Pop-ups, spyware, trojans, virus.

LFPO26 -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Salut à tous !

Depuis hier soir, j'ai plein de pop-up, spyware et trojans sur mon PC et je ne sais pas comment les supprimer.
J'ai fais avec AVG SpyWare, SpyBot et Avast des vérifications, ils trouvent plein de choses, ils les suppriment mais les problèmes persistent.

Pouvez-vous m'aide svp ?

Voici le rapport de HiJack.

Logfile of HijackThis v1.99.1
Scan saved at 22:43:38, on 14/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Documents_JeanPierre\Hijack\WGAPluginInstall.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26494337-C37E-4790-BEF5-E0A34C3B5E10} - C:\WINDOWS\system32\jkkjk.dll
O2 - BHO: {cce74780-559f-ac6b-fc64-de4152bb37d4} - {4d73bb25-14ed-46cf-b6ca-f95508747ecc} - C:\WINDOWS\system32\hpogeleb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\pwihofeg.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\pwihofeg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00B44FB.dat
O20 - Winlogon Notify: pwihofeg - C:\WINDOWS\SYSTEM32\pwihofeg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwlw32 - winwlw32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Je reste disponible si vous avez besoin d'autres rapport ou autres.

Merci.
JP
Configuration: Windows XP
Firefox 2.0.0.9

19 réponses

  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

    * Double-cliquer sur VundoFix.exe afin de le lancer.
    * Cliquer sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
    * Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
    * Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    * Une nouvelle invite de commende annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
    * Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp

    ++
    0
  2. LFPO26
     
    Salut !

    Merci beaucoup.

    Les problèmes persistent encore.
    Voici le rapport de Vundo.

    VundoFix V6.6.1

    Checking Java version...

    Scan started at 23:14:21 14/11/2007

    Listing files found while scanning....

    VundoFix V6.6.1

    Checking Java version...

    Scan started at 23:21:17 14/11/2007

    Listing files found while scanning....

    C:\windows\system32\pwihofeg.dll
    C:\windows\system32\tccrmsdl.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\pwihofeg.dll
    C:\windows\system32\pwihofeg.dll Has been deleted!

    Attempting to delete C:\windows\system32\tccrmsdl.dll
    C:\windows\system32\tccrmsdl.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Merci
    JP
    0
  3. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok, poste un nouveau hijack stp

    ++
    0
  4. LFPO26
     
    Salut !

    Voilà !

    Logfile of HijackThis v1.99.1
    Scan saved at 09:50:00, on 15/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    F:\Documents_JeanPierre\Hijack\WGAPluginInstall.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {24618AA9-F70E-434A-B408-4D3B9B4A5033} - C:\WINDOWS\system32\jkkjk.dll
    O2 - BHO: {cce74780-559f-ac6b-fc64-de4152bb37d4} - {4d73bb25-14ed-46cf-b6ca-f95508747ecc} - C:\WINDOWS\system32\hpogeleb.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00B44FB.dat
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winwlw32 - winwlw32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    Merci
    JP
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. LFPO26 Messages postés 23 Date d'inscription   Statut Membre Dernière intervention   1
     
    Salut !

    Pas de nouvelle pour moi svp ?

    Merci
    JP
    0
  7. LFPO26 Messages postés 23 Date d'inscription   Statut Membre Dernière intervention   1
     
    Un petit up...

    Merci !
    0
  8. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    désolée, j'étions absente ! :)

    Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Démarrer en mode sans echec
    * Double cliquer combofix.exe.
    * Appuyer sur la touche Y (Yes) pour démarrer le scan
    * Le rapport sera crée dans: C:\Combofix.txt, poste le stp

    ++
    0
  9. LFPO26 Messages postés 23 Date d'inscription   Statut Membre Dernière intervention   1
     
    Salut !

    Pas de problème, ne t'inquiète pas, c'est déjà très gentil de t'occuper de moi.

    Voici le rapport de ComboFix.
    Plusieurs problèmes ont été réglés mais on dirait, pas tous.

    ComboFix 07-11-08.1 - Jean pierre 2007-11-16 20:36:44.1 - NTFSx86 MINIMAL
    Running from: F:\Documents_JeanPierre\ComboFix.exe
    .

