le 1er rapport de Combofix ? Ainsi que le contenu de celui qui se nomme : ComboFix-quarantined-files.txt.

On va commencer le nettoyage Wink


    Exclamation Désactive ton antivirus et tes autres protections (Sygate) pour que Combofix puisse s'éxécuter normalement,

  1. Ouvre le bloc notes et enregistre la totalité du texte ci-dessous :

    Citation:
    File::
    C:\WINDOWS\system32\actskn45.ocx
    C:\Documents and Settings\Pascal Morin\libcurl.dll
    C:\Documents and Settings\Pascal Morin\kolenkor.dll
    C:\WINDOWS\derc32xz.exe
    C:\WINDOWS\system32\sol718.txt


  2. Enregistre le fichier en le nommant CFScript.txt et fais un glisser/déposer du fichier vers Combofix comme sur l'image ci-dessous :



  3. Double-clique Combofix.exe et laisse le s'exécuter (ne touche à rien pendant toute la durée du scan)

  4. Une fois le scan terminé un rapport Combofix.log va apparaître, enregistre-le sur ton Bureau pour pouvoir le retrouver plus facilement.

  5. Télécharge Deckard's System Scanner (DSS) (de Deckard), sur ton Bureau à partir de ce lien :
    http://deckard.geekstogo.com/dss.exe

    • Ferme tous les programmes en cours, y compris ton navigateur (pas d'activité internet pendant la manipulation)

    • Double clique sur DSS.exe pour lancer l'installation, puis l'outil,

    • Tu devras cliquer [Ok] à chaque fois que cela sera demandé,

    • A l'issue de l'analyse, deux fichiers texte vont apparaître :

      main.txt <- ouvert dans une fenêtre normale
      extra.txt <- ouvert dans une fenêtre réduite

    • Ferme ces deux fenêtres.


  6. Poste le résultat de Combofix , et les deux rapports de DSS (main.txt et extra.txt) qui se trouvent sous C:\Deckard\System Scanner

  7. Réactive tes protections.



@+
Revenir en haut de page
actus
Habitué
Habitué


Inscrit le: 04 Jan 2008
Message(s): 55
MessagePosté le: 04 Jan 2008 22:48    Sujet du message: Répondre en citant
Bonsoir,

1) Non, je n'ai craqué aucun logiciel. Je pense l'avoir attrapé avec un codec après avoir téléchargé un film sur bit torrent. Au lieu de cliquer non, je pense avoir cliqué oui (mais je ne suis pas vraiment sûr).

2) L'erreur de manip c'est que j'ai arrêté Combofix car je ne voyais pas de log arriver; de plus le firewall de Windows était encore actif. J'ai donc tout relancé (et désactivé tous les AV et autres pare-feux que j'ai pu trouver).

3) Je n'ai pas d'autre rapport de combofix (cf. 2) ci-dessus)

1995-12-22 08:16      432    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\CFX32.LIC.vir
1996-06-10 13:24      307200    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\CFX32.OCX.vir
2007-03-27 02:11      9    --a------    C:\Qoobox\Quarantine\C\WINDOWS\OPTIONS\CABS\_desktop.ini.vir
2008-01-04 17:32      1196    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_DRIVER.reg.dat
2008-01-04 17:32      678    --a------    C:\Qoobox\Quarantine\Registry_backups\services_Driver.reg.dat
2008-01-04 17:32      698    --a------    C:\Qoobox\Quarantine\Registry_backups\hklm_windowsNT_windows.reg.dat
2008-01-04 17:33      3185    --a------    C:\Qoobox\Quarantine\C\ComboFix\errdbg.dat.vir


4) je fais le reste des manip indiquées.

Et merci! Smile

@ tout
Revenir en haut de page
Voir le profil de l'utilisateur Envoyer un message privé Envoyer un e-mail
actus
Habitué
Habitué


Inscrit le: 04 Jan 2008
Message(s): 55
MessagePosté le: 04 Jan 2008 23:11    Sujet du message: Répondre en citant
Voici les log:

Combofix

ComboFix 08-01-04.1 - Pascal Morin 2008-01-04 21:56:38.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1268 [GMT 1:00]
Running from: C:\Documents and Settings\Pascal Morin\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2007-12-04 to 2008-01-04  )))))))))))))))))))))))))))))))
.

