Win32.Delf.uc

rafmiouc · le 11 décembre 2007

Bonjour,

Depuis maintenant une semaine je me bats contre ce truc qui reviens sans cesse en lisant les forum.

J'ai bien lu les post it du forum pour un pré-nettoyage mais voià mon soucis

Impossible d'installer antivir, au moment de l'install problem de CRC du à l'infection.

-en mode normal

-en mode sans echec

-via un CD.

Rien à faire.

Petit historique :

Après un passage de Spy boot détection des intrus suivants :

torping

Win32:virtob

win32.Delc.uc

j'avais nod32 mais il n'a rien vu.

J'ai désinstaller nod32 car il bloquait le demarrage après passage de spyboot

En passant par le mode sans échec + passage de rmvirut + Smitfraudfix + SDFix +ATF

J'ai pu me débarrasser de torping +virtob (enfin je pense puisque spyboot ne les voit plus)

Mais win32.Delf.uc rien à faire.

J'ai essayer de réinstaller nod32, mais il détecte tous mes .exe comme infectés et me propose de les supprimer uniquement.

J'ai rien fait.

N'étant pas un expert je vous demande votre soutien.

Ne sachant pas lire le rapport de hijackthis, je vous demande voter aide

Voici le rapport :

Logfile of HijackThis v1.99.1

Scan saved at 18:46:27, on 11/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190466270562

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{73D9BB0A-7F66-48CE-B56C-6DB4641B5E9A}: NameServer = 212.27.53.252,212.27.54.252

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: E404Helper - {38ad1a2e-0918-47e6-9f4a-5056a530e65d} - e404d.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

Merci pour votre aide

bruce lee · le 11 décembre 2007

Bonjour rafmiouc et bienvenue sur zebulon

1. Télécharge combofix.exe (par sUBs) ici :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

sur ton Bureau.

2. Double clique sur combofix.exe puis tape 1 pour lancer le scan.

3. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

rafmiouc · le 11 décembre 2007

Impossible de le lancer :

ComboFiw n'est pas une application Win32 valide !!

bruce lee · le 11 décembre 2007

Re,

Télécharge Deckard's System Scanner http://deckard.geekstogo.com/dss.exe sur ton bureau

Ferme toutes les applications en cours

Doublie clique sur dss.exe. Tu auras deux messages qui vont apparaitre à l'écran, clique sur OK pour les deux.

Sois patient, le scan peut être long.

A la fin tu auras de nouveau un message disant que bloc-notes va s'ouvrir clique sur OK puis fais un copier/coller de tout son contenu.

rafmiouc · le 11 décembre 2007

Re

le log

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Édition familiale (build 2600) SP 2.0

Architecture: X86; Language: French

CPU 0: AMD Athlon 64 Processor 3400+

Percentage of Memory in Use: 25%

Physical Memory (total/avail): 1535.48 MiB / 1141.43 MiB

Pagefile Memory (total/avail): 2921.89 MiB / 2628.74 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1924.12 MiB

C: is Fixed (NTFS) - 272.46 GiB total, 229.05 GiB free.

D: is Fixed (FAT32) - 2.05 GiB total, 0.71 GiB free.

E: is CDROM (No Media)

F: is CDROM (No Media)

G: is CDROM (No Media)

I: is Removable (No Media)

J: is Removable (No Media)

K: is Removable (No Media)

L: is Removable (No Media)

Z: is Network (WebDrive)

\\.\PHYSICALDRIVE0 - Maxtor 6B300S0 - 279.47 GiB - 3 partitions

\PARTITION0 (bootable) - Système de fichiers installable - 272.46 GiB - C:

\PARTITION1 - Unknown - 2.05 GiB - D:

\PARTITION2 - Unknown - 4.96 GiB

\\.\PHYSICALDRIVE4 - SCM CF Card Reader USB Device

\\.\PHYSICALDRIVE1 - SCM MS Card Reader USB Device

\\.\PHYSICALDRIVE2 - SCM SD Card Reader USB Device

\\.\PHYSICALDRIVE3 - SCM SM Card Reader USB Device

-- Security Center -------------------------------------------------------------

AUOptions is disabled.

Windows Internal Firewall is disabled.