    Incapable d'obtenir les privilèges Système

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\salesmonitor
    C:\Documents and Settings\Jean pierre\Favoris\Online Security Guide.lnk
    C:\Documents and Settings\Jean pierre\Mes documents\CURITY~1
    C:\Documents and Settings\Jean pierre\Mes documents\CURITY~1\??curity\
    C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\#SharedObjects\SBX89BK4\iforex.com
    C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\#SharedObjects\SBX89BK4\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
    C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
    C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
    C:\Documents and Settings\Jose\Bureau\Live Safety Center.lnk
    C:\Documents and Settings\Jose\Bureau\Online Security Guide.lnk
    C:\Documents and Settings\Jose\Favoris\Online Security Guide.lnk
    C:\WINDOWS\msnimport.exe
    C:\WINDOWS\scurit~1
    C:\WINDOWS\system32\__c001A4B5.dat
    C:\WINDOWS\system32\__c0073964.dat
    C:\WINDOWS\system32\drivers\blank.gif
    C:\WINDOWS\system32\drivers\box_1.gif
    C:\WINDOWS\system32\drivers\box_2.gif
    C:\WINDOWS\system32\drivers\box_3.gif
    C:\WINDOWS\system32\drivers\button_buynow.gif
    C:\WINDOWS\system32\drivers\button_freescan.gif
    C:\WINDOWS\system32\drivers\cell_bg.gif
    C:\WINDOWS\system32\drivers\cell_footer.gif
    C:\WINDOWS\system32\drivers\cell_header_block.gif
    C:\WINDOWS\system32\drivers\cell_header_remove.gif
    C:\WINDOWS\system32\drivers\cell_header_scan.gif
    C:\WINDOWS\system32\drivers\core.cache.dsk
    C:\WINDOWS\system32\drivers\core.sys
    C:\WINDOWS\system32\drivers\detect.htm
    C:\WINDOWS\system32\drivers\download_box.gif
    C:\WINDOWS\system32\drivers\download_btn.jpg
    C:\WINDOWS\system32\drivers\download_now_btn.gif
    C:\WINDOWS\system32\drivers\footer_back.jpg
    C:\WINDOWS\system32\drivers\header_1.gif
    C:\WINDOWS\system32\drivers\header_2.gif
    C:\WINDOWS\system32\drivers\header_3.gif
    C:\WINDOWS\system32\drivers\header_4.gif
    C:\WINDOWS\system32\drivers\header_red_bg.gif
    C:\WINDOWS\system32\drivers\header_red_free_scan.gif
    C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
    C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
    C:\WINDOWS\system32\drivers\infected.gif
    C:\WINDOWS\system32\drivers\main_back.gif
    C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
    C:\WINDOWS\system32\drivers\product_1_header.gif
    C:\WINDOWS\system32\drivers\product_1_name_small.gif
    C:\WINDOWS\system32\drivers\product_2_header.gif
    C:\WINDOWS\system32\drivers\product_2_name_small.gif
    C:\WINDOWS\system32\drivers\product_3_header.gif
    C:\WINDOWS\system32\drivers\product_3_name_small.gif
    C:\WINDOWS\system32\drivers\product_features.gif
    C:\WINDOWS\system32\drivers\pt.htm
    C:\WINDOWS\system32\drivers\rating.gif
    C:\WINDOWS\system32\drivers\s_detect.htm
    C:\WINDOWS\system32\drivers\screenshot.jpg
    C:\WINDOWS\system32\drivers\sep_hor.gif
    C:\WINDOWS\system32\drivers\sep_vert.gif
    C:\WINDOWS\system32\drivers\shadow.jpg
    C:\WINDOWS\system32\drivers\shadow_bg.gif
    C:\WINDOWS\system32\drivers\spacer.gif
    C:\WINDOWS\system32\drivers\spy_away_box.jpg
    C:\WINDOWS\system32\drivers\star.gif
    C:\WINDOWS\system32\drivers\star_gray.gif
    C:\WINDOWS\system32\drivers\star_gray_small.gif
    C:\WINDOWS\system32\drivers\star_small.gif
    C:\WINDOWS\system32\drivers\style.css
    C:\WINDOWS\system32\drivers\v.gif
    C:\WINDOWS\system32\drivers\warning_icon.gif
    C:\WINDOWS\system32\drivers\win_logo.gif
    C:\WINDOWS\system32\drivers\x.gif
    C:\WINDOWS\system32\fibagbia
    C:\WINDOWS\system32\fibagbia\bg1.gif
    C:\WINDOWS\system32\fibagbia\bgtop.gif
    C:\WINDOWS\system32\fibagbia\bottom1.gif
    C:\WINDOWS\system32\fibagbia\essentials.gif
    C:\WINDOWS\system32\fibagbia\fibagbia1.exe
    C:\WINDOWS\system32\fibagbia\fibagbia2.exe
    C:\WINDOWS\system32\fibagbia\fibagbia3.exe
    C:\WINDOWS\system32\fibagbia\icon1.ico
    C:\WINDOWS\system32\fibagbia\install1.gif
    C:\WINDOWS\system32\fibagbia\left1.gif
    C:\WINDOWS\system32\fibagbia\li.gif
    C:\WINDOWS\system32\fibagbia\logo.gif
    C:\WINDOWS\system32\fibagbia\main.htm
    C:\WINDOWS\system32\fibagbia\mainframe.htm
    C:\WINDOWS\system32\fibagbia\reinstall1.gif
    C:\WINDOWS\system32\fibagbia\right1.gif
    C:\WINDOWS\system32\fibagbia\s1.htm
    C:\WINDOWS\system32\fibagbia\s2.htm
    C:\WINDOWS\system32\fibagbia\s3.htm
    C:\WINDOWS\system32\fibagbia\SMTop1.gif
    C:\WINDOWS\system32\fibagbia\SMTop2.gif
    C:\WINDOWS\system32\fibagbia\SMTop3.gif
    C:\WINDOWS\system32\fibagbia\SMTop4.gif
    C:\WINDOWS\system32\fibagbia\soft1_off.gif
    C:\WINDOWS\system32\fibagbia\soft1_off_ext.gif
    C:\WINDOWS\system32\fibagbia\soft1_on.gif
    C:\WINDOWS\system32\fibagbia\soft1_on_ext.gif
    C:\WINDOWS\system32\fibagbia\soft2_off.gif
    C:\WINDOWS\system32\fibagbia\soft2_off_ext.gif
    C:\WINDOWS\system32\fibagbia\soft2_on.gif
    C:\WINDOWS\system32\fibagbia\soft2_on_ext.gif
    C:\WINDOWS\system32\fibagbia\soft3_off.gif
    C:\WINDOWS\system32\fibagbia\soft3_off_ext.gif
    C:\WINDOWS\system32\fibagbia\soft3_on.gif
    C:\WINDOWS\system32\fibagbia\soft3_on_ext.gif
    C:\WINDOWS\system32\fibagbia\softbottom_off.gif
    C:\WINDOWS\system32\fibagbia\softbottom_on.gif
    C:\WINDOWS\system32\fibagbia\softleft_off.gif
    C:\WINDOWS\system32\fibagbia\softleft_on.gif
    C:\WINDOWS\system32\fibagbia\top1.gif
    C:\WINDOWS\system32\fibagbia\top2.gif
    C:\WINDOWS\system32\fibagbia\turnoff1.gif
    C:\WINDOWS\system32\fibagbia\turnon1.gif
    C:\WINDOWS\system32\jkkjk.dll
    C:\WINDOWS\system32\jocpmwaw.dll
    C:\WINDOWS\system32\kjkkj.ini
    C:\WINDOWS\system32\kjkkj.ini2
    C:\WINDOWS\system32\kliyvmuq.dll
    C:\WINDOWS\system32\ldinfo.ldr
    C:\WINDOWS\system32\pppatc~1
    C:\WINDOWS\system32\pwihofeg.dllbox
    C:\WINDOWS\system32\yiaelkqa.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CORE
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_FMTR
    -------\core
    -------\DomainService

