WIN 32 trojan

Question

Bonjour,

j'ai moi aussi été infecté par ce foutu virus win32 et mon anti virus avast à été incapable de le supprimer, j' vous appel donc au secour.
j'ai lu sur le forum que vous demandiez un scan avec Hijack this voilà donc mon rapport.:


Logfile of HijackThis v1.99.1
Scan saved at 10:02:10, on 27/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\TVPlay\TVPService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\documents and settings\hp_administrateur\local settings\application data\qwsao.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\_TEMP\Rar$EX00.453\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France	bMul0.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France	bMul0.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France	bMul0.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [qwsao] "c:\documents and settings\hp_administrateur\local settings\application data\qwsao.exe" qwsao
O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV4\maxtv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by15fd.bay15.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

Ced_King · Answer

Salut, 

Telecharge et installe ccleaner : https://filehippo.com/download_ccleaner/ 
- Durant l'installation, n'installe pas la barre d'outils yahoo et decoche la case " ajouter l'option des mises à jour" 

- Une fois installé, fermes toutes les applications en cours et lance ccleaner 
- clic >> option >> avancé et decoches " effacer les fichiers etc... plus vieux que 48h 
- Selectionne " nettoyeur " >> clic sur Analyse puis nettoyage, puis referme le programme... 
-------------------- 


- Telecharges Navilog1 sur ton bureau : 
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 

- Desactives la grarde de ton Antivirus celle de ton antispyware 
- Lances l'installation en executant le fichier téléchargé 
- Une fois installé, fermes tous les programmes en cours et double-cliques sur Navilog1.exe 
- Choisis la langue et presses la touche " entrée " de ton clavier 
- Une fenetre s'ouvre, presses 1 touche pour passer aux etapes suivantes 
- Le menu du fix s'ouvre, choisis l'option 1 et presses la touche " entrée " 
- Laisses le fix travailler et patientes jusqu'au message *** Analyse terminée le*** 
- Un rapport fixnavi.txt sera généré, postes son contenu 
.

amb33 · Answer

Voilà donc le rapport fixnavi.txt :

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free :               Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : Default System BIOS
USER : HP_Administrateur ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090326-0] 4.8.1335 (Not Activated)
Firewall  : Norton Internet Worm Protection 2006 (Not Activated)

C:\ (Local Disk) - NTFS - Total:142 Go (Free:5 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - FAT32 - Total:6 Go (Free:0 Go)
F:\ (Local Disk) - NTFS - Total:149 Go (Free:139 Go)
K:\ (USB)


Recherche executé en mode normal


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\HP_Administrateur\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\HP_Administrateur\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\HP_Administrateur\menudm~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\HP_Administrateur\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

HKEY_CURRENT_USER\Software\Lanconfig 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qwsao"="\"c:\documents and settings\hp_administrateur\local settings\application data\qwsao.exe\" qwsao"


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\HP_Administrateur\locals~1\applic~1" : 

qwsao.exe trouvé !
qwsao.dat trouvé !
qwsao_nav.dat trouvé !
qwsao_navps.dat trouvé !

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 27/03/2009 à 11:29:33,99 ***

Ced_King · Answer

Trés bien,

Relances Navilog et choisis l'option2
- Laisses le fix travailler et patientes jusqu'au message *** Nettoyage terminé le***
- Un rapport cleanavi.txt sera généré, postes son contenu

                                                           -----------------------
Ensuite,Telecharges RSIT " Random's System Information Tool " sur ton bureau : http://images.malwareremoval.com/random/RSIT.exe 

- Fermes toutes les applications en cours et double clic sur RSIT.exe 
- Selectionnes " Continue " à l'ecran >> RSIT va analyser le pc et verifier si l'outil hijackthis ( version à jour) est present sur le pc, si ce n'est pas le cas, RSIT le telechargera >> acceptes la license 
- Une fois l'analyse terminée, 2 rapports.txt s'ouvrent, log.txt à l'écran et info.txt dans la barre des taches 
- Postes le contenu des 2 rapports 
.        __

amb33 · Answer

voilà le deuxième rapport de navilog cleanavi.txt:


