Sujet Précédent Sujet Suivant

Besoin d'aide avec un virus - SVP

Fermé
Alex - 27 déc. 2008 à 17:01
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 5 janv. 2009 à 17:41
Bonjour,


J'ai un souci de virus et je dois rédiger qqch ce week end, donc ca m'arrange pas des masses, surtout que je suis aux US et que j'y connais rien. Des pages intempestives, l'écran qui se fige et se bloque complêtement, avast qui me dit qu'il y a des virus mais qu'il ne peut pas traiter tout. J'ai aussi balancer ccleaner. Mais rien n'y fait. A tout hasard je vuos oste un scan hijack. Si qq'un peut m'aider SVP, j'ai vraiment besoin d'aide !



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:21, on 27/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\prunnet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [{5e539e88-6c14-1df6-0971-f0f517b247e4}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\luogswjqbohcjb.dll" DllStub
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [E06FXLRD_4542742] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S98.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll" (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Insight Web Agent (cpqWebDmi) - Hewlett-Packard Company - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
A voir également:

13 réponses

Réponse 1 / 13
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
27 déc. 2008 à 17:36
Salut,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

@+
0
Réponse 2 / 13
nadeauk Messages postés 101 Date d'inscription mardi 18 novembre 2008 Statut Membre Dernière intervention 21 décembre 2009 2
27 déc. 2008 à 17:40
alex mon j'irrais chercher malwarebytes et je ferais un scan complet et supprime tout les element qui sont infecter le logiciel est gratuit voila le liens



http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware bonne chance
0
Réponse 3 / 13
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
27 déc. 2008 à 17:42
Nadeauk,

Tu vas finir la désinfection avec Alex ?
0
nadeauk Messages postés 101 Date d'inscription mardi 18 novembre 2008 Statut Membre Dernière intervention 21 décembre 2009 2
27 déc. 2008 à 17:46
Pour quoi tu dit sa
0
nadeauk Messages postés 101 Date d'inscription mardi 18 novembre 2008 Statut Membre Dernière intervention 21 décembre 2009 2
27 déc. 2008 à 17:49
Sa me derenge pas de l'aider
0
Réponse 4 / 13
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
27 déc. 2008 à 17:50
Juste pour te dire que moi aussi je peux poster la même réponse que toi; mais est ce que tu as seulement pris la peine de lire le rapport hijack this ?
0
nadeauk Messages postés 101 Date d'inscription mardi 18 novembre 2008 Statut Membre Dernière intervention 21 décembre 2009 2
27 déc. 2008 à 17:52
je sais pas si elle la fais je ta laisse ta juste a l'aider
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
27 déc. 2008 à 17:55
A la base j´ai posté un message lui demandant de passer sdfix si tu as vu, oui je vais l´aider...
0
Réponse 6 / 13
Alex
27 déc. 2008 à 18:35
Voila les rapports, y a t il autre chose à faire?


