Mon PC est infecté. Help ! Merci d'avance !!!

Résolu/Fermé
chocapic - 16 oct. 2007 à 21:44
 Thib - 15 nov. 2007 à 11:17
Bonjour à tous,

Voici mon souci : je me retrouve avec une petite icone triangulaire jaune à côté de mon horloge qui m'indique sans arrêt que mon PC est infecté, j'ai des icones qui sont apparues sur mon bureau dont je n'arrive pas à me débarasser (online security guide et live safety center), j'ai des fenêtres Internet Explorer qui s'ouvrent sans que je demande quoi que ce soit (qui pointent sur savetheinformation.com, www.protectroom.com) , mon PC rame, ...etc.

J'ai un peu regardé sur le site et j'ai scrupuleusement appliqué la méthode préliminaire de désinfection (CCCleaner, puis AVG anti-spyware, puis BitDefender, et enfin Hijackthis). Les symptomes n'ont malheureusement pas disparu. Il me reste donc plus qu'à m'adresser à un expert ! Merci par avance pour votre aide !!!
Ci-dessous les 3 rapports :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 08:19:37 16/10/2007

+ Résultat de l'analyse:

C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP199\A0078210.dll -> Adware.404Search : Nettoyé.
C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP199\A0078209.exe -> Adware.RXBar : Nettoyé.
HKU\S-1-5-21-857990369-3436217285-3352127403-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Nettoyé.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@com[1].txt -> TrackingCookie.Com : Nettoyé.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\LocalService\Cookies\system@need2find[2].txt -> TrackingCookie.Need2find : Nettoyé.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.

Fin du rapport


-------------------------------------------------------------------------------------------------------------------------------------

BitDefender Online Scanner

Scan report generated at: Tue, Oct 16, 2007 - 11:01:37

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;


Statistics

Time 02:11:07
Files 348821
Folders 8373
Boot Sectors 5
Archives 29444
Packed Files 16313

Results

Identified Viruses 2
Infected Files 9
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 9


Engines Info

Virus Definitions 826871

Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins 14

Archive plugins 38

Unpack plugins 7

E-mail plugins 6

System plugins 1




Scan Settings

First Action Disinfect

Second Action Delete

Heuristics Yes

Enable Warnings Yes

Scanned Extensions *;

Exclude Extensions

Scan Emails Yes

Scan Archives Yes

Scan Packed Yes

Scan Files Yes

Scan Boot Yes




Scanned File
Status

C:\Documents and Settings\Propriétaire\Local Settings\Temp\blbgpvtl.exe
Infected with: Trojan.Fotomoto.E

C:\Documents and Settings\Propriétaire\Local Settings\Temp\blbgpvtl.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Local Settings\Temp\blbgpvtl.exe
Deleted

C:\Documents and Settings\Propriétaire\Local Settings\Temp\lgjpifby.exe
Infected with: Trojan.Fotomoto.E

C:\Documents and Settings\Propriétaire\Local Settings\Temp\lgjpifby.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Local Settings\Temp\lgjpifby.exe
Deleted

C:\Documents and Settings\Propriétaire\Local Settings\Temp\oqpuxdvb.exe
Infected with: Trojan.Fotomoto.E

C:\Documents and Settings\Propriétaire\Local Settings\Temp\oqpuxdvb.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Local Settings\Temp\oqpuxdvb.exe
Deleted

C:\Documents and Settings\Propriétaire\Local Settings\Temp\pkqkxxeb.exe
Infected with: Trojan.Fotomoto.E

C:\Documents and Settings\Propriétaire\Local Settings\Temp\pkqkxxeb.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Local Settings\Temp\pkqkxxeb.exe
Deleted

C:\Documents and Settings\Propriétaire\Local Settings\Temp\plrvvdrk.exe
Infected with: Trojan.Fotomoto.E

C:\Documents and Settings\Propriétaire\Local Settings\Temp\plrvvdrk.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Local Settings\Temp\plrvvdrk.exe
Deleted

C:\Documents and Settings\Propriétaire\Local Settings\Temp\rpafeaox.exe
Infected with: Trojan.Fotomoto.E

C:\Documents and Settings\Propriétaire\Local Settings\Temp\rpafeaox.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Local Settings\Temp\rpafeaox.exe
Deleted

C:\Documents and Settings\Propriétaire\Local Settings\Temp\slfmcodh.exe
Infected with: Trojan.Fotomoto.E

C:\Documents and Settings\Propriétaire\Local Settings\Temp\slfmcodh.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Local Settings\Temp\slfmcodh.exe
Deleted

C:\Documents and Settings\Propriétaire\Local Settings\Temp\vsgghkep.exe
Infected with: Trojan.Fotomoto.E

C:\Documents and Settings\Propriétaire\Local Settings\Temp\vsgghkep.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Local Settings\Temp\vsgghkep.exe
Deleted

C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP211\A0079771.DLL
Infected with: Generic.Lineage.2259D555

C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP211\A0079771.DLL
Disinfection failed

C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP211\A0079771.DLL
Deleted

---------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:38, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\pgafvpre.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ShowShifter TVTV EPG Daemon] "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickScan (OpticFilm 7200).lnk = C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.vm-wl.com/DownloadManager/Release/Prod/DownMan.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
A voir également:

24 réponses

philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
16 oct. 2007 à 22:04
bonsoir,

* Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

* Installe le à la racine de C

* double clic sur l'exe pour le décompresser et lancer le fix.
Utilisation ----- option 1 - Recherche :
* Double clique sur smitfraudfix.cmd
* Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
* Poste le rapport ici
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


0
Bonsoir,
Merci pour votre aide.
Voici le rapport :

SmitFraudFix v2.240

Rapport fait à 22:14:15,14, 16/10/2007
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.254.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4E767D19-C4B7-46AA-A2BB-4AC70DDF555E}: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4E767D19-C4B7-46AA-A2BB-4AC70DDF555E}: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
16 oct. 2007 à 22:36
re

petite erreur de parcours, je devais avoir la tête ailleurs, désolée


* Télécharge VundoFix.exe (par Atribune) sur ton Bureau

http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer

* Clique sur le bouton Scan for Vundo

* Lorsque le scan est complété, clique sur le bouton Remove Vundo

* Une invite te demandera si tu veux supprimer les fichiers, clique YES

* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse


Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
0
Pas de problème.
Voici les 2 rapports :


VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 22:44:21 16/10/2007

Listing files found while scanning....