FirstRunDisabled is set.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"

"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"

"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"

"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"

"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"

"C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\UT2004\\System\\UT2004.exe"="C:\\UT2004\\System\\UT2004.exe:*:Enabled:UT2004"

"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Raf\Application Data

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Fichiers communs

COMPUTERNAME=AMD64

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Raf

LOGONSERVER=\\AMD64

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\Fichiers communs\Ulead Systems\DVD;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 15 Stepping 0, AuthenticAMD

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0f00

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Raf\LOCALS~1\Temp

TMP=C:\DOCUME~1\Raf\LOCALS~1\Temp

USERDOMAIN=AMD64

USERNAME=Raf

USERPROFILE=C:\Documents and Settings\Raf

windir=C:\WINDOWS

__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

Raf (admin)

Administrateur (admin)

Invité (guest)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

--> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu

--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL

--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBBB5EED-CC92-49F2-A276-D5433F39D1EB}\Setup.exe" -l0x40c

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

ABBYY FineReader 8.0 Professional Edition --> MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}

AC-3 ACM Decompressor --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AC3ACM.inf

AC3+DTS XForm (remove only) --> "C:\Program Files\AC3+DTS XForm\uninstall.exe"

Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}

Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Reader 8.1.1 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}

adsl TV --> C:\Program Files\adslTV\Uninstal.exe

Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c

Auto Gordian Knot 2.40 beta --> C:\Program Files\AutoGK\uninst.exe

AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe

AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"

Boilsoft ASF Converter 2.68 --> "C:\Program Files\Boilsoft ASF Converter\unins000.exe"

CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"

CDXA Image Reader Filter (SVCD/XCD) (remove only) --> "C:\Program Files\CDXA Image Reader Filter (SVCDXCD)\uninstall.exe"

CHIPDRIVE SIM Manager Pro v3.3 --> "C:\Program Files\CHIPDRIVE\SIM Manager Pro\unins000.exe"

DiscAPI (Studio 10) --> MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}

DVD de bonus Studio 10 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6A012D9C-2E2E-405A-B87C-E909F5297C3F}\Setup.exe" -l0x40c UNINSTALL

EVEREST Home Edition v2.01 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"

FlashGet 1.8.2.1002 --> C:\Program Files\FlashGet\uninst.exe

FM-56PCI-HSFi-AB --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F02&SUBSYS_000B1767

Foxit PDF Editor --> C:\Program Files\Foxit Software\PDF Editor\uninstall.exe

Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe

Foxit Toolbar --> C:\PROGRA~1\Foxit\UNWISE.EXE C:\PROGRA~1\Foxit\INSTALL.LOG

HijackThis 1.99.1 --> C:\hijackthis\HijackThis.exe /uninstall

HP PrecisionScan --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPUninstallIs.dll"

Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

K-Lite Codec Pack 3.2.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"

Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe

Lizardtech DjVu Control --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x40c

Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}

Microsoft Photo Premium 10 --> "C:\Program Files\Fichiers communs\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Word 2002 --> MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}

Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL

Nero Suite --> C:\Program Files\Fichiers communs\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""

NeroMIX --> C:\WINDOWS\UNNMIX.exe /UNINSTALL

NeroVision Express Content --> C:\WINDOWS\UNNVEContent.exe /UNINSTALL

NetDrive --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\NetDrive\Uninst.isu" -c"C:\Program Files\NetDrive\uninstall.dll"

NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI

O&O Defrag Professional Edition --> MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}

OpenSource MPEG Splitter (remove only) --> "C:\Program Files\OpenSource MPEG Splitter\uninstall.exe"

OpenSource OGG Splitter (remove only) --> "C:\Program Files\OpenSource OGG Splitter\uninstall.exe"

Opera 9.23 --> MsiExec.exe /X{45A54FAD-AADB-4CD2-9E56-2507A15F013D}

PDFCreator --> C:\Program Files\PDFCreator\unins000.exe

Philips SPC 900NC PC Camera --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}\setup.exe" -l0x40c

Philips VLounge --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89ACA875-BDB9-443C-B7C7-D74D3BDE8FE2}\Setup.exe" -l0x40c

Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"

Pinnacle Hollywood FX for Studio --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\6.0\uninstal.log

Pinnacle Instant DVD Recorder --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x40c UNINSTALL

proDAD Heroglyph 2.0 --> "C:\Program Files\proDAD\Heroglyph-2.0\uninstall.exe" uninstall spcp PATHVERSION 2.0 MAINNAME Heroglyph