Rapport SDDFix


[b]SDFix: Version 1.240 [/b]
Run by xp on 2008-12-27 at 12:03

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

[b]Name [/b]:
tdssserv

[b]Path [/b]:
\systemroot\system32\drivers\TDSSserv.sys

tdssserv - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\mlJAtUKD.dll - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\drivers\TDSSserv.sys - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-27 12:14:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:56,70,30,e3,b4,13,cc,f0,61,a2,4f,ed,54,a8,14,ab,a1,58,41,03,a3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9f,ee,fb,b1,24,13,79,7d,73,8e,ca,1d,21,66,10,2d,c1,..
"khjeh"=hex:e4,82,b5,a9,ae,d3,35,62,9c,aa,f6,4d,3d,d0,97,fa,a9,5b,ac,11,3d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fb,72,ae,76,14,83,48,ed,d6,73,29,96,a4,34,93,27,23,0f,bf,ea,25,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:56,70,30,e3,b4,13,cc,f0,61,a2,4f,ed,54,a8,14,ab,a1,58,41,03,a3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9f,ee,fb,b1,24,13,79,7d,73,8e,ca,1d,21,66,10,2d,c1,..
"khjeh"=hex:e4,82,b5,a9,ae,d3,35,62,9c,aa,f6,4d,3d,d0,97,fa,a9,5b,ac,11,3d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fb,72,ae,76,14,83,48,ed,d6,73,29,96,a4,34,93,27,23,0f,bf,ea,25,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:56,70,30,e3,b4,13,cc,f0,61,a2,4f,ed,54,a8,14,ab,a1,58,41,03,a3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9f,ee,fb,b1,24,13,79,7d,73,8e,ca,1d,21,66,10,2d,c1,..
"khjeh"=hex:e4,82,b5,a9,ae,d3,35,62,9c,aa,f6,4d,3d,d0,97,fa,a9,5b,ac,11,3d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fb,72,ae,76,14,83,48,ed,d6,73,29,96,a4,34,93,27,23,0f,bf,ea,25,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:56,70,30,e3,b4,13,cc,f0,61,a2,4f,ed,54,a8,14,ab,a1,58,41,03,a3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9f,ee,fb,b1,24,13,79,7d,73,8e,ca,1d,21,66,10,2d,c1,..
"khjeh"=hex:e4,82,b5,a9,ae,d3,35,62,9c,aa,f6,4d,3d,d0,97,fa,a9,5b,ac,11,3d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fb,72,ae,76,14,83,48,ed,d6,73,29,96,a4,34,93,27,23,0f,bf,ea,25,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\\NeverwinterNights\\NWN\\nwmain.exe"="C:\\NeverwinterNights\\NWN\\nwmain.exe:*:Disabled:Neverwinter Nights"
"C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\\Program Files\\PopCap Games\\AstroPop Deluxe\\WinAP.exe"="C:\\Program Files\\PopCap Games\\AstroPop Deluxe\\WinAP.exe:*:Enabled:AstroPop Deluxe"
"C:\\Program Files\\Valve\\Steam\\steam.exe"="C:\\Program Files\\Valve\\Steam\\steam.exe:*:Disabled:Steam"
"C:\\Program Files\\PopCap Games\\Bejeweled Deluxe\\WinBej.exe"="C:\\Program Files\\PopCap Games\\Bejeweled Deluxe\\WinBej.exe:*:Disabled:Bejeweled"
"C:\\Documents and Settings\\xp\\Bureau\\CS2\\CounterStrike2D.exe"="C:\\Documents and Settings\\xp\\Bureau\\CS2\\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"C:\\Program Files\\LucasArts\\SWKotOR2\\swupdate.exe"="C:\\Program Files\\LucasArts\\SWKotOR2\\swupdate.exe:*:Enabled:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program"
"C:\\Jeux\\Warcraft III\\Warcraft III.exe"="C:\\Jeux\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Quake III Arena\\quake3.exe"="C:\\Program Files\\Quake III Arena\\quake3.exe:*:Enabled:quake3"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\a.exe"="C:\\WINDOWS\\system32\\a.exe:*:Disabled:a"
"C:\\Documents and Settings\\xp\\Local Settings\\Temp\\.ttD.tmp"="C:\\Documents and Settings\\xp\\Local Settings\\Temp\\.ttD.tmp:*:Enabled:enable"
"C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sun 13 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 13 Apr 2008 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Fri 3 Nov 2006 64,000 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Wed 7 Feb 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 7 Feb 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv13.bak"
