Sujet Précédent Sujet Suivant

Mon PC est infecté. Help ! Merci d'avance !!!

Résolu
chocapic -  
 Thib -
Bonjour à tous,

Voici mon souci : je me retrouve avec une petite icone triangulaire jaune à côté de mon horloge qui m'indique sans arrêt que mon PC est infecté, j'ai des icones qui sont apparues sur mon bureau dont je n'arrive pas à me débarasser (online security guide et live safety center), j'ai des fenêtres Internet Explorer qui s'ouvrent sans que je demande quoi que ce soit (qui pointent sur savetheinformation.com, www.protectroom.com) , mon PC rame, ...etc.

J'ai un peu regardé sur le site et j'ai scrupuleusement appliqué la méthode préliminaire de désinfection (CCCleaner, puis AVG anti-spyware, puis BitDefender, et enfin Hijackthis). Les symptomes n'ont malheureusement pas disparu. Il me reste donc plus qu'à m'adresser à un expert ! Merci par avance pour votre aide !!!
Ci-dessous les 3 rapports :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 08:19:37 16/10/2007

+ Résultat de l'analyse:

C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP199\A0078210.dll -> Adware.404Search : Nettoyé.
C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP199\A0078209.exe -> Adware.RXBar : Nettoyé.
HKU\S-1-5-21-857990369-3436217285-3352127403-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Nettoyé.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@com[1].txt -> TrackingCookie.Com : Nettoyé.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\LocalService\Cookies\system@need2find[2].txt -> TrackingCookie.Need2find : Nettoyé.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.

Fin du rapport

-------------------------------------------------------------------------------------------------------------------------------------

BitDefender Online Scanner

Scan report generated at: Tue, Oct 16, 2007 - 11:01:37

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;

Statistics

Time 02:11:07
Files 348821
Folders 8373
Boot Sectors 5
Archives 29444
Packed Files 16313

Results

Identified Viruses 2
Infected Files 9
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 9

Engines Info

Virus Definitions 826871

Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins 14

Archive plugins 38

Unpack plugins 7

E-mail plugins 6

System plugins 1

Scan Settings

First Action Disinfect

Second Action Delete

Heuristics Yes

Enable Warnings Yes

Scanned Extensions *;

Exclude Extensions

Scan Emails Yes

Scan Archives Yes

Scan Packed Yes

Scan Files Yes

Scan Boot Yes

Scanned File
Status

C:\Documents and Settings\Propriétaire\Local Settings\Temp\blbgpvtl.exe
Infected with: Trojan.Fotomoto.E

C:\Documents and Settings\Propriétaire\Local Settings\Temp\blbgpvtl.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Local Settings\Temp\blbgpvtl.exe
Deleted

C:\Documents and Settings\Propriétaire\Local Settings\Temp\lgjpifby.exe
Infected with: Trojan.Fotomoto.E

C:\Documents and Settings\Propriétaire\Local Settings\Temp\lgjpifby.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Local Settings\Temp\lgjpifby.exe
Deleted

C:\Documents and Settings\Propriétaire\Local Settings\Temp\oqpuxdvb.exe
Infected with: Trojan.Fotomoto.E

C:\Documents and Settings\Propriétaire\Local Settings\Temp\oqpuxdvb.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Local Settings\Temp\oqpuxdvb.exe
Deleted

C:\Documents and Settings\Propriétaire\Local Settings\Temp\pkqkxxeb.exe
Infected with: Trojan.Fotomoto.E

C:\Documents and Settings\Propriétaire\Local Settings\Temp\pkqkxxeb.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Local Settings\Temp\pkqkxxeb.exe
Deleted

C:\Documents and Settings\Propriétaire\Local Settings\Temp\plrvvdrk.exe
Infected with: Trojan.Fotomoto.E

C:\Documents and Settings\Propriétaire\Local Settings\Temp\plrvvdrk.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Local Settings\Temp\plrvvdrk.exe
Deleted

C:\Documents and Settings\Propriétaire\Local Settings\Temp\rpafeaox.exe
Infected with: Trojan.Fotomoto.E

C:\Documents and Settings\Propriétaire\Local Settings\Temp\rpafeaox.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Local Settings\Temp\rpafeaox.exe
Deleted

C:\Documents and Settings\Propriétaire\Local Settings\Temp\slfmcodh.exe
Infected with: Trojan.Fotomoto.E

C:\Documents and Settings\Propriétaire\Local Settings\Temp\slfmcodh.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Local Settings\Temp\slfmcodh.exe
Deleted

C:\Documents and Settings\Propriétaire\Local Settings\Temp\vsgghkep.exe
Infected with: Trojan.Fotomoto.E

C:\Documents and Settings\Propriétaire\Local Settings\Temp\vsgghkep.exe
Disinfection failed

C:\Documents and Settings\Propriétaire\Local Settings\Temp\vsgghkep.exe
Deleted

C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP211\A0079771.DLL
Infected with: Generic.Lineage.2259D555

C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP211\A0079771.DLL
Disinfection failed

C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP211\A0079771.DLL
Deleted

---------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:38, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\pgafvpre.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ShowShifter TVTV EPG Daemon] "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickScan (OpticFilm 7200).lnk = C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.vm-wl.com/DownloadManager/Release/Prod/DownMan.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
A voir également:

24 réponses

  • 1
  • 2
Réponse 1 / 24
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoir,

* Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

* Installe le à la racine de C

* double clic sur l'exe pour le décompresser et lancer le fix.
Utilisation ----- option 1 - Recherche :
* Double clique sur smitfraudfix.cmd
* Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
* Poste le rapport ici
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

0
Réponse 2 / 24
chocapic
 
Bonsoir,
Merci pour votre aide.
Voici le rapport :

SmitFraudFix v2.240

Rapport fait à 22:14:15,14, 16/10/2007
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.254.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4E767D19-C4B7-46AA-A2BB-4AC70DDF555E}: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4E767D19-C4B7-46AA-A2BB-4AC70DDF555E}: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 3 / 24
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
re

petite erreur de parcours, je devais avoir la tête ailleurs, désolée

* Télécharge VundoFix.exe (par Atribune) sur ton Bureau

http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer

* Clique sur le bouton Scan for Vundo

* Lorsque le scan est complété, clique sur le bouton Remove Vundo

* Une invite te demandera si tu veux supprimer les fichiers, clique YES

* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
0
Réponse 4 / 24
chocapic
 
Pas de problème.
Voici les 2 rapports :

VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 22:44:21 16/10/2007

Listing files found while scanning....