C:\WINDOWS\system32\qsksltmg.dll
C:\WINDOWS\system32\qubiecqb.dll
C:\WINDOWS\system32\ssqrqpo.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qsksltmg.dll
C:\WINDOWS\system32\qsksltmg.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qubiecqb.dll
C:\WINDOWS\system32\qubiecqb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrqpo.dll
C:\WINDOWS\system32\ssqrqpo.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qsksltmg.dll
C:\WINDOWS\system32\qsksltmg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrqpo.dll
C:\WINDOWS\system32\ssqrqpo.dll Has been deleted!

Performing Repairs to the registry.
Done!

------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:51, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ShowShifter TVTV EPG Daemon] "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickScan (OpticFilm 7200).lnk = C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.vm-wl.com/DownloadManager/Release/Prod/DownMan.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
16 oct. 2007 à 23:35
ok, merci,

c'est nettement mieux et surtout plus adapté :)

* lance hijackthis puis coche ces lignes :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr8.hpwis.com/
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ShowShifter TVTV EPG Daemon] "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.vm-wl.com/DownloadManager/Release/Prod/DownMan.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)

* toutes applications fermées et HORS CONNEXION, clique sur "fix checked"

puis

supprime via ajout et suppression de programme si tu le trouves :
Home Media Networks Limited

ainsi que le dossier

C:\Program Files\Home Media Networks Limited\

puis

* Fait un scan antivirus en ligne Panda et copie colle le résultat ici
https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
(avec Internet Explorer et désactive ton Antivirus pendant le scan)

* tuto en image
http://pageperso.aol.fr/loraline60/panda_scan.htm

reposte également un nouveau rapport hijackthis
0
Le scan avec Panda en est à peine au tiers :-(
Je pense qu'il en a encore pour un bout de temps.
On reprend demain soir ?
0
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
17 oct. 2007 à 01:23
c'est fort probable qu'i y en ai pour un petit moment

on termine demain soir si tu veux
à demain
0
Oui, je veux bien qu'on termine ce soir ;-)

Voici le rapport de Panda et le nouveau hijackthis :


Incident Status Location

Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\barzbwhx.dll
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\vfheztfh.dll
Potentially unwanted tool:application/altnet Not disinfected hkey_classes_root\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@ad.yieldmanager[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@apmebf[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@bluestreak[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@bs.serving-sys[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@perf.overture[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@serving-sys[2].txt
Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@smartadserver[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@statse.webtrendslive[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@tribalfusion[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@weborama[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@xiti[1].txt
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\dlwixoql.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\dswtmhmj.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\efcgxlvu.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\exjegpqb.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\gcaaqyqf.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\gfnsaqmf.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\gitobxmn.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\hqhmhmdi.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\lpllfrfy.exe
Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\lscriwcg.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\mofugclq.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\ngproxvf.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\peuagbsx.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\qrjatydi.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\rhvqsuwb.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\sheqipoi.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\ujjivnwv.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\urclqecd.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\vntmrykt.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\xqedqkpr.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\ywuecxwm.exe
Adware:Adware/SecurityToolbar Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\ERAZ0JWF\upd32_v11[1]
Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\GD23AH01\valera[1]
Virus:Trj/Downloader.PCQ Disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\MPCFAPKJ\lkjh[1]
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Adware:Adware/SecurityToolbar Not disinfected C:\Program Files\Hammer.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\SmitfraudFix\restart.exe
Virus:Trj/Rebooter.J Disinfected C:\SmitfraudFix.exe
Adware:Adware/SecurityToolbar Not disinfected C:\VundoFix Backups\qsksltmg.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ssqrqpo.dll.bad
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\dskaacmz.dll
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\eqsdeumi.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fnkmrdrv.exe
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\gncmjuct.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\isygzotu.dll
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\lyhstler.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\mowtgnoc.exe
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\njipeaqu.exe
Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\oceabyah.exe
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\oqnjblnd.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\pgafvpre.dll
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\tbemmmnm.exe
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\uzravdiw.dll
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\vmpnfmjw.exe
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\vqxowaur.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wgnjhzbn.dll
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\xhyjewbs.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ywcuecgd.exe
-----------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:33:33, on 17/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\oceabyah.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fwww.orange.fr%2f
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\uzravdiw.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\bakbqkbm.dll",sitypnow
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickScan (OpticFilm 7200).lnk = C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\oceabyah.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
0
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
17 oct. 2007 à 13:19
bonjour,

reste du boulot

on va faire ceci

* Télécharge CCleaner.

https://www.pcastuces.com/logitheque/ccleaner.htm

Installe le dans un répertoire dédié.

Décoche pendant l'installation

--- les deux cases "Ajouter l'option ... "

--- Contrôler les mises à jour

--- Ajouter la Barre d'Outils Yahoo! CCleaner

* Lance Ccleaner pour un nettoyage complet.

ET


* Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Double clique combofix.exe.

* Tape sur la touche Y (Yes) pour démarrer le scan.

* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

et tu reposteras également un nouveau rapport hijackthis

0
Bonsoir Philae83,

Voici les 2 rapports :

ComboFix 07-10-17.8 - Propri‚taire 2007-10-17 20:11:08.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.278 [GMT 2:00]
Running from: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Propri‚taire\ResErrors.log
C:\Program Files\crosof~1
C:\Program Files\Hammer.dll
C:\UGA6P
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\efhkj.tmp
C:\WINDOWS\system32\efhkj.tmp
C:\WINDOWS\system32\efhkj.tmp
C:\WINDOWS\system32\gwwbwqxn.dll
C:\WINDOWS\system32\hfcbbibf.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\jkhfe.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers créés 2007-09-17 to 2007-10-17 ))))))))))))))))))))))))))))))))))))
.

2007-10-16 22:44 <REP> d-------- C:\VundoFix Backups
2007-10-16 22:10 <REP> d-------- C:\SmitfraudFix
2007-10-16 18:48 <REP> d-------- C:\Program Files\Trend Micro
2007-10-15 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-14 18:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-14 18:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-13 08:30 <REP> C:\Documents and Settings\Propriétaire\Recent
2007-10-09 22:13 <REP> d-------- C:\Program Files\Windows Defender
2007-10-08 21:24 <REP> d-------- C:\Program Files\Lavasoft
2007-10-05 23:14 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2007-10-05 20:20 <REP> d-------- C:\Program Files\Dofus
2007-09-29 10:36 <REP> d-------- C:\Program Files\iPod
2007-09-29 10:35 <REP> d-------- C:\Program Files\iTunes
2007-09-29 10:32 <REP> d-------- C:\Program Files\QuickTime
2007-09-29 10:30 <REP> d-------- C:\Program Files\Apple Software Update
2007-09-29 10:29 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-09-29 10:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-25 21:15 <REP> d-------- C:\Program Files\Audacity

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 18:23 6,815,744 ----a-w C:\Documents and Settings\Propriétaire\ntuser.dat
2007-10-17 17:57 339,968 ----a-w C:\WINDOWS\system32\ptyczznr.dll
2007-10-17 17:56 389,184 ----a-w C:\WINDOWS\system32\nxfasiex.exe
2007-10-16 23:43 --------- d-----w C:\Program Files\Microsoft LifeCam
2007-10-16 22:30 389,184 ----a-w C:\WINDOWS\system32\eqsdeumi.exe
2007-10-16 22:30 339,968 ----a-w C:\WINDOWS\system32\uzravdiw.dll
2007-10-16 22:23 --------- d-----w C:\Program Files\DivX
2007-10-16 21:42 82,568 ----a-w C:\WINDOWS\system32\gcrcyvft.dll
2007-10-16 21:40 389,184 ----a-w C:\WINDOWS\system32\tbemmmnm.exe
2007-10-16 21:40 339,968 ----a-w C:\WINDOWS\system32\barzbwhx.dll
2007-10-16 21:03 82,568 ----a-w C:\WINDOWS\system32\owjpytlv.dll
2007-10-16 21:00 389,184 ----a-w C:\WINDOWS\system32\lyhstler.exe
2007-10-16 21:00 339,968 ----a-w C:\WINDOWS\system32\vfheztfh.dll
2007-10-16 20:14 4,342 ----a-w C:\WINDOWS\system32\tmp.reg
2007-10-16 20:05 82,568 ----a-w C:\WINDOWS\system32\wtmspxgi.dll
2007-10-16 20:03 389,184 ----a-w C:\WINDOWS\system32\njipeaqu.exe
2007-10-16 06:43 389,184 ----a-w C:\WINDOWS\system32\fnkmrdrv.exe
2007-10-16 06:43 339,968 ----a-w C:\WINDOWS\system32\pgafvpre.dll
2007-10-16 06:28 339,968 ----a-w C:\WINDOWS\system32\wgnjhzbn.dll
2007-10-16 06:27 389,184 ----a-w C:\WINDOWS\system32\ywcuecgd.exe
2007-10-15 19:07 82,568 ----a-w C:\WINDOWS\system32\cqkiuxam.dll
2007-10-14 17:08 82,568 ----a-w C:\WINDOWS\system32\iuhlejlg.dll
2007-10-14 17:04 389,184 ----a-w C:\WINDOWS\system32\vmpnfmjw.exe
2007-10-14 17:04 339,968 ------w C:\WINDOWS\system32\dskaacmz.dll
2007-10-14 13:43 82,568 ----a-w C:\WINDOWS\system32\gccuqwnk.dll
2007-10-14 13:43 339,968 ----a-w C:\WINDOWS\system32\xhyjewbs.dll
2007-10-14 13:42 389,184 ----a-w C:\WINDOWS\system32\gncmjuct.exe
2007-10-14 12:37 82,568 ----a-w C:\WINDOWS\system32\rurguhny.dll
2007-10-14 09:26 81,116 ----a-w C:\WINDOWS\system32\qjlmyovf.dll
2007-10-14 09:20 389,184 ----a-w C:\WINDOWS\system32\vqxowaur.exe
2007-10-14 09:20 339,968 ----a-w C:\WINDOWS\system32\oqnjblnd.dll
2007-10-13 13:52 82,568 ----a-w C:\WINDOWS\system32\grbgphby.dll
2007-10-13 13:49 389,184 ----a-w C:\WINDOWS\system32\mowtgnoc.exe
2007-10-13 13:49 339,968 ----a-w C:\WINDOWS\system32\isygzotu.dll
2007-10-12 18:38 78,212 ----a-w C:\WINDOWS\system32\rlksmfrs.dll
2007-10-08 16:59 --------- d-----w C:\Program Files\uTorrent
2007-10-04 19:48 --------- d---a-w C:\Program Files\Fichiers communs\Adobe
2007-10-02 20:30 --------- d-----w C:\Program Files\AviSynth 2.5
2007-09-26 10:37 --------- d-----w C:\Program Files\MSN Messenger
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-03 20:21 --------- d-----w C:\Program Files\eRightSoft
2007-09-03 19:37 --------- d-----w C:\Program Files\DivX_311alpha
2007-09-02 14:52 --------- d---a-w C:\Program Files\Fichiers communs\InstallShield
2007-08-31 17:52 --------- d-----w C:\Program Files\MinitelADSL
2007-08-28 20:07 --------- d-----w C:\Program Files\Java
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-29 07:18 222 ----a-w C:\ffmpeg_debug.bat
2007-07-29 07:18 215 ----a-w C:\ffmpeg.bat
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-17 19:57 339968 --a------ C:\WINDOWS\system32\ptyczznr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\ptyczznr.dll [2007-10-17 19:57 339968]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 08:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 04:02]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 16:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 05:42]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-12 01:11]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-03-04 02:44]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 21:00]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-17 00:57]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 11:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 01:54]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-30 01:55]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-25 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-03-04 02:44 C:\WINDOWS\system32\nview.dll]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ptyczznr]
ptyczznr.dll 2007-10-17 19:57 339968 C:\WINDOWS\system32\ptyczznr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhfe.dll