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-16 to 2007-11-16 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-16 20:33 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-16 14:05 81,984 --a------ C:\WINDOWS\system32\mjvfeiyy.dll
    2007-11-16 13:59 85,056 --a------ C:\WINDOWS\system32\wsfxfmsp.dll
    2007-11-16 12:23 71,232 --a------ C:\WINDOWS\system32\mmcxnkcn.exe
    2007-11-15 10:32 79,936 --a------ C:\WINDOWS\system32\srhpgmyr.dll
    2007-11-15 10:26 71,232 --a------ C:\WINDOWS\system32\iilcwumy.exe
    2007-11-14 21:32 <REP> d-------- C:\Documents and Settings\Jean pierre\Application Data\Grisoft
    2007-11-14 21:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-14 21:30 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-13 21:47 123 --a------ C:\Documents and Settings\Jean pierre\mit.bat
    2007-11-13 21:46 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
    2007-11-13 21:45 36,352 --a------ C:\WINDOWS\system32\wvuuspp.dll
    2007-11-13 21:45 21,504 --a------ C:\WINDOWS\system32\aivskurq.dll
    2007-11-13 21:41 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
    2007-11-13 21:41 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-11-13 21:41 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
    2007-11-13 21:41 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-11-11 20:51 90,112 --a------ C:\WINDOWS\unvise32.exe
    2007-11-11 20:48 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL
    2007-11-11 20:48 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL
    2007-11-11 20:48 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
    2007-11-11 20:48 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL
    2007-11-11 20:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
    2007-11-11 20:47 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
    2007-10-26 15:56 <REP> d-------- C:\Program Files\MP3Gain
    2007-10-26 15:44 <REP> d-------- C:\Program Files\mp3DirectCut
    2007-10-24 19:49 <REP> d-------- C:\ConvertTemp
    2007-10-23 19:06 59,632 -ra------ C:\WINDOWS\system32\drivers\qcusbmdm.sys
    2007-10-22 20:25 <REP> d-------- C:\Documents and Settings\Jean pierre\Application Data\Samsung
    2007-10-22 20:05 <REP> d-------- C:\Program Files\Samsung

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-16 19:22 --------- d-----w C:\Documents and Settings\Jean pierre\Application Data\Skype
    2007-11-13 20:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-10 23:18 --------- d-----w C:\Documents and Settings\Jean pierre\Application Data\teamspeak2
    2007-10-24 18:25 --------- d-----w C:\Program Files\Java
    2007-10-10 17:28 --------- d-----w C:\Documents and Settings\Jose\Application Data\Skype
    2007-10-10 10:18 --------- d-----w C:\Program Files\Adverts
    2007-10-10 10:17 --------- d-----w C:\Program Files\Windows Live
    2007-10-10 10:17 --------- d-----w C:\Program Files\MSN Messenger
    2007-10-10 10:17 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-10-10 07:09 --------- d-----w C:\Program Files\Skype
    2007-10-10 07:09 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2007-10-10 07:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2007-10-09 18:13 --------- d-----w C:\Program Files\Hewlett-Packard
    2007-10-09 18:12 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
    2007-10-09 18:10 --------- d-----w C:\Program Files\HP
    2007-09-05 15:44 73,216 ----a-w C:\WINDOWS\cadkasdeinst01f.exe
    2007-08-31 12:18 360,580 -c--a-w C:\WINDOWS\eSellerateEngine.dll
    2007-04-16 21:00:27 90 --sh--w C:\WINDOWS\cnerolf.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ae24094d-41b3-45b2-9da0-fd23fbb58bd2}]
    2007-11-16 14:05 81984 --a------ C:\WINDOWS\system32\mjvfeiyy.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2003-05-30 08:42]
    "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 16:56 C:\WINDOWS\system32\CTHELPER.EXE]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
    "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 00:00]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 23:03]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 21:57]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 10:29]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 16:54]
    "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 17:32]
    "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 17:31]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-04-28 13:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12]
    "LaunchList"="C:\Program Files\Pinnacle\Studio 9\LaunchList.exe" []
    "Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
    "182eef0d"="C:\WINDOWS\system32\wsfxfmsp.dll" [2007-11-16 13:59]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 10:12]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwlw32]
    winwlw32.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkjk.dll

    R3 GcKernel;Pilote de filtre Microsoft SideWinder Value Add;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
    R3 HIDSwvd;Minipilote de périphérique Microsoft SideWinder HID virtuel;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
    R3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys
    R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys
    S3 MOSUMAC;MosChip USB-Ethernet Driver;C:\WINDOWS\system32\DRIVERS\MOSUMAC.SYS
    S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);C:\WINDOWS\system32\DRIVERS\qcusbmdm.sys
    S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
    S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
    S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-16 21:01:37
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-16 21:03:03 - machine was rebooted
    .
    --- E O F ---

    Merci
    JP
    0
  10. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :



    File::

    C:\WINDOWS\system32\mjvfeiyy.dll
    C:\WINDOWS\system32\wsfxfmsp.dll
    C:\WINDOWS\system32\mmcxnkcn.exe
    C:\WINDOWS\system32\srhpgmyr.dll
    C:\WINDOWS\system32\iilcwumy.exe
    C:\WINDOWS\system32\dpqaqlqx.bin
    C:\WINDOWS\system32\wvuuspp.dll
    C:\WINDOWS\system32\aivskurq.dll
    C:\WINDOWS\unvise32.exe


    ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    Dans la fenêtre qui suit, choisie l'option 1 puis valide
    Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal !
    A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt )

    ++
    0
  11. LFPO26 Messages postés 23 Date d'inscription   Statut Membre Dernière intervention   1
     
    Salut !

    Merci de ton aide.

    Voici le rapport de ComboFix.

    ComboFix 07-11-08.1 - Jean pierre 2007-11-16 20:36:44.1 - NTFSx86 MINIMAL
    Running from: F:\Documents_JeanPierre\ComboFix.exe
    .

    Incapable d'obtenir les privilèges Système

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\salesmonitor
    C:\Documents and Settings\Jean pierre\Favoris\Online Security Guide.lnk
    C:\Documents and Settings\Jean pierre\Mes documents\CURITY~1
    C:\Documents and Settings\Jean pierre\Mes documents\CURITY~1\??curity\
    C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\#SharedObjects\SBX89BK4\iforex.com
    C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\#SharedObjects\SBX89BK4\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
    C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
    C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
    C:\Documents and Settings\Jose\Bureau\Live Safety Center.lnk
    C:\Documents and Settings\Jose\Bureau\Online Security Guide.lnk
    C:\Documents and Settings\Jose\Favoris\Online Security Guide.lnk
    C:\WINDOWS\msnimport.exe
    C:\WINDOWS\scurit~1
    C:\WINDOWS\system32\__c001A4B5.dat
    C:\WINDOWS\system32\__c0073964.dat
    C:\WINDOWS\system32\drivers\blank.gif
    C:\WINDOWS\system32\drivers\box_1.gif
    C:\WINDOWS\system32\drivers\box_2.gif
    C:\WINDOWS\system32\drivers\box_3.gif
    C:\WINDOWS\system32\drivers\button_buynow.gif
    C:\WINDOWS\system32\drivers\button_freescan.gif
    C:\WINDOWS\system32\drivers\cell_bg.gif
    C:\WINDOWS\system32\drivers\cell_footer.gif
    C:\WINDOWS\system32\drivers\cell_header_block.gif
    C:\WINDOWS\system32\drivers\cell_header_remove.gif
    C:\WINDOWS\system32\drivers\cell_header_scan.gif
    C:\WINDOWS\system32\drivers\core.cache.dsk
    C:\WINDOWS\system32\drivers\core.sys
    C:\WINDOWS\system32\drivers\detect.htm
    C:\WINDOWS\system32\drivers\download_box.gif
    C:\WINDOWS\system32\drivers\download_btn.jpg
    C:\WINDOWS\system32\drivers\download_now_btn.gif
    C:\WINDOWS\system32\drivers\footer_back.jpg
    C:\WINDOWS\system32\drivers\header_1.gif
    C:\WINDOWS\system32\drivers\header_2.gif
    C:\WINDOWS\system32\drivers\header_3.gif
    C:\WINDOWS\system32\drivers\header_4.gif
    C:\WINDOWS\system32\drivers\header_red_bg.gif
    C:\WINDOWS\system32\drivers\header_red_free_scan.gif
    C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
    C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
    C:\WINDOWS\system32\drivers\infected.gif
    C:\WINDOWS\system32\drivers\main_back.gif
    C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
    C:\WINDOWS\system32\drivers\product_1_header.gif
    C:\WINDOWS\system32\drivers\product_1_name_small.gif
    C:\WINDOWS\system32\drivers\product_2_header.gif
    C:\WINDOWS\system32\drivers\product_2_name_small.gif
    C:\WINDOWS\system32\drivers\product_3_header.gif
    C:\WINDOWS\system32\drivers\product_3_name_small.gif
    C:\WINDOWS\system32\drivers\product_features.gif
    C:\WINDOWS\system32\drivers\pt.htm
    C:\WINDOWS\system32\drivers\rating.gif
    C:\WINDOWS\system32\drivers\s_detect.htm
    C:\WINDOWS\system32\drivers\screenshot.jpg
    C:\WINDOWS\system32\drivers\sep_hor.gif
    C:\WINDOWS\system32\drivers\sep_vert.gif
    C:\WINDOWS\system32\drivers\shadow.jpg
    C:\WINDOWS\system32\drivers\shadow_bg.gif
    C:\WINDOWS\system32\drivers\spacer.gif
    C:\WINDOWS\system32\drivers\spy_away_box.jpg
    C:\WINDOWS\system32\drivers\star.gif
    C:\WINDOWS\system32\drivers\star_gray.gif
    C:\WINDOWS\system32\drivers\star_gray_small.gif
    C:\WINDOWS\system32\drivers\star_small.gif
    C:\WINDOWS\system32\drivers\style.css
    C:\WINDOWS\system32\drivers\v.gif
    C:\WINDOWS\system32\drivers\warning_icon.gif
    C:\WINDOWS\system32\drivers\win_logo.gif
    C:\WINDOWS\system32\drivers\x.gif
    C:\WINDOWS\system32\fibagbia
    C:\WINDOWS\system32\fibagbia\bg1.gif
    C:\WINDOWS\system32\fibagbia\bgtop.gif
    C:\WINDOWS\system32\fibagbia\bottom1.gif
    C:\WINDOWS\system32\fibagbia\essentials.gif
    C:\WINDOWS\system32\fibagbia\fibagbia1.exe
    C:\WINDOWS\system32\fibagbia\fibagbia2.exe
    C:\WINDOWS\system32\fibagbia\fibagbia3.exe
    C:\WINDOWS\system32\fibagbia\icon1.ico
    C:\WINDOWS\system32\fibagbia\install1.gif
    C:\WINDOWS\system32\fibagbia\left1.gif
    C:\WINDOWS\system32\fibagbia\li.gif
    C:\WINDOWS\system32\fibagbia\logo.gif
    C:\WINDOWS\system32\fibagbia\main.htm
    C:\WINDOWS\system32\fibagbia\mainframe.htm
    C:\WINDOWS\system32\fibagbia\reinstall1.gif
    C:\WINDOWS\system32\fibagbia\right1.gif
    C:\WINDOWS\system32\fibagbia\s1.htm
    C:\WINDOWS\system32\fibagbia\s2.htm
    C:\WINDOWS\system32\fibagbia\s3.htm
    C:\WINDOWS\system32\fibagbia\SMTop1.gif
    C:\WINDOWS\system32\fibagbia\SMTop2.gif
    C:\WINDOWS\system32\fibagbia\SMTop3.gif
    C:\WINDOWS\system32\fibagbia\SMTop4.gif
    C:\WINDOWS\system32\fibagbia\soft1_off.gif
    C:\WINDOWS\system32\fibagbia\soft1_off_ext.gif
    C:\WINDOWS\system32\fibagbia\soft1_on.gif
    C:\WINDOWS\system32\fibagbia\soft1_on_ext.gif
    C:\WINDOWS\system32\fibagbia\soft2_off.gif
    C:\WINDOWS\system32\fibagbia\soft2_off_ext.gif
    C:\WINDOWS\system32\fibagbia\soft2_on.gif
    C:\WINDOWS\system32\fibagbia\soft2_on_ext.gif
    C:\WINDOWS\system32\fibagbia\soft3_off.gif
    C:\WINDOWS\system32\fibagbia\soft3_off_ext.gif
    C:\WINDOWS\system32\fibagbia\soft3_on.gif
    C:\WINDOWS\system32\fibagbia\soft3_on_ext.gif
    C:\WINDOWS\system32\fibagbia\softbottom_off.gif
    C:\WINDOWS\system32\fibagbia\softbottom_on.gif
    C:\WINDOWS\system32\fibagbia\softleft_off.gif
    C:\WINDOWS\system32\fibagbia\softleft_on.gif
    C:\WINDOWS\system32\fibagbia\top1.gif
    C:\WINDOWS\system32\fibagbia\top2.gif
    C:\WINDOWS\system32\fibagbia\turnoff1.gif
    C:\WINDOWS\system32\fibagbia\turnon1.gif
    C:\WINDOWS\system32\jkkjk.dll
    C:\WINDOWS\system32\jocpmwaw.dll
    C:\WINDOWS\system32\kjkkj.ini
    C:\WINDOWS\system32\kjkkj.ini2
    C:\WINDOWS\system32\kliyvmuq.dll
    C:\WINDOWS\system32\ldinfo.ldr
    C:\WINDOWS\system32\pppatc~1
    C:\WINDOWS\system32\pwihofeg.dllbox
    C:\WINDOWS\system32\yiaelkqa.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CORE
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_FMTR
    -------\core
    -------\DomainService