C:\WINDOWS\system32\qsksltmg.dll
C:\WINDOWS\system32\qubiecqb.dll
C:\WINDOWS\system32\ssqrqpo.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qsksltmg.dll
C:\WINDOWS\system32\qsksltmg.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qubiecqb.dll
C:\WINDOWS\system32\qubiecqb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrqpo.dll
C:\WINDOWS\system32\ssqrqpo.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qsksltmg.dll
C:\WINDOWS\system32\qsksltmg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrqpo.dll
C:\WINDOWS\system32\ssqrqpo.dll Has been deleted!

Performing Repairs to the registry.
Done!

------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:51, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ShowShifter TVTV EPG Daemon] "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickScan (OpticFilm 7200).lnk = C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.vm-wl.com/DownloadManager/Release/Prod/DownMan.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
ok, merci,

c'est nettement mieux et surtout plus adapté :)

* lance hijackthis puis coche ces lignes :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr8.hpwis.com/
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ShowShifter TVTV EPG Daemon] "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.vm-wl.com/DownloadManager/Release/Prod/DownMan.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)

* toutes applications fermées et HORS CONNEXION, clique sur "fix checked"

puis

supprime via ajout et suppression de programme si tu le trouves :
Home Media Networks Limited

ainsi que le dossier

C:\Program Files\Home Media Networks Limited\

puis

* Fait un scan antivirus en ligne Panda et copie colle le résultat ici
https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
(avec Internet Explorer et désactive ton Antivirus pendant le scan)

* tuto en image
http://pageperso.aol.fr/loraline60/panda_scan.htm

reposte également un nouveau rapport hijackthis
0
Réponse 6 / 24
chocapic
 
Le scan avec Panda en est à peine au tiers :-(
Je pense qu'il en a encore pour un bout de temps.
On reprend demain soir ?
0
Réponse 7 / 24
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
c'est fort probable qu'i y en ai pour un petit moment

on termine demain soir si tu veux
à demain
0
Réponse 8 / 24
chocapic
 
Oui, je veux bien qu'on termine ce soir ;-)

Voici le rapport de Panda et le nouveau hijackthis :

Incident Status Location

Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\barzbwhx.dll
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\vfheztfh.dll
Potentially unwanted tool:application/altnet Not disinfected hkey_classes_root\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@ad.yieldmanager[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@apmebf[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@bluestreak[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@bs.serving-sys[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@perf.overture[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@serving-sys[2].txt
Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@smartadserver[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@statse.webtrendslive[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@tribalfusion[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@weborama[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Propriétaire\Cookies\propriétaire@xiti[1].txt
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\dlwixoql.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\dswtmhmj.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\efcgxlvu.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\exjegpqb.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\gcaaqyqf.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\gfnsaqmf.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\gitobxmn.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\hqhmhmdi.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\lpllfrfy.exe
Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\lscriwcg.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\mofugclq.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\ngproxvf.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\peuagbsx.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\qrjatydi.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\rhvqsuwb.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\sheqipoi.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\ujjivnwv.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\urclqecd.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\vntmrykt.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\xqedqkpr.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temp\ywuecxwm.exe
Adware:Adware/SecurityToolbar Not disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\ERAZ0JWF\upd32_v11[1]
Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\GD23AH01\valera[1]
Virus:Trj/Downloader.PCQ Disinfected C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\MPCFAPKJ\lkjh[1]
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Adware:Adware/SecurityToolbar Not disinfected C:\Program Files\Hammer.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\SmitfraudFix\restart.exe
Virus:Trj/Rebooter.J Disinfected C:\SmitfraudFix.exe
Adware:Adware/SecurityToolbar Not disinfected C:\VundoFix Backups\qsksltmg.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ssqrqpo.dll.bad
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\dskaacmz.dll
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\eqsdeumi.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fnkmrdrv.exe
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\gncmjuct.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\isygzotu.dll
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\lyhstler.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\mowtgnoc.exe
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\njipeaqu.exe
Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\oceabyah.exe
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\oqnjblnd.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\pgafvpre.dll
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\tbemmmnm.exe
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\uzravdiw.dll
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\vmpnfmjw.exe
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\vqxowaur.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wgnjhzbn.dll
Adware:Adware/SecurityToolbar Not disinfected C:\WINDOWS\system32\xhyjewbs.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ywcuecgd.exe
-----------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:33:33, on 17/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\oceabyah.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fwww.orange.fr%2f
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\uzravdiw.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\bakbqkbm.dll",sitypnow
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickScan (OpticFilm 7200).lnk = C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\oceabyah.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
0
Réponse 9 / 24
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonjour,

reste du boulot

on va faire ceci

* Télécharge CCleaner.

https://www.pcastuces.com/logitheque/ccleaner.htm

Installe le dans un répertoire dédié.

Décoche pendant l'installation

--- les deux cases "Ajouter l'option ... "

--- Contrôler les mises à jour

--- Ajouter la Barre d'Outils Yahoo! CCleaner

* Lance Ccleaner pour un nettoyage complet.

ET

* Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Double clique combofix.exe.

* Tape sur la touche Y (Yes) pour démarrer le scan.

* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

et tu reposteras également un nouveau rapport hijackthis

0
Réponse 10 / 24
chocapic
 
Bonsoir Philae83,

Voici les 2 rapports :

ComboFix 07-10-17.8 - Propri‚taire 2007-10-17 20:11:08.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.278 [GMT 2:00]
Running from: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Propri‚taire\ResErrors.log
C:\Program Files\crosof~1
C:\Program Files\Hammer.dll
C:\UGA6P
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\efhkj.tmp
C:\WINDOWS\system32\efhkj.tmp
C:\WINDOWS\system32\efhkj.tmp
C:\WINDOWS\system32\gwwbwqxn.dll
C:\WINDOWS\system32\hfcbbibf.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\jkhfe.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers créés 2007-09-17 to 2007-10-17 ))))))))))))))))))))))))))))))))))))
.

2007-10-16 22:44 <REP> d-------- C:\VundoFix Backups
2007-10-16 22:10 <REP> d-------- C:\SmitfraudFix
2007-10-16 18:48 <REP> d-------- C:\Program Files\Trend Micro
2007-10-15 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-14 18:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-14 18:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-13 08:30 <REP> C:\Documents and Settings\Propriétaire\Recent
2007-10-09 22:13 <REP> d-------- C:\Program Files\Windows Defender
2007-10-08 21:24 <REP> d-------- C:\Program Files\Lavasoft
2007-10-05 23:14 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2007-10-05 20:20 <REP> d-------- C:\Program Files\Dofus
2007-09-29 10:36 <REP> d-------- C:\Program Files\iPod
2007-09-29 10:35 <REP> d-------- C:\Program Files\iTunes
2007-09-29 10:32 <REP> d-------- C:\Program Files\QuickTime
2007-09-29 10:30 <REP> d-------- C:\Program Files\Apple Software Update
2007-09-29 10:29 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-09-29 10:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-25 21:15 <REP> d-------- C:\Program Files\Audacity

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 18:23 6,815,744 ----a-w C:\Documents and Settings\Propriétaire\ntuser.dat
2007-10-17 17:57 339,968 ----a-w C:\WINDOWS\system32\ptyczznr.dll
2007-10-17 17:56 389,184 ----a-w C:\WINDOWS\system32\nxfasiex.exe
2007-10-16 23:43 --------- d-----w C:\Program Files\Microsoft LifeCam
2007-10-16 22:30 389,184 ----a-w C:\WINDOWS\system32\eqsdeumi.exe
2007-10-16 22:30 339,968 ----a-w C:\WINDOWS\system32\uzravdiw.dll
2007-10-16 22:23 --------- d-----w C:\Program Files\DivX
2007-10-16 21:42 82,568 ----a-w C:\WINDOWS\system32\gcrcyvft.dll
2007-10-16 21:40 389,184 ----a-w C:\WINDOWS\system32\tbemmmnm.exe
2007-10-16 21:40 339,968 ----a-w C:\WINDOWS\system32\barzbwhx.dll
2007-10-16 21:03 82,568 ----a-w C:\WINDOWS\system32\owjpytlv.dll
2007-10-16 21:00 389,184 ----a-w C:\WINDOWS\system32\lyhstler.exe
2007-10-16 21:00 339,968 ----a-w C:\WINDOWS\system32\vfheztfh.dll
2007-10-16 20:14 4,342 ----a-w C:\WINDOWS\system32\tmp.reg
2007-10-16 20:05 82,568 ----a-w C:\WINDOWS\system32\wtmspxgi.dll
2007-10-16 20:03 389,184 ----a-w C:\WINDOWS\system32\njipeaqu.exe
2007-10-16 06:43 389,184 ----a-w C:\WINDOWS\system32\fnkmrdrv.exe
2007-10-16 06:43 339,968 ----a-w C:\WINDOWS\system32\pgafvpre.dll
2007-10-16 06:28 339,968 ----a-w C:\WINDOWS\system32\wgnjhzbn.dll
2007-10-16 06:27 389,184 ----a-w C:\WINDOWS\system32\ywcuecgd.exe
2007-10-15 19:07 82,568 ----a-w C:\WINDOWS\system32\cqkiuxam.dll
2007-10-14 17:08 82,568 ----a-w C:\WINDOWS\system32\iuhlejlg.dll
2007-10-14 17:04 389,184 ----a-w C:\WINDOWS\system32\vmpnfmjw.exe
2007-10-14 17:04 339,968 ------w C:\WINDOWS\system32\dskaacmz.dll
2007-10-14 13:43 82,568 ----a-w C:\WINDOWS\system32\gccuqwnk.dll
2007-10-14 13:43 339,968 ----a-w C:\WINDOWS\system32\xhyjewbs.dll
2007-10-14 13:42 389,184 ----a-w C:\WINDOWS\system32\gncmjuct.exe
2007-10-14 12:37 82,568 ----a-w C:\WINDOWS\system32\rurguhny.dll
2007-10-14 09:26 81,116 ----a-w C:\WINDOWS\system32\qjlmyovf.dll
2007-10-14 09:20 389,184 ----a-w C:\WINDOWS\system32\vqxowaur.exe
2007-10-14 09:20 339,968 ----a-w C:\WINDOWS\system32\oqnjblnd.dll
2007-10-13 13:52 82,568 ----a-w C:\WINDOWS\system32\grbgphby.dll
2007-10-13 13:49 389,184 ----a-w C:\WINDOWS\system32\mowtgnoc.exe
2007-10-13 13:49 339,968 ----a-w C:\WINDOWS\system32\isygzotu.dll
2007-10-12 18:38 78,212 ----a-w C:\WINDOWS\system32\rlksmfrs.dll
2007-10-08 16:59 --------- d-----w C:\Program Files\uTorrent
2007-10-04 19:48 --------- d---a-w C:\Program Files\Fichiers communs\Adobe
2007-10-02 20:30 --------- d-----w C:\Program Files\AviSynth 2.5
2007-09-26 10:37 --------- d-----w C:\Program Files\MSN Messenger
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-03 20:21 --------- d-----w C:\Program Files\eRightSoft
2007-09-03 19:37 --------- d-----w C:\Program Files\DivX_311alpha
2007-09-02 14:52 --------- d---a-w C:\Program Files\Fichiers communs\InstallShield
2007-08-31 17:52 --------- d-----w C:\Program Files\MinitelADSL
2007-08-28 20:07 --------- d-----w C:\Program Files\Java
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-29 07:18 222 ----a-w C:\ffmpeg_debug.bat
2007-07-29 07:18 215 ----a-w C:\ffmpeg.bat
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-17 19:57 339968 --a------ C:\WINDOWS\system32\ptyczznr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\ptyczznr.dll [2007-10-17 19:57 339968]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 08:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 04:02]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 16:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 05:42]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-12 01:11]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-03-04 02:44]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 21:00]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-17 00:57]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 11:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 01:54]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-30 01:55]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-25 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-03-04 02:44 C:\WINDOWS\system32\nview.dll]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ptyczznr]
ptyczznr.dll 2007-10-17 19:57 339968 C:\WINDOWS\system32\ptyczznr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhfe.dll