S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys
S3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-11-17 20:07:00 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
"2007-10-17 18:27:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 20:31:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-17 20:38:28 - machine was rebooted
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:55, on 17/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ptyczznr.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ptyczznr.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickScan (OpticFilm 7200).lnk = C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: ptyczznr - C:\WINDOWS\SYSTEM32\ptyczznr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
0
Bonsoir Philae83,

Voici les 2 rapports :

ComboFix 07-10-17.8 - Propri‚taire 2007-10-17 20:11:08.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.278 [GMT 2:00]
Running from: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Propri‚taire\ResErrors.log
C:\Program Files\crosof~1
C:\Program Files\Hammer.dll
C:\UGA6P
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\efhkj.tmp
C:\WINDOWS\system32\efhkj.tmp
C:\WINDOWS\system32\efhkj.tmp
C:\WINDOWS\system32\gwwbwqxn.dll
C:\WINDOWS\system32\hfcbbibf.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\jkhfe.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers créés 2007-09-17 to 2007-10-17 ))))))))))))))))))))))))))))))))))))
.

2007-10-16 22:44 <REP> d-------- C:\VundoFix Backups
2007-10-16 22:10 <REP> d-------- C:\SmitfraudFix
2007-10-16 18:48 <REP> d-------- C:\Program Files\Trend Micro
2007-10-15 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-14 18:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-14 18:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-13 08:30 <REP> C:\Documents and Settings\Propriétaire\Recent
2007-10-09 22:13 <REP> d-------- C:\Program Files\Windows Defender
2007-10-08 21:24 <REP> d-------- C:\Program Files\Lavasoft
2007-10-05 23:14 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2007-10-05 20:20 <REP> d-------- C:\Program Files\Dofus
2007-09-29 10:36 <REP> d-------- C:\Program Files\iPod
2007-09-29 10:35 <REP> d-------- C:\Program Files\iTunes
2007-09-29 10:32 <REP> d-------- C:\Program Files\QuickTime
2007-09-29 10:30 <REP> d-------- C:\Program Files\Apple Software Update
2007-09-29 10:29 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-09-29 10:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-25 21:15 <REP> d-------- C:\Program Files\Audacity

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 18:23 6,815,744 ----a-w C:\Documents and Settings\Propriétaire\ntuser.dat
2007-10-17 17:57 339,968 ----a-w C:\WINDOWS\system32\ptyczznr.dll
2007-10-17 17:56 389,184 ----a-w C:\WINDOWS\system32\nxfasiex.exe
2007-10-16 23:43 --------- d-----w C:\Program Files\Microsoft LifeCam
2007-10-16 22:30 389,184 ----a-w C:\WINDOWS\system32\eqsdeumi.exe
2007-10-16 22:30 339,968 ----a-w C:\WINDOWS\system32\uzravdiw.dll
2007-10-16 22:23 --------- d-----w C:\Program Files\DivX
2007-10-16 21:42 82,568 ----a-w C:\WINDOWS\system32\gcrcyvft.dll
2007-10-16 21:40 389,184 ----a-w C:\WINDOWS\system32\tbemmmnm.exe
2007-10-16 21:40 339,968 ----a-w C:\WINDOWS\system32\barzbwhx.dll
2007-10-16 21:03 82,568 ----a-w C:\WINDOWS\system32\owjpytlv.dll
2007-10-16 21:00 389,184 ----a-w C:\WINDOWS\system32\lyhstler.exe
2007-10-16 21:00 339,968 ----a-w C:\WINDOWS\system32\vfheztfh.dll
2007-10-16 20:14 4,342 ----a-w C:\WINDOWS\system32\tmp.reg
2007-10-16 20:05 82,568 ----a-w C:\WINDOWS\system32\wtmspxgi.dll
2007-10-16 20:03 389,184 ----a-w C:\WINDOWS\system32\njipeaqu.exe
2007-10-16 06:43 389,184 ----a-w C:\WINDOWS\system32\fnkmrdrv.exe
2007-10-16 06:43 339,968 ----a-w C:\WINDOWS\system32\pgafvpre.dll
2007-10-16 06:28 339,968 ----a-w C:\WINDOWS\system32\wgnjhzbn.dll
2007-10-16 06:27 389,184 ----a-w C:\WINDOWS\system32\ywcuecgd.exe
2007-10-15 19:07 82,568 ----a-w C:\WINDOWS\system32\cqkiuxam.dll
2007-10-14 17:08 82,568 ----a-w C:\WINDOWS\system32\iuhlejlg.dll
2007-10-14 17:04 389,184 ----a-w C:\WINDOWS\system32\vmpnfmjw.exe
2007-10-14 17:04 339,968 ------w C:\WINDOWS\system32\dskaacmz.dll
2007-10-14 13:43 82,568 ----a-w C:\WINDOWS\system32\gccuqwnk.dll
2007-10-14 13:43 339,968 ----a-w C:\WINDOWS\system32\xhyjewbs.dll
2007-10-14 13:42 389,184 ----a-w C:\WINDOWS\system32\gncmjuct.exe
2007-10-14 12:37 82,568 ----a-w C:\WINDOWS\system32\rurguhny.dll
2007-10-14 09:26 81,116 ----a-w C:\WINDOWS\system32\qjlmyovf.dll
2007-10-14 09:20 389,184 ----a-w C:\WINDOWS\system32\vqxowaur.exe
2007-10-14 09:20 339,968 ----a-w C:\WINDOWS\system32\oqnjblnd.dll
2007-10-13 13:52 82,568 ----a-w C:\WINDOWS\system32\grbgphby.dll
2007-10-13 13:49 389,184 ----a-w C:\WINDOWS\system32\mowtgnoc.exe
2007-10-13 13:49 339,968 ----a-w C:\WINDOWS\system32\isygzotu.dll
2007-10-12 18:38 78,212 ----a-w C:\WINDOWS\system32\rlksmfrs.dll
2007-10-08 16:59 --------- d-----w C:\Program Files\uTorrent
2007-10-04 19:48 --------- d---a-w C:\Program Files\Fichiers communs\Adobe
2007-10-02 20:30 --------- d-----w C:\Program Files\AviSynth 2.5
2007-09-26 10:37 --------- d-----w C:\Program Files\MSN Messenger
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-03 20:21 --------- d-----w C:\Program Files\eRightSoft
2007-09-03 19:37 --------- d-----w C:\Program Files\DivX_311alpha
2007-09-02 14:52 --------- d---a-w C:\Program Files\Fichiers communs\InstallShield
2007-08-31 17:52 --------- d-----w C:\Program Files\MinitelADSL
2007-08-28 20:07 --------- d-----w C:\Program Files\Java
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-29 07:18 222 ----a-w C:\ffmpeg_debug.bat
2007-07-29 07:18 215 ----a-w C:\ffmpeg.bat
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-17 19:57 339968 --a------ C:\WINDOWS\system32\ptyczznr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\ptyczznr.dll [2007-10-17 19:57 339968]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 08:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 04:02]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 16:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 05:42]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-12 01:11]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-03-04 02:44]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 21:00]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-17 00:57]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 11:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 01:54]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-30 01:55]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-25 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-03-04 02:44 C:\WINDOWS\system32\nview.dll]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ptyczznr]
ptyczznr.dll 2007-10-17 19:57 339968 C:\WINDOWS\system32\ptyczznr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhfe.dll