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-16 to 2007-11-16 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-16 20:33 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-16 14:05 81,984 --a------ C:\WINDOWS\system32\mjvfeiyy.dll
    2007-11-16 13:59 85,056 --a------ C:\WINDOWS\system32\wsfxfmsp.dll
    2007-11-16 12:23 71,232 --a------ C:\WINDOWS\system32\mmcxnkcn.exe
    2007-11-15 10:32 79,936 --a------ C:\WINDOWS\system32\srhpgmyr.dll
    2007-11-15 10:26 71,232 --a------ C:\WINDOWS\system32\iilcwumy.exe
    2007-11-14 21:32 <REP> d-------- C:\Documents and Settings\Jean pierre\Application Data\Grisoft
    2007-11-14 21:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-14 21:30 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-13 21:47 123 --a------ C:\Documents and Settings\Jean pierre\mit.bat
    2007-11-13 21:46 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
    2007-11-13 21:45 36,352 --a------ C:\WINDOWS\system32\wvuuspp.dll
    2007-11-13 21:45 21,504 --a------ C:\WINDOWS\system32\aivskurq.dll
    2007-11-13 21:41 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
    2007-11-13 21:41 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-11-13 21:41 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
    2007-11-13 21:41 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-11-11 20:51 90,112 --a------ C:\WINDOWS\unvise32.exe
    2007-11-11 20:48 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL
    2007-11-11 20:48 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL
    2007-11-11 20:48 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
    2007-11-11 20:48 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL
    2007-11-11 20:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
    2007-11-11 20:47 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
    2007-10-26 15:56 <REP> d-------- C:\Program Files\MP3Gain
    2007-10-26 15:44 <REP> d-------- C:\Program Files\mp3DirectCut
    2007-10-24 19:49 <REP> d-------- C:\ConvertTemp
    2007-10-23 19:06 59,632 -ra------ C:\WINDOWS\system32\drivers\qcusbmdm.sys
    2007-10-22 20:25 <REP> d-------- C:\Documents and Settings\Jean pierre\Application Data\Samsung
    2007-10-22 20:05 <REP> d-------- C:\Program Files\Samsung