S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys
S3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-11-17 20:07:00 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
"2007-10-17 18:27:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 20:31:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-17 20:38:28 - machine was rebooted
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:55, on 17/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ptyczznr.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ptyczznr.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickScan (OpticFilm 7200).lnk = C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: ptyczznr - C:\WINDOWS\SYSTEM32\ptyczznr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
0
Réponse 11 / 24
chocapic
 
Bonsoir Philae83,

Voici les 2 rapports :

ComboFix 07-10-17.8 - Propri‚taire 2007-10-17 20:11:08.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.278 [GMT 2:00]
Running from: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Propri‚taire\ResErrors.log
C:\Program Files\crosof~1
C:\Program Files\Hammer.dll
C:\UGA6P
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\efhkj.tmp
C:\WINDOWS\system32\efhkj.tmp
C:\WINDOWS\system32\efhkj.tmp
C:\WINDOWS\system32\gwwbwqxn.dll
C:\WINDOWS\system32\hfcbbibf.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\jkhfe.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers créés 2007-09-17 to 2007-10-17 ))))))))))))))))))))))))))))))))))))
.

2007-10-16 22:44 <REP> d-------- C:\VundoFix Backups
2007-10-16 22:10 <REP> d-------- C:\SmitfraudFix
2007-10-16 18:48 <REP> d-------- C:\Program Files\Trend Micro
2007-10-15 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-14 18:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-14 18:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-13 08:30 <REP> C:\Documents and Settings\Propriétaire\Recent
2007-10-09 22:13 <REP> d-------- C:\Program Files\Windows Defender
2007-10-08 21:24 <REP> d-------- C:\Program Files\Lavasoft
2007-10-05 23:14 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2007-10-05 20:20 <REP> d-------- C:\Program Files\Dofus
2007-09-29 10:36 <REP> d-------- C:\Program Files\iPod
2007-09-29 10:35 <REP> d-------- C:\Program Files\iTunes
2007-09-29 10:32 <REP> d-------- C:\Program Files\QuickTime
2007-09-29 10:30 <REP> d-------- C:\Program Files\Apple Software Update
2007-09-29 10:29 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-09-29 10:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-25 21:15 <REP> d-------- C:\Program Files\Audacity

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 18:23 6,815,744 ----a-w C:\Documents and Settings\Propriétaire\ntuser.dat
2007-10-17 17:57 339,968 ----a-w C:\WINDOWS\system32\ptyczznr.dll
2007-10-17 17:56 389,184 ----a-w C:\WINDOWS\system32\nxfasiex.exe
2007-10-16 23:43 --------- d-----w C:\Program Files\Microsoft LifeCam
2007-10-16 22:30 389,184 ----a-w C:\WINDOWS\system32\eqsdeumi.exe
2007-10-16 22:30 339,968 ----a-w C:\WINDOWS\system32\uzravdiw.dll
2007-10-16 22:23 --------- d-----w C:\Program Files\DivX
2007-10-16 21:42 82,568 ----a-w C:\WINDOWS\system32\gcrcyvft.dll
2007-10-16 21:40 389,184 ----a-w C:\WINDOWS\system32\tbemmmnm.exe
2007-10-16 21:40 339,968 ----a-w C:\WINDOWS\system32\barzbwhx.dll
2007-10-16 21:03 82,568 ----a-w C:\WINDOWS\system32\owjpytlv.dll
2007-10-16 21:00 389,184 ----a-w C:\WINDOWS\system32\lyhstler.exe
2007-10-16 21:00 339,968 ----a-w C:\WINDOWS\system32\vfheztfh.dll
2007-10-16 20:14 4,342 ----a-w C:\WINDOWS\system32\tmp.reg
2007-10-16 20:05 82,568 ----a-w C:\WINDOWS\system32\wtmspxgi.dll
2007-10-16 20:03 389,184 ----a-w C:\WINDOWS\system32\njipeaqu.exe
2007-10-16 06:43 389,184 ----a-w C:\WINDOWS\system32\fnkmrdrv.exe
2007-10-16 06:43 339,968 ----a-w C:\WINDOWS\system32\pgafvpre.dll
2007-10-16 06:28 339,968 ----a-w C:\WINDOWS\system32\wgnjhzbn.dll
2007-10-16 06:27 389,184 ----a-w C:\WINDOWS\system32\ywcuecgd.exe
2007-10-15 19:07 82,568 ----a-w C:\WINDOWS\system32\cqkiuxam.dll
2007-10-14 17:08 82,568 ----a-w C:\WINDOWS\system32\iuhlejlg.dll
2007-10-14 17:04 389,184 ----a-w C:\WINDOWS\system32\vmpnfmjw.exe
2007-10-14 17:04 339,968 ------w C:\WINDOWS\system32\dskaacmz.dll
2007-10-14 13:43 82,568 ----a-w C:\WINDOWS\system32\gccuqwnk.dll
2007-10-14 13:43 339,968 ----a-w C:\WINDOWS\system32\xhyjewbs.dll
2007-10-14 13:42 389,184 ----a-w C:\WINDOWS\system32\gncmjuct.exe
2007-10-14 12:37 82,568 ----a-w C:\WINDOWS\system32\rurguhny.dll
2007-10-14 09:26 81,116 ----a-w C:\WINDOWS\system32\qjlmyovf.dll
2007-10-14 09:20 389,184 ----a-w C:\WINDOWS\system32\vqxowaur.exe
2007-10-14 09:20 339,968 ----a-w C:\WINDOWS\system32\oqnjblnd.dll
2007-10-13 13:52 82,568 ----a-w C:\WINDOWS\system32\grbgphby.dll
2007-10-13 13:49 389,184 ----a-w C:\WINDOWS\system32\mowtgnoc.exe
2007-10-13 13:49 339,968 ----a-w C:\WINDOWS\system32\isygzotu.dll
2007-10-12 18:38 78,212 ----a-w C:\WINDOWS\system32\rlksmfrs.dll
2007-10-08 16:59 --------- d-----w C:\Program Files\uTorrent
2007-10-04 19:48 --------- d---a-w C:\Program Files\Fichiers communs\Adobe
2007-10-02 20:30 --------- d-----w C:\Program Files\AviSynth 2.5
2007-09-26 10:37 --------- d-----w C:\Program Files\MSN Messenger
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-03 20:21 --------- d-----w C:\Program Files\eRightSoft
2007-09-03 19:37 --------- d-----w C:\Program Files\DivX_311alpha
2007-09-02 14:52 --------- d---a-w C:\Program Files\Fichiers communs\InstallShield
2007-08-31 17:52 --------- d-----w C:\Program Files\MinitelADSL
2007-08-28 20:07 --------- d-----w C:\Program Files\Java
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-29 07:18 222 ----a-w C:\ffmpeg_debug.bat
2007-07-29 07:18 215 ----a-w C:\ffmpeg.bat
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-17 19:57 339968 --a------ C:\WINDOWS\system32\ptyczznr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\ptyczznr.dll [2007-10-17 19:57 339968]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 08:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 04:02]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 16:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 05:42]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-12 01:11]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-03-04 02:44]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 21:00]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-17 00:57]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 11:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 01:54]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-30 01:55]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-25 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-03-04 02:44 C:\WINDOWS\system32\nview.dll]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ptyczznr]
ptyczznr.dll 2007-10-17 19:57 339968 C:\WINDOWS\system32\ptyczznr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhfe.dll