Mon 22 Oct 2007 71,168 A..H. --- "C:\DOCS ALEX\Etudes\M2 Droit PI\DA\~WRL2891.tmp"
Mon 22 Oct 2007 72,192 A..H. --- "C:\DOCS ALEX\Etudes\M2 Droit PI\DA\~WRL3544.tmp"
Tue 28 Aug 2007 24,064 A..H. --- "C:\DOCS ALEX\Jeux de r“les\Chronique Paris\Pr‚paration 1-09\~WRL0143.tmp"
Tue 28 Aug 2007 24,064 A..H. --- "C:\DOCS ALEX\Jeux de r“les\Chronique Paris\Pr‚paration 1-09\~WRL0871.tmp"
Tue 28 Aug 2007 24,064 A..H. --- "C:\DOCS ALEX\Jeux de r“les\Chronique Paris\Pr‚paration 1-09\~WRL2400.tmp"
Tue 28 Aug 2007 24,576 A..H. --- "C:\DOCS ALEX\Jeux de r“les\Chronique Paris\Pr‚paration 1-09\~WRL3348.tmp"
Tue 28 Aug 2007 24,576 A..H. --- "C:\DOCS ALEX\Jeux de r“les\Chronique Paris\Pr‚paration 1-09\~WRL3423.tmp"
Tue 28 Aug 2007 24,064 A..H. --- "C:\DOCS ALEX\Jeux de r“les\Chronique Paris\Pr‚paration 1-09\~WRL3606.tmp"
Wed 5 Dec 2007 33,792 A..H. --- "C:\DOCS ALEX\Jeux de r“les\Chronique Paris\Pr‚paration 15-12\~WRL0005.tmp"
Mon 10 Dec 2007 43,520 A..H. --- "C:\DOCS ALEX\Jeux de r“les\Chronique Paris\Pr‚paration 15-12\~WRL1160.tmp"
Mon 10 Dec 2007 50,176 A..H. --- "C:\DOCS ALEX\Jeux de r“les\Chronique Paris\Pr‚paration 15-12\~WRL1242.tmp"
Mon 10 Dec 2007 50,176 A..H. --- "C:\DOCS ALEX\Jeux de r“les\Chronique Paris\Pr‚paration 15-12\~WRL1534.tmp"
Mon 10 Dec 2007 50,176 A..H. --- "C:\DOCS ALEX\Jeux de r“les\Chronique Paris\Pr‚paration 15-12\~WRL1712.tmp"
Mon 10 Dec 2007 50,176 A..H. --- "C:\DOCS ALEX\Jeux de r“les\Chronique Paris\Pr‚paration 15-12\~WRL1786.tmp"
Mon 10 Dec 2007 49,664 A..H. --- "C:\DOCS ALEX\Jeux de r“les\Chronique Paris\Pr‚paration 15-12\~WRL1962.tmp"
Mon 10 Dec 2007 50,176 A..H. --- "C:\DOCS ALEX\Jeux de r“les\Chronique Paris\Pr‚paration 15-12\~WRL3432.tmp"
Mon 10 Dec 2007 50,176 A..H. --- "C:\DOCS ALEX\Jeux de r“les\Chronique Paris\Pr‚paration 15-12\~WRL3448.tmp"
Mon 10 Dec 2007 40,960 A..H. --- "C:\DOCS ALEX\Jeux de r“les\Chronique Paris\Pr‚paration 15-12\~WRL3839.tmp"
Thu 30 Nov 2006 93,184 A..H. --- "C:\DOCS ALEX\Professionnel\Stage REPCEP\Liquid regulation\~WRL0297.tmp"
Thu 30 Nov 2006 117,248 A..H. --- "C:\DOCS ALEX\Professionnel\Stage REPCEP\Liquid regulation\~WRL0549.tmp"
Thu 30 Nov 2006 117,760 A..H. --- "C:\DOCS ALEX\Professionnel\Stage REPCEP\Liquid regulation\~WRL1360.tmp"
Thu 30 Nov 2006 117,248 A..H. --- "C:\DOCS ALEX\Professionnel\Stage REPCEP\Liquid regulation\~WRL2008.tmp"
Thu 30 Nov 2006 119,296 A..H. --- "C:\DOCS ALEX\Professionnel\Stage REPCEP\Liquid regulation\~WRL3196.tmp"
Thu 30 Nov 2006 158,720 A..H. --- "C:\DOCS ALEX\Professionnel\Stage REPCEP\Liquid regulation\~WRL3513.tmp"
Tue 27 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 14 Sep 2008 24,576 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\Law of the WTO\~WRL0003.tmp"
Sun 14 Sep 2008 25,088 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\Law of the WTO\~WRL0005.tmp"
Tue 3 Jun 2008 25,600 A..H. --- "C:\DOCS ALEX\Jeux de r“les\Chronique Paris\Pr‚paration 7 Juin\Lutetia\~WRL0422.tmp"
Fri 6 Jun 2008 23,552 A..H. --- "C:\DOCS ALEX\Jeux de r“les\Chronique Paris\Pr‚paration 7 Juin\Lutetia\~WRL1321.tmp"
Tue 14 Nov 2006 27,136 A..H. --- "C:\DOCS ALEX\Professionnel\Stage REPCEP\Claire\lettre de motivation\~WRL0884.tmp"
Tue 14 Nov 2006 26,624 A..H. --- "C:\DOCS ALEX\Professionnel\Stage REPCEP\Claire\lettre de motivation\~WRL1158.tmp"
Mon 27 Nov 2006 24,064 A..H. --- "C:\DOCS ALEX\Professionnel\Stage REPCEP\Stagiaires claire & sarah\dunkerque\~WRL0020.tmp"
Mon 27 Nov 2006 39,424 A..H. --- "C:\DOCS ALEX\Professionnel\Stage REPCEP\Stagiaires claire & sarah\dunkerque\~WRL1669.tmp"
Fri 22 Dec 2006 32,256 A..H. --- "C:\DOCS ALEX\Professionnel\Stage REPCEP\Stagiaires claire & sarah\l'UE et le monde arabe\~WRL3089.tmp"