2008-01-04 17:28 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\NirCmd.exe
2008-01-04 12:33 . 2008-01-04 12:33   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-04 02:41 . 2008-01-04 18:32   <DIR>   d--------   C:\Hijackthis
2008-01-04 02:24 . 2008-01-04 02:23   505,382   --a------   C:\HijackThis.exe
2008-01-03 14:05 . 2008-01-04 00:30   3,882   --a------   C:\WINDOWS\system32\tmp.reg
2008-01-03 14:04 . 2008-01-04 00:49   <DIR>   d--------   C:\SmitfraudFix
2008-01-03 14:00 . 2008-01-03 14:00   1,129,580   --a------   C:\SmitfraudFix.exe
2008-01-03 13:46 . 2008-01-03 13:46   <DIR>   d--------   C:\Program Files\CCleaner
2007-12-28 00:44 . 2006-11-12 11:39   483,328   --a------   C:\WINDOWS\system32\actskn45.ocx
2007-12-17 09:07 . 2007-12-17 09:07   70,656   --a------   C:\Documents and Settings\Pascal Morin\kolenkor.dll
2007-12-12 08:04 . 2007-12-12 08:04   287,232   --a------   C:\Documents and Settings\Pascal Morin\libcurl.dll
2007-12-11 10:48 . 2007-12-11 10:48   <DIR>   d--------   C:\Program Files\Sygate
2007-12-11 10:48 . 2004-10-15 18:32   83,096   --a------   C:\WINDOWS\system32\SSSensor.dll
2007-12-11 10:48 . 2004-10-15 18:17   60,496   --a------   C:\WINDOWS\system32\drivers\Teefer.sys
2007-12-11 10:48 . 2004-10-15 18:18   21,075   --a------   C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-12-11 10:48 . 2004-10-15 18:32   14,568   --a------   C:\WINDOWS\system32\drivers\wg6n.sys
2007-12-11 10:48 . 2004-10-15 18:32   14,568   --a------   C:\WINDOWS\system32\drivers\wg5n.sys
2007-12-11 10:48 . 2004-10-15 18:32   14,568   --a------   C:\WINDOWS\system32\drivers\wg4n.sys
2007-12-11 10:48 . 2004-10-15 18:32   14,568   --a------   C:\WINDOWS\system32\drivers\wg3n.sys
2007-12-10 08:01 . 2007-12-10 08:01   59,392   --a------   C:\WINDOWS\derc32xz.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 20:58   ---------   d-----w   C:\Documents and Settings\Pascal Morin\Application Data\Skype
2008-01-04 19:59   ---------   d-----w   C:\Program Files\Mozilla Thunderbird
2008-01-04 17:01   ---------   d-----w   C:\Program Files\Plaxo
2008-01-04 00:05   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-03 09:49   ---------   d-----w   C:\Documents and Settings\Pascal Morin\Application Data\OrgPlus5
2008-01-01 22:25   ---------   d-----w   C:\Documents and Settings\Pascal Morin\Application Data\Move Networks
2007-12-17 20:16   ---------   d-----w   C:\Program Files\GeoGebra
2007-12-12 11:19   ---------   d-----w   C:\Documents and Settings\Pascal Morin\Application Data\OpenOffice.org2
2007-11-24 19:19   ---------   d-----w   C:\Program Files\OGSConverter
2007-11-12 14:44   ---------   d-----w   C:\Documents and Settings\Pascal Morin\Application Data\ATI
2007-11-12 14:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\ATI
2007-11-12 14:42   ---------   d-----w   C:\Program Files\ATI Technologies
2007-11-12 14:41   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-11-12 14:01   ---------   d-----w   C:\Program Files\Realtek
2007-11-12 14:00   315,392   ----a-w   C:\WINDOWS\HideWin.exe
2007-11-12 14:00   ---------   d-----w   C:\Documents and Settings\Pascal Morin\Application Data\InstallShield
2007-11-12 13:59   15,600   ----a-w   C:\WINDOWS\gdrv.sys
2007-11-12 12:49   ---------   d-----w   C:\Program Files\Messenger Plus! Live
2007-10-29 16:12   103,736   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2006-11-26 20:33   495,616   ----a-w   C:\Program Files\whosin.mdb
2006-11-26 20:32   23   ----a-w   C:\Program Files\whosin.ini
2006-09-26 19:18   2,625,265   ----a-w   C:\Program Files\openofficeorg4.cab
2006-09-26 19:17   56,053,978   ----a-w   C:\Program Files\openofficeorg3.cab
2006-09-26 19:11   17,831,342   ----a-w   C:\Program Files\openofficeorg1.cab
2006-09-26 19:11   15,305,884   ----a-w   C:\Program Files\openofficeorg2.cab
2006-09-26 19:09   5,289,984   ----a-w   C:\Program Files\openofficeorg20.msi
2006-09-26 19:09   217   ----a-w   C:\Program Files\setup.ini
2006-09-01 18:05   299,008   ----a-w   C:\Program Files\setup.exe
2006-05-23 08:34   41   ----a-w   C:\Program Files\sample-import-file.csv
2006-03-03 11:04   266,714   ----a-w   C:\Program Files\setuplog.txt
2004-08-04 17:56   151,552   ----a-w   C:\Program Files\scrrun.dll
2004-03-08 23:00   260,880   ----a-w   C:\Program Files\msflxgrd.ocx
2004-03-08 23:00   152,848   ----a-w   C:\Program Files\comdlg32.ocx
2004-03-08 23:00   132,880   ----a-w   C:\Program Files\msinet.ocx
2002-03-11 08:06   1,822,520   ----a-w   C:\Program Files\instmsiw.exe
2002-03-11 07:45   1,708,856   ----a-w   C:\Program Files\instmsia.exe
2001-08-23 23:00   557,128   ----a-w   C:\Program Files\DAO360.DLL
1999-03-25 23:00   101,888   ----a-w   C:\Program Files\vb6stkit.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{6CE062EA-B8FB-47C0-BCD7-1470A1063D7E}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_CLASSES_ROOT\clsid\{6ce062ea-b8fb-47c0-bcd7-1470a1063d7e}]
[HKEY_CLASSES_ROOT\XBTB01793.XBTB01793.1]
[HKEY_CLASSES_ROOT\TypeLib\{A67AEBCA-11FC-49df-85BA-4E8CE0BFD67A}]
[HKEY_CLASSES_ROOT\XBTB01793.XBTB01793]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6CE062EA-B8FB-47C0-BCD7-1470A1063D7E}"= C:\PROGRA~1\ADVFNT~1\tbu46\advfn.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{6ce062ea-b8fb-47c0-bcd7-1470a1063d7e}]
[HKEY_CLASSES_ROOT\XBTB01793.XBTB01793.1]
[HKEY_CLASSES_ROOT\TypeLib\{A67AEBCA-11FC-49df-85BA-4E8CE0BFD67A}]
[HKEY_CLASSES_ROOT\XBTB01793.XBTB01793]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-03-23 14:34 1630303]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 13:00 15360]
"KITCO"="C:\Program Files\Kitco\Kcast\Kcast" [ ]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 21:49 4662776]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe" [2007-12-11 17:21 227914]
"ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"="C:\Documents and Settings\Pascal Morin\Application Data\Mozilla\Firefox\Profiles\6jh3qy59.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"FlashIcon"="C:\Program Files\\USB 2.0 Card Reader Driver v2.2\FlashIcon.EXE" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-11 21:10 344064]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-06-04 18:57 188416]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-10 16:41 249896]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-15 01:58 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-15 19:39 155648]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-07-22 01:10 577602]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-09 08:50 28672]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 01:36 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 00:18 57344]
"Adobe Reader Speed Launcher"="D:\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-02-06 13:08 1953792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"frun"="C:\WINDOWS\derc32xz.exe" [2007-12-10 08:01 59392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-07-27 13:00 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-12 01:29 443968]

