Probleme anti virus?

rapport 2


############################## [ UsbFix V3.008 ]

# User : DH (Administrateurs) # DH-50QSMUF8CN74
# Update on 13/04/09 by C_XX & Chiquitine29
# Start at: 13:18:13 | 15/04/2009

# AMD Duron(tm)
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) #
# Internet Explorer 6.0.2600.0000
# Windows Firewall Status : Disabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 37,26 Go (26,3 Go free) [ordidehélène] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque amovible # 3,77 Go (3,69 Go free) [USB 4GB] # FAT32

############################## [ Processus actifs ]


################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\"autorun.inf"

################## [ Registre # Clés Run infectieuses ]

# -> Not Found !

################## [ Registre # Mountpoints2 ]

# -> Not Found !

################## [ Listing des fichiers présent ]

C:\AUTOEXEC.BAT
C:\Delme.bat
C:\NTDETECT.COM
C:\ahckfolhq.exe
C:\ajnimapun.exe
C:\alwacxogf.exe
C:\amnqdgbyn.exe
C:\anotajtoo.exe
C:\aoniamvxs.exe
C:\atvqnbkps.exe
C:\azuhjvral.exe
C:\bbmavduji.exe
C:\bbtswglfj.exe
C:\bhxfvaibk.exe
C:\bjwkavmgm.exe
C:\bnhsvuxut.exe
C:\bubhyiiek.exe
C:\bvrvczcap.exe
C:\bxfgxbxcm.exe
C:\bxpdhyjlq.exe
C:\bydyafapr.exe
C:\clorjpxpc.exe
C:\cqdgmwfcy.exe
C:\cqkfznpjc.exe
C:\cufssktcu.exe
C:\cxapwdhst.exe
C:\cxdbctczf.exe
C:\czohzdkdx.exe
C:\daqcoulez.exe
C:\ddcozqpnj.exe
C:\dgcyolwkp.exe
C:\dpdstdicw.exe
C:\dpzpyfrmh.exe
C:\dxbqbkkvz.exe
C:\eaycdrnvv.exe
C:\ebypighrc.exe
C:\ejzspalql.exe
C:\ensvoibax.exe
C:\epzjlgfgo.exe
C:\etkdwfsqn.exe
C:\evvewduys.exe
C:\exldoidvu.exe
C:\fdnqfxdpl.exe
C:\fmsqesxcv.exe
C:\fnhxnhyfc.exe
C:\fnkbhytgr.exe
C:\fwqyoihfk.exe
C:\gaeqmpaav.exe
C:\gaxhbducp.exe
C:\gegmfqxfn.exe
C:\gikhocncj.exe
C:\gledgfdvv.exe
C:\gnbpabpty.exe
C:\gnljbsctg.exe
C:\goannciij.exe
C:\grvgzlesj.exe
C:\gsybmkcff.exe
C:\gxegemcru.exe
C:\hefvrvdqi.exe
C:\hewzexfjh.exe
C:\hfpzpdhga.exe
C:\hivmgfqax.exe
C:\hlwstanqn.exe
C:\hsxskuwil.exe
C:\hvfpjindb.exe
C:\isqnpmjhs.exe
C:\ivtglgzhb.exe
C:\ivvvjiadq.exe
C:\iwiiqjevw.exe
C:\jagwwdfoa.exe
C:\jgzaynpnb.exe
C:\jjmhfwznv.exe
C:\jtdwqhydj.exe
C:\jwoxvtvqe.exe
C:\jykfgspku.exe
C:\kecmdysnv.exe
C:\kfbqhkrmr.exe
C:\kjqwrqjhk.exe
C:\kkfgafmie.exe
C:\klxmbzdor.exe
C:\kusufjxes.exe
C:\kwzwxlmas.exe
C:\kyyjbeyum.exe
C:\lclmvszhv.exe
C:\lgvdyoqzy.exe
C:\liglggmlb.exe
C:\lkwvqoqnh.exe
C:\lsrpxsgbd.exe
C:\lubjnrjbx.exe
C:\lwalfaxvl.exe
C:\lzfpbcjmm.exe
C:\mfdtsyiwp.exe
C:\mitm.exe
C:\mmpojqjoe.exe
C:\mpohuisqx.exe
C:\mpwjznrsb.exe
C:\mtxsaavtf.exe
C:\muwmdmanl.exe
C:\mzfresepa.exe
C:\mzwwifgli.exe
C:\noawxtahj.exe
C:\nqoteoyyn.exe
C:\oipaaqpoq.exe
C:\oiyantrgv.exe
C:\oqcfamgfm.exe
C:\ovkzjwsot.exe
C:\oxiizttem.exe
C:\oxoppdhsn.exe
C:\pebcdhqlu.exe
C:\penwhptdf.exe
C:\pglubmium.exe
C:\phjqjhjop.exe
C:\pnyiswmty.exe
C:\prpxjsjyz.exe
C:\pspyfiifi.exe
C:\qjytkpomq.exe
C:\qqtyuwynt.exe
C:\qsovzablk.exe
C:\qthlbzwid.exe
C:\qvxsypkdc.exe
C:\rayudjtri.exe
C:\rdnjceqgm.exe
C:\riouxzaep.exe
C:\ritshgktl.exe
C:\rivqwwxjg.exe
C:\rpracgyoh.exe
C:\rqvhijopi.exe
C:\rwyzrdezz.exe
C:\rytnxfqcg.exe
C:\rzjxfibwi.exe
C:\sdvprcwkf.exe
C:\sgnstngil.exe
C:\siaujvspe.exe
C:\sicdlffhp.exe
C:\sipfucoqy.exe
C:\ssuhfxudh.exe
C:\svtnxcqaf.exe
C:\szhejddhm.exe
C:\taydhtupy.exe
C:\tcypsdsvb.exe
C:\tsjuofzyd.exe
C:\ttmqobmrx.exe
C:\uccypyilf.exe
C:\uciztzygh.exe
C:\uduatxgzt.exe
C:\ueutbccig.exe
C:\ufcytjwbt.exe
C:\ugdisaofy.exe
C:\UNWISE.EXE
C:\uqcpwwhyn.exe
C:\uuwytnkxc.exe
C:\uwlxyjkyn.exe
C:\uyweyxxgt.exe
C:\vgdtysypq.exe
C:\vhccaywhs.exe
C:\vjehftvcf.exe
C:\vobuokdws.exe
C:\vokzojkpm.exe
C:\vqylzobio.exe
C:\vrrhmhszp.exe
C:\wendldjji.exe
C:\wfqnfnvtz.exe
C:\wgfmzprac.exe
C:\wihveukpm.exe
C:\wpyilwxxx.exe
C:\wqwhojiym.exe
C:\wwrkctghd.exe
C:\wwset32.exe
C:\wxvjbwjlf.exe
C:\xnagyayox.exe
C:\xuxgwsqtg.exe
C:\ycoarglal.exe
C:\ygbmehtcg.exe
C:\ygmepdxhg.exe
C:\yjggfhkwb.exe
C:\ynvlwothj.exe
C:\zckmmhcjp.exe
C:\zhitxeoyq.exe
C:\zjyduwddt.exe
C:\zonssvzve.exe
C:\ztsnuugee.exe
C:\ztvixhzkf.exe
C:\boot.ini
E:\FindyKill.exe
E:\anti-malware.exe
E:\antivir_workstation_winu_fr_h.exe
E:\RSIT.exe
E:\ccsetup218.exe
E:\Avast..exe
E:\UsbFix.exe
E:\HJTInstall.exe