RadLight OptimFROG DirectShow Filter (remove only) --> "C:\WINDOWS\system32\RadLightOFRUninstall.exe"

RAPID (Studio 10) --> MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}

Real Alternative 1.48 --> "C:\Program Files\Real Alternative\unins000.exe"

RealPlayer Basic --> C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0

Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly

Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

SIPPS --> C:\WINDOWS\UNSIPPS.exe /UNINSTALL

Smart Card Reader Driver Installation --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9BAA0FD-3D69-43C2-B587-B153E402EFA3}\SETUP.EXE" -l0x9

SmartSound Quicktracks Plugin --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}

SONY Photosizetool --> MsiExec.exe /X{05920D61-7B23-47ED-A3F5-6B1936A95AE0}

SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}

Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Studio 10 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup.exe" -l0x40c UNINSTALL

Studio 10.5 Patch --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08E2EC5A-9C9D-4472-AB52-4165774BB8D8}\setup.exe" -l0x40c UNINSTALL

Studio 10.5.2 Patch --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED775CE1-E9F7-41C4-BE91-C925E6D5F513}\setup.exe" -l0x40c UNINSTALL -removeonly

Sélecteur d'installation de Microsoft Works 2005 --> C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP E:\

TeLL me More --> "C:\TELL ME MORE NV\BIN\unsetup.exe" -file "C:\TELL ME MORE NV\unsetup.aui"

TreeSize Free V1.77 --> "C:\Program Files\JAM Software\TreeSize\unins000.exe"

TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}

Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"

Ulead COOL 360 1.0 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}\setup.exe" -l0x40c -uninst

Ulead Photo Explorer 8.0 SE Basic --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}\setup.exe" -l0x40c

UltraISO Premium V8.62 --> "C:\Program Files\UltraISO\unins000.exe"

Unreal Tournament 2004 --> C:\UT2004\System\Setup.exe uninstall "UT2004"

USB Wireless Keyboard Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6054F774-FEF0-46C6-9311-EC97FC576FC5}\SETUP.EXE" -l0x40c

Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

Visionneuse Journal Windows Microsoft --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}

VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"

Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat

Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"

Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}

Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}

Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}

Windows Media Connect --> msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}

Windows Media Connect --> MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows Presentation Foundation Language Pack (FRA) --> MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}

Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

Windows Workflow Foundation FR Language Pack --> MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

XML Paper Specification Shared Components Pack 1.0 -->

XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"

ZyDAS IEEE 802.11g Wireless LAN - USB --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\Setup.exe" -l0x9

-- Application Event Log -------------------------------------------------------

Event Record #/Type6712 / Error

Event Submitted/Written: 12/11/2007 06:42:41 PM

Event ID/Source: 1000 / Application Error

Event Description:

Application défaillante hijackthis.exe, version 1.99.0.1, module défaillant jkkli.dll, version 0.0.0.0, adresse de défaillance 0x0005f5e3.

Traitement de l'événement propre au support pour [hijackthis.exe!ws!]

Event Record #/Type6711 / Error

Event Submitted/Written: 12/11/2007 06:42:27 PM

Event ID/Source: 1000 / Application Error

Event Description:

Application défaillante hijackthis.exe, version 1.99.0.1, module défaillant jkkli.dll, version 0.0.0.0, adresse de défaillance 0x0005f5e3.

Traitement de l'événement propre au support pour [hijackthis.exe!ws!]

Event Record #/Type6685 / Error

Event Submitted/Written: 12/09/2007 11:27:38 PM

Event ID/Source: 1004 / Application Error

Event Description:

Application défaillante mpnotify.exe, version 5.1.2600.0, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x005b0406.

Erreur lors de la création du PEAP-TLV résultat en réponse au PEAP-TLV reçu (mpnotify.exe!ld!).

Event Record #/Type6680 / Error

Event Submitted/Written: 12/09/2007 11:23:27 PM

Event ID/Source: 1000 / Application Error

Event Description:

Application défaillante mpnotify.exe, version 5.1.2600.0, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x005b0406.

Traitement de l'événement propre au support pour [mpnotify.exe!ws!]