Clean Navipromo version 3.7.6 commencé le 27/03/2009 à 11:39:13,42

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free :               Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : Default System BIOS
USER : HP_Administrateur ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090326-0] 4.8.1335 (Activated)
Firewall  : Norton Internet Worm Protection 2006 (Not Activated)

C:\ (Local Disk) - NTFS - Total:142 Go (Free:5 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - FAT32 - Total:6 Go (Free:0 Go)
F:\ (Local Disk) - NTFS - Total:149 Go (Free:139 Go)
K:\ (USB)


Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


ensuite le rapport log de RSit:

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrateur at 2009-03-27 11:57:56
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 5 GB (3%) free of 146 GB
Total RAM: 959 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:06, on 27/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS
otepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\TVPlay\TVPService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrateur\Bureau\RSIT.exe
C:\Program Files	rend micro\HP_Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France	bMul0.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France	bMul0.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France	bMul0.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV4\maxtv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by15fd.bay15.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

Ced_King · Answer

-Telecharges Combofix et enregistres le sur ton bureau 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe - 

/!\ Desactives la garde de ton antivirus et de ton antispyware ( si tu en as un) /!\ 

- Deconnectes toi et fermes toutes les applications en cours 
- double-cliques sur Combofix.exe >> un message apparait > réponds " oui " 
- ( Il est conseillé d'installer la console de recuperations) 
- Selectionnes la langue et presse la touche 1 ( yes) pour lancer le scan 

/!\ Ne touche ni à la souris, ni au clavier durant le scan, cela pourrait figer l'ordi /!\ 

- A la fin du scan, Combofix aura besoin de redemarrer pour finir la desinfection, laisses le faire 
- Une fois terminé, un rapport s'affiche, poste son contenu que tu peux aussi trouver à c:\combofix.txt

Ced_King · Answer

il n'y a toujours pas de réponse à mon dernier message dois je renvoyer les 3 rapports demander? est il possible d'éradiquer ce virus ou dois je reformater mon pc?


- Et en cherchant bien, t'es sur qu'il n'y a pas de reponse ???

amb33 · Answer

désolé je n'ai pas vu immédiatement le message voici le rapport de combofix:

ComboFix 09-03-26.03 - HP_Administrateur 2009-03-27 15:00:11.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.959.278 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090326-0] *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrateur\new.txt
c:\windows\system32\nvcolor.exe
E:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-27 au 2009-03-27 ))))))))))))))))))))))))))))))))))))
.

