Mon ordi est infecté...

Résolu
Blade84 -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,
mon ordi semble infecté par plusieurs virus
voici mon rapport de HiJackThis:
merci pour votre aide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41:03, on 2007-11-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {23f57559-b236-f0aa-78a4-d1cf26209ca0} - {0ac90262-fc1d-4a87-aa0f-632b95575f32} - C:\WINDOWS\system32\jkwfopof.dll
O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Ofncpmqr\ncmgcqjn.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Her - {971D5B7B-F7DF-43ee-B771-6B7FA09975C3} - C:\WINDOWS\system32\sipov.dll (file missing)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27} - C:\WINDOWS\system32\vtutu.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: ssqoppm - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9747 bytes
Configuration: Windows XP
Internet Explorer 6.0

En référence à cette discussion

13 réponses

  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    suis les étapes

    relance hijack et coche ceci
    ensuite clic sur fix checked
    O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
    O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    ----------------------------------------------------------------------------------------------
    ensuite
    Télécharge sur le Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    => Double-clic VundoFix.exe.
    => Clic OK
    => Attendre le redemarrage de Vundofix
    => Clic Scan for Vundo
    => Le scan est assez long , à la fin
    => Clic Remove Vundo
    => Puis yes
    => Le Bureau disparaît un moment lors de la suppression des fichiers.
    => Message shutdown
    => clic OK
    => Redémarrage auto
    => copier le rapport qui est dans C:vundofix.txt

    -------------------------------------------------------------------------------------------------
    ensuite
    Télécharge sur le bureau
    http://sosvirus.changelog.fr/MSNFix.zip
    = Clic-Droit sur MSNFix.zip
    = Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
    = Double-Clic sur le dossier MSNfix qui vient de se créer
    = Double-Clic MSNfix ==> Symbole roue dentée
    = Choisir R
    = Choisir ensuite N ( si infection)
    = Enregistre le rapport
    redémarre le PC et relancer MSN tu sauras ainsi si tout est supprimé
    -----------------------------------------------------------------------------------------------
    poste tes rapports et refais un nouveau hijack une fois que tu auras suivis la procédure
    @+
    0
    1. Blade84
       
      Bonjour,

      D'abord, merci beaucoup pour votre aide.

      J'ai fait les trois étapes que vous m'avez proposé.
      Vondofix n'a rien trouvé, sûrement parce que je l'avais déjà fait le scan précédemment en suivant les indications donner à un autre utilisateur dans ce furum qui semblait avoir un problème semblable. Dois-je te donner quand même le rapport que j'avais fait l'autre jour ???
      MSNfix n'a rien trouvé aussi.
      Un problème est encore là, lorsque je fais une recherche sur google, la recherche ne se rend pas à la page qu'elle se devrait, elle se rend plutôt sur une page publicitaire. Ensuite, d'autres pages pub (ebay ou autres) apparaissent et/ou des pages vierges ayant pour adresse des chiffres. Cependant, il n'y pas qu'avec google que ça fait ça.
      Donc, voici le rapport de hijackthis en premier et msnfix en deuxième.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:14:06, on 2007-11-23
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\internet explorer\iexplore.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: {23f57559-b236-f0aa-78a4-d1cf26209ca0} - {0ac90262-fc1d-4a87-aa0f-632b95575f32} - C:\WINDOWS\system32\jkwfopof.dll
      O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Ofncpmqr\ncmgcqjn.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O2 - BHO: Her - {971D5B7B-F7DF-43ee-B771-6B7FA09975C3} - C:\WINDOWS\system32\sipov.dll (file missing)
      O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll (file missing)
      O2 - BHO: (no name) - {CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27} - C:\WINDOWS\system32\vtutu.dll (file missing)
      O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll
      O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
      O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
      O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
      O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
      O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O20 - Winlogon Notify: ssqoppm - C:\WINDOWS\
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      0
  2. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour,

    Télécharger sur le bureau
    [url=http://downloads.andymanchesta.com/RemovalTools/SDFix.exe]SDFix[/url]
    = Double-clic SDFix.
    = Clic Install

    =ensuite redémarre en mode sans échec

    =Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes. Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel

    ------
    = Double-clic SDFix.
    = Clic Install
    = Double-clic sur le nouveau dossier SDFix qui est dans C:\
    = Double-clic RunThis.cmd
    = Presser Y
    = A l’invitation ==> appuyer sur une touche pour redémarrer
    = Redémarrage ( qui sera plus long ,car nettoyage en cours )
    Continuer si un message d’erreurs apparaît ,dans ce cas aller directement au rapport dans SDfix
    = apparition de Finished
    = Appuyer sur une touche
    = Dans SDFix , un rapport Report.ge]Redémarrer en mode Sans Échec[/rouge] (le démarrage peut prendre plusieurs minutes)
    --------------------------------------------------------------
    ensuite
    Télécharge:
    http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware
    = Installer
    = Le lancer
    = Clic : Mise à jour
    ------
    = Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------
    = Dans ANALYSE ( en forme de loupe )
    ==> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
    ==> Clic : Analyse complète du système
    En fin de scan ( qui est assez long)
    ==> Clic Appliquer toutes les actions <== ceci Très important
    ==> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
    -------
    En mode normal
    colle le rapport
    @+
    0
    1. Blade84
       
      Voici les deux rapports en commençant par SDFix et ensuite celui de AVG anti-spyware
      merci encore
      Blade84


      SDFix: Version 1.115

      Run by Blaise on 2007-11-24 at 10:57

      Microsoft Windows XP [version 5.1.2600]

      Running From: C:\SDFix

      Safe Mode:
      Checking Services:


      Restoring Windows Registry Values
      Restoring Windows Default Hosts File

      Rebooting...