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# E:\autorun.inf -> Folder created by UsbFix.

################## [ ! Fin du rapport # UsbFix V3.008 ! ]

rapport d'hijackthis apres l'analyse n°2 de usbfix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:24:08, on 15/04/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\svchost.exe"
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HUAWEI E620 Data Card] C:\PROGRA~2\Kanguru\Kanguru.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\DH\reader_s.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll

j'ai fais un scan avec Malwarebytes,voici le rapport, il y avait 7 fichiers infectés

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1945
Windows 5.1.2600

15/04/2009 14:19:40
mbam-log-2009-04-15 (14-19-40).txt

Type de recherche: Examen rapide
Eléments examinés: 76016
Temps écoulé: 5 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

resultat annalyse hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:46, on 15/04/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HUAWEI E620 Data Card] C:\PROGRA~2\Kanguru\Kanguru.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

le document qui est dans "trend micro" est exactement le meme que celui que j'ai posté., il s'arete egalement a 09.
Dois-je refaire une analyse?

version de trend micro, executé comme expliqué page 13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:46, on 15/04/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HUAWEI E620 Data Card] C:\PROGRA~2\Kanguru\Kanguru.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Il est malheureusement pareil que l'autre!!!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:46, on 15/04/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HUAWEI E620 Data Card] C:\PROGRA~2\Kanguru\Kanguru.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

excuse moi j'ai du me trompé de document, mais voici le bon document


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:46, on 15/04/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HUAWEI E620 Data Card] C:\PROGRA~2\Kanguru\Kanguru.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