S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys
S3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-11-17 20:07:00 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
"2007-10-17 18:27:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 20:31:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-17 20:38:28 - machine was rebooted
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:55, on 17/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ptyczznr.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ptyczznr.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickScan (OpticFilm 7200).lnk = C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: ptyczznr - C:\WINDOWS\SYSTEM32\ptyczznr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe

End of file - 7656 bytes
0
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
17 oct. 2007 à 23:53
bonsoir,

laisse moi le temps de digérer tout ça, je te posterais ensuite des manips à effectuer

0
Bonsoir,
OK, pas de problème, on verra cela plus tard.
0
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
18 oct. 2007 à 00:35
voilà la suite à donner :

IMPORTANT
: avant de faire la manip :

télécharge ERUNT

https://www.zebulon.fr/telechargements/utilitaires/systeme-utilitaires/erunt.html
tuto
http://pageperso.aol.fr/loraline60/tuto_erunt.htm


* Copie les lignes de la citation suivante, d'un trait :

Registry keys to delete:
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ptyczznr

Files to Delete:
C:\WINDOWS\system32\ptyczznr.dll 
C:\WINDOWS\system32\nxfasiex.exe 
C:\WINDOWS\system32\eqsdeumi.exe 
C:\WINDOWS\system32\uzravdiw.dll 
C:\WINDOWS\system32\gcrcyvft.dll 
C:\WINDOWS\system32\tbemmmnm.exe 
C:\WINDOWS\system32\barzbwhx.dll 
C:\WINDOWS\system32\owjpytlv.dll 
C:\WINDOWS\system32\lyhstler.exe 
C:\WINDOWS\system32\vfheztfh.dll 
C:\WINDOWS\system32\tmp.reg 
C:\WINDOWS\system32\wtmspxgi.dll 
C:\WINDOWS\system32\njipeaqu.exe 
C:\WINDOWS\system32\fnkmrdrv.exe 
C:\WINDOWS\system32\pgafvpre.dll 
C:\WINDOWS\system32\wgnjhzbn.dll 
C:\WINDOWS\system32\ywcuecgd.exe 
C:\WINDOWS\system32\cqkiuxam.dll 
C:\WINDOWS\system32\iuhlejlg.dll 
C:\WINDOWS\system32\vmpnfmjw.exe 
C:\WINDOWS\system32\dskaacmz.dll 
C:\WINDOWS\system32\gccuqwnk.dll 
C:\WINDOWS\system32\xhyjewbs.dll 
C:\WINDOWS\system32\gncmjuct.exe 
C:\WINDOWS\system32\rurguhny.dll 
C:\WINDOWS\system32\qjlmyovf.dll 
C:\WINDOWS\system32\vqxowaur.exe 
C:\WINDOWS\system32\oqnjblnd.dll 
C:\WINDOWS\system32\grbgphby.dll 
C:\WINDOWS\system32\mowtgnoc.exe 
C:\WINDOWS\system32\isygzotu.dll 
C:\WINDOWS\system32\rlksmfrs.dll 
C:\WINDOWS\SYSTEM32\ptyczznr.dll 
C:\WINDOWS\system32\barzbwhx.dll 
C:\WINDOWS\system32\vfheztfh.dll 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\dlwixoql.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\dlwixoql.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\dswtmhmj.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\efcgxlvu.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\exjegpqb.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\gcaaqyqf.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\gfnsaqmf.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\gitobxmn.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\hqhmhmdi.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\lpllfrfy.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\scriwcg.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\mofugclq.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\ngproxvf.exe
C:\WINDOWS\system32\dskaacmz.dll 
C:\WINDOWS\system32\eqsdeumi.exe 
C:\WINDOWS\system32\fnkmrdrv.exe 
C:\WINDOWS\system32\gncmjuct.exe 
C:\WINDOWS\system32\isygzotu.dll 
C:\WINDOWS\system32\lyhstler.exe 
C:\WINDOWS\system32\mowtgnoc.exe 
C:\WINDOWS\system32\njipeaqu.exe 
C:\WINDOWS\system32\oceabyah.exe 
C:\WINDOWS\system32\oqnjblnd.dll 
C:\WINDOWS\system32\pgafvpre.dll 
C:\WINDOWS\system32\tbemmmnm.exe 
C:\WINDOWS\system32\uzravdiw.dll 
C:\WINDOWS\system32\vmpnfmjw.exe 
C:\WINDOWS\system32\vqxowaur.exe 
C:\WINDOWS\system32\wgnjhzbn.dll 
C:\WINDOWS\system32\xhyjewbs.dll 
C:\WINDOWS\system32\ywcuecgd.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\peuagbsx.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\qrjatydi.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\rhvqsuwb.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\sheqipoi.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\ujjivnwv.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\urclqecd.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\vntmrykt.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\xqedqkpr.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\ywuecxwm.exe 
C:\hp\bin\KillIt.exe 
C:\hp\bin\Terminator.exe 
C:\Program Files\Hammer.dll 