      Normal Mode:
      Checking Files:

      Trojan Files Found:

      C:\134843~1 - Deleted
      C:\Program Files\E404 Helper\e404.v1.dll - Deleted
      C:\res.txt - Deleted
      C:\WINDOWS\system32\adult.txt - Deleted
      C:\WINDOWS\system32\finance.txt - Deleted
      C:\WINDOWS\system32\lt.res - Deleted
      C:\WINDOWS\system32\other.txt - Deleted
      C:\WINDOWS\system32\pharma.txt - Deleted
      C:\WINDOWS\system32\sft.res - Deleted



      Folder C:\Program Files\E404 Helper - Removed

      Removing Temp Files...

      ADS Check:

      C:\WINDOWS
      No streams found.

      C:\WINDOWS\system32
      No streams found.

      C:\WINDOWS\system32\svchost.exe
      No streams found.

      C:\WINDOWS\system32\ntoskrnl.exe
      No streams found.



      Final Check:

      catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-11-24 11:03:02
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden services & system hive ...

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
      "s0"=dword:dcb04352
      "s1"=dword:d5208bea
      "s2"=dword:8de5f01d
      "h0"=dword:00000001

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
      "p0"="D:\Downloads\Daemon Tools 4.00\DAEMON Tools\"
      "h0"=dword:00000000
      "khjeh"=hex:21,21,9f,73,2b,c0,54,9c,ab,8b,bb,79,06,02,97,e2,aa,81,49,2f,d8,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
      "a0"=hex:20,01,00,00,4b,45,71,b8,b0,87,50,48,d7,6a,92,ae,8d,bd,cb,91,5d,..
      "khjeh"=hex:b2,30,eb,0b,fe,21,74,8c,37,ac,3a,81,ae,4f,ac,88,94,8c,fb,aa,eb,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
      "khjeh"=hex:5c,80,0a,08,30,e5,43,a4,5b,e9,21,26,21,d6,12,68,30,38,c4,26,80,..
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
      "p0"="D:\Downloads\Daemon Tools 4.00\DAEMON Tools\"
      "h0"=dword:00000000
      "khjeh"=hex:21,21,9f,73,2b,c0,54,9c,ab,8b,bb,79,06,02,97,e2,aa,81,49,2f,d8,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
      "a0"=hex:20,01,00,00,4b,45,71,b8,b0,87,50,48,d7,6a,92,ae,8d,bd,cb,91,5d,..
      "khjeh"=hex:b2,30,eb,0b,fe,21,74,8c,37,ac,3a,81,ae,4f,ac,88,94,8c,fb,aa,eb,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
      "khjeh"=hex:5c,80,0a,08,30,e5,43,a4,5b,e9,21,26,21,d6,12,68,30,38,c4,26,80,..

      scanning hidden registry entries ...

      scanning hidden files ...

      C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\jajaja_jan@hotmail.com\SharingMetadata\mariecote9@hotmail.com\DFSR\Staging\CS{E4A61C40-F45F-7380-4E10-470CB6BD710A}\01\11-{E4A61C40-F45F-7380-4E10-470CB6BD710A}-v1-{C507C0CC-B754-4788-8990-D8AB845D146F}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
      C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\jajaja_jan@hotmail.com\SharingMetadata\mariecote9@hotmail.com\DFSR\Staging\CS{E4A61C40-F45F-7380-4E10-470CB6BD710A}\17\19-{58D85A18-E875-4C2A-9661-70A3815B5373}-v17-{58D85A18-E875-4C2A-9661-70A3815B5373}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 720 bytes hidden from API
      C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\amnezik17@hotmail.com\DFSR\Staging\CS{AD25E6F1-E9BB-F3EE-76BB-E699F6ED7199}\01\14-{AD25E6F1-E9BB-F3EE-76BB-E699F6ED7199}-v1-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
      C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\amnezik17@hotmail.com\DFSR\Staging\CS{AD25E6F1-E9BB-F3EE-76BB-E699F6ED7199}\22\23-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v22-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 750 bytes hidden from API
      C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\amnezik17@hotmail.com\DFSR\Staging\CS{AD25E6F1-E9BB-F3EE-76BB-E699F6ED7199}\22\23-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v22-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 88 bytes hidden from API
      C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\cath_pf@hotmail.com\DFSR\Staging\CS{EED4CE83-4995-DAF0-E927-D71D41498D7A}\01\10-{EED4CE83-4995-DAF0-E927-D71D41498D7A}-v1-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
      C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\cath_pf@hotmail.com\DFSR\Staging\CS{EED4CE83-4995-DAF0-E927-D71D41498D7A}\11\11-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v11-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 66396 bytes hidden from API
      C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\cath_pf@hotmail.com\DFSR\Staging\CS{EED4CE83-4995-DAF0-E927-D71D41498D7A}\11\11-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v11-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 4728 bytes hidden from API
      C:\Documents and Settings\Blaise\Local Settings\Application Data\Microsoft\Messenger\zebue8@hotmail.com\SharingMetadata\cath_pf@hotmail.com\DFSR\Staging\CS{EED4CE83-4995-DAF0-E927-D71D41498D7A}\11\11-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v11-{041FA8FA-B97A-4122-8973-25DF5D6A7F78}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 7432 bytes hidden from API

      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 9


      Remaining Services:
      ------------------



      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

      Remaining Files:
      ---------------

      File Backups: - C:\SDFix\backups\backups.zip

      Files with Hidden Attributes:

      Fri 9 Jan 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
      Thu 2 Nov 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
      Fri 8 Dec 2006 46,080 ...H. --- "C:\Documents and Settings\Blaise\Bureau\~WRL3664.tmp"
      Sun 4 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv02.tmp"
      Thu 22 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT3.tmp"
      Thu 21 Sep 2006 8 A..H. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

      Finished!

      -----------------------------------------------------------------------------------------------------------------------------------------------

      ---------------------------------------------------------
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 12:32:45 2007-11-24

      + Résultat de l'analyse:



      C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP18\A0010731.exe -> Adware.IconAds : Nettoyé.
      C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP19\A0010756.exe -> Adware.IconAds : Nettoyé.
      C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP20\A0010771.exe -> Adware.IconAds : Nettoyé.
      C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP20\A0010784.exe -> Adware.IconAds : Nettoyé.
      C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP20\A0011785.exe -> Adware.IconAds : Nettoyé.
      C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP20\A0011825.exe -> Adware.IconAds : Nettoyé.
      C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP22\A0011908.exe -> Adware.IconAds : Nettoyé.
      C:\System Volume Information\_restore{A785DE16-1A7C-4557-98AC-512F4B4CEFF7}\RP23\A0012053.exe -> Adware.IconAds : Nettoyé.
      C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\index.dat -> Adware.WinAntiVirus : Nettoyé.
      C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\phigh.bin -> Adware.WinAntiVirus : Nettoyé.
      C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\pmedium.bin -> Adware.WinAntiVirus : Nettoyé.
      C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\prc.dat -> Adware.WinAntiVirus : Nettoyé.
      C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\ps.dat -> Adware.WinAntiVirus : Nettoyé.
      C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\st.dat -> Adware.WinAntiVirus : Nettoyé.
      C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\up.dat -> Adware.WinAntiVirus : Nettoyé.
      C:\Documents and Settings\Zoé\Local Settings\Temp\temp.frB0AF\worldmap.swf -> Adware.WinAntiVirus : Nettoyé.
      C:\System Volume Information\_restore{F75543A6-0FC9-476C-B3BD-E7337603418C}\RP380\A0071481.exe -> Downloader.Adload.ni : Nettoyé.
      C:\qoobox\Quarantine\C\Program Files\WinAble\winable.exe.vir -> Downloader.Adload.ni : Nettoyé.
      C:\System Volume Information\_restore{F75543A6-0FC9-476C-B3BD-E7337603418C}\RP380\A0071477.exe -> Downloader.Agent.erf : Nettoyé.
      C:\qoobox\Quarantine\C\WINDOWS\b122.exe.vir -> Downloader.Agent.erf : Nettoyé.
      C:\System Volume Information\_restore{F75543A6-0FC9-476C-B3BD-E7337603418C}\RP380\A0072536.dll -> Downloader.VB.bpt : Nettoyé.
      C:\System Volume Information\_restore{F75543A6-0FC9-476C-B3BD-E7337603418C}\RP380\A0072459.sys -> Rootkit.Agent.kb : Nettoyé.
      C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\Xne26.sys.vir -> Rootkit.Agent.kb : Nettoyé.
      C:\qoobox\Quarantine\catchme2007-11-22_180807.45.zip/symavc32.sys -> Rootkit.Agent.kb : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@nhl.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@shopping.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@rotator.dex.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@thunderbolt.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@findwhat[1].txt -> TrackingCookie.Findwhat : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
      C:\Documents and Settings\Blaise\Cookies\blaise@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
      C:\System Volume Information\_restore{F75543A6-0FC9-476C-B3BD-E7337603418C}\RP380\A0071480.exe -> Trojan.Agent.crf : Nettoyé.
      C:\qoobox\Quarantine\C\Program Files\Temporary\wininstall.exe.vir -> Trojan.Agent.crf : Nettoyé.


      Fin du rapport
      0
  3. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    bien on avance
    refais hijack stp
    0
    1. Blade84
       
      voilà:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:47:51, on 2007-11-24
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: {23f57559-b236-f0aa-78a4-d1cf26209ca0} - {0ac90262-fc1d-4a87-aa0f-632b95575f32} - C:\WINDOWS\system32\jkwfopof.dll
      O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Ofncpmqr\ncmgcqjn.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O2 - BHO: (no name) - {CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27} - C:\WINDOWS\system32\vtutu.dll (file missing)
      O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
      O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
      O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
      O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
      O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O20 - Winlogon Notify: ssqoppm - C:\WINDOWS\
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      0
  4. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    tu ma dit que vundofix
    n'a rien trouvé

    donc fait ceci
    Télécharge Combofix sUBs : http://www.pc-xpress.ca/download/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix,
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    @+
    0
    1. Blade84
       
      Le premier coup que j'avais activé vundofix, il avait trouvé quelque chose et j'avais fait "remove vundo" Mais après avoir suivi tes consignes je l'ai refait et cette fois, il n'avait rien trouvé.