C'est fait, voir page 23
Il faut m'excuser je travail avec deux PC, et c'est un peux compliqué pour moi.

bonjour et bonne journée jacques.gache

Voici les resultats des differents rapports

1) Rapport SDFix


[b]SDFix: Version 1.240 [/b]
Run by DH on 16/04/2009 at 10:14

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\AJNIMA~1.EXE - Deleted
C:\ALWACX~1.EXE - Deleted
C:\ANOTAJ~1.EXE - Deleted
C:\BHXFVA~1.EXE - Deleted
C:\BNHSVU~1.EXE - Deleted
C:\BUBHYI~1.EXE - Deleted
C:\BXPDHY~1.EXE - Deleted
C:\CLORJP~1.EXE - Deleted
C:\CQKFZN~1.EXE - Deleted
C:\CUFSSK~1.EXE - Deleted
C:\CXDBCT~1.EXE - Deleted
C:\DAQCOU~1.EXE - Deleted
C:\DDCOZQ~1.EXE - Deleted
C:\DGCYOL~1.EXE - Deleted
C:\DPZPYF~1.EXE - Deleted
C:\EAYCDR~1.EXE - Deleted
C:\EBYPIG~1.EXE - Deleted
C:\ENSVOI~1.EXE - Deleted
C:\EPZJLG~1.EXE - Deleted
C:\ETKDWF~1.EXE - Deleted
C:\EVVEWD~1.EXE - Deleted
C:\FDNQFX~1.EXE - Deleted
C:\FNKBHY~1.EXE - Deleted
C:\FWQYOI~1.EXE - Deleted
C:\GEGMFQ~1.EXE - Deleted
C:\GIKHOC~1.EXE - Deleted
C:\GLEDGF~1.EXE - Deleted
C:\GNBPAB~1.EXE - Deleted
C:\GNLJBS~1.EXE - Deleted
C:\GOANNC~1.EXE - Deleted
C:\GRVGZL~1.EXE - Deleted
C:\GXEGEM~1.EXE - Deleted
C:\HEFVRV~1.EXE - Deleted
C:\HFPZPD~1.EXE - Deleted
C:\HLWSTA~1.EXE - Deleted
C:\ISQNPM~1.EXE - Deleted
C:\IWIIQJ~1.EXE - Deleted
C:\JTDWQH~1.EXE - Deleted
C:\KFBQHK~1.EXE - Deleted
C:\KKFGAF~1.EXE - Deleted
C:\KLXMBZ~1.EXE - Deleted
C:\KWZWXL~1.EXE - Deleted
C:\LCLMVS~1.EXE - Deleted
C:\LGVDYO~1.EXE - Deleted
C:\LIGLGG~1.EXE - Deleted
C:\LZFPBC~1.EXE - Deleted
C:\MMPOJQ~1.EXE - Deleted
C:\MPOHUI~1.EXE - Deleted
C:\MPWJZN~1.EXE - Deleted
C:\MZFRES~1.EXE - Deleted
C:\MZWWIF~1.EXE - Deleted
C:\NQOTEO~1.EXE - Deleted
C:\OIPAAQ~1.EXE - Deleted
C:\OXIIZT~1.EXE - Deleted
C:\OXOPPD~1.EXE - Deleted
C:\PENWHP~1.EXE - Deleted
C:\PHJQJH~1.EXE - Deleted
C:\PNYISW~1.EXE - Deleted
C:\PRPXJS~1.EXE - Deleted
C:\PSPYFI~1.EXE - Deleted
C:\QJYTKP~1.EXE - Deleted
C:\QQTYUW~1.EXE - Deleted
C:\RAYUDJ~1.EXE - Deleted
C:\RIVQWW~1.EXE - Deleted
C:\RWYZRD~1.EXE - Deleted
C:\SDVPRC~1.EXE - Deleted
C:\SGNSTN~1.EXE - Deleted
C:\SIAUJV~1.EXE - Deleted
C:\SICDLF~1.EXE - Deleted
C:\SVTNXC~1.EXE - Deleted
C:\UCCYPY~1.EXE - Deleted
C:\UCIZTZ~1.EXE - Deleted
C:\UDUATX~1.EXE - Deleted
C:\UFCYTJ~1.EXE - Deleted
C:\UGDISA~1.EXE - Deleted
C:\UUWYTN~1.EXE - Deleted
C:\VJEHFT~1.EXE - Deleted
C:\VOBUOK~1.EXE - Deleted
C:\VOKZOJ~1.EXE - Deleted
C:\VQYLZO~1.EXE - Deleted
C:\WFQNFN~1.EXE - Deleted
C:\WIHVEU~1.EXE - Deleted
C:\WQWHOJ~1.EXE - Deleted
C:\WWRKCT~1.EXE - Deleted
C:\XNAGYA~1.EXE - Deleted
C:\XUXGWS~1.EXE - Deleted
C:\YCOARG~1.EXE - Deleted
C:\YGBMEH~1.EXE - Deleted
C:\YJGGFH~1.EXE - Deleted
C:\YNVLWO~1.EXE - Deleted
C:\ZJYDUW~1.EXE - Deleted
C:\ZONSSV~1.EXE - Deleted
C:\ZTVIXH~1.EXE - Deleted
C:\WINDOWS\system32\TFTP468 - Deleted
C:\WINDOWS\system32\TFTP804 - Deleted
C:\Program Files\Fichiers communs\System\MSASP32.exe - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 10:21:18
Windows 5.1.2600 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
@="C:\\WINDOWS\\system32\\4.tmp:*:Enabled:KL"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Sun 12 Apr 2009 90,624 A.SHR --- "C:\ahckfolhq.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\amnqdgbyn.exe"
Thu 4 Oct 2001 90,624 A.SHR --- "C:\aoniamvxs.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\atvqnbkps.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\azuhjvral.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\bbmavduji.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\bbtswglfj.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\bjwkavmgm.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\bvrvczcap.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\bxfgxbxcm.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\bydyafapr.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\cqdgmwfcy.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\cxapwdhst.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\czohzdkdx.exe"
Thu 4 Oct 2001 90,624 A.SHR --- "C:\dpdstdicw.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\dxbqbkkvz.exe"
Thu 4 Oct 2001 90,624 A.SHR --- "C:\ejzspalql.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\exldoidvu.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\fmsqesxcv.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\fnhxnhyfc.exe"
Thu 4 Oct 2001 90,624 A.SHR --- "C:\gaeqmpaav.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\gaxhbducp.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\gsybmkcff.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\hewzexfjh.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\hivmgfqax.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\hsxskuwil.exe"