--> Clic droit / "copier"

Maintenant crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau" > "Document Texte".

* Ouvre-le et colle dedans ce que tu viens de copier précédemment
* Enregistre ce fichier sur ton bureau (nom : mad.txt)

* Télécharge à présent The Avenger
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/

* Dézippe-le sur ton bureau et double-clique sur le fichier "avenger.exe"
* Clique sur "Ok"
* Sélectionne "Load Script from File" et clique sur l'icône en forme de dossier.
* Sélectionne le fichier mad.txt qui est sur ton bureau
* Clique sur le feu vert pour lancer le script
* Clique sur "Oui"
* Accepte de redémarrer ton pc

après le redémarrage :

* Ouvre le fichier C:\avenger.txt et copie/colle son contenu ici.

me manquera peut être une ou 2 données que je n'ai pas intégrée au script, car je ne suis pas certaine de la manière de la mettre. Préfère pas faire de bêtise.
on verra à la fin, je préfère attendre une confirmation.
0
Bonjour Philae,

Voici le fichier avenger.txt.
Il y a eu quelques messages d'erreur lors de l'exécution, mais mon PC a l'air d'aller un peu mieux.

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xtcejecg

*******************

Script file located at: \??\C:\rrmibbsy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\ptyczznr.dll deleted successfully.
File C:\WINDOWS\system32\nxfasiex.exe deleted successfully.
File C:\WINDOWS\system32\eqsdeumi.exe deleted successfully.
File C:\WINDOWS\system32\uzravdiw.dll deleted successfully.
File C:\WINDOWS\system32\gcrcyvft.dll deleted successfully.
File C:\WINDOWS\system32\tbemmmnm.exe deleted successfully.
File C:\WINDOWS\system32\barzbwhx.dll deleted successfully.
File C:\WINDOWS\system32\owjpytlv.dll deleted successfully.
File C:\WINDOWS\system32\lyhstler.exe deleted successfully.
File C:\WINDOWS\system32\vfheztfh.dll deleted successfully.
File C:\WINDOWS\system32\tmp.reg deleted successfully.
File C:\WINDOWS\system32\wtmspxgi.dll deleted successfully.
File C:\WINDOWS\system32\njipeaqu.exe deleted successfully.
File C:\WINDOWS\system32\fnkmrdrv.exe deleted successfully.
File C:\WINDOWS\system32\pgafvpre.dll deleted successfully.
File C:\WINDOWS\system32\wgnjhzbn.dll deleted successfully.
File C:\WINDOWS\system32\ywcuecgd.exe deleted successfully.
File C:\WINDOWS\system32\cqkiuxam.dll deleted successfully.
File C:\WINDOWS\system32\iuhlejlg.dll deleted successfully.
File C:\WINDOWS\system32\vmpnfmjw.exe deleted successfully.
File C:\WINDOWS\system32\dskaacmz.dll deleted successfully.
File C:\WINDOWS\system32\gccuqwnk.dll deleted successfully.
File C:\WINDOWS\system32\xhyjewbs.dll deleted successfully.
File C:\WINDOWS\system32\gncmjuct.exe deleted successfully.
File C:\WINDOWS\system32\rurguhny.dll deleted successfully.
File C:\WINDOWS\system32\qjlmyovf.dll deleted successfully.
File C:\WINDOWS\system32\vqxowaur.exe deleted successfully.
File C:\WINDOWS\system32\oqnjblnd.dll deleted successfully.
File C:\WINDOWS\system32\grbgphby.dll deleted successfully.
File C:\WINDOWS\system32\mowtgnoc.exe deleted successfully.
File C:\WINDOWS\system32\isygzotu.dll deleted successfully.
File C:\WINDOWS\system32\rlksmfrs.dll deleted successfully.


File C:\WINDOWS\SYSTEM32\ptyczznr.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\ptyczznr.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\ptyczznr.dll
Status: 0xc0000034



File C:\WINDOWS\system32\barzbwhx.dll not found!
Deletion of file C:\WINDOWS\system32\barzbwhx.dll failed!