Mon 18 Dec 2006 30,208 A..H. --- "C:\DOCS ALEX\Professionnel\Stage REPCEP\Stagiaires claire & sarah\l'UE et le monde arabe\~WRL3228.tmp"
Sun 27 Jul 2008 37,888 ...H. --- "C:\Documents and Settings\xp\Application Data\Microsoft\Word\~WRL3652.tmp"
Mon 9 Apr 2007 857 ...HR --- "C:\Documents and Settings\xp\Application Data\SecuROM\UserData\securom_v7_01.bak"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\xp\Application Data\U3\temp\Launchpad Removal.exe"
Thu 18 Dec 2008 59,904 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Paper\~WRL0002.tmp"
Sun 2 Nov 2008 31,744 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Paper\~WRL0004.tmp"
Fri 26 Dec 2008 64,000 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Paper\~WRL0005.tmp"
Fri 26 Dec 2008 84,480 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Paper\~WRL0734.tmp"
Sun 2 Nov 2008 38,400 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Paper\~WRL0850.tmp"
Fri 26 Dec 2008 82,944 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Paper\~WRL0912.tmp"
Sun 2 Nov 2008 34,304 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Paper\~WRL1353.tmp"
Fri 26 Dec 2008 84,480 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Paper\~WRL1530.tmp"
Fri 26 Dec 2008 92,160 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Paper\~WRL1682.tmp"
Fri 26 Dec 2008 65,536 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Paper\~WRL2108.tmp"
Fri 26 Dec 2008 74,752 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Paper\~WRL2321.tmp"
Fri 26 Dec 2008 94,720 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Paper\~WRL2339.tmp"
Fri 26 Dec 2008 65,536 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Paper\~WRL2392.tmp"
Fri 26 Dec 2008 71,168 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Paper\~WRL2455.tmp"
Sun 2 Nov 2008 38,400 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Paper\~WRL3268.tmp"
Fri 26 Dec 2008 73,216 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Paper\~WRL3341.tmp"
Fri 26 Dec 2008 77,312 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Paper\~WRL3455.tmp"
Fri 26 Dec 2008 71,168 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Paper\~WRL3785.tmp"
Mon 10 Nov 2008 33,280 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Reaction papers\Article 82\~WRL0004.tmp"
Mon 10 Nov 2008 33,792 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Reaction papers\Article 82\~WRL0181.tmp"
Mon 10 Nov 2008 33,792 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Reaction papers\Article 82\~WRL0416.tmp"
Mon 10 Nov 2008 35,840 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Reaction papers\Article 82\~WRL1646.tmp"
Mon 10 Nov 2008 33,792 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Reaction papers\Article 82\~WRL1788.tmp"
Mon 10 Nov 2008 36,352 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Reaction papers\Article 82\~WRL2387.tmp"
Mon 10 Nov 2008 36,352 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Reaction papers\Article 82\~WRL2867.tmp"
Mon 10 Nov 2008 35,840 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Reaction papers\Article 82\~WRL3576.tmp"
Mon 10 Nov 2008 37,376 ...H. --- "C:\DOCS ALEX\Etudes\Global Governance and International Business Law\Columbia\International and Comparative Antitrust\Reaction papers\Article 82\~WRL3753.tmp"
Wed 6 Dec 2006 35,328 A..H. --- "C:\DOCS ALEX\Professionnel\Stage REPCEP\stage\Dossier Alex\Presse\Barroso envoi ITW\~WRL0088.tmp"
Wed 6 Dec 2006 73,728 A..H. --- "C:\DOCS ALEX\Professionnel\Stage REPCEP\stage\Dossier Alex\Presse\Barroso envoi ITW\~WRL0937.tmp"
Wed 6 Dec 2006 41,472 A..H. --- "C:\DOCS ALEX\Professionnel\Stage REPCEP\stage\Dossier Alex\Presse\Barroso envoi ITW\~WRL1629.tmp"
Wed 6 Dec 2006 24,576 A..H. --- "C:\DOCS ALEX\Professionnel\Stage REPCEP\stage\Dossier Alex\Presse\Barroso envoi ITW\~WRL2521.tmp"