      voici donc le rapport de Combofix:

      ComboFix 07-08-09.3 - "Blaise" 2007-11-24 15:07:33.3 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.151 [GMT -5:00]


      ((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 )))))))))))))))))))))))))))))))


      2007-11-24 10:56 <REP> d-------- C:\WINDOWS\ERUNT
      2007-11-23 18:15 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
      2007-11-22 20:35 <REP> d-------- C:\Program Files\CCleaner
      2007-11-22 20:19 <REP> d-------- C:\Program Files\Trend Micro
      2007-11-22 17:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2007-11-22 16:25 <REP> d-------- C:\VundoFix Backups
      2007-11-22 16:12 85,056 --a------ C:\WINDOWS\system32\lhmeetkp.dll
      2007-11-22 16:06 79,936 --a------ C:\WINDOWS\system32\jkwfopof.dll
      2007-11-22 16:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2007-11-22 13:52 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
      2007-11-22 13:52 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
      2007-11-22 13:52 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
      2007-11-22 13:52 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
      2007-11-22 13:52 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
      2007-11-22 13:52 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
      2007-11-22 13:52 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
      2007-11-22 13:52 <REP> d-------- C:\Program Files\Alwil Software
      2007-11-16 13:44 <REP> d-------- C:\Program Files\EA Sports
      2007-11-15 11:58 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab Setup Files
      2007-10-27 21:11 <REP> d-------- C:\Program Files\Lavasoft
      2007-10-27 21:11 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
      2007-10-27 21:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2007-10-27 18:16 <REP> d-------- C:\WINDOWS\system32\lidkfqkv
      2007-10-27 18:16 <REP> d-------- C:\Program Files\ohsrkryf
      2007-10-27 18:16 <REP> d-------- C:\Program Files\Ofncpmqr
      2007-10-27 18:10 4 --a------ C:\WINDOWS\system32\stfv.bin
      2007-10-27 18:09 26,624 --a------ C:\WINDOWS\system32\ace16win.dll
      2007-10-27 18:09 <REP> d-------- C:\WINDOWS\system32\acespy
      2007-10-27 17:59 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin


      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

      2007-11-15 12:09 --------- d-------- C:\Program Files\Norton AntiVirus
      2007-11-15 12:09 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
      2007-11-15 12:07 --------- d-------- C:\Program Files\Symantec
      2007-11-06 19:25 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\Roxio
      2007-11-05 16:41 64732 --a------ C:\WINDOWS\system32\perfc00C.dat
      2007-11-05 16:41 448190 --a------ C:\WINDOWS\system32\perfh00C.dat
      2007-10-27 14:29 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\uTorrent
      2007-10-25 11:56 8510976 --a--c--- C:\WINDOWS\system32\dllcache\shell32.dll
      2007-10-12 09:43 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\OpenOffice.org2
      2007-10-10 07:37 0 --a------ C:\WINDOWS\nsreg.dat
      2007-09-28 09:45 --------- d-------- C:\Program Files\iTunes
      2007-09-28 09:45 --------- d-------- C:\Program Files\iPod
      2007-09-28 09:36 --------- d-------- C:\Program Files\Apple Software Update
      2007-09-16 19:09 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll


      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


      *Note* empty entries & legit default entries are not shown

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ac90262-fc1d-4a87-aa0f-632b95575f32}]
      2007-11-22 16:06 79936 --a------ C:\WINDOWS\system32\jkwfopof.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
      2007-10-27 18:16 94208 --a------ C:\Program Files\Ofncpmqr\ncmgcqjn.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27}]
      C:\WINDOWS\system32\vtutu.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "DAEMON Tools"="D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" [2005-11-08 17:00]
      "SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
      "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
      "RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-01-13 13:05]
      "RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 10:19]
      "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 09:21]
      "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
      "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 11:20]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
      "505f8344"="C:\WINDOWS\system32\lhmeetkp.dll" [2007-11-22 16:12]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
      "Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2003-09-20 12:48]

      C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
      D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
      Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoppm]

      R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
      R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
      R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
      R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
      S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
      S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
      S3 usbvideo;Périphérique vidéo USB (WDM);C:\WINDOWS\system32\Drivers\usbvideo.sys
      S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys


      **************************************************************************

      catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-11-24 15:09:51
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden registry entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************

      Completion time: 2007-11-24 15:11:12
      C:\ComboFix-quarantined-files.txt ... 2007-11-24 15:10
      C:\ComboFix2.txt ... 2007-11-22 20:13
      C:\ComboFix3.txt ... 2007-11-22 18:11

      --- E O F ---
      MERCI
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    sélectionne ceci

    File::

    C:\WINDOWS\system32\lhmeetkp.dll
    C:\WINDOWS\system32\jkwfopof.dll
    C:\WINDOWS\system32\lidkfqkv
    C:\Program Files\Ofncpmqr
    C:\WINDOWS\system32\dpqaqlqx.bin


    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ensuite refais un hijack
    0
    1. Blade84
       
      J'espère avoir fait la bonne manoeuvre.
      Voici donc dans un premier temps le scan de ComboFix et celui de HiJack ensuite.