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-16 19:22 --------- d-----w C:\Documents and Settings\Jean pierre\Application Data\Skype
    2007-11-13 20:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-10 23:18 --------- d-----w C:\Documents and Settings\Jean pierre\Application Data\teamspeak2
    2007-10-24 18:25 --------- d-----w C:\Program Files\Java
    2007-10-10 17:28 --------- d-----w C:\Documents and Settings\Jose\Application Data\Skype
    2007-10-10 10:18 --------- d-----w C:\Program Files\Adverts
    2007-10-10 10:17 --------- d-----w C:\Program Files\Windows Live
    2007-10-10 10:17 --------- d-----w C:\Program Files\MSN Messenger
    2007-10-10 10:17 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-10-10 07:09 --------- d-----w C:\Program Files\Skype
    2007-10-10 07:09 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2007-10-10 07:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2007-10-09 18:13 --------- d-----w C:\Program Files\Hewlett-Packard
    2007-10-09 18:12 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
    2007-10-09 18:10 --------- d-----w C:\Program Files\HP
    2007-09-05 15:44 73,216 ----a-w C:\WINDOWS\cadkasdeinst01f.exe
    2007-08-31 12:18 360,580 -c--a-w C:\WINDOWS\eSellerateEngine.dll
    2007-04-16 21:00:27 90 --sh--w C:\WINDOWS\cnerolf.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ae24094d-41b3-45b2-9da0-fd23fbb58bd2}]
    2007-11-16 14:05 81984 --a------ C:\WINDOWS\system32\mjvfeiyy.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2003-05-30 08:42]
    "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 16:56 C:\WINDOWS\system32\CTHELPER.EXE]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
    "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 00:00]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 23:03]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 21:57]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 10:29]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 16:54]
    "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 17:32]
    "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 17:31]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-04-28 13:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12]
    "LaunchList"="C:\Program Files\Pinnacle\Studio 9\LaunchList.exe" []
    "Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
    "182eef0d"="C:\WINDOWS\system32\wsfxfmsp.dll" [2007-11-16 13:59]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 10:12]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwlw32]
    winwlw32.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkjk.dll

    R3 GcKernel;Pilote de filtre Microsoft SideWinder Value Add;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
    R3 HIDSwvd;Minipilote de périphérique Microsoft SideWinder HID virtuel;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
    R3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys
    R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys
    S3 MOSUMAC;MosChip USB-Ethernet Driver;C:\WINDOWS\system32\DRIVERS\MOSUMAC.SYS
    S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);C:\WINDOWS\system32\DRIVERS\qcusbmdm.sys
    S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
    S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
    S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-16 21:01:37
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-16 21:03:03 - machine was rebooted
    .
    --- E O F ---

    Merci
    JP
    0
  12. LFPO26 Messages postés 23 Date d'inscription   Statut Membre Dernière intervention   1
     
    Salut !

    J'ai remarqué que ce matin, après avoir effectuer cette manipulation hier soir, que Windows me dit qu'il manque ce fichier:

    C:\WINDOWS\system32\wsfxfmsp.dll .

    Que faire ?

    Merci
    JP
    0
  13. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    c'est normal pour le message d'erreur ! on fera le nettoyage à la fin !

    Télécharge SDFix sur ton bureau

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
    Redémarre ton ordinateur en mode sans échec
    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
    Appuie sur Y pour commencer le processus de nettoyage.
    Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    Appuie sur une touche pour redémarrer le PC.
    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

    ++
    0
  14. LFPO26 Messages postés 23 Date d'inscription   Statut Membre Dernière intervention   1
     
    Salut !

    Voici le rapport de SDFix:

    SDFix: Version 1.114

    Run by Jean pierre on 17/11/2007 at 21:20

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    No Trojan Files Found

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-17 21:26:14
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    C:\Documents and Settings\Jean pierre\Local Settings\Application Data\Microsoft\Messenger\lfpo26@hotmail.com\SharingMetadata\airluxor320@hotmail.com\DFSR\Staging\CS{460E0F4A-E5C1-E334-EE4F-CE6EEF1025F4}\01\11-{460E0F4A-E5C1-E334-EE4F-CE6EEF1025F4}-v1-{73F9FEF6-F07E-490C-96BD-D73DEE67B891}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
    C:\Documents and Settings\Jean pierre\Local Settings\Application Data\Microsoft\Messenger\lfpo26@hotmail.com\SharingMetadata\airluxor320@hotmail.com\DFSR\Staging\CS{460E0F4A-E5C1-E334-EE4F-CE6EEF1025F4}\32\32-{7A76E628-E47D-48F4-A50C-8D46BC996A3A}-v32-{7A76E628-E47D-48F4-A50C-8D46BC996A3A}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 557796 bytes hidden from API
    C:\Documents and Settings\Jean pierre\Local Settings\Application Data\Microsoft\Messenger\lfpo26@hotmail.com\SharingMetadata\airluxor320@hotmail.com\DFSR\Staging\CS{460E0F4A-E5C1-E334-EE4F-CE6EEF1025F4}\32\32-{7A76E628-E47D-48F4-A50C-8D46BC996A3A}-v32-{7A76E628-E47D-48F4-A50C-8D46BC996A3A}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 39486 bytes hidden from API
    C:\Documents and Settings\Jean pierre\Local Settings\Application Data\Microsoft\Messenger\lfpo26@hotmail.com\SharingMetadata\airluxor320@hotmail.com\DFSR\Staging\CS{460E0F4A-E5C1-E334-EE4F-CE6EEF1025F4}\32\32-{7A76E628-E47D-48F4-A50C-8D46BC996A3A}-v32-{7A76E628-E47D-48F4-A50C-8D46BC996A3A}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.3 2748 bytes hidden from API
    C:\Documents and Settings\Jean pierre\Local Settings\Application Data\Microsoft\Messenger\lfpo26@hotmail.com\SharingMetadata\airluxor320@hotmail.com\DFSR\Staging\CS{460E0F4A-E5C1-E334-EE4F-CE6EEF1025F4}\32\32-{7A76E628-E47D-48F4-A50C-8D46BC996A3A}-v32-{7A76E628-E47D-48F4-A50C-8D46BC996A3A}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 61840 bytes hidden from API
    C:\Documents and Settings\Jean pierre\Local Settings\Application Data\Microsoft\Messenger\lfpo26@hotmail.com\SharingMetadata\manuel.vignoni@virgilio.it\DFSR\Staging\CS{51080CD5-6669-7EB9-0FF2-3378F2F86584}\01\10-{51080CD5-6669-7EB9-0FF2-3378F2F86584}-v1-{73F9FEF6-F07E-490C-96BD-D73DEE67B891}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
    C:\Documents and Settings\Jean pierre\Local Settings\Application Data\Microsoft\Messenger\lfpo26@hotmail.com\SharingMetadata\mfabbian@adhoc.net\DFSR\Staging\CS{801AE4CF-E416-D20D-CBC5-D258A8BD9178}\01\13-{801AE4CF-E416-D20D-CBC5-D258A8BD9178}-v1-{73F9FEF6-F07E-490C-96BD-D73DEE67B891}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
    C:\Documents and Settings\Jean pierre\Local Settings\Application Data\Microsoft\Messenger\lfpo26@hotmail.com\SharingMetadata\mfabbian@adhoc.net\DFSR\Staging\CS{801AE4CF-E416-D20D-CBC5-D258A8BD9178}\12\12-{27B90C5D-9C34-4EB0-BFA4-2328F7FCD3BA}-v12-{27B90C5D-9C34-4EB0-BFA4-2328F7FCD3BA}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 952 bytes hidden from API

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 8

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Call"
    "F:\\Documents_JeanPierre\\Bearshare\\BearShare.exe"="F:\\Documents_JeanPierre\\Bearshare\\BearShare.exe:*:Enabled:BearShare"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:
    ---------------

    Files with Hidden Attributes:

    Sun 19 Mar 2006 262,144 A.SH. --- "C:\Program Files\MessengerDiscovery\SpellCHK.exe"
    Fri 20 Apr 2007 11,264 A..H. --- "C:\Program Files\MSN Messenger\VERSION.dll"
    Fri 20 Apr 2007 10,752 A..H. --- "C:\Program Files\MSN Messenger\WINHTTP.dll"
    Sat 7 Jul 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

    Finished!

    Voici le rapport de HiJack:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:30:26, on 17/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    F:\Documents_JeanPierre\Hijack\WGAPluginInstall.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe
    O4 - HKLM\..\Run: [182eef0d] rundll32.exe "C:\WINDOWS\system32\wsfxfmsp.dll",b
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winwlw32 - winwlw32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    Merci
    JP
    0
  15. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    ok, fais ce qui est indiqué ici stp :

    http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

    ++
    0
  16. LFPO26
     
    Salut !

    AVG n'a trouvé aucun problème donc je ne poste pas son rapport.

    Voici le rapport de BitDefender Online Scanner.

    Time

    01:19:33

    Files

    306939

    Folders

    7330

    Boot Sectors

    3

    Archives

    1714

    Packed Files

    10724

    Results

    Identified Viruses

    16

    Infected Files

    34

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    34

    Engines Info

    Virus Definitions

    878297

    Engine build

    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins

    14

    Archive plugins

    38

    Unpack plugins

    7

    E-mail plugins

    6

    System plugins

    1

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    C:\Program Files\BearShare\Installer\saveinstwm.exe=>(CAB Sfx r)=>VVSN.exe

    Infected with: Generic.Adw.SaveNow.89FD2E0C

    C:\Program Files\BearShare\Installer\saveinstwm.exe=>(CAB Sfx r)=>VVSN.exe

    Disinfection failed

    C:\Program Files\BearShare\Installer\saveinstwm.exe=>(CAB Sfx r)=>VVSN.exe

    Deleted

    C:\Program Files\BearShare\Installer\saveinstwm.exe=>(CAB Sfx r)

    Update failed

    C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir

    Infected with: Trojan.Rootkit.Agent.EQ

    C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir

    Disinfection failed

    C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir

    Deleted

    C:\qoobox\Quarantine\C\WINDOWS\system32\iilcwumy.exe.vir

    Infected with: Trojan.Fotomoto.F

    C:\qoobox\Quarantine\C\WINDOWS\system32\iilcwumy.exe.vir

    Disinfection failed

    C:\qoobox\Quarantine\C\WINDOWS\system32\iilcwumy.exe.vir

    Deleted

    C:\qoobox\Quarantine\C\WINDOWS\system32\jocpmwaw.dll.vir

    Infected with: Trojan.Downloader.Conhook.BI

    C:\qoobox\Quarantine\C\WINDOWS\system32\jocpmwaw.dll.vir

    Deleted

    C:\qoobox\Quarantine\C\WINDOWS\system32\kliyvmuq.dll.vir

    Infected with: Trojan.Downloader.Conhook.BI

    C:\qoobox\Quarantine\C\WINDOWS\system32\kliyvmuq.dll.vir

    Deleted

    C:\qoobox\Quarantine\C\WINDOWS\system32\mmcxnkcn.exe.vir

    Infected with: Trojan.Fotomoto.F

    C:\qoobox\Quarantine\C\WINDOWS\system32\mmcxnkcn.exe.vir

    Disinfection failed

    C:\qoobox\Quarantine\C\WINDOWS\system32\mmcxnkcn.exe.vir

    Deleted

    C:\qoobox\Quarantine\C\WINDOWS\system32\yiaelkqa.dll.vir

    Infected with: Trojan.Downloader.Conhook.BI

    C:\qoobox\Quarantine\C\WINDOWS\system32\yiaelkqa.dll.vir

    Deleted

    C:\qoobox\Quarantine\C\WINDOWS\system32\__c0073964.dat.vir

    Infected with: Trojan.Downloader.Conhook.BI

    C:\qoobox\Quarantine\C\WINDOWS\system32\__c0073964.dat.vir

    Deleted

    C:\qoobox\Quarantine\catchme2007-11-16_210105.73.zip=>__c001A4B5.dat

    Infected with: Trojan.Downloader.Conhook.BI

    C:\qoobox\Quarantine\catchme2007-11-16_210105.73.zip=>__c001A4B5.dat

    Deleted

    C:\qoobox\Quarantine\catchme2007-11-16_210105.73.zip

    Updated

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0071925.exe

    Infected with: Trojan.Agent.AFSZ

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0071925.exe

    Disinfection failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0071925.exe