[b]Finished![/b]




Un deuxièmen Hijack:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34, on 2008-12-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [{5e539e88-6c14-1df6-0971-f0f517b247e4}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\luogswjqbohcjb.dll" DllStub
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [E06FXLRD_4542742] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S98.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll" (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Insight Web Agent (cpqWebDmi) - Hewlett-Packard Company - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
0
Réponse 7 / 13
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
27 déc. 2008 à 18:45
d´accord...

la suite :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

@+
0
Réponse 8 / 13
Alex
29 déc. 2008 à 23:47
Voila le rapport de combofix :

ComboFix 08-12-28.04 - xp 2008-12-29 17:29:49.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1535.939 [GMT -4:00]
Lancé depuis: c:\documents and settings\xp\Bureau\Antivirus\c-fix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\xp\Application Data\ShoppingReport
c:\documents and settings\xp\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\xp\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\xp\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\xp\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\xp\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\xp\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\xp\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
c:\windows\system32\awtrQKbx.dll
c:\windows\system32\fdwnmbhk.dll
c:\windows\system32\fqbfgv.dll
c:\windows\system32\gMWvxyay.ini
c:\windows\system32\gMWvxyay.ini2
c:\windows\system32\lrhevvkw.dll
c:\windows\system32\mqqvxoib.ini
c:\windows\system32\nbydyncc.ini
c:\windows\system32\nnnkHyyv.dll
c:\windows\system32\oajxeqaf.ini
c:\windows\system32\prunnet.exe
c:\windows\system32\tivgsbpb.dll
c:\windows\system32\wkvvehrl.ini
c:\windows\system32\yayxvWMg.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_SYSREST.SYS
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 ))))))))))))))))))))))))))))))))))))
.