Could not process line:
C:\WINDOWS\system32\barzbwhx.dll
Status: 0xc0000034



File C:\WINDOWS\system32\vfheztfh.dll not found!
Deletion of file C:\WINDOWS\system32\vfheztfh.dll failed!

Could not process line:
C:\WINDOWS\system32\vfheztfh.dll
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\dlwixoql.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\dlwixoql.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\dlwixoql.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\dlwixoql.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\dlwixoql.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\dlwixoql.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\dswtmhmj.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\dswtmhmj.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\dswtmhmj.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\efcgxlvu.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\efcgxlvu.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\efcgxlvu.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\exjegpqb.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\exjegpqb.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\exjegpqb.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\gcaaqyqf.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\gcaaqyqf.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\gcaaqyqf.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\gfnsaqmf.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\gfnsaqmf.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\gfnsaqmf.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\gitobxmn.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\gitobxmn.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\gitobxmn.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\hqhmhmdi.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\hqhmhmdi.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\hqhmhmdi.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\lpllfrfy.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\lpllfrfy.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\lpllfrfy.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\scriwcg.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\scriwcg.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\scriwcg.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\mofugclq.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\mofugclq.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\mofugclq.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\ngproxvf.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\ngproxvf.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\ngproxvf.exe
Status: 0xc0000034



File C:\WINDOWS\system32\dskaacmz.dll not found!
Deletion of file C:\WINDOWS\system32\dskaacmz.dll failed!

Could not process line:
C:\WINDOWS\system32\dskaacmz.dll
Status: 0xc0000034



File C:\WINDOWS\system32\eqsdeumi.exe not found!
Deletion of file C:\WINDOWS\system32\eqsdeumi.exe failed!

Could not process line:
C:\WINDOWS\system32\eqsdeumi.exe
Status: 0xc0000034



File C:\WINDOWS\system32\fnkmrdrv.exe not found!
Deletion of file C:\WINDOWS\system32\fnkmrdrv.exe failed!

Could not process line:
C:\WINDOWS\system32\fnkmrdrv.exe
Status: 0xc0000034



File C:\WINDOWS\system32\gncmjuct.exe not found!
Deletion of file C:\WINDOWS\system32\gncmjuct.exe failed!

Could not process line:
C:\WINDOWS\system32\gncmjuct.exe
Status: 0xc0000034



File C:\WINDOWS\system32\isygzotu.dll not found!
Deletion of file C:\WINDOWS\system32\isygzotu.dll failed!

Could not process line:
C:\WINDOWS\system32\isygzotu.dll
Status: 0xc0000034



File C:\WINDOWS\system32\lyhstler.exe not found!
Deletion of file C:\WINDOWS\system32\lyhstler.exe failed!

Could not process line:
C:\WINDOWS\system32\lyhstler.exe
Status: 0xc0000034



File C:\WINDOWS\system32\mowtgnoc.exe not found!
Deletion of file C:\WINDOWS\system32\mowtgnoc.exe failed!

Could not process line:
C:\WINDOWS\system32\mowtgnoc.exe
Status: 0xc0000034



File C:\WINDOWS\system32\njipeaqu.exe not found!
Deletion of file C:\WINDOWS\system32\njipeaqu.exe failed!

Could not process line:
C:\WINDOWS\system32\njipeaqu.exe
Status: 0xc0000034



File C:\WINDOWS\system32\oceabyah.exe not found!
Deletion of file C:\WINDOWS\system32\oceabyah.exe failed!

Could not process line:
C:\WINDOWS\system32\oceabyah.exe
Status: 0xc0000034



File C:\WINDOWS\system32\oqnjblnd.dll not found!
Deletion of file C:\WINDOWS\system32\oqnjblnd.dll failed!

Could not process line:
C:\WINDOWS\system32\oqnjblnd.dll
Status: 0xc0000034



File C:\WINDOWS\system32\pgafvpre.dll not found!
Deletion of file C:\WINDOWS\system32\pgafvpre.dll failed!

Could not process line:
C:\WINDOWS\system32\pgafvpre.dll
Status: 0xc0000034



File C:\WINDOWS\system32\tbemmmnm.exe not found!
Deletion of file C:\WINDOWS\system32\tbemmmnm.exe failed!

Could not process line:
C:\WINDOWS\system32\tbemmmnm.exe
Status: 0xc0000034



File C:\WINDOWS\system32\uzravdiw.dll not found!
Deletion of file C:\WINDOWS\system32\uzravdiw.dll failed!

Could not process line:
C:\WINDOWS\system32\uzravdiw.dll
Status: 0xc0000034



File C:\WINDOWS\system32\vmpnfmjw.exe not found!
Deletion of file C:\WINDOWS\system32\vmpnfmjw.exe failed!

Could not process line:
C:\WINDOWS\system32\vmpnfmjw.exe
Status: 0xc0000034



File C:\WINDOWS\system32\vqxowaur.exe not found!
Deletion of file C:\WINDOWS\system32\vqxowaur.exe failed!

Could not process line:
C:\WINDOWS\system32\vqxowaur.exe
Status: 0xc0000034



File C:\WINDOWS\system32\wgnjhzbn.dll not found!
Deletion of file C:\WINDOWS\system32\wgnjhzbn.dll failed!

Could not process line:
C:\WINDOWS\system32\wgnjhzbn.dll
Status: 0xc0000034



File C:\WINDOWS\system32\xhyjewbs.dll not found!
Deletion of file C:\WINDOWS\system32\xhyjewbs.dll failed!

Could not process line:
C:\WINDOWS\system32\xhyjewbs.dll
Status: 0xc0000034



File C:\WINDOWS\system32\ywcuecgd.exe not found!
Deletion of file C:\WINDOWS\system32\ywcuecgd.exe failed!