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0071935.exe

    Infected with: Generic.Drop.Alpha.048A41F9

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0071935.exe

    Disinfection failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0071935.exe

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0071937.exe

    Infected with: Generic.Dld.Alpha.D002DF65

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0071937.exe

    Disinfection failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0071937.exe

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0072938.exe

    Infected with: Generic.Dld.Alpha.D002DF65

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0072938.exe

    Disinfection failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0072938.exe

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0072951.exe

    Infected with: Trojan.Generic.73901

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0072951.exe

    Disinfection failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0072951.exe

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074133.dll

    Infected with: Generic.Malware.dld!!.26D1FA9F

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074133.dll

    Disinfection failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074133.dll

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074137.dll

    Infected with: Generic.Otuboh.0B1FB7FF

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074137.dll

    Disinfection failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074137.dll

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074138.dll

    Infected with: Generic.Otuboh.0B1FB7FF

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074138.dll

    Disinfection failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074138.dll

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074358.exe

    Infected with: Trojan.Fotomoto.F

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074358.exe

    Disinfection failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074358.exe

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074365.dll

    Infected with: Generic.Otuboh.0B1FB7FF

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074365.dll

    Disinfection failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074365.dll

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074371.dll

    Infected with: Trojan.BHO.NYO

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074371.dll

    Disinfection failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074371.dll

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074449.dll

    Infected with: Generic.Otuboh.0B1FB7FF

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074449.dll

    Disinfection failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074449.dll

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074457.exe=>(NSIS o)=>lzma_solid_nsis0002

    Infected with: Trojan.Dropper.RGG

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074457.exe=>(NSIS o)=>lzma_solid_nsis0002

    Disinfection failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074457.exe=>(NSIS o)=>lzma_solid_nsis0002

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074457.exe=>(NSIS o)

    Update failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074459.exe

    Infected with: Trojan.Generic.74920

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074459.exe

    Disinfection failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074459.exe

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074461.dll

    Infected with: Trojan.Downloader.Conhook.BI

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074461.dll

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074463.exe

    Infected with: Trojan.Agent.AWJ

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074463.exe

    Disinfection failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074463.exe

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP181\A0074699.dll

    Infected with: Trojan.Downloader.Conhook.BI

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP181\A0074699.dll

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP181\A0074700.dll

    Infected with: Trojan.Downloader.Conhook.BI

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP181\A0074700.dll

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP181\A0074701.dll

    Infected with: Trojan.Downloader.Conhook.BI

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP181\A0074701.dll

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP181\A0074704.sys

    Infected with: Trojan.Rootkit.Agent.EQ

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP181\A0074704.sys

    Disinfection failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP181\A0074704.sys

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP182\A0074826.exe

    Infected with: Trojan.Fotomoto.F

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP182\A0074826.exe

    Disinfection failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP182\A0074826.exe

    Deleted

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP182\A0074828.exe

    Infected with: Trojan.Fotomoto.F

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP182\A0074828.exe

    Disinfection failed

    C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP182\A0074828.exe

    Deleted

    F:\Documents_JeanPierre\Bearshare\Installer\saveinstwm.exe=>(CAB Sfx r)=>VVSN.exe

    Infected with: Generic.Adw.SaveNow.89FD2E0C

    F:\Documents_JeanPierre\Bearshare\Installer\saveinstwm.exe=>(CAB Sfx r)=>VVSN.exe

    Disinfection failed

    F:\Documents_JeanPierre\Bearshare\Installer\saveinstwm.exe=>(CAB Sfx r)=>VVSN.exe

    Deleted

    F:\Documents_JeanPierre\Bearshare\Installer\saveinstwm.exe=>(CAB Sfx r)

    Update failed

    F:\Documents_JeanPierre\Hijack\backups\backup-20071114-201155-112.dll

    Infected with: Generic.Otuboh.0B1FB7FF

    F:\Documents_JeanPierre\Hijack\backups\backup-20071114-201155-112.dll

    Disinfection failed

    F:\Documents_JeanPierre\Hijack\backups\backup-20071114-201155-112.dll

    Deleted

    F:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP184\A0075406.dll

    Infected with: Generic.Otuboh.0B1FB7FF

    F:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP184\A0075406.dll

    Disinfection failed

    F:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP184\A0075406.dll

    Deleted

    Voici le rapport de HiJack:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:43:58, on 19/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Winamp\winamp.exe
    C:\WINDOWS\system32\rsvp.exe
    C:\WINDOWS\system32\notepad.exe
    F:\Documents_JeanPierre\Hijack\WGAPluginInstall.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winwlw32 - winwlw32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    Merci
    JP
    0
  17. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    ok, vu où en sont tes soucis ??

    ++
    0
  18. LFPO26
     
    Salut !

    On dirait que ça va mieux pour l'instant.

    Merci Beaucoup de ton aide très très très précieuse, Merci !

    Merci
    JP
    0
  19. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    resalut

    ok, une dernière vérif : poste un nouveau combo stp !

    ++
    0