2008-12-29 14:09 . 2008-12-29 14:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-28 00:13 . 2008-12-28 00:14 <REP> d-------- c:\program files\Yahoo!
2008-12-28 00:13 . 2008-12-28 00:15 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-27 12:02 . 2008-12-27 12:02 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-27 11:58 . 2008-12-27 11:58 <REP> d-------- c:\windows\ERUNT
2008-12-27 11:47 . 2008-12-27 12:16 <REP> d-------- C:\SDFix
2008-12-18 17:52 . 2000-08-02 20:50 1,056,768 --a------ c:\windows\system32\roboex32.dll
2008-12-18 17:51 . 2008-12-18 17:51 <REP> d-------- c:\program files\NewTech Infosystems
2008-12-18 01:00 . 2008-12-18 01:00 <REP> d-------- c:\windows\ie8updates
2008-12-13 02:37 . 2008-12-13 02:37 1 --a------ c:\windows\system32\edl.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 21:41 --------- d-----w c:\documents and settings\xp\Application Data\Skype
2008-12-29 20:07 --------- d-----w c:\documents and settings\xp\Application Data\skypePM
2008-12-29 18:10 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-27 15:45 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-27 08:30 --------- d-----w c:\program files\BubbleBall
2008-12-18 21:51 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 05:15 --------- d-----w c:\documents and settings\xp\Application Data\uTorrent
2008-12-03 23:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 23:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-11-21 03:30 --------- d-----w c:\program files\uTorrent
2008-02-18 15:04 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-02-18 14:59 22,685,480 ----a-w c:\program files\SkypeSetup.exe
2007-11-30 10:11 48,336 -c--a-w c:\documents and settings\xp\Application Data\GDIPFONTCACHEV1.DAT
2007-11-27 08:31 91,167 ----a-w c:\program files\SecureW2_109.zip
2006-12-20 19:25 9,451,515 ----a-w c:\program files\vlc-0.8.6-win32.exe
2006-12-13 23:48 9,336,520 ----a-w c:\program files\Install_MSN_Messenger.EXE
2006-11-19 15:28 12,220,440 ----a-w c:\program files\setupfre.exe
2006-11-19 14:13 16,898,710 -c--a-w c:\program files\EW-7108PCg_v3.2.zip
2008-08-26 23:22 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082620080827\index.dat
2008-08-29 13:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082920080830\index.dat
2008-08-30 22:54 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008083020080831\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Mobile Printing"="c:\program files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE" [2003-05-23 630784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 68856]
"E06FXLRD_4542742"="c:\program files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" [2005-06-04 301776]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"EPSON Stylus D92 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE" [2006-09-27 139264]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-06 21898024]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-16 167368]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 618496]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-03-01 200766]
"ChkAdmin"="c:\progra~1\Compaq\COMPAQ~1\CHKADMIN.EXE" [2003-05-12 81920]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"RoxioEngineUtility"="c:\program files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2004-01-09 868352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-19 98304]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-16 185896]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-07 774168]
"{5e539e88-6c14-1df6-0971-f0f517b247e4}"="c:\windows\system32\luogswjqbohcjb.dll" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-30 c:\windows\AGRSMMSG.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"CPQDFWAG"="c:\windows\Cpqdiag\CpqDfwAg.exe" [2003-03-13 212992]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2004-06-02 565309]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2006-11-19 614400]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\LucasArts\\SWKotOR2\\swupdate.exe"=
"c:\\Jeux\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-03 111184]
R1 ClntMgmt;HP Client Management Driver;c:\windows\system32\Drivers\ClntMgmt.sys [2006-11-18 55336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-03 20560]
R2 cpqWebDmi;Insight Web Agent;c:\progra~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe [2006-11-18 24576]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2006-11-18 182101]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2006-11-18 5689]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36e6eb10-c8cd-11dd-9e0d-0014381199d2}]
\Shell\Auto\command - byowipfsg.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL byowipfsg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f91e3e0-5585-11dc-9b90-0014381199d2}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a50b0d80-136c-11dc-9b2c-0014381199d2}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8f428f3-8aea-11db-9a1b-000e2e57c01a}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c65c5ee0-ce3f-11db-9a61-0014381199d2}]
\Shell\AutoRun\command - E:\ReadMe.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9eeaf10-1892-11dd-9cf7-000e2e57c01a}]
\Shell\AutoRun\command - E:\AutoTransfer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee1bec20-2680-11dc-9b56-0014381199d2}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f26f4360-1918-11dc-9b3f-0014381199d2}]
\Shell\AutoRun\command - h1dwg20.exe
\Shell\explore\Command - h1dwg20.exe
\Shell\open\Command - h1dwg20.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{2C65A94D-D005-47A8-B653-72C4FFEFE4B1} - c:\windows\system32\yayxvWMg.dll
BHO-{39d21014-a19a-4719-aecb-97b13e81785c} - c:\windows\system32\fqbfgv.dll
BHO-{D45363CB-F14C-4039-A7EF-86BB485610FF} - (no file)
HKCU-Run-prunnet - c:\windows\system32\prunnet.exe
HKLM-Run-prunnet - c:\windows\system32\prunnet.exe
ShellExecuteHooks-{AEA4DE5E-37ED-4A91-A883-6D8953A84614} - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.yahoo.com/?p=us
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
FF - ProfilePath - c:\documents and settings\xp\Application Data\Mozilla\Firefox\Profiles\tpy9a8tx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJPI142.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 17:40:21
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????N?P??|?????? ???B???????????????B? ??????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
c:\program files\Compaq\Compaq Management Agents\Cpqalert.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
c:\windows\system32\MsPMSPSv.exe
c:\progra~1\Compaq\COMPAQ~1\Cpqdmi.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2008-12-29 17:44:40 - La machine a redémarré [xp]
ComboFix-quarantined-files.txt 2008-12-29 21:44:19
ComboFix2.txt 2008-09-20 20:31:36