      ComboFix 07-08-09.3 - "Blaise" 2007-11-24 17:27:11.4 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.177 [GMT -5:00]
      Command switches used :: C:\Documents and Settings\Blaise\Bureau\CFScript.txt
      * Created a new restore point


      ((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 )))))))))))))))))))))))))))))))


      2007-11-24 10:56 <REP> d-------- C:\WINDOWS\ERUNT
      2007-11-23 18:15 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
      2007-11-22 20:35 <REP> d-------- C:\Program Files\CCleaner
      2007-11-22 20:19 <REP> d-------- C:\Program Files\Trend Micro
      2007-11-22 17:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2007-11-22 16:25 <REP> d-------- C:\VundoFix Backups
      2007-11-22 16:12 85,056 --a------ C:\WINDOWS\system32\lhmeetkp.dll
      2007-11-22 16:06 79,936 --a------ C:\WINDOWS\system32\jkwfopof.dll
      2007-11-22 16:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2007-11-22 13:52 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
      2007-11-22 13:52 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
      2007-11-22 13:52 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
      2007-11-22 13:52 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
      2007-11-22 13:52 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
      2007-11-22 13:52 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
      2007-11-22 13:52 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
      2007-11-22 13:52 <REP> d-------- C:\Program Files\Alwil Software
      2007-11-16 13:44 <REP> d-------- C:\Program Files\EA Sports
      2007-11-15 11:58 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab Setup Files
      2007-10-27 21:11 <REP> d-------- C:\Program Files\Lavasoft
      2007-10-27 21:11 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
      2007-10-27 21:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2007-10-27 18:16 <REP> d-------- C:\WINDOWS\system32\lidkfqkv
      2007-10-27 18:16 <REP> d-------- C:\Program Files\ohsrkryf
      2007-10-27 18:16 <REP> d-------- C:\Program Files\Ofncpmqr
      2007-10-27 18:10 4 --a------ C:\WINDOWS\system32\stfv.bin
      2007-10-27 18:09 26,624 --a------ C:\WINDOWS\system32\ace16win.dll
      2007-10-27 18:09 <REP> d-------- C:\WINDOWS\system32\acespy
      2007-10-27 17:59 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin


      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

      2007-11-15 12:09 --------- d-------- C:\Program Files\Norton AntiVirus
      2007-11-15 12:09 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
      2007-11-15 12:07 --------- d-------- C:\Program Files\Symantec
      2007-11-06 19:25 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\Roxio
      2007-11-05 16:41 64732 --a------ C:\WINDOWS\system32\perfc00C.dat
      2007-11-05 16:41 448190 --a------ C:\WINDOWS\system32\perfh00C.dat
      2007-10-27 14:29 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\uTorrent
      2007-10-25 11:56 8510976 --a--c--- C:\WINDOWS\system32\dllcache\shell32.dll
      2007-10-12 09:43 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\OpenOffice.org2
      2007-10-10 07:37 0 --a------ C:\WINDOWS\nsreg.dat
      2007-09-28 09:45 --------- d-------- C:\Program Files\iTunes
      2007-09-28 09:45 --------- d-------- C:\Program Files\iPod
      2007-09-28 09:36 --------- d-------- C:\Program Files\Apple Software Update
      2007-09-16 19:09 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll


      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


      *Note* empty entries & legit default entries are not shown

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ac90262-fc1d-4a87-aa0f-632b95575f32}]
      2007-11-22 16:06 79936 --a------ C:\WINDOWS\system32\jkwfopof.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
      2007-10-27 18:16 94208 --a------ C:\Program Files\Ofncpmqr\ncmgcqjn.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27}]
      C:\WINDOWS\system32\vtutu.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "DAEMON Tools"="D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" [2005-11-08 17:00]
      "SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
      "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
      "RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-01-13 13:05]
      "RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 10:19]
      "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 09:21]
      "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
      "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 11:20]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
      "505f8344"="C:\WINDOWS\system32\lhmeetkp.dll" [2007-11-22 16:12]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
      "Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2003-09-20 12:48]

      C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
      D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
      Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoppm]

      R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
      R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
      R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
      R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
      S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
      S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
      S3 usbvideo;Périphérique vidéo USB (WDM);C:\WINDOWS\system32\Drivers\usbvideo.sys
      S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys


      **************************************************************************




      catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-11-24 17:29:13
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden registry entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************

      Completion time: 2007-11-24 17:30:36
      C:\ComboFix-quarantined-files.txt ... 2007-11-24 17:30
      C:\ComboFix2.txt ... 2007-11-24 15:11
      C:\ComboFix3.txt ... 2007-11-22 20:13

      --- E O F ---



      _____________________________________________________________________________

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:34:45, on 2007-11-24
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: {23f57559-b236-f0aa-78a4-d1cf26209ca0} - {0ac90262-fc1d-4a87-aa0f-632b95575f32} - C:\WINDOWS\system32\jkwfopof.dll
      O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Ofncpmqr\ncmgcqjn.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O2 - BHO: (no name) - {CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27} - C:\WINDOWS\system32\vtutu.dll (file missing)
      O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
      O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
      O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
      O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
      O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://iaccess.lgs.com/lgs_qc/dwa7W.cab
      O20 - Winlogon Notify: ssqoppm - C:\WINDOWS\
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      0
  7. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    on va essaye avec ceci
    Télécharger sur le bureau

    [url= http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe] OTMoveIt.exe[/url]
    = Copier ce texte en gras