2009-03-27 11:57 . 2009-03-27 11:59 <REP> d-------- C:\rsit
2009-03-27 11:57 . 2009-03-27 11:59 <REP> d-------- c:\program files\trend micro
2009-03-27 10:29 . 2009-03-27 11:43 <REP> d-------- c:\program files\Navilog1
2009-03-23 15:51 . 2009-03-27 15:06 <REP> d-------- c:\documents and settings\HP_Administrateur\Tracing
2009-03-23 14:39 . 2009-03-24 14:21 <REP> d-------- c:\program files\Microsoft Silverlight
2009-03-23 14:39 . 2009-03-23 14:39 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
2009-03-23 14:38 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-03-23 14:37 . 2009-03-23 14:37 <REP> d-------- c:\program files\Microsoft Sync Framework
2009-03-23 14:36 . 2009-03-23 14:36 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-03-23 14:36 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2009-03-23 14:34 . 2009-03-23 14:34 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-03-23 14:34 . 2009-03-23 14:38 <REP> d-------- c:\program files\Windows Live
2009-03-23 14:34 . 2009-03-23 14:39 <REP> d-------- c:\program files\Microsoft
2009-03-23 14:24 . 2009-03-23 14:24 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-03-12 20:18 . 2009-03-15 21:01 <REP> d-------- c:\program files\Aikido3D
2009-03-12 20:18 . 2009-03-15 21:18 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-09 11:51 . 2009-03-09 11:51 <REP> d-------- c:\program files\iPod
2009-03-09 11:50 . 2009-03-09 11:51 <REP> d-------- c:\program files\iTunes
2009-03-09 11:50 . 2009-03-09 11:51 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-09 11:47 . 2009-03-27 08:33 <REP> d-------- c:\program files\QuickTime
2009-03-09 11:41 . 2009-03-09 11:41 <REP> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 14:03 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\Free Download Manager
2009-03-27 09:14 --------- d-----w c:\program files\CCleaner
2009-03-27 07:33 --------- d-----w c:\program files\PC-Doctor 5 for Windows
2009-03-27 07:33 --------- d-----w c:\program files\Microsoft LifeCam
2009-03-27 07:33 --------- d-----w c:\program files\GemMasterFrench
2009-03-27 07:33 --------- d-----w c:\program files\FrenchOtto
2009-03-27 07:33 --------- d-----w c:\program files\Free Download Manager
2009-03-26 14:43 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-26 11:13 --------- d-----w c:\documents and settings\All Users\Application Data\road dale five extra
2009-03-25 08:42 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\Blue Mapi Media
2009-03-18 17:39 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\OpenOffice.org2
2009-03-18 17:04 --------- d-----w c:\program files\VCW VicMan's Photo Editor
2009-03-09 10:51 --------- d-----w c:\program files\Fichiers communs\Apple
2009-03-04 16:10 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-26 18:24 --------- d-----w c:\program files\Veoh Networks
2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 13:26 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\U3
2009-02-04 13:20 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\Corel
2006-12-09 16:45 1,648,425 ----a-w c:\program files\freedownloadmanager.zip
2006-06-12 12:32 82,906 ----a-w c:\program files\free-download-manager-2.0_patch_fr.exe
2006-06-12 11:47 1,622,403 ----a-w c:\program files\free-download-manager-2.0.exe
2008-09-23 09:07 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-02-04 14:47 88 --sh--r c:\windows\system32\24808B18E1.sys
2008-11-20 09:24 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008112020081121\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2009-03-24 1488112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-11-12 2474031]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-02-06 3572984]
"AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2008-11-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-22 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"TVPService"="c:\program files\HP\TVPlay\TVPService.exe" [2005-12-16 135168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire\Corel Photo Downloader.exe" [2006-10-31 478800]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 185632]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-23 29744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"nwiz"="nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-01-02 27136]

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-01-02 27136]

c:\documents and settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
MaxTV.lnk - c:\program files\DMV\MaxTV4\maxtv.exe [2008-11-10 5366326]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\system32\\wupdmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\HP\\TVPlay\\TVPlay.exe"=
"c:\\Program Files\\HP\\TVPlay\\TVPService.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\eChanblard\\emule.exe"=
"c:\\Program Files\\DMV\\MaxTV4\\maxtv.exe"=
"c:\\Program Files\\DMV\\MaxTV4\\core\\maxtv_xul.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1275:UDP"= 1275:UDP:Windows Media Format SDK (MaxTV.exe)
"1274:UDP"= 1274:UDP:Windows Media Format SDK (MaxTV.exe)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-08 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-05-08 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-03-23 55152]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2005-01-02 468768]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-01-02 2815744]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-10-11 29744]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196487fa-71c9-11dc-a537-00c0a8b27dfe}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2009-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-03-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\igyas2o5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://fr.google.mozilla.com/firefox&client=firefox-a&rls=com.google:fr:official
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 15:07:00
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\brss01a.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\windows\system32\PSIService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\rundll32.exe
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\windows\system32\rundll32.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\DMV\MaxTV4\core\maxtv_xul.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Heure de fin: 2009-03-27 15:10:59 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-27 14:10:56

Avant-CF: 5 122 277 376 octets libres
Après-CF: 5,004,640,256 octets libres

256 --- E O F --- 2009-03-27 07:23:26

Ced_King · Answer

Avec Combofix : 
- Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte, et copie/colle dedans les lignes suivantes : 



Registry:: 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mount
points2\{196487fa-71c9-11dc-a537-00c0a8b27dfe}]




 Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers) 
- Ferme tous tes navigateurs web (donc copie ou imprime les instructions suivantes avant si besoin est). 
- Désactive ton antivirus et tes autres protections résidentes (ex : Spybot) si tu en as (c'est important). 
- Fait un glisser/déposer de ce fichier CFScript sur le programme ComboFix.exe comme sur le lien : 
http://img517.imageshack.us/img517/8662/cfscript10uc2.gif 

( Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris). 
- Combofix va démarrer puis une fenêtre bleue va apparaître. Au message qui s'affiche (Type 1 to continue, or 2 to abort) : tape 1 puis valide. 
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! 
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter ! 
- Une fois le scan achevé, un rapport va s'afficher: poste le stp. 