C:\Documents and Settings\Pascal Morin\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\WidgetEngine\YahooWidgets.exe [2007-12-11 23:34:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-04-14 16:15:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2003-08-26 10:58 49152]

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2007-09-10 16:45]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-09-10 16:45]
R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys [2007-03-13 05:24]
S3 atidgllk;atidgllk;C:\Program Files\ASUS\SmartDoctor\atidgllk.sys []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-11-12 14:59]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 18:31]
S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\system32\DRIVERS\tj2knd5.sys [2001-11-09 04:13]
S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\system32\DRIVERS\tj2kunic.sys [2001-11-09 04:13]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 21:58:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 21:59:17
ComboFix-quarantined-files.txt  2008-01-04 20:59:15
ComboFix2.txt  2008-01-04 17:26:06
.
2008-01-04 02:00:58   --- E O F --- 


Deckard Main

Deckard's System Scanner v20071014.68
Run by Pascal Morin on 2008-01-04 22:01:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
53: 2008-01-04 21:01:53 UTC - RP83 - Deckard's System Scanner Restore Point
52: 2008-01-04 16:28:55 UTC - RP82 - ComboFix created restore point
51: 2008-01-04 02:00:56 UTC - RP81 - Software Distribution Service 3.0
50: 2008-01-03 08:13:49 UTC - RP80 - Software Distribution Service 3.0
49: 2008-01-02 07:45:44 UTC - RP79 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-11-24 21:21:59 UTC - RP31 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Pascal Morin.exe) ----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:03:03, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\derc32xz.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kitco\Kcast\Kcast.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgets.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgets.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgets.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Pascal Morin\Desktop\dss.exe
C:\HIJACK~1\Pascal Morin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - d:\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: ADVFN Toolbar - {6CE062EA-B8FB-47C0-BCD7-1470A1063D7E} - C:\PROGRA~1\ADVFNT~1\tbu46\advfn.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\\USB 2.0 Card Reader Driver v2.2\FlashIcon.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [frun] C:\WINDOWS\derc32xz.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KITCO] C:\Program Files\Kitco\Kcast\Kcast
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Pascal Morin\Application Data\Mozilla\Firefox\Profiles\6jh3qy59.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Pascal Morin\Application Data\Mozilla\Firefox\Profiles/6jh3qy59.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgets.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://d:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://d:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://d:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - d:\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://ca.moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162983257093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170807373890
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files