S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys
S3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-11-17 20:07:00 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
"2007-10-17 18:27:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 20:31:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-17 20:38:28 - machine was rebooted
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:55, on 17/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ptyczznr.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ptyczznr.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickScan (OpticFilm 7200).lnk = C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: ptyczznr - C:\WINDOWS\SYSTEM32\ptyczznr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe

End of file - 7656 bytes
0
Réponse 12 / 24
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoir,

laisse moi le temps de digérer tout ça, je te posterais ensuite des manips à effectuer

0
Réponse 13 / 24
chocapic
 
Bonsoir,
OK, pas de problème, on verra cela plus tard.
0
Réponse 14 / 24
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
voilà la suite à donner :

IMPORTANT : avant de faire la manip :

télécharge ERUNT

https://www.zebulon.fr/telechargements/utilitaires/systeme-utilitaires/erunt.html
tuto
http://pageperso.aol.fr/loraline60/tuto_erunt.htm

* Copie les lignes de la citation suivante, d'un trait : 

Registry keys to delete:
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ptyczznr

Files to Delete:
C:\WINDOWS\system32\ptyczznr.dll 
C:\WINDOWS\system32\nxfasiex.exe 
C:\WINDOWS\system32\eqsdeumi.exe 
C:\WINDOWS\system32\uzravdiw.dll 
C:\WINDOWS\system32\gcrcyvft.dll 
C:\WINDOWS\system32\tbemmmnm.exe 
C:\WINDOWS\system32\barzbwhx.dll 
C:\WINDOWS\system32\owjpytlv.dll 
C:\WINDOWS\system32\lyhstler.exe 
C:\WINDOWS\system32\vfheztfh.dll 
C:\WINDOWS\system32\tmp.reg 
C:\WINDOWS\system32\wtmspxgi.dll 
C:\WINDOWS\system32\njipeaqu.exe 
C:\WINDOWS\system32\fnkmrdrv.exe 
C:\WINDOWS\system32\pgafvpre.dll 
C:\WINDOWS\system32\wgnjhzbn.dll 
C:\WINDOWS\system32\ywcuecgd.exe 
C:\WINDOWS\system32\cqkiuxam.dll 
C:\WINDOWS\system32\iuhlejlg.dll 
C:\WINDOWS\system32\vmpnfmjw.exe 
C:\WINDOWS\system32\dskaacmz.dll 
C:\WINDOWS\system32\gccuqwnk.dll 
C:\WINDOWS\system32\xhyjewbs.dll 
C:\WINDOWS\system32\gncmjuct.exe 
C:\WINDOWS\system32\rurguhny.dll 
C:\WINDOWS\system32\qjlmyovf.dll 
C:\WINDOWS\system32\vqxowaur.exe 
C:\WINDOWS\system32\oqnjblnd.dll 
C:\WINDOWS\system32\grbgphby.dll 
C:\WINDOWS\system32\mowtgnoc.exe 
C:\WINDOWS\system32\isygzotu.dll 
C:\WINDOWS\system32\rlksmfrs.dll 
C:\WINDOWS\SYSTEM32\ptyczznr.dll 
C:\WINDOWS\system32\barzbwhx.dll 
C:\WINDOWS\system32\vfheztfh.dll 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\dlwixoql.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\dlwixoql.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\dswtmhmj.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\efcgxlvu.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\exjegpqb.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\gcaaqyqf.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\gfnsaqmf.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\gitobxmn.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\hqhmhmdi.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\lpllfrfy.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\scriwcg.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\mofugclq.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\ngproxvf.exe
C:\WINDOWS\system32\dskaacmz.dll 
C:\WINDOWS\system32\eqsdeumi.exe 
C:\WINDOWS\system32\fnkmrdrv.exe 
C:\WINDOWS\system32\gncmjuct.exe 
C:\WINDOWS\system32\isygzotu.dll 
C:\WINDOWS\system32\lyhstler.exe 
C:\WINDOWS\system32\mowtgnoc.exe 
C:\WINDOWS\system32\njipeaqu.exe 
C:\WINDOWS\system32\oceabyah.exe 
C:\WINDOWS\system32\oqnjblnd.dll 
C:\WINDOWS\system32\pgafvpre.dll 
C:\WINDOWS\system32\tbemmmnm.exe 
C:\WINDOWS\system32\uzravdiw.dll 
C:\WINDOWS\system32\vmpnfmjw.exe 
C:\WINDOWS\system32\vqxowaur.exe 
C:\WINDOWS\system32\wgnjhzbn.dll 
C:\WINDOWS\system32\xhyjewbs.dll 
C:\WINDOWS\system32\ywcuecgd.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\peuagbsx.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\qrjatydi.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\rhvqsuwb.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\sheqipoi.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\ujjivnwv.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\urclqecd.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\vntmrykt.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\xqedqkpr.exe 
C:\Documents and Settings\Propriétaire\Local Settings\Temp\ywuecxwm.exe 
C:\hp\bin\KillIt.exe 
C:\hp\bin\Terminator.exe 
C:\Program Files\Hammer.dll


--> Clic droit / "copier"

Maintenant crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau" > "Document Texte".

* Ouvre-le et colle dedans ce que tu viens de copier précédemment
* Enregistre ce fichier sur ton bureau (nom : mad.txt)

* Télécharge à présent The Avenger
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/

* Dézippe-le sur ton bureau et double-clique sur le fichier "avenger.exe"
* Clique sur "Ok"
* Sélectionne "Load Script from File" et clique sur l'icône en forme de dossier.
* Sélectionne le fichier mad.txt qui est sur ton bureau
* Clique sur le feu vert pour lancer le script
* Clique sur "Oui"
* Accepte de redémarrer ton pc

après le redémarrage :

* Ouvre le fichier C:\avenger.txt et copie/colle son contenu ici.

me manquera peut être une ou 2 données que je n'ai pas intégrée au script, car je ne suis pas certaine de la manière de la mettre. Préfère pas faire de bêtise.
on verra à la fin, je préfère attendre une confirmation.
0
Réponse 15 / 24
chocapic
 
Bonjour Philae,

Voici le fichier avenger.txt.
Il y a eu quelques messages d'erreur lors de l'exécution, mais mon PC a l'air d'aller un peu mieux.

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}

//////////////////////////////////////////

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xtcejecg

*******************

Script file located at: \??\C:\rrmibbsy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\ptyczznr.dll deleted successfully.
File C:\WINDOWS\system32\nxfasiex.exe deleted successfully.
File C:\WINDOWS\system32\eqsdeumi.exe deleted successfully.
File C:\WINDOWS\system32\uzravdiw.dll deleted successfully.
File C:\WINDOWS\system32\gcrcyvft.dll deleted successfully.
File C:\WINDOWS\system32\tbemmmnm.exe deleted successfully.
File C:\WINDOWS\system32\barzbwhx.dll deleted successfully.
File C:\WINDOWS\system32\owjpytlv.dll deleted successfully.
File C:\WINDOWS\system32\lyhstler.exe deleted successfully.
File C:\WINDOWS\system32\vfheztfh.dll deleted successfully.
File C:\WINDOWS\system32\tmp.reg deleted successfully.
File C:\WINDOWS\system32\wtmspxgi.dll deleted successfully.
File C:\WINDOWS\system32\njipeaqu.exe deleted successfully.
File C:\WINDOWS\system32\fnkmrdrv.exe deleted successfully.
File C:\WINDOWS\system32\pgafvpre.dll deleted successfully.
File C:\WINDOWS\system32\wgnjhzbn.dll deleted successfully.
File C:\WINDOWS\system32\ywcuecgd.exe deleted successfully.
File C:\WINDOWS\system32\cqkiuxam.dll deleted successfully.
File C:\WINDOWS\system32\iuhlejlg.dll deleted successfully.
File C:\WINDOWS\system32\vmpnfmjw.exe deleted successfully.
File C:\WINDOWS\system32\dskaacmz.dll deleted successfully.
File C:\WINDOWS\system32\gccuqwnk.dll deleted successfully.
File C:\WINDOWS\system32\xhyjewbs.dll deleted successfully.
File C:\WINDOWS\system32\gncmjuct.exe deleted successfully.
File C:\WINDOWS\system32\rurguhny.dll deleted successfully.
File C:\WINDOWS\system32\qjlmyovf.dll deleted successfully.
File C:\WINDOWS\system32\vqxowaur.exe deleted successfully.
File C:\WINDOWS\system32\oqnjblnd.dll deleted successfully.
File C:\WINDOWS\system32\grbgphby.dll deleted successfully.
File C:\WINDOWS\system32\mowtgnoc.exe deleted successfully.
File C:\WINDOWS\system32\isygzotu.dll deleted successfully.
File C:\WINDOWS\system32\rlksmfrs.dll deleted successfully.

File C:\WINDOWS\SYSTEM32\ptyczznr.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\ptyczznr.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\ptyczznr.dll
Status: 0xc0000034

File C:\WINDOWS\system32\barzbwhx.dll not found!
Deletion of file C:\WINDOWS\system32\barzbwhx.dll failed!

Could not process line:
C:\WINDOWS\system32\barzbwhx.dll
Status: 0xc0000034

File C:\WINDOWS\system32\vfheztfh.dll not found!
Deletion of file C:\WINDOWS\system32\vfheztfh.dll failed!

Could not process line:
C:\WINDOWS\system32\vfheztfh.dll
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\dlwixoql.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\dlwixoql.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\dlwixoql.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\dlwixoql.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\dlwixoql.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\dlwixoql.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\dswtmhmj.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\dswtmhmj.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\dswtmhmj.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\efcgxlvu.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\efcgxlvu.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\efcgxlvu.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\exjegpqb.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\exjegpqb.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\exjegpqb.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\gcaaqyqf.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\gcaaqyqf.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\gcaaqyqf.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\gfnsaqmf.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\gfnsaqmf.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\gfnsaqmf.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\gitobxmn.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\gitobxmn.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\gitobxmn.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\hqhmhmdi.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\hqhmhmdi.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\hqhmhmdi.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\lpllfrfy.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\lpllfrfy.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\lpllfrfy.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\scriwcg.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\scriwcg.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\scriwcg.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\mofugclq.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\mofugclq.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\mofugclq.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\ngproxvf.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\ngproxvf.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\ngproxvf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\dskaacmz.dll not found!
Deletion of file C:\WINDOWS\system32\dskaacmz.dll failed!

Could not process line:
C:\WINDOWS\system32\dskaacmz.dll
Status: 0xc0000034

File C:\WINDOWS\system32\eqsdeumi.exe not found!
Deletion of file C:\WINDOWS\system32\eqsdeumi.exe failed!

Could not process line:
C:\WINDOWS\system32\eqsdeumi.exe
Status: 0xc0000034

File C:\WINDOWS\system32\fnkmrdrv.exe not found!
Deletion of file C:\WINDOWS\system32\fnkmrdrv.exe failed!

Could not process line:
C:\WINDOWS\system32\fnkmrdrv.exe
Status: 0xc0000034

File C:\WINDOWS\system32\gncmjuct.exe not found!
Deletion of file C:\WINDOWS\system32\gncmjuct.exe failed!

Could not process line:
C:\WINDOWS\system32\gncmjuct.exe
Status: 0xc0000034

File C:\WINDOWS\system32\isygzotu.dll not found!
Deletion of file C:\WINDOWS\system32\isygzotu.dll failed!

Could not process line:
C:\WINDOWS\system32\isygzotu.dll
Status: 0xc0000034

File C:\WINDOWS\system32\lyhstler.exe not found!
Deletion of file C:\WINDOWS\system32\lyhstler.exe failed!

Could not process line:
C:\WINDOWS\system32\lyhstler.exe
Status: 0xc0000034

File C:\WINDOWS\system32\mowtgnoc.exe not found!
Deletion of file C:\WINDOWS\system32\mowtgnoc.exe failed!

Could not process line:
C:\WINDOWS\system32\mowtgnoc.exe
Status: 0xc0000034

File C:\WINDOWS\system32\njipeaqu.exe not found!
Deletion of file C:\WINDOWS\system32\njipeaqu.exe failed!

Could not process line:
C:\WINDOWS\system32\njipeaqu.exe
Status: 0xc0000034

File C:\WINDOWS\system32\oceabyah.exe not found!
Deletion of file C:\WINDOWS\system32\oceabyah.exe failed!

Could not process line:
C:\WINDOWS\system32\oceabyah.exe
Status: 0xc0000034

File C:\WINDOWS\system32\oqnjblnd.dll not found!
Deletion of file C:\WINDOWS\system32\oqnjblnd.dll failed!

Could not process line:
C:\WINDOWS\system32\oqnjblnd.dll
Status: 0xc0000034

File C:\WINDOWS\system32\pgafvpre.dll not found!
Deletion of file C:\WINDOWS\system32\pgafvpre.dll failed!

Could not process line:
C:\WINDOWS\system32\pgafvpre.dll
Status: 0xc0000034

File C:\WINDOWS\system32\tbemmmnm.exe not found!
Deletion of file C:\WINDOWS\system32\tbemmmnm.exe failed!

Could not process line:
C:\WINDOWS\system32\tbemmmnm.exe
Status: 0xc0000034

File C:\WINDOWS\system32\uzravdiw.dll not found!
Deletion of file C:\WINDOWS\system32\uzravdiw.dll failed!

Could not process line:
C:\WINDOWS\system32\uzravdiw.dll
Status: 0xc0000034

File C:\WINDOWS\system32\vmpnfmjw.exe not found!
Deletion of file C:\WINDOWS\system32\vmpnfmjw.exe failed!

Could not process line:
C:\WINDOWS\system32\vmpnfmjw.exe
Status: 0xc0000034

File C:\WINDOWS\system32\vqxowaur.exe not found!
Deletion of file C:\WINDOWS\system32\vqxowaur.exe failed!

Could not process line:
C:\WINDOWS\system32\vqxowaur.exe
Status: 0xc0000034

File C:\WINDOWS\system32\wgnjhzbn.dll not found!
Deletion of file C:\WINDOWS\system32\wgnjhzbn.dll failed!

Could not process line:
C:\WINDOWS\system32\wgnjhzbn.dll
Status: 0xc0000034

File C:\WINDOWS\system32\xhyjewbs.dll not found!
Deletion of file C:\WINDOWS\system32\xhyjewbs.dll failed!

Could not process line:
C:\WINDOWS\system32\xhyjewbs.dll
Status: 0xc0000034

File C:\WINDOWS\system32\ywcuecgd.exe not found!
Deletion of file C:\WINDOWS\system32\ywcuecgd.exe failed!

Could not process line:
C:\WINDOWS\system32\ywcuecgd.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\peuagbsx.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\peuagbsx.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\peuagbsx.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\qrjatydi.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\qrjatydi.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\qrjatydi.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\rhvqsuwb.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\rhvqsuwb.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\rhvqsuwb.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\sheqipoi.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\sheqipoi.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\sheqipoi.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\ujjivnwv.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\ujjivnwv.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\ujjivnwv.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\urclqecd.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\urclqecd.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\urclqecd.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\vntmrykt.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\vntmrykt.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\vntmrykt.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\xqedqkpr.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\xqedqkpr.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\xqedqkpr.exe
Status: 0xc0000034

File C:\Documents and Settings\Propriétaire\Local Settings\Temp\ywuecxwm.exe not found!
Deletion of file C:\Documents and Settings\Propriétaire\Local Settings\Temp\ywuecxwm.exe failed!

Could not process line:
C:\Documents and Settings\Propriétaire\Local Settings\Temp\ywuecxwm.exe
Status: 0xc0000034

File C:\hp\bin\KillIt.exe deleted successfully.
File C:\hp\bin\Terminator.exe deleted successfully.

File C:\Program Files\Hammer.dll not found!
Deletion of file C:\Program Files\Hammer.dll failed!

Could not process line:
C:\Program Files\Hammer.dll
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{11A69AE4-FBED-4832-A2BF-45AF82825583} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{11A69AE4-FBED-4832-A2BF-45AF82825583} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ptyczznr deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
0
Réponse 16 / 24
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonjour,

bon c'est pas trop mal tout de même, maintenant il faut re vérifier.

relance combofix et poste le rapport

j'espère pouvoir repasser dans la journée
0
Réponse 17 / 24
chocapic
 
Re,

Voci le rapport :

ComboFix 07-10-17.8 - Propri‚taire 2007-10-18 20:42:28.2 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.344 [GMT 2:00]
Running from: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-18 to 2007-10-18 ))))))))))))))))))))))))))))))))))))
.

2007-10-17 20:05 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-17 00:21 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-10-17 00:21 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-10-17 00:21 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-10-17 00:21 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-10-17 00:21 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-17 00:02 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-16 22:44 <REP> d-------- C:\VundoFix Backups
2007-10-16 22:10 <REP> d-------- C:\SmitfraudFix
2007-10-16 18:48 <REP> d-------- C:\Program Files\Trend Micro
2007-10-16 08:42 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-15 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-15 21:48 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-14 18:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-14 18:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-13 08:30 <REP> C:\Documents and Settings\Propriétaire\Recent
2007-10-10 21:52 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-10-10 21:52 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll
2007-10-09 22:24 <REP> d---s---- C:\WINDOWS\system32\%SystemDrive%
2007-10-09 22:13 <REP> d-------- C:\Program Files\Windows Defender
2007-10-09 20:19 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 21:24 <REP> d-------- C:\Program Files\Lavasoft
2007-10-05 23:14 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2007-10-05 20:20 <REP> d-------- C:\Program Files\Dofus
2007-09-29 10:36 <REP> d-------- C:\Program Files\iPod
2007-09-29 10:35 <REP> d-------- C:\Program Files\iTunes
2007-09-29 10:32 <REP> d-------- C:\Program Files\QuickTime
2007-09-29 10:30 <REP> d-------- C:\Program Files\Apple Software Update
2007-09-29 10:29 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-09-29 10:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-25 21:15 <REP> d-------- C:\Program Files\Audacity

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 11:16 6,815,744 ----a-w C:\Documents and Settings\Propriétaire\ntuser.dat
2007-10-16 23:43 --------- d-----w C:\Program Files\Microsoft LifeCam
2007-10-16 22:23 --------- d-----w C:\Program Files\DivX
2007-10-08 16:59 --------- d-----w C:\Program Files\uTorrent
2007-10-04 19:48 --------- d---a-w C:\Program Files\Fichiers communs\Adobe
2007-10-02 20:30 --------- d-----w C:\Program Files\AviSynth 2.5
2007-09-26 10:37 --------- d-----w C:\Program Files\MSN Messenger
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-03 20:21 --------- d-----w C:\Program Files\eRightSoft
2007-09-03 19:37 --------- d-----w C:\Program Files\DivX_311alpha
2007-09-02 14:52 --------- d---a-w C:\Program Files\Fichiers communs\InstallShield
2007-08-31 17:52 --------- d-----w C:\Program Files\MinitelADSL
2007-08-28 20:07 --------- d-----w C:\Program Files\Java
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-29 07:18 222 ----a-w C:\ffmpeg_debug.bat
2007-07-29 07:18 215 ----a-w C:\ffmpeg.bat
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-17_20.35.55.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-03-06 13:27:46 162,816 ----a-w C:\WINDOWS\erdnt\18-10-2007\ERDNT.EXE
+ 2007-10-18 11:06:40 6,668,288 ----a-w C:\WINDOWS\erdnt\18-10-2007\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-10-18 11:06:40 147,456 ----a-w C:\WINDOWS\erdnt\18-10-2007\Users\[u]0[/u]0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 08:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 04:02]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 16:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 05:42]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-12 01:11]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-03-04 02:44]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 21:00]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-17 00:57]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 11:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 01:54]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-30 01:55]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-25 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-03-04 02:44 C:\WINDOWS\system32\nview.dll]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe"
R2 OPTENET_FILTER;Control Parental;C:\Program Files\Controle Parental\bin\optproxy.exe
R3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 VX3000;VX-3000;C:\WINDOWS\system32\DRIVERS\VX3000.sys

*Newly Created Service* - ENTDRV51
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-11-17 20:07:00 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
"2007-10-18 18:37:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-18 20:48:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-18 20:51:05
C:\ComboFix2.txt ... 2007-10-17 20:38
.
--- E O F ---
0
Réponse 18 / 24
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
re

tu pourras reposter un nouveau rapport hijackthis maintenant stp
0
Réponse 19 / 24
chocapic
 
Voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:28, on 18/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: QuickScan (OpticFilm 7200).lnk = C:\Program Files\Plustek\OpticFilm 7200\QuickScan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
0
Réponse 20 / 24
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonjour,

cela me parait correct, as tu encore des problèmes particuliers ?
0