                                                              ------------------------
Telecharges Malwarebytes' Anti-Malware : 

http://www.malwarebytes.org/mbam/program/mbam-setup.exe 

- Installe le > double-clic sur Mbam-setup.exe, à la fin de l'installation, il se mettra automatiquement à jour 
- Une fois installé, fermes toutes les applications en cours et lances Malwarebytes 
- Executes un examen rapide du pc ( tu n'auras pas accés à internet pendant l'analyse) 
- A la fin du scan clic sur " Afficher les resultats ", si Malwarebytes a trouvé des infections >> clic sur " Supprimer la selection " 
- Si il a besoin de redemarrer le pc pour finir la desinfection, acceptes 
- Un rapport s'etablira, postes son contenu.

amb33 · Answer

voilà le rapport de combofix: ComboFix 09-03-26.03 - HP_Administrateur 2009-04-01 15:11:28.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.959.427 [GMT 2:00] Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\HP_Administrateur\Bureau\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090331-0] *On-access scanning disabled* (Updated) FW: Norton Internet Worm Protection *disabled* * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-01 au 2009-04-01 )))))))))))))))))))))))))))))))))))) . 2009-03-27 12:57 . 2009-03-27 12:59 d-------- C: sit 2009-03-27 12:57 . 2009-03-27 12:59 d-------- c:\program files rend micro 2009-03-27 11:29 . 2009-03-27 12:43 d-------- c:\program files\Navilog1 2009-03-23 16:51 . 2009-04-01 14:52 d-------- c:\documents and settings\HP_Administrateur\Tracing 2009-03-23 15:39 . 2009-03-24 15:21 d-------- c:\program files\Microsoft Silverlight 2009-03-23 15:39 . 2009-03-23 15:39 d-------- c:\program files\Microsoft Office Outlook Connector 2009-03-23 15:38 . 2009-02-06 19:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys 2009-03-23 15:37 . 2009-03-23 15:37 d-------- c:\program files\Microsoft Sync Framework 2009-03-23 15:36 . 2009-03-23 15:36 d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-03-23 15:36 . 2006-11-29 14:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll 2009-03-23 15:34 . 2009-03-23 15:34 d-------- c:\program files\Windows Live SkyDrive 2009-03-23 15:34 . 2009-03-23 15:38 d-------- c:\program files\Windows Live 2009-03-23 15:34 . 2009-03-23 15:39 d-------- c:\program files\Microsoft 2009-03-23 15:24 . 2009-03-23 15:24 d-------- c:\program files\Fichiers communs\Windows Live 2009-03-12 21:18 . 2009-03-30 20:56 d-------- c:\program files\Aikido3D 2009-03-12 21:18 . 2009-03-30 22:14 d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-03-09 12:51 . 2009-03-09 12:51 d-------- c:\program files\iPod 2009-03-09 12:50 . 2009-03-09 12:51 d-------- c:\program files\iTunes 2009-03-09 12:50 . 2009-03-09 12:51 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-03-09 12:47 . 2009-03-27 09:33 d-------- c:\program files\QuickTime 2009-03-09 12:41 . 2009-03-09 12:41 d-------- c:\program files\Bonjour . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-01 13:15 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\Free Download Manager 2009-03-31 15:46 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-03-27 09:14 --------- d-----w c:\program files\CCleaner 2009-03-27 07:33 --------- d-----w c:\program files\PC-Doctor 5 for Windows 2009-03-27 07:33 --------- d-----w c:\program files\Microsoft LifeCam 2009-03-27 07:33 --------- d-----w c:\program files\GemMasterFrench 2009-03-27 07:33 --------- d-----w c:\program files\FrenchOtto 2009-03-27 07:33 --------- d-----w c:\program files\Free Download Manager 2009-03-26 11:13 --------- d-----w c:\documents and settings\All Users\Application Data oad dale five extra 2009-03-25 08:42 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\Blue Mapi Media 2009-03-18 17:39 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\OpenOffice.org2 2009-03-18 17:04 --------- d-----w c:\program files\VCW VicMan's Photo Editor 2009-03-09 10:51 --------- d-----w c:\program files\Fichiers communs\Apple 2009-03-04 16:10 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-26 18:24 --------- d-----w c:\program files\Veoh Networks 2009-02-16 13:21 6,262 --sha-w c:\windows\system32\KGyGaAvL.sys 2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 14:05 1,846,912 ------w c:\windows\system32\dllcache\win32k.sys 2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-06 13:26 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\U3 2009-02-04 13:20 --------- d-----w c:\documents and settings\HP_Administrateur\Application Data\Corel 2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll 2006-12-09 16:45 1,648,425 ----a-w c:\program files\freedownloadmanager.zip 2006-06-12 12:32 82,906 ----a-w c:\program files\free-download-manager-2.0_patch_fr.exe 2006-06-12 11:47 1,622,403 ----a-w c:\program files\free-download-manager-2.0.exe 2008-09-23 09:07 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2008-02-04 14:47 88 --sh--r c:\windows\system32\24808B18E1.sys 2008-11-20 09:24 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008112020081121\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-27_15.09.40.89 ))))))))))))))))))))))))))))))))))))))))) . - 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE - 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe + 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe - 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe + 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe + 2009-04-01 12:50:19 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6c4.dat + 2009-04-01 12:51:46 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_e98.