    C:\WINDOWS\system32\lhmeetkp.dll
    C:\WINDOWS\system32\jkwfopof.dll
    C:\WINDOWS\system32\lidkfqkv
    C:\Program Files\Ofncpmqr
    C:\WINDOWS\system32\dpqaqlqx.bin

    = Double-clic sur OTMoveIt.exe
    = Dans le cadre de Gauche ==> clic-droit ==> coller
    = Clic MoveIt!
    = si redémarrage demandé==> Clic : YES
    = Un rapport dans ==> C:_\OTMoveItMovedFilesdate du jour à copier/coller dans la réponse + refaire un nouveau scan de clean en option 1 + nouveau rapport hijackthis.
    @+
    0
    1. Blade84
       
      Voici le rapport de OTMoveIt. Cependant, je ne comprenais pas cette consigne: "refaire un nouveau scan de clean en option 1" ???
      Voici aussi le rapport hijackthis par la suite


      DllUnregisterServer procedure not found in C:\WINDOWS\system32\lhmeetkp.dll
      C:\WINDOWS\system32\lhmeetkp.dll NOT unregistered.
      C:\WINDOWS\system32\lhmeetkp.dll moved successfully.
      DllUnregisterServer procedure not found in C:\WINDOWS\system32\jkwfopof.dll
      C:\WINDOWS\system32\jkwfopof.dll NOT unregistered.
      C:\WINDOWS\system32\jkwfopof.dll moved successfully.
      C:\WINDOWS\system32\lidkfqkv moved successfully.
      C:\Program Files\Ofncpmqr moved successfully.
      C:\WINDOWS\system32\dpqaqlqx.bin moved successfully.

      Created on 11-25-2007 12:48:36

      -----------------------------------------------------------------------------------------------------------------------------------------------------------------
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:57:39, on 2007-11-25
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\internet explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: {23f57559-b236-f0aa-78a4-d1cf26209ca0} - {0ac90262-fc1d-4a87-aa0f-632b95575f32} - C:\WINDOWS\system32\jkwfopof.dll (file missing)
      O2 - BHO: (no name) - {0DFCFB5E-3974-3338-8F09-0B2552E546A8} - C:\Program Files\Ofncpmqr\ncmgcqjn.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O2 - BHO: (no name) - {CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27} - C:\WINDOWS\system32\vtutu.dll (file missing)
      O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
      O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
      O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
      O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
      O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://iaccess.lgs.com/lgs_qc/dwa7W.cab
      O20 - Winlogon Notify: ssqoppm - C:\WINDOWS\
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      0
  8. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    toujours présent

    il faut refaire la manip avec combofix sur le poste 9
    regarde ici pour voir comment on procède
    pour Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/probleme-virus-garde-sujet_34246_2.htm
    @+
    0
    1. Blade84
       
      voici le rapport de ComboFix avec le fichier CFScript:
      merci

      ComboFix 07-08-09.3 - "Blaise" 2007-11-25 16:47:23.5 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.200 [GMT -5:00]
      Command switches used :: C:\Documents and Settings\Blaise\Bureau\CFScript.txt
      * Created a new restore point


      ((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))


      2007-11-24 10:56 <REP> d-------- C:\WINDOWS\ERUNT
      2007-11-23 18:15 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
      2007-11-22 20:35 <REP> d-------- C:\Program Files\CCleaner
      2007-11-22 20:19 <REP> d-------- C:\Program Files\Trend Micro
      2007-11-22 17:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2007-11-22 16:25 <REP> d-------- C:\VundoFix Backups
      2007-11-22 16:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2007-11-22 13:52 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
      2007-11-22 13:52 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
      2007-11-22 13:52 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
      2007-11-22 13:52 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
      2007-11-22 13:52 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
      2007-11-22 13:52 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
      2007-11-22 13:52 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
      2007-11-22 13:52 <REP> d-------- C:\Program Files\Alwil Software
      2007-11-16 13:44 <REP> d-------- C:\Program Files\EA Sports
      2007-11-15 11:58 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab Setup Files
      2007-10-27 21:11 <REP> d-------- C:\Program Files\Lavasoft
      2007-10-27 21:11 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
      2007-10-27 21:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2007-10-27 18:16 <REP> d-------- C:\Program Files\ohsrkryf
      2007-10-27 18:10 4 --a------ C:\WINDOWS\system32\stfv.bin
      2007-10-27 18:09 26,624 --a------ C:\WINDOWS\system32\ace16win.dll
      2007-10-27 18:09 <REP> d-------- C:\WINDOWS\system32\acespy


      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

      2007-11-15 12:09 --------- d-------- C:\Program Files\Norton AntiVirus
      2007-11-15 12:09 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
      2007-11-15 12:07 --------- d-------- C:\Program Files\Symantec
      2007-11-06 19:25 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\Roxio
      2007-11-05 16:41 64732 --a------ C:\WINDOWS\system32\perfc00C.dat
      2007-11-05 16:41 448190 --a------ C:\WINDOWS\system32\perfh00C.dat
      2007-10-27 14:29 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\uTorrent
      2007-10-25 11:56 8510976 --a--c--- C:\WINDOWS\system32\dllcache\shell32.dll
      2007-10-12 09:43 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\OpenOffice.org2
      2007-10-10 07:37 0 --a------ C:\WINDOWS\nsreg.dat
      2007-09-28 09:45 --------- d-------- C:\Program Files\iTunes
      2007-09-28 09:45 --------- d-------- C:\Program Files\iPod
      2007-09-28 09:36 --------- d-------- C:\Program Files\Apple Software Update
      2007-09-16 19:09 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll


      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


      *Note* empty entries & legit default entries are not shown

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ac90262-fc1d-4a87-aa0f-632b95575f32}]
      C:\WINDOWS\system32\jkwfopof.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
      C:\Program Files\Ofncpmqr\ncmgcqjn.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27}]
      C:\WINDOWS\system32\vtutu.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "DAEMON Tools"="D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" [2005-11-08 17:00]
      "SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
      "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
      "RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-01-13 13:05]
      "RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 10:19]
      "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 09:21]
      "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
      "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 11:20]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
      "505f8344"="C:\WINDOWS\system32\lhmeetkp.dll" []

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
      "Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2003-09-20 12:48]

      C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
      D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
      Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoppm]

      R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
      R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
      R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
      R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
      S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
      S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
      S3 usbvideo;Périphérique vidéo USB (WDM);C:\WINDOWS\system32\Drivers\usbvideo.sys
      S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys


      **************************************************************************

      catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-11-25 16:49:24
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden registry entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************

      Completion time: 2007-11-25 16:50:46
      C:\ComboFix-quarantined-files.txt ... 2007-11-25 16:50
      C:\ComboFix2.txt ... 2007-11-24 17:30
      C:\ComboFix3.txt ... 2007-11-24 15:11

      --- E O F ---
      0
  9. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Refais la même manip avec combofix sauf que cette fois ci
    tu copies en gras ces lignes

    File::
    C:\WINDOWS\system32\lhmeetkp.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ac90262-fc1d-4a87-aa0f-632b95575f32}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DFCFB5E-3974-3338-8F09-0B2552E546A8}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFAC4C62-8D70-4D07-BC7F-6967C7EB6A27}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "505f8344"="-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoppm]
    0
    1. Blade84
       
      C'est fait !

      ComboFix 07-08-09.3 - "Blaise" 2007-11-25 17:33:41.6 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.178 [GMT -5:00]
      Command switches used :: C:\Documents and Settings\Blaise\Bureau\CFScript.txt
      * Created a new restore point

      FILE::
      C:\WINDOWS\system32\lhmeetkp.dll


      ((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))


      2007-11-24 10:56 <REP> d-------- C:\WINDOWS\ERUNT
      2007-11-23 18:15 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
      2007-11-22 20:35 <REP> d-------- C:\Program Files\CCleaner
      2007-11-22 20:19 <REP> d-------- C:\Program Files\Trend Micro
      2007-11-22 17:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2007-11-22 16:25 <REP> d-------- C:\VundoFix Backups
      2007-11-22 16:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2007-11-22 13:52 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
      2007-11-22 13:52 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
      2007-11-22 13:52 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
      2007-11-22 13:52 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
      2007-11-22 13:52 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
      2007-11-22 13:52 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
      2007-11-22 13:52 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
      2007-11-22 13:52 <REP> d-------- C:\Program Files\Alwil Software
      2007-11-16 13:44 <REP> d-------- C:\Program Files\EA Sports
      2007-11-15 11:58 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab Setup Files
      2007-10-27 21:11 <REP> d-------- C:\Program Files\Lavasoft
      2007-10-27 21:11 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
      2007-10-27 21:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2007-10-27 18:16 <REP> d-------- C:\Program Files\ohsrkryf
      2007-10-27 18:10 4 --a------ C:\WINDOWS\system32\stfv.bin
      2007-10-27 18:09 26,624 --a------ C:\WINDOWS\system32\ace16win.dll
      2007-10-27 18:09 <REP> d-------- C:\WINDOWS\system32\acespy


      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

      2007-11-15 12:09 --------- d-------- C:\Program Files\Norton AntiVirus
      2007-11-15 12:09 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
      2007-11-15 12:07 --------- d-------- C:\Program Files\Symantec
      2007-11-06 19:25 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\Roxio
      2007-11-05 16:41 64732 --a------ C:\WINDOWS\system32\perfc00C.dat
      2007-11-05 16:41 448190 --a------ C:\WINDOWS\system32\perfh00C.dat
      2007-10-27 14:29 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\uTorrent
      2007-10-25 11:56 8510976 --a--c--- C:\WINDOWS\system32\dllcache\shell32.dll
      2007-10-12 09:43 --------- d-------- C:\DOCUME~1\Blaise\APPLIC~1\OpenOffice.org2
      2007-10-10 07:37 0 --a------ C:\WINDOWS\nsreg.dat
      2007-09-28 09:45 --------- d-------- C:\Program Files\iTunes
      2007-09-28 09:45 --------- d-------- C:\Program Files\iPod
      2007-09-28 09:36 --------- d-------- C:\Program Files\Apple Software Update
      2007-09-16 19:09 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll


      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


      *Note* empty entries & legit default entries are not shown

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "DAEMON Tools"="D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" [2005-11-08 17:00]
      "SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 C:\WINDOWS\soundman.exe]
      "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
      "RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-01-13 13:05]
      "RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 10:19]
      "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 09:21]
      "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
      "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 11:20]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
      "505f8344"="C:\WINDOWS\system32\lhmeetkp.dll" []

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
      "Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2003-09-20 12:48]

      C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
      D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
      Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

      R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
      R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
      R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
      R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
      S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
      S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
      S3 usbvideo;Périphérique vidéo USB (WDM);C:\WINDOWS\system32\Drivers\usbvideo.sys
      S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys


      **************************************************************************

      catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-11-25 17:35:26
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden registry entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************

      Completion time: 2007-11-25 17:36:45
      C:\ComboFix-quarantined-files.txt ... 2007-11-25 17:36
      C:\ComboFix2.txt ... 2007-11-25 16:50
      C:\ComboFix3.txt ... 2007-11-24 17:30

      --- E O F ---
      0
  10. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    refais un hijack stp
    0
    1. Blade84
       
      voilà:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:10:18, on 2007-11-25
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\internet explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
      O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
      O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
      O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [505f8344] rundll32.exe "C:\WINDOWS\system32\lhmeetkp.dll",b
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
      O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://iaccess.lgs.com/lgs_qc/dwa7W.cab
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      0
  11. Blade84
     
    voici le rapport de Hijackthis après avoir fixé l'élément demandé. Ensuite, le rapport de BtDefender.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:15:49, on 2007-11-26
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [DAEMON Tools] "D:\Downloads\Daemon Tools 4.00\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://blaise20canada.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://iaccess.lgs.com/lgs_qc/dwa7W.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    0
  12. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir Blade84,
    bien, enfin voilà un rapport qui fait plaisir
    dit moi ou en sont tes soucis
    @+
    0
    1. Blade84
       
      Bonsoir,

      Au fur et à mesure que nous procédions aux différentes opérations, mon ordi se portait de mieux en mieux, à mon grand bonheur. Maitenant, je crois bien qu'elle est OK, il n'y plus de fenêtre qui s'ouvre tout seul et plus de mauvaises recherches.
      Par ailleurs, j'ai Avast et AVG anti-spyware d'installés est-ce que je les garde les deux en plus de tous les logiciels (Combofix,Vundo,Hijackthis, etc.) que vous m'avez fait downloader. Bref, qu'est-ce que vous me conseillez de garder ?

      Mille mercis, votre aide fut énomément apprécié.

      Blade84
      0
  13. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    tu peux supprimer tout les logiciels que nous avons télécharger
    et à propos le tutoiement et plus approprier ;-)

    donc vérifie dans ajout et suppression de programme et dans programmes files
    pour supprimer toutes les traces des logiciels utilisés ensemble

    ensuite fait ceci (IMPORTANT)

    =démarrer
    =panneau de configuration
    =système
    =onglet Restauration système
    =coche la case (Désactiver la restauration système)
    =redémarre l'ordinateur
    =réactive la ensuite

    Autre conseils :

    --Comportement a adopter http://assiste.com.free.fr/p/abc/a/safe_cex.html

    --Essaye le navigateur Firefox plus sur/securisé qu IE
    Firefox n utilise pas le dangereux protocole ActiveX
    -Téléchargement: http://www.mozilla-europe.org/fr/products/firefox/
    -Tutorial pour le sécuriser: https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/

    Vérifie tes mises a jours des différents softs régulièrement ici https://www.flexera.com/products/operations/software-vulnerability-management.html
    Tuto https://www.malekal.com/tester-la-vulnerabilite-de-son-systeme-2/
    Java est a mettre a jour entre autre, puis désinstalle les anciennes versions de java via panneau de config / ajouts et suppression de programme.

    Pour que ton pc retrouve un peu de jeunesse

    * Pense a lancer une petite défragmentation.
    * Utilise CCleaner régulièrement.
    * Gère tes services grâce a ces 2 liens
    http://speedweb1.free.fr/frames2.php?page=service3 et http://speedweb1.free.fr/frames2.php?page=service4
    * Utilise Zeb Utility
    une application ne nécessitant pas d’installation, pour optimiser un poil ton pc. (merci a l ami Zebulon)
    Téléchargement : https://www.zebulon.fr/telechargements/utilitaires/optimisation/zeb-utility.html
    Tuto : https://www.zebulon.fr/dossiers/autres/58-zebutility.html

    Logiciels intéressants à avoir

    => Ad-aware SE (scan passif )
    https://www.google.com ou http://www.lavasoft.de/support/download/#free
    Tutos :
    http://home.tiscali.be/schouppeguy/adawarese/adawase.htm
    démo
    http://pageperso.aol.fr/balltrap34/adwseflash.zip
    http://perso.orange.fr/rginformatique/section%20virus/adawrevid.asf

    => SpyBot-Search & Destroy 1.5 (scan passif + protection préventive avec ces 2 résidents, ses vaccinations et sa list Hosts )

    https://www.safer-networking.org/download/

    démo d utilisation
    http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm
    https://www.malekal.com/spybot-search-destroy-proteger-desinfecter-pc-virus/
    Tuto :
    http://perso.orange.fr/jesses/Docs/Logiciels/Spybot.htm

    => a² free (anti-trojans) (scan passif )

    - Téléchargement : https://www.emsisoft.com/fr/home/antimalware/
    - Tuto : http://perso.orange.fr/jesses/Docs/Logiciels/a-squared.htm

    => ZebProtect (application ne nécessitant pas d installation)

    https://www.zebulon.fr/dossiers/autres/40-zebprotect.html
    http://telechargement.zebulon.fr/123.html

    bon courage pour la suite

    @+
    0