Avant-CF: 11,174,612,992 octets libres
Après-CF: 11,086,024,704 octets libres

241 --- E O F --- 2008-12-18 05:00:32



Ensuite?
0
Réponse 9 / 13
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
30 déc. 2008 à 14:12
salut alex,

Telecharge UsbFix sur ton bureau

http://sd-1.archive-host.com/membres/up/1366464061/UsbFix.rar

dezip le sur ton bureau

--> Lance l installation avec les parametres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci UsbFix sur ton bureau

--> Le pc va redémarer

-->Apres redémarrage post le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

@+
0
Réponse 10 / 13
Alex
31 déc. 2008 à 03:51
Salut Girly, voici le rapport USB fix. Ensuite? Merci encore




-------------- UsbFix V2.413.4 ---------------

* User : xp - ALEX
* Outils mis a jours le 11/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 21:48:51 le 30/12/2008
* Windows Xp - Internet Explorer 8.0.6001.18241


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\DOCUME~1\xp\LOCALS~1\Temp\1.tmp\b2e.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

F: - Lecteur fixe


--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe


+- Listing des fichiers présents :

[18/11/2006 12:03][--a------] C:\AUTOEXEC.BAT
[05/08/2004 08:00][-rahs----] C:\NTDETECT.COM
[08/05/2007 20:03][--a------] C:\DivXWebPlayerInstaller.exe
[08/05/2007 20:03][--a------] C:\VeohSetup-3.2.1.1073.exe
[29/12/2008 17:27][-rahs----] C:\boot.ini
[03/09/2008 16:13][--a------] C:\cleannavi.txt
[03/09/2008 16:13][--a------] C:\ComboFix.txt
[03/09/2008 16:13][--a------] C:\fixnavi.txt
[03/09/2008 16:13][--a------] C:\log.txt
[03/09/2008 16:13][--a------] C:\UsbFix.txt
[18/11/2006 12:03][--a------] C:\CONFIG.SYS
[18/11/2006 12:03][--a------] C:\hiberfil.sys
[18/11/2006 12:03][--a------] C:\IO.SYS
[18/11/2006 12:03][--a------] C:\MSDOS.SYS
[18/11/2006 12:03][--a------] C:\pagefile.sys