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2009-03-24 1488112] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-11-12 2474031] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-02-06 3572984] "AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2008-11-26 2356088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-22 143360] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552] "HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "TVPService"="c:\program files\HP\TVPlay\TVPService.exe" [2005-12-16 135168] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600] "VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344] "Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire\Corel Photo Downloader.exe" [2006-10-31 478800] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-09-13 185632] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592] "SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-23 29744] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll] "nwiz"="nwiz.exe" [2007-10-04 c:\windows\system32 wiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-08-20 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-01-02 27136] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-01-02 27136] c:\documents and settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\ MaxTV.lnk - c:\program files\DMV\MaxTV4\maxtv.exe [2008-11-10 5366326] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"= "c:\Program Files\HP\Digital Imaging\bin\hposid01.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"= "c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"= "c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "c:\Program Files\Alice_Triway_WiFi\Wizard\CTD_FirmwareUpgrader.exe"= "c:\Program Files\HP\HP Software Update\HPWUCli.exe"= "c:\WINDOWS\system32\wupdmgr.exe"= "c:\Program Files\VideoLAN\VLC\vlc.exe"= "c:\Program Files\HP\TVPlay\TVPlay.exe"= "c:\Program Files\HP\TVPlay\TVPService.exe"= "c:\Program Files\uTorrent\utorrent.exe"= "c:\Program Files\Microsoft LifeCam\LifeExp.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "c:\Program Files\Microsoft LifeCam\LifeCam.exe"= "c:\Program Files\eMule\emule.exe"= "c:\Program Files\eChanblard\emule.exe"= "c:\Program Files\DMV\MaxTV4\maxtv.exe"= "c:\Program Files\DMV\MaxTV4\core\maxtv_xul.exe"= "c:\Program Files\Java\jre6\bin\java.exe"= "c:\Program Files\Free Download Manager\fdm.exe"= "c:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"= "c:\Program Files\Bonjour\mDNSResponder.exe"= "c:\Program Files\iTunes\iTunes.exe"= "c:\Program Files\Windows Live\Messenger\wlcsdk.exe"= "c:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1275:UDP"= 1275:UDP:Windows Media Format SDK (MaxTV.exe) "1274:UDP"= 1274:UDP:Windows Media Format SDK (MaxTV.exe) R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-08 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-05-08 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-03-23 55152] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2005-01-02 468768] S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-01-02 2815744] S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-10-11 29744] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196487fa-71c9-11dc-a537-00c0a8b27dfe}] \Shell\AutoRun\command - H:\LaunchU3.exe -a . Contenu du dossier 'Tâches planifiées' 2009-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-04-01 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\igyas2o5.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://fr.google.mozilla.com/firefox&client=firefox-a&rls=com.google:fr:official FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742 pCIDetect13.dll FF - plugin: c:\program files\Microsoft\Office Live pOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins pGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Picasa2 pPicasa2.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer pWebPlayerVideoPluginATL.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-01 15:14:51 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2009-04-01 15:16:30 ComboFix-quarantined-files.txt 2009-04-01 13:16:28 ComboFix2.txt 2009-03-27 14:11:00 Avant-CF: 3 586 805 760 octets libres Après-CF: 3,569,819,648 octets libres 233 --- E O F --- 2009-03-31 18:01:42 et le rapport de malware: Malwarebytes' Anti-Malware 1.35 Version de la base de données: 1927 Windows 5.1.2600 Service Pack 3 01/04/2009 15:25:20 mbam-log-2009-04-01 (15-25-20).txt Type de recherche: Examen rapide Eléments examinés: 76923 Temps écoulé: 3 minute(s), 12 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\multi media france toolbar (Adware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Ced_King · Answer

-Vides la quarantaine de Malwarebytes --> onglet "quarantaine" et supprimes ce qui s'y trouve
                                                   ---------------------

Clique sur Démarrer puis Exécuter. Tapes combofix /u dans la zone de saisie puis OK. 
- ( il y a un espace entre combofix et /u) 

------------------ 
Telecharges Toolscleaner2 sur ton bureau : http://pc-system.fr/ 

- Cliques sur " Recherche " et patientes 
- Ciques ensuites sur supprimer " pour finaliser 
- Clic sur exit >> un rapport sera généré, postes son contenu 

------------------------------- 

* Mets Adobe à jour : ( n'installes pas la barre d'outil google, décoches la) 
https://get2.adobe.com/reader/otherversions/ 

--------------------- 
* Installes la dernière version de Java : 
https://www.java.com/fr/download/manual.jsp 

------------------- 
* Une fois à jour, télécharges JavaRa.zip 
http://raproducts.org/click/click.php?id=1 
---> Autorise le processus a se connecter si il te le demande 
. Cliques sur Install et suis les instructions 

- Quand l'installation est finie, reviens à l'écran JavaRa 

-Clic sur " Remove Old Versions " ou " recherches d'anciennes versions " --> cliques sur " oui " 

-l'outil va travailler, cliques ensuite sur " Ok " et à nouveau sur Ok 

- Un rapport s'ouvrira, refermes l'application puis postes le 

----------------------------- 

Ensuite mets un coup de ccleaner --> analyse + nettoyage 
--> Registre : chercher des erreurs et reparer les erreurs, jusqu'à 0 erreurs 
( sauvegarde le registre, tu le supprimeras plus tard 

------------------------ 

Fais un scan en ligne ici https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr (Avec Internet Explorer) 

- En bas à droite, clique sur Démarrer Online-scanner 

- Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte 

- Accepte les Contrôles ActiveX 

- Choisis Poste de travail pour le scan. 

- Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport 

- Pour t'aider à utiliser le scan en ligne : 
https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566 

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne. 
----------------------------

amb33 · Answer

voilà le rapport de JavaRa:


JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Apr 02 09:48:19 2009

Found and removed: C:\Program Files\Java\jre1.5.0_05

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: Software\JavaSoft\Java2D\1.5.0_05

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\JavaPlugin.150_05

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150050}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_07\bin\

------------------------------------

Finished reporting.

amb33 · Answer

Analyser avec la base antivirus suivante  	standard
Analyser les archives 	vrai
Analyser les bases de messagerie 	vrai
Cible de l'analyse 	Poste de travail
C:\
D:\
E:\
F:\
K:\
Statistiques de l'analyse
Total d'objets analysés 	120511
Nombre de virus trouvés 	0
Nombre d'objets infectés 	0 / 0
Nombre d'objets suspects 	0
Durée de l'analyse 	02:13:43

Nom de l'objet infecté 	Nom du virus 	Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12262006-141733.log 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Internet Explorer\UserData\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\igyas2o5.default\cert8.db 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\igyas2o5.default\content-prefs.sqlite 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\igyas2o5.default\cookies.sqlite 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\igyas2o5.default\downloads.sqlite 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\igyas2o5.default\formhistory.sqlite 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\igyas2o5.default\key3.db 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\igyas2o5.default\parent.lock 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\igyas2o5.default\permissions.sqlite 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\igyas2o5.default\places.sqlite 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\igyas2o5.default\places.sqlite-journal 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\igyas2o5.default\search.sqlite 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Cookies\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Messenger\ContactsLog.txt 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Search Enhancement Pack\Search Box Extension\history.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\{3bb597c1-27ac-40ca-ba48-ad198bf53888}\DBStore\contacts.edb 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\{3bb597c1-27ac-40ca-ba48-ad198bf53888}\DBStore\LogFiles\edb.log 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\{3bb597c1-27ac-40ca-ba48-ad198bf53888}\DBStore\LogFiles\edbtmp.log 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\{3bb597c1-27ac-40ca-ba48-ad198bf53888}\DBStore	empedb.edb 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\igyas2o5.default\Cache\_CACHE_001_ 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\igyas2o5.default\Cache\_CACHE_002_ 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\igyas2o5.default\Cache\_CACHE_003_ 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\igyas2o5.default\Cache\_CACHE_MAP_ 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\igyas2o5.default\urlclassifier3.sqlite 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Historique\History.IE5\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Historique\History.IE5\MSHist012009040220090403\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\etilqs_BZ3cAYexhFeyq14z2Quq 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\fla160.tmp 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\Free Download Manager	ic14B.tmp 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\hpodvd09.log 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\Perflib_Perfdata_8d4.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\_hphtra07.log 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DF59F5.tmp 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Mes documents\Mes vidéos\Veoh\player\client.log 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Mes documents\Mes vidéos\Veoh\player\upload.log 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\NTUSER.DAT 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur
tuser.dat.LOG 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\HP_Administrateur\Tracing\WindowsLiveMessenger-uccapi-0.uccapilog 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\LocalService
tuser.dat.LOG 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\NetworkService\Cookies\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\NetworkService
tuser.dat.LOG 	L'objet est verrouillé 	ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat 	L'objet est verrouillé 	ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db 	L'objet est verrouillé 	ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws 	L'objet est verrouillé 	ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log
shield.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Alwil Software\Avast4\DATAeport\Protection résidente.txt 	L'objet est verrouillé 	ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase 	L'objet est verrouillé 	ignoré
C:\WINDOWS\Debug\PASSWD.LOG 	L'objet est verrouillé 	ignoré
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{9C4C2DBD-D58C-4A87-85D2-28BEC762F856}.crmlog 	L'objet est verrouillé 	ignoré
C:\WINDOWS\SchedLgU.Txt 	L'objet est verrouillé 	ignoré
C:\WINDOWS\SoftwareDistribution\EventCache\{049CAB07-E205-48B8-B438-C377096752DF}.bin 	L'objet est verrouillé 	ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log 	L'objet est verrouillé 	ignoré
C:\WINDOWS\Sti_Trace.log 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\CatRoot2\edb.log 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\CatRoot2	mp.edb 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\Antivirus.Evt 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\AppEvent.Evt 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\default 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\default.LOG 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\IntelDH.evt 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\Internet.evt 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\Media Ce.evt 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\SAM 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\SAM.LOG 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\SecEvent.Evt 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\SECURITY 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\SECURITY.LOG 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\software 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\software.LOG 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\SysEvent.Evt 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\system 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\system.LOG 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\h323log.txt 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP 	L'objet est verrouillé 	ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_6bc.dat 	L'objet est verrouillé 	ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_e28.dat 	L'objet est verrouillé 	ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt 	L'objet est verrouillé 	ignoré
C:\WINDOWS\wiadebug.log 	L'objet est verrouillé 	ignoré
C:\WINDOWS\wiaservc.log 	L'objet est verrouillé 	ignoré
C:\WINDOWS\WindowsUpdate.log 	L'objet est verrouillé 	ignoré
F:\System Volume Information\MountPointManagerRemoteDatabase 	L'objet est verrouillé 	ignoré
Analyse terminée.

WIN 32 trojan

12 réponses

Votre réponse

Discussions similaires

Newsletters