Thu 4 Oct 2001 90,624 A.SHR --- "C:\hvfpjindb.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\ivtglgzhb.exe"
Thu 4 Oct 2001 90,624 A.SHR --- "C:\ivvvjiadq.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\jagwwdfoa.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\jgzaynpnb.exe"
Thu 4 Oct 2001 90,624 A.SHR --- "C:\jjmhfwznv.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\jwoxvtvqe.exe"
Thu 4 Oct 2001 90,624 A.SHR --- "C:\jykfgspku.exe"
Thu 4 Oct 2001 90,624 A.SHR --- "C:\kecmdysnv.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\kjqwrqjhk.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\kusufjxes.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\kyyjbeyum.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\lkwvqoqnh.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\lsrpxsgbd.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\lubjnrjbx.exe"
Thu 4 Oct 2001 90,624 A.SHR --- "C:\lwalfaxvl.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\mfdtsyiwp.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\mtxsaavtf.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\muwmdmanl.exe"
Thu 4 Oct 2001 90,624 A.SHR --- "C:\noawxtahj.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\oiyantrgv.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\oqcfamgfm.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\ovkzjwsot.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\pebcdhqlu.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\pglubmium.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\qsovzablk.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\qthlbzwid.exe"
Thu 4 Oct 2001 90,624 A.SHR --- "C:\qvxsypkdc.exe"
Thu 4 Oct 2001 90,624 A.SHR --- "C:\rdnjceqgm.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\riouxzaep.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\ritshgktl.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\rpracgyoh.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\rqvhijopi.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\rytnxfqcg.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\rzjxfibwi.exe"
Thu 4 Oct 2001 90,624 ...H. --- "C:\sipfucoqy.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\ssuhfxudh.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\szhejddhm.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\taydhtupy.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\tcypsdsvb.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\tsjuofzyd.exe"
Thu 4 Oct 2001 90,624 A.SHR --- "C:\ttmqobmrx.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\ueutbccig.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\uqcpwwhyn.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\uwlxyjkyn.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\uyweyxxgt.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\vgdtysypq.exe"
Thu 4 Oct 2001 90,624 A.SHR --- "C:\vhccaywhs.exe"
Thu 4 Oct 2001 90,624 A.SHR --- "C:\vrrhmhszp.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\wendldjji.exe"
Thu 4 Oct 2001 90,624 A.SHR --- "C:\wgfmzprac.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\wpyilwxxx.exe"
Thu 4 Oct 2001 90,624 A.SHR --- "C:\wxvjbwjlf.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\ygmepdxhg.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\zckmmhcjp.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\zhitxeoyq.exe"
Sun 12 Apr 2009 90,624 A.SHR --- "C:\ztsnuugee.exe"
Mon 13 Apr 2009 105,984 A..H. --- "C:\WINDOWS\system32\qboycp.exe"
Wed 5 Feb 2003 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 5 Feb 2003 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Sat 4 Jan 2003 0 A..H. --- "C:\Programas\MSN\MSNCoreFiles\BIT10.tmp"
Sat 4 Jan 2003 0 A..H. --- "C:\Programas\MSN\MSNCoreFiles\BIT4.tmp"
Sat 4 Jan 2003 0 A..H. --- "C:\Programas\MSN\MSNCoreFiles\BIT5.tmp"
Sat 4 Jan 2003 0 A..H. --- "C:\Programas\MSN\MSNCoreFiles\BIT6.tmp"
Sat 4 Jan 2003 0 A..H. --- "C:\Programas\MSN\MSNCoreFiles\BIT7.tmp"
Sat 4 Jan 2003 0 A..H. --- "C:\Programas\MSN\MSNCoreFiles\BIT8.tmp"
Sat 4 Jan 2003 0 A..H. --- "C:\Programas\MSN\MSNCoreFiles\BIT9.tmp"
Sat 4 Jan 2003 0 A..H. --- "C:\Programas\MSN\MSNCoreFiles\BITA.tmp"
Sat 4 Jan 2003 0 A..H. --- "C:\Programas\MSN\MSNCoreFiles\BITB.tmp"
Sat 4 Jan 2003 0 A..H. --- "C:\Programas\MSN\MSNCoreFiles\BITC.tmp"
Sat 4 Jan 2003 0 A..H. --- "C:\Programas\MSN\MSNCoreFiles\BITD.tmp"
Sat 4 Jan 2003 0 A..H. --- "C:\Programas\MSN\MSNCoreFiles\BITE.tmp"
Sat 4 Jan 2003 0 A..H. --- "C:\Programas\MSN\MSNCoreFiles\Setup\BIT3.tmp"
Sat 4 Jan 2003 0 A..H. --- "C:\Programas\MSN\MSNCoreFiles\Setup\BITF.tmp"