Could not process line:
C:\WINDOWS\system32\ywcuecgd.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\peuagbsx.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\peuagbsx.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\peuagbsx.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\qrjatydi.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\qrjatydi.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\qrjatydi.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\rhvqsuwb.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\rhvqsuwb.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\rhvqsuwb.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\sheqipoi.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\sheqipoi.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\sheqipoi.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\ujjivnwv.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\ujjivnwv.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\ujjivnwv.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\urclqecd.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\urclqecd.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\urclqecd.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\vntmrykt.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\vntmrykt.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\vntmrykt.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\xqedqkpr.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\xqedqkpr.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\xqedqkpr.exe
Status: 0xc0000034



File C:\Documents and Settings\Propriétaire\Local Settings\Temp\ywuecxwm.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\ywuecxwm.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\ywuecxwm.exe
Status: 0xc0000034

File C:\hp\bin\KillIt.exe deleted successfully.
File C:\hp\bin\Terminator.exe deleted successfully.


File C:\Program Files\Hammer.dll not found!
Deletion of file C:\Program Files\Hammer.dll failed!

Could not process line:
C:\Program Files\Hammer.dll
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{11A69AE4-FBED-4832-A2BF-45AF82825583} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{11A69AE4-FBED-4832-A2BF-45AF82825583} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ptyczznr deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
0
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
18 oct. 2007 à 14:03
bonjour,

bon c'est pas trop mal tout de même, maintenant il faut re vérifier.

relance combofix et poste le rapport

j'espère pouvoir repasser dans la journée
0
Re,

Voci le rapport :

ComboFix 07-10-17.8 - Propri‚taire 2007-10-18 20:42:28.2 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.344 [GMT 2:00]
Running from: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-18 to 2007-10-18 ))))))))))))))))))))))))))))))))))))
.

2007-10-17 20:05 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-17 00:21 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-10-17 00:21 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-10-17 00:21 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-10-17 00:21 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-10-17 00:21 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-17 00:02 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-16 22:44 <REP> d-------- C:\VundoFix Backups
2007-10-16 22:10 <REP> d-------- C:\SmitfraudFix
2007-10-16 18:48 <REP> d-------- C:\Program Files\Trend Micro
2007-10-16 08:42 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-15 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-15 21:48 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-14 18:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-14 18:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-13 08:30 <REP> C:\Documents and Settings\Propriétaire\Recent
2007-10-10 21:52 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-10-10 21:52 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll
2007-10-09 22:24 <REP> d---s---- C:\WINDOWS\system32\%SystemDrive%
2007-10-09 22:13 <REP> d-------- C:\Program Files\Windows Defender
2007-10-09 20:19 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 21:24 <REP> d-------- C:\Program Files\Lavasoft
2007-10-05 23:14 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2007-10-05 20:20 <REP> d-------- C:\Program Files\Dofus
2007-09-29 10:36 <REP> d-------- C:\Program Files\iPod
2007-09-29 10:35 <REP> d-------- C:\Program Files\iTunes
2007-09-29 10:32 <REP> d-------- C:\Program Files\QuickTime
2007-09-29 10:30 <REP> d-------- C:\Program Files\Apple Software Update
2007-09-29 10:29 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-09-29 10:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-25 21:15 <REP> d-------- C:\Program Files\Audacity

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 11:16 6,815,744 ----a-w C:\Documents and Settings\Propriétaire\ntuser.dat
2007-10-16 23:43 --------- d-----w C:\Program Files\Microsoft LifeCam
2007-10-16 22:23 --------- d-----w C:\Program Files\DivX
2007-10-08 16:59 --------- d-----w C:\Program Files\uTorrent
2007-10-04 19:48 --------- d---a-w C:\Program Files\Fichiers communs\Adobe
2007-10-02 20:30 --------- d-----w C:\Program Files\AviSynth 2.5
2007-09-26 10:37 --------- d-----w C:\Program Files\MSN Messenger
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-03 20:21 --------- d-----w C:\Program Files\eRightSoft
2007-09-03 19:37 --------- d-----w C:\Program Files\DivX_311alpha
2007-09-02 14:52 --------- d---a-w C:\Program Files\Fichiers communs\InstallShield
2007-08-31 17:52 --------- d-----w C:\Program Files\MinitelADSL
2007-08-28 20:07 --------- d-----w C:\Program Files\Java
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-29 07:18 222 ----a-w C:\ffmpeg_debug.bat
2007-07-29 07:18 215 ----a-w C:\ffmpeg.bat
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-17_20.35.55.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-03-06 13:27:46 162,816 ----a-w C:\WINDOWS\erdnt\18-10-2007\ERDNT.EXE
+ 2007-10-18 11:06:40 6,668,288 ----a-w C:\WINDOWS\erdnt\18-10-2007\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-10-18 11:06:40 147,456 ----a-w C:\WINDOWS\erdnt\18-10-2007\Users\[u]0[/u]0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 08:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 04:02]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 16:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 05:42]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-12 01:11]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-03-04 02:44]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 21:00]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-17 00:57]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 11:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 01:54]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-30 01:55]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-25 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-03-04 02:44 C:\WINDOWS\system32\nview.dll]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe"
R2 OPTENET_FILTER;Control Parental;C:\Program Files\Controle Parental\bin\optproxy.exe
R3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 VX3000;VX-3000;C:\WINDOWS\system32\DRIVERS\VX3000.sys

*Newly Created Service* - ENTDRV51
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-11-17 20:07:00 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
"2007-10-18 18:37:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-18 20:48:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-18 20:51:05
C:\ComboFix2.txt ... 2007-10-17 20:38
.
--- E O F ---
0
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
18 oct. 2007 à 22:26
re

tu pourras reposter un nouveau rapport hijackthis maintenant stp
0
Voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:28, on 18/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickScan (OpticFilm 7200).lnk = C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
0
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
19 oct. 2007 à 14:21
bonjour,

cela me parait correct, as tu encore des problèmes particuliers ?
0