Event Record #/Type6660 / Warning

Event Submitted/Written: 12/09/2007 01:23:09 PM

Event ID/Source: 1015 / MsiInstaller

Event Description:

La connexion au serveur est impossible. Erreur : 0x8007043C

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type30702 / Error

Event Submitted/Written: 12/11/2007 08:37:43 PM

Event ID/Source: 7001 / Service Control Manager

Event Description:

Le service Service Partage réseau du Lecteur Windows Media dépend du service Hôte de périphérique universel Plug-and-Play qui n'a pas pu démarrer en raison de l'erreur :

%%1058

Event Record #/Type30701 / Error

Event Submitted/Written: 12/11/2007 08:37:43 PM

Event ID/Source: 7009 / Service Control Manager

Event Description:

Délai (30000 millisecondes) d'attente pour une connexion du service Carte à puce.

Event Record #/Type30700 / Error

Event Submitted/Written: 12/11/2007 08:37:43 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

Le service Spouleur d'impression n'a pas pu démarrer en raison de l'erreur :

%%1053

Event Record #/Type30699 / Error

Event Submitted/Written: 12/11/2007 08:37:43 PM

Event ID/Source: 7009 / Service Control Manager

Event Description:

Délai (30000 millisecondes) d'attente pour une connexion du service Spouleur d'impression.

Event Record #/Type30692 / Error

Event Submitted/Written: 12/11/2007 08:36:36 PM

Event ID/Source: 10005 / DCOM

Event Description:

DCOM a reçu l'erreur "%%1084" lors de la mise en route du service EventSystem avec les arguments ""

pour démarrer le serveur :

{1BE1F766-5536-11D1-B726-00C04FB926AF}

-- End of Deckard's System Scanner: finished at 2007-12-11 20:43:05 ------------

le log precedent s'appelle extra.txt

et celui-ci main.txt (car je crois que HJT est corrompu lui aussi)

Deckard's System Scanner v20071014.68

Run by Raf on 2007-12-11 20:40:21

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 1 Restore Point(s) --

1: 2007-12-11 19:40:24 UTC - RP376 - Deckard's System Scanner Restore Point

Backed up registry hives.

Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2007-12-11 20:42:08

Platform: Windows XP Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NetDrive\wdService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\soundman.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Raf\Bureau\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.targa.co.uk/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

R3 - URLSearchHook: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: {ead24ed1-1234-da1b-f7b4-d860380779b0} - {0b977083-068d-4b7f-b1ad-43211de42dae} - C:\WINDOWS\system32\dnmlafbq.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {B4A5B280-1700-4B72-A8E0-CC5F0DA8DFFA} - C:\WINDOWS\system32\jkkli.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O2 - BHO: (no name) - {FED51DF2-9644-4C58-9104-90244EDD6EEC} - C:\WINDOWS\system32\awttutq.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [847368e1] rundll32.exe "C:\WINDOWS\system32\exytgqjs.dll",b

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: (no name) - CmdMapping - (file missing)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7.../OGAControl.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190466270562

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.microsoft.com/download/7/E...04/clearadj.cab

O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{73D9BB0A-7F66-48CE-B56C-6DB4641B5E9A}: NameServer = 212.27.53.252,212.27.54.252

O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll

O20 - Winlogon Notify: awttutq - C:\WINDOWS\system32\awttutq.dll

O20 - Winlogon Notify: winhoq32 - C:\WINDOWS\system32\winhoq32.dll (file missing)

O21 - SSODL: E404Helper - {38ad1a2e-0918-47e6-9f4a-5056a530e65d} - e404d.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

--

End of file - 8744 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ISODrive (ISO DVD/CD-ROM Device Driver) - c:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>

R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

R2 WebDriveFSD (WebDrive File System Driver) - c:\program files\netdrive\rffsd.sys

R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>

R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>

S3 catchme - c:\docume~1\raf\locals~1\temp\catchme.sys (file missing)

S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)

S3 METROP (Hewlett-Packard ScanJet 5300C/5370C) - c:\windows\system32\drivers\hp53pw2k.sys <Not Verified; Hewlett Packard Inc.; Hewlett Packard Inc.HP53PW2K>

S3 ovt519 (VGA USB Camera) - c:\windows\system32\drivers\ov519vid.sys (file missing)

S3 QCMerced (Logitech QuickCam Communicate) - c:\windows\system32\drivers\lvcm.sys (file missing)

S3 STV680 (STV0680 Camera) - c:\windows\system32\drivers\stv680.sys <Not Verified; STMicroelectronics; ST-VIBU STV680 Camera Driver>

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>

R2 WebDriveService (WebDrive Service) - c:\program files\netdrive\wdservice.exe

S3 WmcCdsLs (Aide de Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2007-11-11 and 2007-12-11 -----------------------------

2007-12-11 20:38:20 0 d-------- C:\Documents and Settings\Raf\Application Data\Grisoft

2007-12-11 19:12:59 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Macromedia

2007-12-11 18:53:57 85568 --a------ C:\WINDOWS\system32\exytgqjs.dll

2007-12-11 18:53:57 80448 --a------ C:\WINDOWS\system32\dnmlafbq.dll

2007-12-11 18:53:43 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft

2007-12-11 18:53:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2007-12-11 18:52:32 62580 ---hs---- C:\WINDOWS\system32\ilkkj.bak2

2007-12-11 18:48:43 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Mozilla

2007-12-11 18:39:47 0 dr-h----- C:\Documents and Settings\Raf\Recent

2007-12-11 18:26:33 0 --a------ C:\ComboFix.exe

2007-12-11 18:03:17 0 d-------- C:\VundoFix Backups

2007-12-10 22:29:27 0 d-------- C:\WINDOWS\ERUNT

2007-12-10 22:04:42 0 d-------- C:\hijackthis

2007-12-10 21:10:06 0 d-------- C:\SmitfraudFix

2007-12-10 02:13:03 0 d-------- C:\AVG

2007-12-10 01:43:52 0 d-------- C:\Program Files\LizardTech

2007-12-10 00:23:19 0 d-------- C:\Program Files\Alwil Software

2007-12-09 23:47:56 7340032 --a------ C:\Documents and Settings\Raf\ntuser.dat

2007-12-09 23:47:53 1400832 --a------ C:\Documents and Settings\LocalService\ntuser.dat

2007-12-09 13:35:55 6495 ---hs---- C:\WINDOWS\system32\ilkkj.bak1

2007-12-09 13:35:35 335968 --a------ C:\WINDOWS\system32\jkkli.dll

2007-12-09 13:26:28 0 dr-h----- C:\Documents and Settings\Administrateur\Recent

2007-12-09 11:06:14 36352 --a------ C:\WINDOWS\system32\WS2Fix.exe

2007-12-09 11:06:14 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >

2007-12-09 11:06:14 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>

2007-12-09 11:06:14 58368 --a------ C:\WINDOWS\system32\dumphive.exe

2007-12-09 11:06:13 61440 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>

2007-12-09 10:48:41 1534 --a------ C:\WINDOWS\system32\tmp.reg

2007-12-09 10:44:31 1046702 --a------ C:\SmitfraudFix.exe

2007-12-09 00:09:35 0 d-------- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software

2007-12-08 19:58:56 37888 --a------ C:\WINDOWS\system32\wvuvwtt.dll

2007-12-08 19:56:36 0 d-------- C:\Program Files\Helper

2007-12-08 19:56:19 37888 --a------ C:\WINDOWS\system32\awttutq.dll

2007-12-06 22:58:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe

2007-12-06 22:47:14 0 d-------- C:\Program Files\Foxit

2007-11-27 18:57:36 0 d-------- C:\Program Files\CHIPDRIVE

-- Find3M Report ---------------------------------------------------------------

2007-12-10 01:40:13 0 d-------- C:\Program Files\ABBYY FineReader 8.0 Professional Edition

2007-12-10 01:40:11 0 d-------- C:\Program Files\adslTV

2007-12-10 01:40:01 0 d-------- C:\Program Files\AutoGK

2007-12-10 01:40:00 0 d-------- C:\Program Files\Boilsoft ASF Converter

2007-12-10 01:40:00 0 d-------- C:\Program Files\AvRack

2007-12-10 01:39:54 0 d-------- C:\Program Files\Foxit Reader

2007-12-10 01:39:54 0 d-------- C:\Program Files\FlashGet

2007-12-10 01:39:52 0 d-------- C:\Program Files\HP Adjustment Pattern Utility

2007-12-10 01:39:47 0 d-------- C:\Program Files\Messenger

2007-12-10 01:39:44 0 d-------- C:\Program Files\Movie Maker

2007-12-10 01:39:43 0 d-------- C:\Program Files\Opera

2007-12-10 01:39:43 0 d-------- C:\Program Files\NetDrive

2007-12-10 01:39:42 0 d-------- C:\Program Files\PDFCreator

2007-12-10 01:39:41 0 d-------- C:\Program Files\Picture It! Premium 10

2007-12-10 01:39:36 0 d-------- C:\Program Files\Realtek AC97

2007-12-10 01:39:35 0 d-------- C:\Program Files\TuneUp Utilities 2007

2007-12-10 01:39:34 0 d-------- C:\Program Files\Windows Media Connect 2

2007-12-10 01:39:34 0 d-------- C:\Program Files\Windows Journal Viewer

2007-12-10 01:39:34 0 d-------- C:\Program Files\Warcraft III

2007-12-10 01:39:34 0 d-------- C:\Program Files\UltraISO

2007-12-10 01:07:29 0 d-------- C:\Program Files\Windows Media Connect

2007-12-09 16:12:38 504910 --a------ C:\WINDOWS\system32\perfh00C.dat

2007-12-09 16:12:38 83286 --a------ C:\WINDOWS\system32\perfc00C.dat

2007-12-09 11:13:54 8019 --a------ C:\WINDOWS\mozver.dat

2007-12-09 09:33:05 80384 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>

2007-12-06 23:00:41 0 d-------- C:\Documents and Settings\Raf\Application Data\Adobe

2007-12-06 22:59:00 0 d-------- C:\Program Files\Fichiers communs\Adobe

2007-11-28 16:38:03 0 d-------- C:\Program Files\skype

2007-11-28 16:38:03 0 d-------- C:\Program Files\Fichiers communs

2007-11-27 18:53:17 0 d-------- C:\Program Files\SIM Manager Pro

2007-11-27 12:01:02 3480 --a------ C:\WINDOWS\AUTOLNCH.REG

2007-10-28 19:34:40 0 d-------- C:\Documents and Settings\Raf\Application Data\OfficeUpdate12

2007-10-28 19:27:07 0 d-------- C:\Program Files\Fichiers communs\ODBC

2007-10-21 14:55:48 0 d-------- C:\Program Files\Picasa2

2007-10-06 23:29:18 66832 --a------ C:\Documents and Settings\Raf\Application Data\GDIPFONTCACHEV1.DAT

2007-09-17 17:40:56 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b977083-068d-4b7f-b1ad-43211de42dae}]

11/12/2007 18:53 80448 --a------ C:\WINDOWS\system32\dnmlafbq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}]

25/11/2007 16:48 1498136 --a------ C:\Program Files\Foxit\tbFoxi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4A5B280-1700-4B72-A8E0-CC5F0DA8DFFA}]

09/12/2007 13:35 335968 --a------ C:\WINDOWS\system32\jkkli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FED51DF2-9644-4C58-9104-90244EDD6EEC}]

08/12/2007 19:56 37888 --a------ C:\WINDOWS\system32\awttutq.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{73C7D5B0-7B03-444A-84C7-CE1BA03B5573}"= C:\Program Files\Foxit\tbFoxi.dll [25/11/2007 16:48 1498136]

[-HKEY_CLASSES_ROOT\CLSID\{73C7D5B0-7B03-444A-84C7-CE1BA03B5573}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [02/03/2006 06:22 C:\WINDOWS\soundman.exe]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 12:22]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]

"847368e1"="C:\WINDOWS\system32\exytgqjs.dll" [11/12/2007 18:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 21:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsHistory"=1 (0x1)

"NoSMHelp"=01000000

"NoRecentDocsMenu"=01000000

"NoSMMyDocs"=01000000

"NoSMMyPictures"=01000000

"StartMenuLogOff"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{FED51DF2-9644-4C58-9104-90244EDD6EEC}"= C:\WINDOWS\system32\awttutq.dll [08/12/2007 19:56 37888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"E404Helper"= {38ad1a2e-0918-47e6-9f4a-5056a530e65d} - e404d.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttutq]

awttutq.dll 08/12/2007 19:56 37888 C:\WINDOWS\system32\awttutq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhoq32]

winhoq32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkli.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

AutoRun\command- D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf9ec1c1-6a2f-11d9-92be-806d6172696f}]

AutoRun\command- E:\Autorun.exe

*Newly Created Service* - AVGASCLN

-- Hosts -----------------------------------------------------------------------

127.0.0.1 NtKrnlpa.info

-- End of Deckard's System Scanner: finished at 2007-12-11 20:43:05 ------------

bruce lee · le 11 décembre 2007

Re,

J'aimerai que tu repasses SDFIX:

Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.

***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFix.exe ***

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

Démarre en mode sans échec

http://cybersecurite.xooit.com/t88-Demarre...s-echec.htm#665

Déroule la liste des instructions ci-dessous :

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

rafmiouc · le 11 décembre 2007

SDFix report

SDFix: Version 1.118

Run by Raf on 11/12/2007 at 20:59

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix\SDFix

Safe Mode:

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting...

Normal Mode:

Checking Files:

Trojan Files Found:

C:\COMBOFIX.EXE - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS

No streams found.

C:\WINDOWS\system32

No streams found.

C:\WINDOWS\system32\svchost.exe

No streams found.

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-11 21:08:35

Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:

ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]

"OODEFRAG08.00.00.01WORKSTATION"="19645FFA519F18357B00A2524004475F6B151DE5561C5C26B55CD70F43C41AB2FB190435D28A0304ABB9A9506F2FCA9889C15E3BB07E56E4BFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D8EDD5E5BE2F6E667C038D530D6EB34526659381282546FCDC3F769B9B33E4F77E91A4CA8C8DFB22A88AF8EDBBD6D04173F2774560B73B0AF8E25AF2FFC5AA7320E5075B3D2F62058FB2E7A8E3A2F300C9A082B8E8B2937A8DBEB40EEE71417D9DAB29C399571B87AAF1C80B13880EB9104F788D753AA06D103E2FD742289E2371810F735B9F62AA977224B607C32E733FB18CC10E18F724653C3DDFE88BB29187E5BD1E999117683988B9A008176AB7F742A4B5AF0D2A9A60DE9E892B010584D3DA787DBC9AE6FA9CEC6C0B3F5650F88D797EC9EE8D6281464D5BB78E051B4A974B18C548AA240C2496525E63AFA4166026C2F07E95FC1B8032E88BC15AA5507BBD4E6E057A165762CA043C762954433C0579F83C5941D3F07BA142FFC2EA7C29D15B052DB472E738C522B48BAF8EC0DDAAD65468203B5577EE8B864FBD2693C959617BD7792406BF5F87F20BE4C65178766B7C75B1B583571C86234A9EF2FD718A45FFBC064159468B77646211B2B77711DE143BD31AA105710923AD1C4617F0A2D5C2B7E057927D455DD7CC5D41059B9134536CE7DA0231E1760D6F270BA9F4641FA2B2E9D0C62A5BC1341494D3AEB742BD565E11D862EA5DAF1AEC1FA4C281A963822803BC407327D895E753B23602A6D1CD6838F7BF4C3FC072AA54C788EC708A67958536ADA4CC9C85BCE3A99EDD585B356713970404241EF7439B1F74A8513EB5DD0BA9928B579EC8609CA3D4FE7C3CD721E64AE5ADC92917ECC5D56597CD9C2BF34AB44BB250623738E4E0544C31C2E7F313BCE93C4FAE6FB63E3733C4BA2F9D484C4AD66C60FB0F7FC0E3C8DC2262D14044FC0BF1FACFA6535BE82F685D573177588F000B858ECAD25B37D73301E370B251447B585FDF0F52DCB8B912F8226C170DC78610EC641F20D50BD3F4C644B82D763F8D084E5FC2FEB4CEB1A42D99B58110D86E64E67AE696ED541C04A7B805F9278BFF19C82E755C365CF212D33F09DA7C62F74746848F7361D214AD20C7C497E73DB7C4414116F3CA0BE3A53865A1D399D5B6EEE1B344886E0CB3283E27C2A7CD9DE5762FE674A11EC0FFE09F39DA2FE06C73E22F8AEC8B3C08352E8ED51301C93316FD64D7175B298EB8B98BA153F645B0651639B07AC493F5E0C0AC2DED0A76D0CB2EFABC8C5435B5501C0C2AD490A5D791AFDC120E784C444BE5E191CC11617FE96746A1AD21B4E20843316EBD7C5ABDB8EB1CEF136541CF4D3CF4B177D9725EB919CFE2679C5EDF23D956064C99E4F39"

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services:

------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]