[b]Finished![/b]

2) rapport Malwarebytes (1)

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1945
Windows 5.1.2600

15/04/2009 14:19:40
mbam-log-2009-04-15 (14-19-40).txt

Type de recherche: Examen rapide
Eléments examinés: 76016
Temps écoulé: 5 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


rapport Malwarebytes (2)

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1945
Windows 5.1.2600

16/04/2009 11:06:21
mbam-log-2009-04-16 (11-06-21).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 106212
Temps écoulé: 34 minute(s), 1 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\system32\6to4v32.dll.vir (Dialer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\at1394.sys.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E4FB162D-5B41-4200-90D6-83BCD4B6B5D2}\RP2\A0010973.dll (Dialer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E4FB162D-5B41-4200-90D6-83BCD4B6B5D2}\RP2\A0010974.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.


3) rapport Hijackthis J'ai remarqué lors de l'analyse, il c'est arreté au n° "023 NT Service", mais au resultat il c'est arreté au n° "09" ???


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:55, on 16/04/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HUAWEI E620 Data Card] C:\PROGRA~2\Kanguru\Kanguru.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Bonjour,

Comme précisé en page 28
Lors de l'analyse, le procedé s'arrete au n°"023 NT Service"mais a l'affichage il s'arrete au n°"09"
Dois-je quand meme faire l'analyse avec Rooter?

resultat de l'analyse de Rooter



Microsoft Windows XP Professional (5.1.2600)

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:38154 Mo/Free:366 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Removable] (Total:3856 Mo/Free:3684 Mo)

17/04/2009|15:23

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
---------- C:\WINDOWS\system32\sistray.exe
---------- C:\Program Files\Realtek AC97\SoundMan.exe
---------- C:\WINDOWS\System32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - 17/04/2009|15:23

----------------------\\ Scan completed at 15:23