--------------- [ Lecteur F ] ----------------

F: - Lecteur fixe


+- Listing des fichiers présents :

[06/12/2007 09:06][--a------] F:\Shadow for PC.exe

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
HP Mobile Printing=C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E06FXLRD_4542742="C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
EPSON Stylus D92 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S98.tmp" /EF "HKCU"
Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
DAEMON Tools="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Messenger (Yahoo!)="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
AGRSMMSG=AGRSMMSG.exe
SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
ATIModeChange=Ati2mdxx.exe
ATIPTA=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Cpqset=C:\Program Files\HPQ\Default Settings\cpqset.exe
ChkAdmin=C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
eabconfg.cpl=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
RoxioEngineUtility="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
RoxioDragToDisc="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Photo Downloader="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
SMSTray=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
LogitechCommunicationsManager="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
{5e539e88-6c14-1df6-0971-f0f517b247e4}=C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\luogswjqbohcjb.dll" DllStub
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36e6eb10-c8cd-11dd-9e0d-0014381199d2}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f91e3e0-5585-11dc-9b90-0014381199d2}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a50b0d80-136c-11dc-9b2c-0014381199d2}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8f428f3-8aea-11db-9a1b-000e2e57c01a}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c65c5ee0-ce3f-11db-9a61-0014381199d2}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9eeaf10-1892-11dd-9cf7-000e2e57c01a}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee1bec20-2680-11dc-9b56-0014381199d2}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f26f4360-1918-11dc-9b3f-0014381199d2}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f26f4360-1918-11dc-9b3f-0014381199d2}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f26f4360-1918-11dc-9b3f-0014381199d2}\Shell\open\Command

--------------- [ Nettoyage des disques ] ----------------


--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[18/11/2006 12:03][--a------] C:\AUTOEXEC.BAT
[05/08/2004 08:00][-rahs----] C:\NTDETECT.COM
[08/05/2007 20:03][--a------] C:\DivXWebPlayerInstaller.exe
[08/05/2007 20:03][--a------] C:\VeohSetup-3.2.1.1073.exe
[29/12/2008 17:27][-rahs----] C:\boot.ini
[06/12/2007 09:06][--a------] F:\Shadow for PC.exe

--------------- ! Fin du rapport ! ----------------
0
Réponse 11 / 13
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
31 déc. 2008 à 09:17
salut alex,

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

@+
0
Réponse 12 / 13
Alex
1 janv. 2009 à 02:55
Ok voici le rapport:



Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1550
Windows 5.1.2600 Service Pack 3

31/12/2008 20:53:47
mbam-log-2008-12-31 (20-53-47).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 135729
Temps écoulé: 1 hour(s), 34 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 13

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\agadoo (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc1h7j0ee8j (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{5e539e88-6c14-1df6-0971-f0f517b247e4} (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\system32\wTR19 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\DomPlayer (Trojan.Lop) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\System Volume Information\_restore{F375544B-2EA0-4B39-84D3-478E85C54C4C}\RP64\A0061204.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F375544B-2EA0-4B39-84D3-478E85C54C4C}\RP64\A0061205.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F375544B-2EA0-4B39-84D3-478E85C54C4C}\RP65\A0061292.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F375544B-2EA0-4B39-84D3-478E85C54C4C}\RP65\A0061309.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F375544B-2EA0-4B39-84D3-478E85C54C4C}\RP66\A0061522.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F375544B-2EA0-4B39-84D3-478E85C54C4C}\RP66\A0061524.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F375544B-2EA0-4B39-84D3-478E85C54C4C}\RP66\A0061525.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F375544B-2EA0-4B39-84D3-478E85C54C4C}\RP66\A0061531.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aidrehiggeqmkpv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll.vir (Adware.Shopper) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\awtrQKbx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnkHyyv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\prunnet.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
0
Réponse 13 / 13
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
5 janv. 2009 à 17:41
salut alex,

désolé pour le delais de réponse...

comment va le pc ?

post un nouveau rapport hijack this stp

@+
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses