Mon ordi est lent

selia · le 16 décembre 2007

Bonjour,

Mon Ordi rame un peu plus que d'habitude je viens de me débarrasser de Spyware secure, je n'ai plus de pop up qui s'affiche lorsque je surf sur Internet, mais il rame toujours autant je vous poste mon log Hijack :

Logfile of HijackThis v1.99.1

Scan saved at 08:30:57, on 16/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\dpcpbjtu.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\system32\sistray.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\Program Files\Player Metaboli\GPlayer.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Fathia\Bureau\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\system32\sistray.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [ecfefe9a] rundll32.exe "C:\WINDOWS\system32\acjhgvkp.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU\..\Run: [Exetender] C:\Program Files\Player Metaboli\GPlayer.exe /schedule 300000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: DomainService - - C:\WINDOWS\system32\dpcpbjtu.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

Pour voir si j'ai rien oublié.

Merci pour votre aide

Lien Rag · le 16 décembre 2007

Bonjour

tu as encore des Infections

a.

Télécharge ComboFix (créé par sUBs) sur ton Bureau

Démarre en mode sans échec :

tuto Bruce Lee

[*] Double clique combofix.exe.

[*] Tape sur la touche Y (Yes) pour démarrer le scan.

[*] ComboFix redémarrera ton PC

[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

b.

Fais analyser un .exe de ton PC -->click here

1) Cliquez sur "Distribute" une fois pour obtenir un trait rouge barrant l'icône :

2) Cliquez ensuite sur le bouton "Parcourir..." pour récupérer le fichier à scanner. en gras :

C:\WINDOWS\system32\dpcpbjtu.exe

3) Pour finir, cliquez sur "Send" pour faire analyser votre fichier. Laisses mouliner.

4) Copie-colle à la fin le rapport dans une réponse.

Modifié le 16 décembre 2007 par Lien Rag

selia · le 16 décembre 2007

Merci

Voici le log ComboFix :

ComboFix 07-12-16.3 - Fathia 2007-12-16 10:26:35.1 - NTFSx86 MINIMAL

Running from: C:\Documents and Settings\Fathia\Bureau\ComboFix.exe

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\check_LSA7.txt

C:\WINDOWS\Fonts\a.zip

C:\WINDOWS\Fonts\Crack.exe

C:\WINDOWS\system32\acjhgvkp.dll

C:\WINDOWS\system32\dpcpbjtu.exe

C:\WINDOWS\system32\evkxfhqf.dll

C:\WINDOWS\system32\icadwvmk.dll

C:\WINDOWS\system32\jjkmp.bak1

C:\WINDOWS\system32\jjkmp.bak2

C:\WINDOWS\system32\jjkmp.ini

C:\WINDOWS\system32\jkkijjj.dll

C:\WINDOWS\system32\pkvghjca.ini

C:\WINDOWS\system32\pmkjj.dll

C:\winlogon.exe

C:\x.dat

C:\z.dat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_DOMAINSERVICE

-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-16 to 2007-12-16 ))))))))))))))))))))))))))))))))))))

.

2007-12-16 07:38 . 2007-12-16 07:38 <REP> d-------- C:\Documents and Settings\Fathia\Application Data\Leadertech

2007-12-15 21:45 . 2007-12-15 22:38 <REP> d-------- C:\Program Files\Navilog1

2007-12-15 20:46 . 2007-12-15 20:46 <REP> d-------- C:\Program Files\Lavalys

2007-12-15 14:50 . 2002-03-19 02:29 45,056 --------- C:\WINDOWS\winio.dll

2007-12-15 14:50 . 2003-03-27 06:50 28,672 --------- C:\WINDOWS\htpatch.exe

2007-12-15 14:48 . 2007-12-15 14:50 <REP> d-------- C:\Program Files\Multimedia V3.54

2007-12-15 14:48 . 2003-10-30 14:09 249,856 --a------ C:\WINDOWS\system32\Keyhook.exe

2007-12-15 14:48 . 2003-10-30 07:07 176,128 --------- C:\WINDOWS\system32\SiSApCom.dll

2007-12-15 14:42 . 2007-12-15 14:42 2,610 --a------ C:\WINDOWS\Ascd_tmp.ini

2007-12-15 10:27 . 2002-07-10 16:39 32,256 -ra------ C:\WINDOWS\system32\drivers\sisnic.sys

2007-12-15 10:27 . 2002-07-10 16:39 32,256 --a--c--- C:\WINDOWS\system32\dllcache\sisnic.sys

2007-12-15 08:30 . 2006-04-12 19:35 208,896 --a------ C:\WINDOWS\Progress.exe

2007-12-15 08:30 . 2007-10-03 15:58 53,248 --a------ C:\WINDOWS\system32\SiSPower.dll

2007-12-15 08:30 . 2006-04-28 09:56 49,152 --a------ C:\WINDOWS\InstFunc.exe

2007-12-15 08:30 . 2007-10-03 15:56 12,288 --a------ C:\WINDOWS\InstFunc.dll

2007-12-15 07:44 . 2003-10-30 07:11 106,496 --------- C:\WINDOWS\system32\TVModeLib.dll

2007-12-15 07:43 . 2003-10-29 20:35 1,861,817 -ra------ C:\WINDOWS\system32\sisgl.dll

2007-12-15 07:43 . 2003-10-29 20:01 1,118,720 -ra------ C:\WINDOWS\system32\sisgrv.dll

2007-12-15 07:43 . 2003-10-29 20:01 1,118,720 --a--c--- C:\WINDOWS\system32\dllcache\sisgrv.dll

2007-12-15 07:43 . 2003-10-30 07:08 172,032 -ra------ C:\WINDOWS\system32\SiSInst.dll

2007-12-15 07:43 . 2003-10-01 09:30 65,536 -ra------ C:\WINDOWS\system32\sis660.bin

2007-12-15 07:43 . 2003-10-29 20:36 11,264 -ra------ C:\WINDOWS\system32\drivers\srvkp.sys

2007-12-15 07:43 . 2003-10-30 07:08 5,632 -ra------ C:\WINDOWS\system32\instFunc.dll

2007-12-15 07:29 . 2007-12-15 14:48 <REP> d-------- C:\WINDOWS\system32\trayres

2007-12-15 07:27 . 2007-12-15 08:31 <REP> d-------- C:\Program Files\SiS VGA Utilities V3.83

2007-12-15 07:26 . 2007-12-15 14:51 285,844 --a------ C:\WINDOWS\system32\VGAunistlog.ini

2007-12-15 07:24 . 2005-10-07 15:13 65,536 --a------ C:\WINDOWS\system32\sis760.bin

2007-12-15 07:24 . 2005-10-07 15:13 65,536 --a------ C:\WINDOWS\system32\sis741.bin

2007-12-15 07:24 . 2007-10-03 15:57 9,728 --a------ C:\WINDOWS\system32\SiSPIns2.dll

2007-12-14 13:55 . 2007-12-14 20:54 143 --a------ C:\WINDOWS\system32\mcrh.tmp

2007-12-14 10:28 . 2007-12-15 14:54 937,921 ---hs---- C:\WINDOWS\system32\ldymonje.ini

2007-12-13 18:27 . 2007-12-13 18:27 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll

2007-12-13 18:25 . 2007-12-13 18:25 40,960 --a------ C:\Documents and Settings\Fathia\f.exe

2007-12-13 18:25 . 2007-12-13 18:25 134 --a------ C:\n.bat

2007-12-11 03:00 . 2007-12-11 03:00 <REP> d-------- C:\Program Files\MSXML 4.0

2007-12-10 11:07 . 2007-12-10 11:07 <REP> d-------- C:\Documents and Settings\Fathia\Application Data\dvdcss

2007-12-09 20:01 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX

2007-12-09 20:01 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX

2007-12-09 20:01 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\system32\MSINET.OCX

2007-12-09 20:01 . 2004-08-04 06:21 81,920 --a------ C:\WINDOWS\system32\MSADO25.TLB

2007-12-09 20:01 . 2006-03-17 15:53 53,248 --a------ C:\WINDOWS\system32\ARMACCESS.DLL

2007-12-09 20:01 . 2007-12-09 20:01 1,398 --a------ C:\WINDOWS\0

2007-12-09 20:01 . 2007-12-09 20:01 186 --a------ C:\WINDOWS\False

2007-12-09 20:01 . 2007-12-09 20:01 85 --a------ C:\WINDOWS\Times New Roman

2007-12-09 18:32 . 2007-12-16 08:30 <REP> d-------- C:\Temp

2007-12-09 16:51 . 2002-02-04 02:43 82,432 --a------ C:\WINDOWS\system32\MSXML4R.DLL

2007-12-09 13:27 . 2007-12-15 08:46 <REP> d-------- C:\Remote Programs

2007-12-09 13:27 . 2007-12-09 16:51 <REP> d-------- C:\Program Files\Player Metaboli

2007-12-09 13:27 . 2007-12-09 13:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Exetender

2007-12-09 13:27 . 2007-05-27 12:33 53,314 --------- C:\WINDOWS\ExentInfo.exe

2007-12-09 13:27 . 2004-02-04 10:01 2,238 --------- C:\WINDOWS\metaboli.ico

2007-12-09 13:27 . 2007-12-09 13:27 68 --a------ C:\WINDOWS\GPlrLanc.dat

2007-12-08 21:32 . 2007-12-08 21:32 <REP> d-------- C:\WINDOWS\system32\bfubackups

2007-12-08 15:58 . 2007-12-08 15:58 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sandlot Games

2007-12-02 14:36 . 2007-12-08 15:39 <REP> d-------- C:\Documents and Settings\Fathia\Application Data\PlayFirst

2007-12-02 14:36 . 2007-12-08 14:39 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst

2007-12-02 11:54 . 2007-12-02 11:54 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared

2007-12-02 11:54 . 2007-12-02 11:54 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\JollyBear

2007-12-02 11:54 . 2007-12-02 11:54 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\BOONTY

2007-12-02 11:44 . 2007-12-08 14:07 <REP> d-------- C:\Program Files\BoontyGames

2007-12-02 11:44 . 2007-12-08 14:08 <REP> d-------- C:\Program Files\Boonty

2007-11-17 10:55 . 2007-11-22 08:58 <REP> d-------- C:\Program Files\MagicISO

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-16 08:59 --------- d-----w C:\Program Files\BitComet

2007-12-16 06:55 --------- d-----w C:\Program Files\Yahoo!

2007-12-15 13:46 --------- d-----w C:\Program Files\SiSLan

2007-12-15 10:46 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-14 18:34 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2007-12-14 18:26 --------- d-----w C:\Documents and Settings\Fathia\Application Data\LimeWire

2007-12-14 18:20 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

2007-12-13 20:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help

2007-12-10 10:08 --------- d-----w C:\Documents and Settings\Fathia\Application Data\vlc

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-03 12:17 --------- d-----w C:\Program Files\LimeWire

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-07 19:43 --------- d-----w C:\Program Files\iTunes

2007-11-07 19:43 --------- d-----w C:\Program Files\iPod

2007-11-07 19:41 --------- d-----w C:\Program Files\QuickTime

2007-11-03 16:15 --------- d-----w C:\Program Files\Java

2007-10-30 19:36 --------- d-----w C:\Program Files\Apple Software Update

2007-10-28 12:06 --------- d-----w C:\Program Files\Veoh Networks

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"DependencyCheck"="Performed" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 13:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

2007-12-04 14:00 79224 --a------ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]

RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2004-08-05 13:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

C:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ecfefe9a]

rundll32.exe C:\WINDOWS\system32\acjhgvkp.dll,b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Exetender]

C:\Program Files\Player Metaboli\GPlayer.exe /schedule 300000

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]

C:\WINDOWS\Fonts\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2007-11-02 18:36 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Tray]

2003-10-30 14:10 667648 --a------ C:\WINDOWS\system32\sistray.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]

2003-10-30 14:09 249856 --a------ C:\WINDOWS\system32\keyhook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]

Rundll32.exe SiSPower.dll,ModeAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]

2002-07-12 11:15 106496 --a------ C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"xmlprov"=3 (0x3)

"WZCSVC"=2 (0x2)

"WudfSvc"=3 (0x3)

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"WmiApSrv"=3 (0x3)

"WmdmPmSN"=3 (0x3)

"winmgmt"=2 (0x2)

"WebClient"=2 (0x2)

"W32Time"=2 (0x2)

"VSS"=3 (0x3)

"usnjsvc"=3 (0x3)

"UPS"=3 (0x3)

"upnphost"=3 (0x3)

"TrkWks"=2 (0x2)

"Themes"=2 (0x2)

"TermService"=3 (0x3)

"TapiSrv"=3 (0x3)

"SysmonLog"=3 (0x3)

"SwPrv"=3 (0x3)

"stisvc"=3 (0x3)

"SSDPSRV"=3 (0x3)

"srservice"=2 (0x2)

"Spooler"=2 (0x2)

"ShellHWDetection"=2 (0x2)

"SharedAccess"=2 (0x2)

"SENS"=2 (0x2)

"seclogon"=2 (0x2)

"Schedule"=2 (0x2)

"SCardSvr"=3 (0x3)

"SamSs"=2 (0x2)

"RSVP"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"ProtectedStorage"=2 (0x2)

"PolicyAgent"=2 (0x2)

"PlugPlay"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"NtmsSvc"=3 (0x3)

"NtLmSsp"=3 (0x3)

"Nla"=3 (0x3)

"Netman"=3 (0x3)

"Netlogon"=3 (0x3)

"MSIServer"=3 (0x3)

"MSDTC"=3 (0x3)

"mnmsrvc"=3 (0x3)

"LmHosts"=2 (0x2)

"LightScribeService"=2 (0x2)

"lanmanworkstation"=2 (0x2)

"lanmanserver"=2 (0x2)

"Irmon"=2 (0x2)

"iPod Service"=3 (0x3)

"ImapiService"=3 (0x3)

"HTTPFilter"=3 (0x3)

"helpsvc"=2 (0x2)

"gusvc"=3 (0x3)

"FastUserSwitchingCompatibility"=3 (0x3)

"EventSystem"=3 (0x3)

"Eventlog"=2 (0x2)

"ERSvc"=2 (0x2)

"DomainService"=2 (0x2)

"Dnscache"=2 (0x2)

"dmserver"=3 (0x3)

"dmadmin"=3 (0x3)

"Dhcp"=2 (0x2)

"CryptSvc"=2 (0x2)

"COMSysApp"=3 (0x3)

"clr_optimization_v2.0.50727_32"=3 (0x3)

"CiSvc"=3 (0x3)

"Browser"=2 (0x2)

"Boonty Games"=3 (0x3)

"BITS"=2 (0x2)

"AVG Anti-Spyware Guard"=2 (0x2)

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

"AudioSrv"=2 (0x2)

"aswUpdSv"=2 (0x2)

"aspnet_state"=3 (0x3)

"AppMgmt"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

"ALG"=3 (0x3)

"a2free"=2 (0x2)

S2 X4HSX32;X4HSX32;\??\C:\Program Files\Player Metaboli\X4HSX32.Sys

S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2007-12-12 19:31:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-16 10:35:24

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-12-16 10:37:26 - machine was rebooted

.

2007-12-13 20:05:05 --- E O F ---

Et voici le nouveau log Hijack :

Logfile of HijackThis v1.99.1

Scan saved at 10:48:09, on 16/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\system32\sistray.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RunDll32.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Player Metaboli\GPlayer.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Alwil Software\Avast4\setup\avast.setup

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Fathia\Bureau\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\system32\sistray.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe

O4 - HKLM\..\Run: [ecfefe9a] rundll32.exe "C:\WINDOWS\system32\acjhgvkp.dll",b

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Exetender] C:\Program Files\Player Metaboli\GPlayer.exe /schedule 300000

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7AEE2425-5CA6-4ADD-9EA9-494C18A5B091}: NameServer = 80.10.246.130 81.253.149.10

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll