Trojan system32\cmcfg3.dll Fermé

Question

Bonjour,

Chers Membres de la communauté underground, bonsoir. 

Je me trouve ce soir confronter a un problème que je n’arrive pas a résoudre – ce probleme c'est le Trojan horse Generic9.AATD
Mon anti-virus, AVG 7.5, le situe a cet endroit : "C:\WINDOWS\system32\cmcfg3.dll"
Il le supprime, mais au redémarrage, celui-ci redevient actif. 
J’imagine que Hijackthis pourrais mettre utile pour son éradication, mais ne sachant pas l’utiliser je préfère vous demander conseil. Je vous remercie de votre aide et vous joint ci-dessous le rapport Hijack.

ps : J'ai reussi a me débarasser d'un autre virus qui a partir d'une recherche google me renvoyais sur une page search-daily. Malgré cela mon Pc patine dans la semoule  (presque 10 minutes pour redémarrer). Une solution ?!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:32, on 09/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\WLAN Card Utilities\Center.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\leroy\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo! France
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F08CDB2D-0228-4B1C-97A2-9BCABB6E5513} - C:\WINDOWS\system32\cmcfg3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/fr/check/qdiagh.cab?326
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

philae83 · Answer

bonsoir

tu as 2 antivirus ??? AVG 7.5 et SYMANTEC

Désinstalle l'un des 2

je regarde ton rapport plus en détail

donc

* Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
IMPORTANT

*désactive ton antivirus, antispyware, et spybot (résident) durant l'utilisation de ComboFix . Merci. Tu réactives ensuite
puis

* Double clique combofix.exe.

* Tape sur la touche Y (Yes) pour démarrer le scan.

* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Marxes · Answer

J'ai désinstaller AVG 7.5, désactiver norton, et j'ai fait le scan avec combofix, voila le rapport: (Désolé c'était un peu long mais mon ordinateur a vraiment du mal- Merci encore de ton aide) ComboFix 07-12-08.1 - leroy 2007-12-09 20:34:33.1 - NTFSx86 Running from: C:\Documents and Settings\leroy\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Redemption.ECF C:\WINDOWS\system32\_000008_.tmp.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))))))) . 2007-12-08 16:30 . 2007-12-08 16:33 d-------- C:\Documents and Settings\Administrateur\Application Data\AVG7 2007-12-08 13:51 . 2007-12-08 13:51 d-------- C:\VundoFix Backups 2007-12-07 20:12 . 2007-12-07 20:12 d-------- C:\Program Files\Lavasoft 2007-12-07 20:12 . 2007-12-07 20:12 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-07 20:10 . 2007-12-07 20:10 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-12-06 13:34 . 2007-05-29 13:55 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2007-12-06 13:34 . 2007-05-29 13:55 10,592 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.cat 2007-12-06 13:34 . 2007-05-29 13:55 705 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.inf 2007-12-05 18:46 . 2007-12-05 18:46 d-------- C:\Program Files\The Weather Channel FW 2007-12-05 11:48 . 2007-12-05 11:48 d-------- C:\Program Files\Alwil Software 2007-12-04 21:40 . 2007-12-05 18:46 d-------- C:\Program Files\a-squared Free 2007-12-03 19:23 . 2007-12-03 19:24 d-------- C:\Program Files\iTunes 2007-12-03 19:16 . 2007-12-08 23:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-03 19:16 . 2007-12-03 19:16 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-03 19:09 . 2007-12-03 19:09 d-------- C:\Program Files\Apple Software Update 2007-12-02 18:36 . 2007-12-02 18:36 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-02 18:35 . 2007-06-21 21:54 75,248 --a------ C:\WINDOWS\zllsputility.exe 2007-12-02 18:35 . 2007-06-21 21:55 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2007-12-02 18:35 . 2007-06-21 21:55 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2007-12-02 18:35 . 2007-06-21 21:55 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2007-12-02 18:35 . 2007-06-21 21:55 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2007-12-02 18:35 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-12-02 18:35 . 2007-12-02 18:40 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-12-02 18:34 . 2007-12-02 18:34 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-12-02 18:34 . 2007-12-02 18:34 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-12-02 18:33 . 2007-12-09 20:48 22,186,016 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-02 18:33 . 2007-12-09 20:46 261,044 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-02 18:33 . 2007-05-31 00:03 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys 2007-12-02 18:31 . 2007-12-02 20:01 d-------- C:\WINDOWS\system32\ZoneLabs 2007-12-02 18:31 . 2007-06-21 21:54 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-12-02 18:31 . 2007-12-09 20:48 58,727 --a------ C:\WINDOWS\system32\vsconfig.xml 2007-12-02 18:28 . 2007-12-09 20:48 d-------- C:\WINDOWS\Internet Logs 2007-12-02 15:56 . 2007-12-09 08:00 d-------- C:\Documents and Settings\leroy\Application Data\AVG7 2007-12-02 15:55 . 2007-12-02 15:55 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-12-02 15:54 . 2007-12-09 20:26 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-12-02 15:24 . 2007-12-02 15:24 d-------- C:\Program Files\ZNsoft Corporation 2007-12-02 15:24 . 2004-10-06 12:08 606,208 --a------ C:\WINDOWS\system32\BtnPlus1.ocx 2007-12-02 15:24 . 2004-10-06 12:24 471,040 --a------ C:\WINDOWS\system32\FraPlus1.ocx 2007-12-02 15:24 . 2000-10-01 23:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL 2007-12-02 15:24 . 1997-05-01 00:00 57,856 --a------ C:\WINDOWS\system32\DrvFacts.ocx 2007-12-02 05:13 . 2007-12-02 05:13 d-------- C:\Program Files\CCleaner 2007-12-01 03:02 . 2007-12-01 03:02 d-------- C:\Program Files\Windows Live Favorites 2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys 2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat 2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat 2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat 2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf 2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf 2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-29 16:29 . 2007-11-29 16:29 d-------- C:\WINDOWS\Applian FLV Player 2007-11-29 16:29 . 2007-11-29 16:29 d-------- C:\Program Files\FLV Player 2007-11-28 00:50 . 2007-12-08 14:59 d-------- C:\Program Files\eMule 2007-11-27 19:33 . 2007-01-12 23:50 215,144 --a------ C:\WINDOWS\pw32a0.dll 2007-11-27 19:30 . 2007-12-06 13:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-11-27 19:30 . 2007-12-06 13:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-11-26 11:56 . 2007-11-26 11:56 335 --a------ C:\WINDOWS\mozregistry.dat 2007-11-25 19:06 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\KORG\Voisinage r‚seau 2007-11-25 19:06 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\KORG\Voisinage d'impression 2007-11-25 19:06 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\KORG\ModŠles 2007-11-25 19:06 . 2007-11-25 19:07 dr-h----- C:\Documents and Settings\KORG\Mes documents 2007-11-25 19:06 . 2005-10-26 11:52 dr-h----- C:\Documents and Settings\KORG\Menu D‚marrer 2007-11-25 19:06 . 2007-11-25 19:07 dr-h----- C:\Documents and Settings\KORG\Favoris 2007-11-25 19:06 . 2007-12-09 20:27 d--h----- C:\Documents and Settings\KORG\Bureau 2007-11-25 16:15 . 2007-11-25 16:15 1,156 --a------ C:\WINDOWS\mozver.dat 2007-11-25 14:49 . 2007-11-25 14:49 d-------- C:\Program Files\Lavalys 2007-11-25 03:16 . 2007-11-25 03:16 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-11-25 01:55 . 2007-11-25 01:56 d-------- C:\WINDOWS\system32\NtmsData 2007-11-25 00:52 . 2007-11-25 00:52 2 --a------ C:\WINDOWS\msoffice.ini 2007-11-25 00:27 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\PH2\Voisinage r‚seau 2007-11-25 00:27 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\PH2\Voisinage d'impression 2007-11-25 00:27 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\PH2\ModŠles 2007-11-25 00:27 . 2007-11-25 00:34 dr------- C:\Documents and Settings\PH2\Mes documents 2007-11-25 00:27 . 2005-10-26 11:52 dr------- C:\Documents and Settings\PH2\Menu D‚marrer 2007-11-25 00:27 . 2007-11-25 00:28 dr------- C:\Documents and Settings\PH2\Favoris 2007-11-25 00:27 . 2007-11-25 00:27 d-------- C:\Documents and Settings\PH2\Bureau 2007-11-24 22:45 . 2007-11-24 22:45 d-------- C:\Program Files\Windows Resource Kits 2007-11-24 00:01 . 2007-11-24 00:01 0 --a------ C:\Documents and Settings\Administrateur\Application Data\wklnhst.dat 2007-11-23 23:50 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2007-11-23 23:50 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-23 23:50 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Administrateur\ModŠles 2007-11-23 23:50 . 2005-10-26 03:58 dr------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-23 23:50 . 2005-10-26 11:52 dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2007-11-23 23:50 . 2005-10-26 03:58 dr------- C:\Documents and Settings\Administrateur\Favoris 2007-11-23 23:50 . 2007-12-09 20:27 d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-23 23:50 . 2005-10-26 04:27 d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec 2007-11-23 23:50 . 2005-10-26 04:25 d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer 2007-11-23 19:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-11-23 19:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2007-11-23 19:45 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-11-23 19:45 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll 2007-11-23 19:45 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-11-23 19:45 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-11-23 19:45 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-11-23 19:45 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-09 19:50 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2007-12-09 19:16 5,894 ----a-w C:\Documents and Settings\leroy\Application Data\wklnhst.dat 2007-12-07 23:46 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-12-07 23:46 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-12-06 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-12-06 12:29 --------- d-----w C:\Program Files\Symantec 2007-12-06 12:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-03 18:23 --------- d-----w C:\Program Files\iPod 2007-12-03 18:19 --------- d-----w C:\Program Files\QuickTime 2007-12-03 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-01 02:04 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-28 14:17 --------- d-----w C:\Program Files\Java 2007-11-27 21:56 --------- d-----w C:\Program Files\Google 2007-11-27 18:55 --------- d-----w C:\Program Files\Norton Save and Restore 2007-11-27 18:42 --------- d-----w C:\Program Files\Norton Internet Security 2007-11-25 13:11 --------- d-----w C:\Program Files\Yahoo! 2007-11-25 13:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-25 13:10 --------- d-----w C:\Program Files\HPQ 2007-11-25 13:10 --------- d-----w C:\Program Files\Fichiers communs\AOL 2007-11-25 10:51 --------- d-----w C:\Program Files\Easy Internet signup 2007-11-24 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-11-07 13:28 68,248 ----a-w C:\Documents and Settings\leroy\Application Data\GDIPFONTCACHEV1.DAT 2007-11-07 00:45 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-06 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-11-06 03:03 --------- d-----w C:\Program Files\MSN Messenger 2007-10-24 08:49 5,120 ----a-w C:\WINDOWS\system32\drivers\quxuobjf.dat 2007-10-24 08:49 18,688 ----a-w C:\WINDOWS\system32\drivers\ylfiqyhy.dat 2007-01-28 15:51 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2006-09-08 01:50 774,144 ----a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F08CDB2D-0228-4B1C-97A2-9BCABB6E5513}] 2004-08-05 09:00 109568 --a------ C:\WINDOWS\system32\cmcfg3.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 09:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 20:05] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 21:50] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 09:59] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-09-03 00:04] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 15:17] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 13:26] "Control Center"="C:\Program Files\WLAN Card Utilities\Center.exe" [2005-02-18 16:49] "WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-09 13:28] "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2004-07-11 19:56] "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-05 16:51] "Norton Save and Restore"="C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe" [2007-03-26 15:45] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 09:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-16 22:11 49152 --a------ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-09-26 14:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] 2004-10-14 12:54 253952 --a------ c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] 2001-07-25 09:00 192568 --a------ C:\Program Files\Microsoft Money\System\Money Express.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0] 2001-07-25 09:00 245810 --a------ C:\Program Files\Microsoft Money\System\Activation.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicasaNet] C:\Program Files\Hello\Hello.exe -b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c943251-9d1f-11dc-8718-0014a577d395}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe *Newly Created Service* - COMHOST . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-12-08 06:41:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-07 19:00:01 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - KORG.job" "2007-12-09 19:20:13 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\DOCUME~1\leroy\LOCALS~1\Temp\qqgtjsrb.dll . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-09 20:50:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?????? ???B?????????????hLC? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-09 20:57:01 - machine was rebooted . --- E O F ---

philae83 · Answer

re

plusieurs choses

déjà as tu désinstallé l'un des 2 antivirus ?

ensuite

* IMPORTANT

télécharge ERUNT pour sauvegarder ta base de registre avant de faire les manips ci dessous
https://www.zebulon.fr/telechargements/utilitaires/systeme-utilitaires/erunt.html
tuto
http://pageperso.aol.fr/loraline60/tuto_erunt.htm

ensuite


rend toi sur VIRUS TOTAL pour faire analyser les fichiers ci dessous
http://www.virustotal.com/en/indexf.html

Tuto : http://pageperso.aol.fr/loraline60/virus_total.htm

au préalable fait ceci :

-démarrer

-poste de travail ou autre dossier

-menu outils

-options de dossier

-onglet affichage

puis

- activer la case : Afficher les fichiers et dossiers cachés

- désactiver la case : Masquer les extensions des fichiers dont le type est connu

- désactiver  la case : Masquer les fichier protégés du système d'exploitation

Puis  - Appliquer


C:\WINDOWS\system32\drivers\fidbox.dat
C:\WINDOWS\system32\drivers\fidbox.idx 
C:\WINDOWS\pw32a0.dll 

tu posteras les rapports générés ici ensuite

et

* Télécharge CCleaner.

https://www.pcastuces.com/logitheque/ccleaner.htm

Installe le dans un répertoire dédié.

Décoche pendant l'installation

--- les deux cases "Ajouter l'option ... "

--- Contrôler les mises à jour

--- Ajouter la Barre d'Outils Yahoo! CCleaner

* Lance Ccleaner pour un nettoyage complet.

puis

Sélectionne le texte suivant :

File::
C:\DOCUMENTS & SETTING\leroy\LOCALS  SETTINGS\Temp\qqgtjsrb.dll 
C:\WINDOWS\system32\drivers\quxuobjf.dat 
C:\WINDOWS\system32\drivers\ylfiqyhy.dat
C:\WINDOWS\system32\cmcfg3.dll 

registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F08CDB2D-0228-4B1C-97A2-9BCABB6E5513}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c9432 51-9d1f-11dc-8718-0014a577d395}]

# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

tu reviens avec les rapports de :
virus total
combofix.txt
un nouveau rapport hijackthis (avec un AV de désinstallé)

Marxes · Answer

re, J'ai fait l'analyse des dossiers que tu ma demandé sur VirusTotal, fidbox.dat et fidbox.idx mon amené vers une page blanche avec ce message: "0 bytes size received / Se ha recibido un archivo vacio" Etrange, la taille de fidbox.dat fait 21MO et Fidox.idx 254KO... Quand au dernier,pw32a0.dll, il semble hors de cause, résultat 0/32 (0%) : Fichier pw32a0.dll reçu le 2007.12.09 23:40:33 (CET) Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 0/32 (0%) Je te confirme que j'ai enlevé l'antivirus AVG 7.5, sauvegarder ma base de registre avec ERUNT, fait le nettoyage avec CCleaner. Ci-joint le rapports Combofix et Hijackthis. ComboFix 07-12-08.1 - Leroy 2007-12-10 0:27:09.2 - NTFSx86 Running from: C:\Documents and Settings\Leroy\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Leroy\Bureau\CFScript.txt * Created a new restore point FILE C:\DOCUMENTS & SETTING\leroy\LOCALS SETTINGS\Temp\qqgtjsrb.dll C:\WINDOWS\system32\cmcfg3.dll C:\WINDOWS\system32\drivers\quxuobjf.dat C:\WINDOWS\system32\drivers\ylfiqyhy.dat . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\cmcfg3.dll C:\WINDOWS\system32\drivers\quxuobjf.dat C:\WINDOWS\system32\drivers\ylfiqyhy.dat . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))))))) . 2007-12-10 00:08 . 2007-12-10 00:08 d-------- C:\Hijackthis 2007-12-09 20:57 . C:\Documents and Settings\InvitÚ\Local Settings 2007-12-09 20:57 . C:\Documents and Settings\InvitÚ\Local Settings 2007-12-08 16:30 . 2007-12-08 16:33 d-------- C:\Documents and Settings\Administrateur\Application Data\AVG7 2007-12-08 13:51 . 2007-12-08 13:51 d-------- C:\VundoFix Backups 2007-12-07 20:12 . 2007-12-07 20:12 d-------- C:\Program Files\Lavasoft 2007-12-07 20:12 . 2007-12-07 20:12 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-07 20:10 . 2007-12-07 20:10 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-12-06 13:34 . 2007-05-29 13:55 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2007-12-06 13:34 . 2007-05-29 13:55 10,592 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.cat 2007-12-06 13:34 . 2007-05-29 13:55 705 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.inf 2007-12-05 18:46 . 2007-12-05 18:46 d-------- C:\Program Files\The Weather Channel FW 2007-12-05 11:48 . 2007-12-05 11:48 d-------- C:\Program Files\Alwil Software 2007-12-04 21:40 . 2007-12-05 18:46 d-------- C:\Program Files\a-squared Free 2007-12-03 19:23 . 2007-12-03 19:24 d-------- C:\Program Files\iTunes 2007-12-03 19:16 . 2007-12-09 20:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-03 19:16 . 2007-12-03 19:16 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-03 19:09 . 2007-12-03 19:09 d-------- C:\Program Files\Apple Software Update 2007-12-02 18:36 . 2007-12-02 18:36 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-02 18:35 . 2007-06-21 21:54 75,248 --a------ C:\WINDOWS\zllsputility.exe 2007-12-02 18:35 . 2007-06-21 21:55 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2007-12-02 18:35 . 2007-06-21 21:55 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2007-12-02 18:35 . 2007-06-21 21:55 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2007-12-02 18:35 . 2007-06-21 21:55 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2007-12-02 18:35 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-12-02 18:35 . 2007-12-02 18:40 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-12-02 18:34 . 2007-12-02 18:34 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-12-02 18:34 . 2007-12-02 18:34 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-12-02 18:33 . 2007-12-10 00:36 22,233,120 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-02 18:33 . 2007-12-10 00:34 261,596 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-02 18:33 . 2007-05-31 00:03 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys 2007-12-02 18:31 . 2007-12-02 20:01 d-------- C:\WINDOWS\system32\ZoneLabs 2007-12-02 18:31 . 2007-06-21 21:54 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-12-02 18:31 . 2007-12-10 00:35 58,727 --a------ C:\WINDOWS\system32\vsconfig.xml 2007-12-02 18:28 . 2007-12-10 00:20 d-------- C:\WINDOWS\Internet Logs 2007-12-02 15:56 . 2007-12-09 08:00 d-------- C:\Documents and Settings\Leroy\Application Data\AVG7 2007-12-02 15:55 . 2007-12-02 15:55 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-12-02 15:54 . 2007-12-09 20:26 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-12-02 15:24 . 2007-12-02 15:24 d-------- C:\Program Files\ZNsoft Corporation 2007-12-02 15:24 . 2004-10-06 12:08 606,208 --a------ C:\WINDOWS\system32\BtnPlus1.ocx 2007-12-02 15:24 . 2004-10-06 12:24 471,040 --a------ C:\WINDOWS\system32\FraPlus1.ocx 2007-12-02 15:24 . 2000-10-01 23:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL 2007-12-02 15:24 . 1997-05-01 00:00 57,856 --a------ C:\WINDOWS\system32\DrvFacts.ocx 2007-12-01 03:02 . 2007-12-01 03:02 d-------- C:\Program Files\Windows Live Favorites 2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys 2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat 2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat 2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat 2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf 2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf 2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-29 16:29 . 2007-11-29 16:29 d-------- C:\WINDOWS\Applian FLV Player 2007-11-29 16:29 . 2007-11-29 16:29 d-------- C:\Program Files\FLV Player 2007-11-28 00:50 . 2007-12-08 14:59 d-------- C:\Program Files\eMule 2007-11-27 19:33 . 2007-01-12 23:50 215,144 --a------ C:\WINDOWS\pw32a0.dll 2007-11-27 19:30 . 2007-12-06 13:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-11-27 19:30 . 2007-12-06 13:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-11-26 11:56 . 2007-11-26 11:56 335 --a------ C:\WINDOWS\mozregistry.dat 2007-11-25 19:06 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Korg\Voisinage r‚seau 2007-11-25 19:06 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Korg\Voisinage d'impression 2007-11-25 19:06 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Korg\ModŠles 2007-11-25 19:06 . 2007-11-25 19:07 dr-h----- C:\Documents and Settings\Korg\Mes documents 2007-11-25 19:06 . 2005-10-26 11:52 dr-h----- C:\Documents and Settings\Korg\Menu D‚marrer 2007-11-25 19:06 . 2007-11-25 19:07 dr-h----- C:\Documents and Settings\Korg\Favoris 2007-11-25 19:06 . 2007-12-09 20:27 d--h----- C:\Documents and Settings\Korg\Bureau 2007-11-25 16:15 . 2007-11-25 16:15 1,156 --a------ C:\WINDOWS\mozver.dat 2007-11-25 14:49 . 2007-11-25 14:49 d-------- C:\Program Files\Lavalys 2007-11-25 03:16 . 2007-11-25 03:16 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-11-25 01:55 . 2007-11-25 01:56 d-------- C:\WINDOWS\system32\NtmsData 2007-11-25 00:52 . 2007-11-25 00:52 2 --a------ C:\WINDOWS\msoffice.ini 2007-11-25 00:27 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\PH2\Voisinage r‚seau 2007-11-25 00:27 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\PH2\Voisinage d'impression 2007-11-25 00:27 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\PH2\ModŠles 2007-11-25 00:27 . 2007-11-25 00:34 dr------- C:\Documents and Settings\PH2\Mes documents 2007-11-25 00:27 . 2005-10-26 11:52 dr------- C:\Documents and Settings\PH2\Menu D‚marrer 2007-11-25 00:27 . 2007-11-25 00:28 dr------- C:\Documents and Settings\PH2\Favoris 2007-11-25 00:27 . 2007-11-25 00:27 d-------- C:\Documents and Settings\PH2\Bureau 2007-11-24 22:45 . 2007-11-24 22:45 d-------- C:\Program Files\Windows Resource Kits 2007-11-24 00:01 . 2007-11-24 00:01 0 --a------ C:\Documents and Settings\Administrateur\Application Data\wklnhst.dat 2007-11-23 23:50 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2007-11-23 23:50 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-23 23:50 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Administrateur\ModŠles 2007-11-23 23:50 . 2005-10-26 03:58 dr------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-23 23:50 . 2005-10-26 11:52 dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2007-11-23 23:50 . 2005-10-26 03:58 dr------- C:\Documents and Settings\Administrateur\Favoris 2007-11-23 23:50 . 2007-12-09 20:27 d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-23 23:50 . 2005-10-26 04:27 d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec 2007-11-23 23:50 . 2005-10-26 04:25 d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer 2007-11-23 19:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-11-23 19:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2007-11-23 19:45 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-11-23 19:45 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll 2007-11-23 19:45 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-11-23 19:45 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-11-23 19:45 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-11-23 19:45 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-09 23:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2007-12-09 19:16 5,894 ----a-w C:\Documents and Settings\Leroy\Application Data\wklnhst.dat 2007-12-07 23:46 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-12-07 23:46 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-12-06 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-12-06 12:29 --------- d-----w C:\Program Files\Symantec 2007-12-06 12:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-03 18:23 --------- d-----w C:\Program Files\iPod 2007-12-03 18:19 --------- d-----w C:\Program Files\QuickTime 2007-12-03 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-01 02:04 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-28 14:17 --------- d-----w C:\Program Files\Java 2007-11-27 21:56 --------- d-----w C:\Program Files\Google 2007-11-27 18:55 --------- d-----w C:\Program Files\Norton Save and Restore 2007-11-27 18:42 --------- d-----w C:\Program Files\Norton Internet Security 2007-11-25 13:11 --------- d-----w C:\Program Files\Yahoo! 2007-11-25 13:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-25 13:10 --------- d-----w C:\Program Files\HPQ 2007-11-25 13:10 --------- d-----w C:\Program Files\Fichiers communs\AOL 2007-11-25 10:51 --------- d-----w C:\Program Files\Easy Internet signup 2007-11-24 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-11-07 13:28 68,248 ----a-w C:\Documents and Settings\Leroy\Application Data\GDIPFONTCACHEV1.DAT 2007-11-07 00:45 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-06 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-11-06 03:03 --------- d-----w C:\Program Files\MSN Messenger 2007-01-28 15:51 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2006-09-08 01:50 774,144 ----a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((( snapshot@2007-12-09_20.51.56.18 ))))))))))))))))))))))))))))))))))))))))) . + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\ERDNT.EXE + 2007-12-09 22:00:05 6,225,920 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\Users\[u]0[/u]0000001\ntuser.dat + 2007-12-09 22:00:05 147,456 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\Users\[u]0[/u]0000002\UsrClass.dat + 2007-12-09 23:38:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_bc0.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 09:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 20:05] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 21:50] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 09:59] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-09-03 00:04] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 15:17] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 13:26] "Control Center"="C:\Program Files\WLAN Card Utilities\Center.exe" [2005-02-18 16:49] "WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-09 13:28] "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2004-07-11 19:56] "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-05 16:51] "Norton Save and Restore"="C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe" [2007-03-26 15:45] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 09:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-16 22:11 49152 --a------ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-09-26 14:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] 2004-10-14 12:54 253952 --a------ c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] 2001-07-25 09:00 192568 --a------ C:\Program Files\Microsoft Money\System\Money Express.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0] 2001-07-25 09:00 245810 --a------ C:\Program Files\Microsoft Money\System\Activation.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicasaNet] C:\Program Files\Hello\Hello.exe -b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c943251-9d1f-11dc-8718-0 014a577d395}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe *Newly Created Service* - COMHOST . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-12-08 06:41:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-07 19:00:01 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - Korg.job" "2007-12-09 23:20:03 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\DOCUME~1\Leroy\LOCALS~1\Temp\qqgtjsrb.dll . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-10 00:38:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????8????|?????? ???B?????????????hLC? ?????? scanning hidden files ... ************************************************************************** . Completion time: 2007-12-10 0:43:56 - machine was rebooted C:\ComboFix2.txt ... 2007-12-09 20:57 . --- E O F --- RAPPORT HIJACKTHIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:25:54, on 10/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\WLAN Card Utilities\Center.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Microsoft Money\System\urlmap.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Control Center] C:\Program Files\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/fr/check/qdiagh.cab?326 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

philae83 · Answer

bonjour

petite précision avant de continuer

leroy =  Marxes ?

edit : j'ai la réponse à ma question (MP), je regarderais plus tard tes rapports, n'ayant pas assez de tps devant moi pour l'instant.

à plus tard

philae83 · Answer

me revoilà

J'ai fait l'analyse des dossiers que tu ma demandé sur VirusTotal, fidbox.dat et fidbox.idx mon amené vers
une page blanche avec ce message: "0 bytes size received / Se ha recibido un archivo vacio"
Etrange, la taille de fidbox.dat fait 21MO et Fidox.idx 254KO... 

Etrange effectivement. Essaye ici 
https://virusscan.jotti.org/

tu feras également analyser
C:\Documents and Settings\Administrateur\Application Data\wklnhst.dat 

* télécharge ce tools et laisse toi guider.
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe 

puis

    *  Télécharge  clean.zip  de Malekal (merci Malekal).
      http://www.malekal.com/download/clean.zip
    * Dézippe-le sur le bureau.
    * Ouvre le dossier jaune nommé clean sur ton bureau.
    * Double-clique sur clean.cmd
    * Choisis l'option 1  et copie sur le bureau le rapport généré. Il doit normalement aussi se trouver là : c:\rapport_clean.txt
    * Clique sur Q pour quitter le programme.

et

* télécharge AVG Anti-Spyware (ewido)

https://www.avg.com/en-ww/free-antivirus-download

* tu l'installes

* lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente

puis

redémarre en mode sans échec
mode d'emploi :
http://pageperso.aol.fr/loraline60/mode_sans_echec.htm

Lance AVG Anti-Spyware

Clique sur le bouton Analyse (de la barre d'outils)

puis fait dans l'ordre stp. Tu sauvegardes le rapport APRES avoir mis les actions.

Puis sur l'onglet Paramètres,
sous : "Comment réagir "clique sur Actions recommandées. Sélectionne Quarantaine.

Reviens à l'onglet Analyse. Clique sur Analyse complète du système.

A la fin du scan, choisis l'option 3

"Appliquer toutes les actions " en bas.

Clique sur "Enregistrer le rapport".

Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

redémarre normalement 

et

* lance hijackthis "do a system scan only" puis coche ces lignes :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE 

* toutes applications fermées et hors connexion, clique sur fix checked

* reviens avec tous les rapports

Marxes · Answer

Bonsoir philae,

Voila les nouvelles, pour commencer, le fichier fidbox.dat et fidbox.idx me semble vraiment suspect et ce pour deux raisons, ces deux fichiers sont les deux seuls a etre en mode fichier cachée dans ce dossier, et le résultat de Virusscan.org me donne une page blanche avec ce résultat "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file" Or j'ai essayer d'analyser d'autre fichier qui se trouvait dans le même répertoire et cela fonctionne sans probleme !
cerise sur le gateau, le fichier wklnhst.dat me donne la meme page blanche, c'est grave docteur ?!

Voila l'analyse de Clean :

 10/12/2007 a 18:02:20,96 
 
*** Recherche des fichiers dans C: 
 
*** Recherche des fichiers dans C:\WINDOWS\ 
 
*** Recherche des fichiers dans C:\WINDOWS\system32 
 
*** Recherche des fichiers dans C:\Program Files 
"C:\Program Files\Free Offers from Freeze.com" FOUND 
"C:\Program Files\Viewpoint\" FOUND 





Voici le rapport AVG Anti-spyware  (Un trojan en dernière ligne!!!)

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	21:23:45 10/12/2007

 + Résultat de l'analyse:	



C:\Documents and Settings\PH\Cookies\Korg@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@americanexpress.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@planetout.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@aoleusearch.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@clubmed.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@karavel.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@aavalue[2].txt -> TrackingCookie.Aavalue : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@rotator.its.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.31:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.45:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.46:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@c.enhance[1].txt -> TrackingCookie.Enhance : Nettoyé.
:mozilla.53:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.122:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@ehg-citenumerique.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@ehg-fxcm.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@ehg-neuftelecom.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@searchportal.information[1].txt -> TrackingCookie.Information : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@vad.mainentrypoint[1].txt -> TrackingCookie.Mainentrypoint : Nettoyé.
:mozilla.125:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@search.msn[1].txt -> TrackingCookie.Msn : Nettoyé.
:mozilla.7:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.40:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@data2.perf.overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@revenue[1].txt -> TrackingCookie.Revenue : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@revsci[2].txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.10:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.11:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.12:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.13:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.14:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.15:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.9:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
:mozilla.27:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.28:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.29:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.30:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@tacoda[2].txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.132:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@web-stat[2].txt -> TrackingCookie.Web-stat : Nettoyé.
:mozilla.126:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@yadro[1].txt -> TrackingCookie.Yadro : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\PH\Cookies\Korg@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé.
C:\qoobox\Quarantine\catchme2007-12-10_ 03733.45.zip/quxuobjf.dat -> Trojan.Agent.cid : Nettoyé.


Fin du rapport


Seulement voila, j'ai un petit probleme, après l'analyse d'AVG j'ai donc redemarrer... et maintenant je n'ai plus accès a rien...
il n'arrive meme pas a lire un fichier txt, aucun programme ne s'ouvre...

Une solution ?! restauration du registre ?!

a plus tard.

ps : Je peux faire un rapport Hijack en mode sans echec si tu veux, et continuer la procedure que tu m'as donné...
( je te contact en ce moment depuis un autre pc ...)

philae83 · Answer

bonjour

bien lu ton MP à l'instant. Tu n'as effectué que les dernières manips que je t'ai données ? à savoir Clean.zip et AVG ? c'est étrange, ce n'est pas ça qui aurait pu planter qq chose.

Poste un rapport hijackthis en MSE pour l'instant.

ps : Je peux faire un rapport Hijack en mode sans echec si tu veux, et continuer la procedure que tu m'as donné... 

la dernière tu l'as faite non ?

Marxes · Answer

Je vais faire une analyse avec Hijack en MSE je te l'envoie le plus rapidement possible...

Merci.

ps : J'ai suivi la procédure que tu m'as donné, rien d'autre.

philae83 · Answer

ok on va voir ça.

Marxes · Answer

Voila le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:26:39, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/fr/check/qdiagh.cab?326
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

philae83 · Answer

oui tu peux les cocher, elles sont superflues, non infectieuses

cela ne dit pas d'où provient ton problème. le reste du rapport est propre

essaye de lancer combo, en MSE je ne sais pas ce que ça donne. poste le rapport si tu peux stp

Marxes · Answer

Ok je viens de cocher les lignes dans Hijack, maintenant je fait le scan de combofix en MSE.
On aura le résultat dans 5 / 10 minutes

Ps : On a une solution alternative pour revenir a la configuration d'origine ?! (Erunt ?)

philae83 · Answer

oui tu as la sauvegarde d'erunt que tu pourras utiliser pour voir ce que ça donne

mais avant j'irai quand même glaner qq renseignements histoire de

Marxes · Answer

Voila, le résultat combofix: ComboFix 07-12-08.1 - Leroy 2007-12-11 16:44:45.3 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.222 [GMT 1:00] Running from: C:\Documents and Settings\Leroy\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))))))) . 2007-12-10 18:20 . 2007-12-10 18:20 d-------- C:\Documents and Settings\Leroy\Application Data\Grisoft 2007-12-10 18:19 . 2007-12-10 18:19 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-10 18:19 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-10 18:03 . 2007-12-10 18:03 23,570,258 --a------ C:\upload_moi_B-DOG.tar.gz 2007-12-10 00:08 . 2007-12-11 16:43 d-------- C:\Hijackthis 2007-12-08 16:30 . 2007-12-08 16:33 d-------- C:\Documents and Settings\Administrateur\Application Data\AVG7 2007-12-08 13:51 . 2007-12-08 13:51 d-------- C:\VundoFix Backups 2007-12-07 20:12 . 2007-12-07 20:12 d-------- C:\Program Files\Lavasoft 2007-12-07 20:12 . 2007-12-07 20:12 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-06 13:34 . 2007-05-29 13:55 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2007-12-06 13:34 . 2007-05-29 13:55 10,592 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.cat 2007-12-06 13:34 . 2007-05-29 13:55 705 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.inf 2007-12-05 18:46 . 2007-12-05 18:46 d-------- C:\Program Files\The Weather Channel FW 2007-12-05 11:48 . 2007-12-05 11:48 d-------- C:\Program Files\Alwil Software 2007-12-04 21:40 . 2007-12-05 18:46 d-------- C:\Program Files\a-squared Free 2007-12-03 19:23 . 2007-12-03 19:24 d-------- C:\Program Files\iTunes 2007-12-03 19:16 . 2007-12-10 21:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-03 19:16 . 2007-12-03 19:16 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-03 19:09 . 2007-12-03 19:09 d-------- C:\Program Files\Apple Software Update 2007-12-02 18:36 . 2007-12-02 18:36 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-02 18:35 . 2007-06-21 21:54 75,248 --a------ C:\WINDOWS\zllsputility.exe 2007-12-02 18:35 . 2007-06-21 21:55 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2007-12-02 18:35 . 2007-06-21 21:55 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2007-12-02 18:35 . 2007-06-21 21:55 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2007-12-02 18:35 . 2007-06-21 21:55 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2007-12-02 18:35 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-12-02 18:35 . 2007-12-02 18:40 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-12-02 18:34 . 2007-12-02 18:34 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-12-02 18:34 . 2007-12-02 18:34 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-12-02 18:33 . 2007-12-10 21:48 22,339,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-02 18:33 . 2007-12-10 18:30 262,820 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-02 18:33 . 2007-05-31 00:03 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys 2007-12-02 18:31 . 2007-12-02 20:01 d-------- C:\WINDOWS\system32\ZoneLabs 2007-12-02 18:31 . 2007-06-21 21:54 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-12-02 18:31 . 2007-12-10 21:57 58,727 --a------ C:\WINDOWS\system32\vsconfig.xml 2007-12-02 18:28 . 2007-12-10 21:54 d-------- C:\WINDOWS\Internet Logs 2007-12-02 15:56 . 2007-12-09 08:00 d-------- C:\Documents and Settings\Leroy\Application Data\AVG7 2007-12-02 15:55 . 2007-12-02 15:55 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-12-02 15:54 . 2007-12-09 20:26 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-12-02 15:24 . 2007-12-02 15:24 d-------- C:\Program Files\ZNsoft Corporation 2007-12-02 15:24 . 2004-10-06 12:08 606,208 --a------ C:\WINDOWS\system32\BtnPlus1.ocx 2007-12-02 15:24 . 2004-10-06 12:24 471,040 --a------ C:\WINDOWS\system32\FraPlus1.ocx 2007-12-02 15:24 . 2000-10-01 23:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL 2007-12-02 15:24 . 1997-05-01 00:00 57,856 --a------ C:\WINDOWS\system32\DrvFacts.ocx 2007-12-01 03:02 . 2007-12-01 03:02 d-------- C:\Program Files\Windows Live Favorites 2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys 2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat 2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat 2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat 2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf 2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf 2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-29 16:29 . 2007-11-29 16:29 d-------- C:\WINDOWS\Applian FLV Player 2007-11-29 16:29 . 2007-11-29 16:29 d-------- C:\Program Files\FLV Player 2007-11-28 00:50 . 2007-12-08 14:59 d-------- C:\Program Files\eMule 2007-11-27 19:33 . 2007-01-12 23:50 215,144 --a------ C:\WINDOWS\pw32a0.dll 2007-11-27 19:30 . 2007-12-06 13:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-11-27 19:30 . 2007-12-06 13:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-11-26 11:56 . 2007-11-26 11:56 335 --a------ C:\WINDOWS\mozregistry.dat 2007-11-25 19:06 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Korg\Voisinage réseau 2007-11-25 19:06 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Korg\Voisinage d'impression 2007-11-25 19:06 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Korg\Modèles 2007-11-25 19:06 . 2007-11-25 19:07 dr-h----- C:\Documents and Settings\Korg\Mes documents 2007-11-25 19:06 . 2005-10-26 11:52 dr-h----- C:\Documents and Settings\Korg\Menu Démarrer 2007-11-25 19:06 . 2007-11-25 19:07 dr-h----- C:\Documents and Settings\Korg\Favoris 2007-11-25 19:06 . 2007-12-09 20:27 d--h----- C:\Documents and Settings\Korg\Bureau 2007-11-25 16:15 . 2007-11-25 16:15 1,156 --a------ C:\WINDOWS\mozver.dat 2007-11-25 14:49 . 2007-11-25 14:49 d-------- C:\Program Files\Lavalys 2007-11-25 03:16 . 2007-11-25 03:16 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-11-25 01:55 . 2007-11-25 01:56 d-------- C:\WINDOWS\system32\NtmsData 2007-11-25 00:52 . 2007-11-25 00:52 2 --a------ C:\WINDOWS\msoffice.ini 2007-11-25 00:27 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\PH2\Voisinage réseau 2007-11-25 00:27 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\PH2\Voisinage d'impression 2007-11-25 00:27 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\PH2\Modèles 2007-11-25 00:27 . 2007-11-25 00:34 dr------- C:\Documents and Settings\PH2\Mes documents 2007-11-25 00:27 . 2005-10-26 11:52 dr------- C:\Documents and Settings\PH2\Menu Démarrer 2007-11-25 00:27 . 2007-11-25 00:28 dr------- C:\Documents and Settings\PH2\Favoris 2007-11-25 00:27 . 2007-11-25 00:27 d-------- C:\Documents and Settings\PH2\Bureau 2007-11-24 22:45 . 2007-11-24 22:45 d-------- C:\Program Files\Windows Resource Kits 2007-11-24 00:01 . 2007-11-24 00:01 0 --a------ C:\Documents and Settings\Administrateur\Application Data\wklnhst.dat 2007-11-23 23:50 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2007-11-23 23:50 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-23 23:50 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Administrateur\Modèles 2007-11-23 23:50 . 2005-10-26 03:58 dr------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-23 23:50 . 2005-10-26 11:52 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2007-11-23 23:50 . 2005-10-26 03:58 dr------- C:\Documents and Settings\Administrateur\Favoris 2007-11-23 23:50 . 2007-12-09 20:27 d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-23 23:50 . 2005-10-26 04:27 d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec 2007-11-23 23:50 . 2005-10-26 04:25 d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer 2007-11-23 19:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-11-23 19:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2007-11-23 19:45 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-11-23 19:45 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll 2007-11-23 19:45 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-11-23 19:45 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-11-23 19:45 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-11-23 19:45 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-10 20:48 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2007-12-09 19:16 5,894 ----a-w C:\Documents and Settings\Leroy\Application Data\wklnhst.dat 2007-12-06 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-12-06 12:29 --------- d-----w C:\Program Files\Symantec 2007-12-06 12:28 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-12-06 12:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-03 18:23 --------- d-----w C:\Program Files\iPod 2007-12-03 18:19 --------- d-----w C:\Program Files\QuickTime 2007-12-03 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-01 02:04 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-28 14:17 --------- d-----w C:\Program Files\Java 2007-11-27 21:56 --------- d-----w C:\Program Files\Google 2007-11-27 18:55 --------- d-----w C:\Program Files\Norton Save and Restore 2007-11-27 18:42 --------- d-----w C:\Program Files\Norton Internet Security 2007-11-25 13:11 --------- d-----w C:\Program Files\Yahoo! 2007-11-25 13:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-25 13:10 --------- d-----w C:\Program Files\HPQ 2007-11-25 13:10 --------- d-----w C:\Program Files\Fichiers communs\AOL 2007-11-25 10:51 --------- d-----w C:\Program Files\Easy Internet signup 2007-11-24 23:53 --------- d-----w C:\Documents and Settings\Invité\Application Data\AOL 2007-11-24 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-11-07 13:28 68,248 ----a-w C:\Documents and Settings\Leroy\Application Data\GDIPFONTCACHEV1.DAT 2007-11-07 00:45 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-06 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-11-06 03:03 --------- d-----w C:\Program Files\MSN Messenger 2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-09-14 12:28 55,560 ----a-w C:\WINDOWS\system32\adssite-remove.exe 2007-01-28 15:51 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2006-12-28 17:36 424 ----a-w C:\Documents and Settings\Invité\Application Data\wklnhst.dat 2006-09-08 01:50 774,144 ----a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((( snapshot@2007-12-09_20.51.56.18 ))))))))))))))))))))))))))))))))))))))))) . + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\ERDNT.EXE + 2007-12-09 22:00:05 6,225,920 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\Users\[u]0[/u]0000001\ntuser.dat + 2007-12-09 22:00:05 147,456 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\Users\[u]0[/u]0000002\UsrClass.dat + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\10-12-2007\ERDNT.EXE + 2007-12-10 16:22:52 7,286,784 ----a-w C:\WINDOWS\erdnt\10-12-2007\Users\[u]0[/u]0000001\ntuser.dat + 2007-12-10 16:22:52 147,456 ----a-w C:\WINDOWS\erdnt\10-12-2007\Users\[u]0[/u]0000002\UsrClass.dat + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\AutoBackup\10-12-2007\ERDNT.EXE + 2007-12-10 00:19:30 7,286,784 ----a-w C:\WINDOWS\erdnt\AutoBackup\10-12-2007\Users\[u]0[/u]0000001\ntuser.dat + 2007-12-10 00:19:34 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\10-12-2007\Users\[u]0[/u]0000002\UsrClass.dat + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-10\ERDNT.EXE + 2007-12-09 23:44:35 6,230,016 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-10\Users\[u]0[/u]0000001\ntuser.dat + 2007-12-09 23:44:39 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-10\Users\[u]0[/u]0000002\UsrClass.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 20:05] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 21:50] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 09:59] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-09-03 00:04] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 15:17] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 13:26] "Control Center"="C:\Program Files\WLAN Card Utilities\Center.exe" [2005-02-18 16:49] "WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-09 13:28] "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2004-07-11 19:56] "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-05 16:51] "Norton Save and Restore"="C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe" [2007-03-26 15:45] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22] "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [] C:\Documents and Settings\Rob\Menu D‚marrer\Programmes\D‚marrage\ ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-03-06 15:26:48] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-16 22:11 49152 --a------ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-09-26 14:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] 2004-10-14 12:54 253952 --a------ c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] 2001-07-25 09:00 192568 --a------ C:\Program Files\Microsoft Money\System\Money Express.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0] 2001-07-25 09:00 245810 --a------ C:\Program Files\Microsoft Money\System\Activation.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicasaNet] C:\Program Files\Hello\Hello.exe -b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet S0 wynohuqt;wynohuqt;C:\WINDOWS\system32\drivers\ylfiqyhy.dat S1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys S2 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\PROGRA~1\WLANCA~1\ASNDIS5.SYS S3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c943251-9d1f-11dc-8718-0014a577d395}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe *Newly Created Service* - COMHOST . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-12-08 06:41:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-07 19:00:01 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - Korg.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK: "2007-12-10 17:20:26 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-11 16:49:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?0?9?0??????? ???B?????????????hLC? ?????? scanning hidden files ... ************************************************************************** . Completion time: 2007-12-11 16:51:27 C:\ComboFix2.txt ... 2007-12-10 00:45 C:\ComboFix3.txt ... 2007-12-09 20:57 . --- E O F --- Ps : Conclusion ?

philae83 · Answer

toujours pas bon combo de toutes facons.
peux tu mettre sur ton pc SRENG
et me poster le rapport stp

Télécharge SREng  (par Smallfrogs) de ce lien:
http://www.kztechs.com/eng/download.html
Extrais tout son contenu sur ton Bureau
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double clique sur SREng.exe afin de lancer l'outil
Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]

Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse, s'il te plaît.

Marxes · Answer

Voila le rapport SReng : [CODE] 2007-12-11,18:05:28 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [Hewlett-Packard Company] <"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation] [Hewlett-Packard ] [] [] [Microsoft® Corporation] [Microsoft® Corporation] [Microsoft® Corporation] <"C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"> [(Verified)Symantec Corporation] <"C:\Program Files\Norton Internet Security\osCheck.exe"> [(Verified)Symantec Corporation] <"C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"> [N/A] <"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"> [(Verified)Check Point Software Technologies Ltd.] <"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."] <"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Component Publisher] <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}> [(Verified)GRISOFT LTD] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] [(Verified)Microsoft Windows XP Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify ermsrv] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{8E78C26E-2138-4383-9317-8B8616E2B98E}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart> [Google] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe> [Hewlett-Packard Co.] <; "C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)"Apple Computer, Inc."] <; c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe> [Hewlett-Packard Company] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\Microsoft Money\System\Money Express.exe"> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\Microsoft Money\System\Activation.exe"> [Microsoft Corporation] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\Hello\Hello.exe" -b> [N/A] <; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.] <; C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER> [N/A] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet> [(Verified)Yahoo! Inc.] ================================== Startup Folders [HP Digital Imaging Monitor] C:\PROGRA~1\Hp\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]> [ERUNT AutoBackup] C:\PROGRA~1\ERUNT\AUTOBACK.EXE [N/A]> ================================== Services [Apple Mobile Device / Apple Mobile Device][Stopped/Auto Start] <"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"> [Gestion d'applications / AppMgmt][Stopped/Manual Start] %SystemRoot%\System32\appmgmts.dll> [Service d'état ASP.NET / aspnet_state][Stopped/Manual Start] [Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start] [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start] [Symantec Event Manager / ccEvtMgr][Stopped/Auto Start] <"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon> [Symantec Settings Manager / ccSetMgr][Stopped/Auto Start] <"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon> [Symantec Lic NetConnect service / CLTNetCnService][Stopped/Auto Start] <"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon> [COM Host / comHost][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe"> [Google Updater Service / gusvc][Stopped/Manual Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [HP WMI Interface / hpqwmi][Stopped/Manual Start]

[InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"> [Service de l'iPod / iPod Service][Stopped/Manual Start] <"C:\Program Files\iPod\bin\iPodService.exe"> [Validation de mot de passe Symantec IS / ISPwdSvc][Stopped/Manual Start] <"C:\Program Files\Norton Internet Security\isPwdSvc.exe"> [LightScribeService Direct Disc Labeling Service / LightScribeService][Stopped/Auto Start] <"C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"> [LiveUpdate / LiveUpdate][Stopped/Manual Start] <"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"> [LiveUpdate Notice Service Ex / LiveUpdate Notice Ex][Stopped/Auto Start] <"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon> [LiveUpdate Notice Service / LiveUpdate Notice Service][Stopped/Auto Start] <"C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"> [Norton Save and Restore / Norton Save and Restore][Stopped/Auto Start] [Norton Protection Center Service / NSCService][Stopped/Disabled] <"C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE"> [Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Stopped/Auto Start] <"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"> [Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start] [Symantec Core LC / Symantec Core LC][Stopped/Auto Start] <"C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"><> [Symantec AppCore Service / SymAppCore][Stopped/Auto Start] <"C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe"> [TrueVector Internet Monitor / vsmon][Stopped/Auto Start] ================================== Drivers [AliIde / AliIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\aliide.sys> [Pilote de processeur AMD / AmdK8][Stopped/System Start] [ASNDIS5 Protocol Driver / ASNDIS5][Stopped/Manual Start] <\??\C:\PROGRA~1\WLANCA~1\ASNDIS5.SYS> [ati2mtag / ati2mtag][Stopped/Manual Start] [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Stopped/System Start] <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys> [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start] [Pilote pour carte réseau Broadcom 802.11 / BCM43XX][Stopped/Manual Start] [Conexant AMC Audio / CAMCAUD][Stopped/Manual Start] [CAMCHALA / CAMCHALA][Stopped/Manual Start] [catchme / catchme][Running/Manual Start] <\??\C:\DOCUME~1\Rob\LOCALS~1\Temp\catchme.sys> [eabfiltr / eabfiltr][Stopped/System Start] <\??\C:\WINDOWS\system32\drivers\EABFiltr.sys> [eabusb / eabusb][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\eabusb.sys> [Symantec Eraser Control driver / eeCtrl][Stopped/System Start] <\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys> [EraserUtilRebootDrv / EraserUtilRebootDrv][Stopped/Manual Start] <\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys> [GEARAspiWDM / GEARAspiWDM][Running/Manual Start] [IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start] [Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start] [USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start] [HSFHWATI / HSFHWATI][Stopped/Manual Start] [HSF_DP / HSF_DP][Stopped/Manual Start] [kl1 / kl1][Stopped/Boot Start] <\SystemRoot\system32\DRIVERS\kl1.sys> [KLIF / KLIF][Stopped/System Start] [AEGIS Protocol (IEEE 802.1x) v2.3.1.9 / MDC8021X][Stopped/Auto Start] [mdmxsdk / mdmxsdk][Stopped/Auto Start] [NAVENG / NAVENG][Stopped/Manual Start] <\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20071129.006\NAVENG.SYS> [NAVEX15 / NAVEX15][Stopped/Manual Start] <\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20071129.006\NAVEX15.SYS> [PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start] <\??\C:\WINDOWS\system32\PCAMPR5.SYS> [PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start] <\??\C:\WINDOWS\system32\PCANDIS5.SYS> [PCASp50 NDIS Protocol Driver / PCASp50][Stopped/Manual Start] [Pilote de liaison parallèle directe / Ptilink][Stopped/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [ASUS USB Wireless LAN Driver / RT2500USB][Stopped/Manual Start] [Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Stopped/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [Pilote de périphérique SMC IrCC Miniport / SMCIRDA][Stopped/Manual Start] [SPBBCDrv / SPBBCDrv][Stopped/System Start] <\??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys> [srescan / srescan][Stopped/Boot Start] <\SystemRoot\system32\ZoneLabs\srescan.sys> [SRTSP / SRTSP][Stopped/System Start] [SRTSPL / SRTSPL][Stopped/Manual Start] [SRTSPX / SRTSPX][Stopped/System Start] [SYMDNS / SYMDNS][Stopped/Manual Start] <\SystemRoot\System32\Drivers\SYMDNS.SYS> [SymEvent / SymEvent][Stopped/Manual Start] <\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS> [SYMFW / SYMFW][Stopped/Manual Start] <\SystemRoot\System32\Drivers\SYMFW.SYS> [SYMIDS / SYMIDS][Stopped/Manual Start] <\SystemRoot\System32\Drivers\SYMIDS.SYS> [SYMIDSCO / SYMIDSCO][Stopped/Manual Start] <\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20061025.029\SymIDSCo.sys> [symlcbrd / symlcbrd][Stopped/Auto Start] <\??\C:\WINDOWS\system32\drivers\symlcbrd.sys> [SYMNDIS / SYMNDIS][Stopped/Manual Start] <\SystemRoot\System32\Drivers\SYMNDIS.SYS> [SYMREDRV / SYMREDRV][Stopped/Manual Start] <\SystemRoot\System32\Drivers\SYMREDRV.SYS> [SYMTDI / SYMTDI][Stopped/System Start] <\SystemRoot\System32\Drivers\SYMTDI.SYS> [Synaptics TouchPad Driver / SynTP][Running/Manual Start] [ViaIde / ViaIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\viaide.sys> [vsdatant / vsdatant][Stopped/System Start] [WAN Miniport (ATW) / wanatw][Stopped/Manual Start] [winachsf / winachsf][Stopped/Manual Start] [wynohuqt / wynohuqt][Stopped/Boot Start] <\SystemRoot\system32\drivers\ylfiqyhy.dat> ================================== Browser Add-ons [Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [] {1E8A6170-7264-4D0F-BEAE-D42A53123C75} [Yahoo! IE Services Button] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [] {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [Java Plug-in 1.6.0_03] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [Yahoo! IE Services Button] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [Real.com] {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [] {E023F504-0C5A-4750-A1E7-A9046DEA8A21} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [Vue HP] {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.6.0_01] {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [QDiagHUpdateObj Class] {EB387D2F-E27B-4D36-979E-847D1036C65D} [Google Script Object] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Shockwave ActiveX Control] {166B1BCA-3F9C-11CF-8075-444553540000} [] {1E8A6170-7264-4D0F-BEAE-D42A53123C75} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\MSXML3.DLL, N/A> [HtmlDlgSafeHelper Class] {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\MSXML3.DLL, N/A> [Yahoo! IE Services Button] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [Afficher Norton Toolbar] {90222687-F593-4738-B738-FBEE9C7B26DF} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [Vue HP] {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Yahoo! VersionInfo] {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} [iTunesDetector Class] {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [MessengerChecker Class] {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} [QuickTimeCheck Class] {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [Messenger Class] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <, N/A> [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\MSXML3.DLL, N/A> [Yahoo! Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [XML DOM Document 3.0] {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\MSXML3.DLL, N/A> [XML HTTP 3.0] {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\MSXML3.DLL, N/A> [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\MSXML3.DLL, N/A> [] {FDD3B846-8D59-4FFB-8758-209B6AD74ACC} [&Google Search] [&Windows Live Search] [Add to Windows &Live Favorites] [Pages liées] [Pages similaires] [Version de la page actuelle disponible dans le cache Google] ================================== Running Processes [PID: 120][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32 tdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 168][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32 tdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\CSRSRV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\basesrv.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\winsrv.dll] [Microsoft Corporation, 5.1.2600.3103 (xpsp_sp2_gdr.070316-1309)] [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)] [C:\WINDOWS\system32\KERNEL32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] [C:\WINDOWS\system32\sxs.dll] [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)] [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)] [PID: 192][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32 tdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)] [C:\WINDOWS\system32\AUTHZ.dll] [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)] [C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\NDdeApi.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\PROFMAP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)] [C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\REGAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\MSGINA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)] [C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2995 (xpsp.060913-0019)] [C:\WINDOWS\system32\COMCTL32.dll] [Microsoft Corporation, 5.82 (xpsp.060825-0040)] [C:\WINDOWS\system32\ODBC32.dll] [Microsoft Corporation, 3.525.1117.0 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\odbcint.dll] [Microsoft Corporation, 3.525.1117.0 built by: (_sqlbld)] [C:\WINDOWS\system32\SHSVCS.dll] [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] [C:\WINDOWS\system32\sfc.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)] [C:\WINDOWS\system32\Apphelp.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4121] [C:\WINDOWS\system32 saenh.dll] [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)] [C:\WINDOWS\system32\cscdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WlNotify.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WinSCard.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WTSAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5] [C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.3139] [C:\WINDOWS\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.308] [C:\WINDOWS\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.258] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\cscui.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\msv1_0.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)] [PID: 236][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32 tdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)] [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)] [C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SCESRV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\AUTHZ.dll] [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] [C:\WINDOWS\system32\umpnpmgr.dll] [Microsoft Corporation, 5.1.2600.2744 (xpsp_sp2_gdr.050822-1647)] [C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)] [C:\WINDOWS\system32\NCObjAPI.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0] [C:\WINDOWS\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Apphelp.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\eventlog.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\wtsapi32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 248][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32 tdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)] [C:\WINDOWS\system32\LSASRV.dll] [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)] [C:\WINDOWS\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)] [C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)] [C:\WINDOWS\system32\NTDSAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)] [C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SAMSRV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\cryptdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)] [C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.3139] [C:\WINDOWS\system32\MSACM32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)] [C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2995 (xpsp.060913-0019)] [C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp.060825-0040)] [C:\WINDOWS\system32\msprivs.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kerberos.dll] [Microsoft Corporation, 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522)] [C:\WINDOWS\system32\msv1_0.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)] [C:\WINDOWS\system32 etlogon.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\w32time.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0] [C:\WINDOWS\system32\schannel.dll] [Microsoft Corporation, 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226)] [C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\wdigest.dll] [Microsoft Corporation, 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516)] [C:\WINDOWS\system32 saenh.dll] [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)] [C:\WINDOWS\system32\scecli.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\dssenh.dll] [Microsoft Corporation, 5.1.2600.2133 (xpsp.040514-1639)] [PID: 396][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32 tdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)] [C:\WINDOWS\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)] [C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)] [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.3139] [C:\WINDOWS\system32\MSACM32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)] [C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2995 (xpsp.060913-0019)] [C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp.060825-0040)] [C:\WINDOWS\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32 pcss.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)] [c:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.308] [C:\WINDOWS\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.258] [C:\WINDOWS\system32\WTSAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)] [C:\WINDOWS\system32\msv1_0.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)] [C:\WINDOWS\system32\Apphelp.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 464][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32 tdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)] [C:\WINDOWS\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)] [C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)] [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.3139] [C:\WINDOWS\system32\MSACM32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)] [C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2995 (xpsp.060913-0019)] [C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp.060825-0040)] [c:\windows\system32 pcss.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)] [c:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32 saenh.dll] [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)] [C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\hnetcfg.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\wshtcpip.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)] [C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)] [C:\WINDOWS\System32\winrnr.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32 asadhlp.dll] [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)] [C:\WINDOWS\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.308] [C:\WINDOWS\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.258] [PID: 540][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe] [GRISOFT s.r.o., 7, 5, 1, 22] [C:\WINDOWS\system32 tdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19] [C:\WINDOWS\system32\SHFOLDER.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)] [C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2995 (xpsp.060913-0019)] [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)] [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] [C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)] [C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)] [C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.3139] [C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp.060825-0040)] [C:\WINDOWS\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 572][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32 tdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)] [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)] [C:\WINDOWS\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)] [C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)] [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.3139] [C:\WINDOWS\system32\MSACM32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)] [C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2995 (xpsp.060913-0019)] [C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp.060825-0040)] [C:\WINDOWS\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32\cryptsvc.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32\certcli.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32\ATL.DLL] [Microsoft Corporation, 3.05.2284] [c:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)] [C:\WINDOWS\system32\CRYPTUI.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [c:\windows\system32\ESENT.dll] [Microsoft Corporation, 5.1.2468.0 (Lab03_N(jliem).010306-1456)] [c:\windows\system32\wbem\wmisvc.dll]

Marxes · Answer

oups. Message trop grand. Le Rapport a été coupé en deux, je t'envoie la suite.

Marxes · Answer

Partie 2 du rapport SReng ;

 [c:\windows\system32\wbem\wmisvc.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\VSSAPI.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\srsvc.dll]  [Microsoft Corporation, 5.1.2600.2567 (xpsp.040919-1030)]
    [c:\windows\system32\POWRPROF.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [c:\windows\pchealth\helpctr\binaries\pchsvc.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINSTA.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Apphelp.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msi.dll]  [Microsoft Corporation, 3.1.4000.4039]
    [C:\WINDOWS\system32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
    [C:\WINDOWS\system32\wbem\wbemcore.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
    [C:\WINDOWS\system32\wbem\esscli.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wbem\wbemcomn.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wbem\FastProx.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NTDSAPI.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\WS2_32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WS2HELP.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wbem\wmiutils.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wbemepdrvfs.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wbem\wmiprvsd.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NCObjAPI.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wbem\wbemess.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32saenh.dll]  [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)]
    [C:\WINDOWS\system32\wbem
cprov.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wbem\wbemsvc.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1872][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32
tdll.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RPCRT4.dll]  [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)]
    [C:\WINDOWS\system32\BROWSEUI.dll]  [Microsoft Corporation, 6.00.2900.2995 (xpsp.060913-0019)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\msvcrt.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.2995 (xpsp.060913-0019)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\SHDOCVW.dll]  [Microsoft Corporation, 6.00.2900.2987 (xpsp.060901-0211)]
    [C:\WINDOWS\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSASN1.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CRYPTUI.dll]  [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINTRUST.dll]  [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMAGEHLP.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\WLDAP32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\VERSION.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ShimEng.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcGenral.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINMM.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSACM32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\USERENV.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMM32.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\apphelp.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\System32\cscui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\CSCDLL.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32	hemeui.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSIMG32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\LINKINFO.dll]  [Microsoft Corporation, 5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)]
    [C:\WINDOWS\system32
tshrui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ATL.DLL]  [Microsoft Corporation, 3.05.2284]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\PSAPI.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\msi.dll]  [Microsoft Corporation, 3.1.4000.4039]
    [C:\WINDOWS\system32\MLANG.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SETUPAPI.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WS2_32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WS2HELP.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINSTA.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MPR.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\drprov.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32
tlanman.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\NETUI0.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\NETUI1.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\NETRAP.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SAMLIB.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\davclnt.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Unlocker\UnlockerCOM.dll]  [N/A, ]
    [C:\Program Files\Norton Save and Restore\Browser\VProShellExt.dll]  [Symantec Corporation, 11.0.2.20309]
    [C:\WINDOWS\system32\WINSPOOL.DRV]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dbghelp.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll]  [Zone Labs, LLC, 7.0.362.000]
    [C:\Program Files\Zone Labs\ZoneAlarm\zlavscan_Loc040c.dll]  [Zone Labs Inc., 5.3.017.000]
    [C:\PROGRA~1\Yahoo!\Common\ymmapi2005010104.dll]  [Yahoo! Inc., 2005, 1, 1, 4]
    [C:\Program Files\WinRARarext.dll]  [N/A, ]
    [C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll]  [Symantec Corporation, 14.0.0.89]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccL60U.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\WINDOWS\system32\WSOCK32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.loc]  [N/A, ]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
    [C:\WINDOWS\system32\sendmail.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\zipfldr.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mydocs.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\wpdshext.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\shgina.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSGINA.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ODBC32.dll]  [Microsoft Corporation, 3.525.1117.0 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comdlg32.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\odbcint.dll]  [Microsoft Corporation, 3.525.1117.0 built by: (_sqlbld)]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\WMVCore.DLL]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\WMASF.DLL]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\wiashext.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
    [C:\WINDOWS\system32\browselc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\WINDOWS\system32\actxprxy.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NTMARTA.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 300][C:\Documents and Settings\Rob\Bureau\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32
tdll.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\comdlg32.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.2995 (xpsp.060913-0019)]
    [C:\WINDOWS\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RPCRT4.dll]  [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)]
    [C:\WINDOWS\system32\msvcrt.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\WINSPOOL.DRV]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\oledlg.dll]  [Microsoft Corporation, 1.0 (xpsp_sp2_gdr.061016-0148)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\VERSION.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSASN1.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINMM.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WS2_32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WS2HELP.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\IMM32.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RICHED20.DLL]  [Microsoft Corporation, 5.30.23.1228]
    [C:\WINDOWS\system32\NTMARTA.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WLDAP32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SAMLIB.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\apphelp.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\sfc.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINTRUST.dll]  [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMAGEHLP.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Documents and Settings\Rob\Bureau\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\RASAPI32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32asman.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\TAPI32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32tutils.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\USERENV.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
    [C:\WINDOWS\system32asadhlp.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\Winsta.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\utildll.dll]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\SETUPAPI.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32saenh.dll]  [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost

==================================
Process Privileges Scan
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


[/CODE]



Ps : bilan...

philae83 · Answer

re

bilan, y a tjs ylfiqyhy.dat à virer
je regarde après diner, me faut aller préparer le repas, sinon je vais avoir la soupe à la grimace chez moi.

@ tout à l'heure

philae83 · Answer

bonsoir suis toujours sur ton problème # Télécharge RavAntivirus d'Evosla, http://ww25.evosla.com/compteur.php?soft=rav_antivirus # Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX # Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau # Doucle-clique sur >> RAV.exe << afin de lancer l'outil. # Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles) # Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain . # Retire tes disques amovibles et redémarrez votre ordinateur. # Poste le rapport, si infection! puis Sélectionne le texte suivant : file:: c:\windows\system32\drivers\ylfiqyhy.dat # Copie le texte sélectionné (CTRL+C). # Ouvre le bloc-note (programme>Accessoire>bloc-note). # Colle le texte copié dans ce bloc-note (CTRL+V). # Sauvegarde ce fichier sous le nom de CFScript.txt # Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe # Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. # Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal! Ne touche à rien tant que le scan n'est pas terminé. # Une fois le scan achevé, un rapport va s'afficher: Poste son contenu. # Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Marxes · Answer

je viens de faire l'analyse avec RAV.

voici le log : 

[11/11/2007 20:48:15] - Virus trouvé : e:\autorun.inf
[11/11/2007 20:48:16] - Virus Supprimé avec succès == e:\autorun.inf
[11/11/2007 20:48:16] - Virus Supprimé avec succès

Par contre en dessous de (votre ordinateur est sain) il me demande si je veux réparer le registre il dit:

Analyse et supprime : SSVICHOSST : W32/Sohana-R Worm / DESTRUKTO
Répare le registre : Sohana-R Worm / DESTRUKTO

Est-ce que je donne l'ordre de réparer ?! ou je redemarre comme ca...

Je continue de faire la suite...

philae83 · Answer

oui tu répares stp

Marxes · Answer

Voila je viens de nettoyer avec RAV

le Log :

[11/12/2007 20:48:15] -  virus trouvé : e:\autorun.inf
[11/12/2007 20:48:16] -  virus Supprimé avec succès ==>e:\autorun.inf
[11/12/2007 20:48:16] -  virus Supprimé avec succès
[11/12/2007 21:01:54] -  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run  ==> réparé 
[11/12/2007 21:01:54] -  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run  ==> réparé 
[11/12/2007 21:01:54] -  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell  ==> réparé 
[11/12/2007 21:01:54] -  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule  ==> réparé 
[11/12/2007 21:01:54] -  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares  ==> réparé 
[11/12/2007 21:01:54] -  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr  ==> réparé 
[11/12/2007 21:01:54] -  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools  ==> réparé 
[11/12/2007 21:01:54] -  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions  ==> réparé 
[11/12/2007 21:01:54] -  HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title  ==> réparé 
[11/12/2007 21:01:54] -  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind  ==> réparé 
[11/12/2007 21:01:54] -  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun  ==> réparé 
[11/12/2007 21:01:54] -  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden  ==> réparé 
[11/12/2007 21:01:54] -  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun  ==> réparé 
[11/12/2007 21:01:54] -  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Explorer  ==> réparé 
[11/12/2007 21:01:54] -  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFolderOptions  ==> réparé 
[11/12/2007 21:01:54] -  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig  ==> réparé 
[11/12/2007 21:01:54] -  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR  ==> réparé 



Maintenant je redemarre en normale pour voir si cela fonctionne, sinon je retourne en MSE pour m'occuper de ylfiqyhy.dat

A tout de suite...

philae83 · Answer

Ok j'attends la suite pour voir

Marxes · Answer

Bon, la bonne nouvelle c'est que je suis en mode normal et que ca remarche.

Pour le moment j'arrive a ouvrir un fichier txt, mes programmes sembles fonctionnels, (très long a redemarrer, peut etre plus que d'habitude)

je lance combofix...

philae83 · Answer

ok
bonne news effectivement :)

Marxes · Answer

Voila voila...doucement mais surement...
Il a pas du aimer ce qu'on lui a fait, pauvre Pc!

Question : Est-ce que ca sert beaucoup que je garde norton si je continue pas l'abonnement chez eux ?! 
Peux-tu me conseiller un Anti virus gratuit et performant ?

Ps : Le rapport arrive..étape 8.

philae83 · Answer

attends avant de changer d'av, il faut terminer tout ça. J'attends le rapport pour voir la suite.

quant à norton, c'est pas compliqué, si tu ne continues pas l'abonnement, plus de mises à jour, donc complètement inutile. Il existe des antivirus gratuit très bien. J'utilise ANTIVIR et j'en suis ravie.

Marxes · Answer

Ah oui j'ai oublié de te parler de la mauvaise nouvelle dit donc..
la clé usb qui était infecté d'après RAV je l'ai utilisé quand j'ai fait certain transfert des rapports de combofix et autre quand j'était en MSE sur l'autre pc. Aïe ! 

:-)  pour l'instant tout semble ok sur celui la...

philae83 · Answer

merci pour la mauvaise nouvelle, tu en as d'autres des comme ça ? lol
tu pourras utiliser l'outil ravantivirus dessus aussi.

quant à dire si sur ce pc tout est ok, j'aimerais voir le rapport de combo stp

Marxes · Answer

Voila enfin le rapport de combofix ComboFix 07-12-08.1 - Leroy 2007-12-11 21:24:56.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.90 [GMT 1:00] Running from: C:\Documents and Settings\Leroy\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Leroy\Bureau\CFScript.txt * Created a new restore point FILE c:\windows\system32\drivers\ylfiqyhy.dat . ((((((((((((((((((((((((((((( Fichiers créés 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))))))) . 2007-12-10 18:20 . 2007-12-10 18:20 d-------- C:\Documents and Settings\Leroy\Application Data\Grisoft 2007-12-10 18:19 . 2007-12-10 18:19 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-10 18:19 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-10 18:03 . 2007-12-10 18:03 23,570,258 --a------ C:\upload_moi_B-DOG.tar.gz 2007-12-10 00:08 . 2007-12-11 16:43 d-------- C:\Hijackthis 2007-12-08 16:30 . 2007-12-08 16:33 d-------- C:\Documents and Settings\Administrateur\Application Data\AVG7 2007-12-08 13:51 . 2007-12-08 13:51 d-------- C:\VundoFix Backups 2007-12-07 20:12 . 2007-12-07 20:12 d-------- C:\Program Files\Lavasoft 2007-12-07 20:12 . 2007-12-07 20:12 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-06 13:34 . 2007-05-29 13:55 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2007-12-06 13:34 . 2007-05-29 13:55 10,592 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.cat 2007-12-06 13:34 . 2007-05-29 13:55 705 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.inf 2007-12-05 18:46 . 2007-12-05 18:46 d-------- C:\Program Files\The Weather Channel FW 2007-12-05 11:48 . 2007-12-05 11:48 d-------- C:\Program Files\Alwil Software 2007-12-04 21:40 . 2007-12-05 18:46 d-------- C:\Program Files\a-squared Free 2007-12-03 19:23 . 2007-12-03 19:24 d-------- C:\Program Files\iTunes 2007-12-03 19:16 . 2007-12-10 21:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-03 19:16 . 2007-12-03 19:16 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-03 19:09 . 2007-12-03 19:09 d-------- C:\Program Files\Apple Software Update 2007-12-02 18:36 . 2007-12-02 18:36 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-02 18:35 . 2007-06-21 21:54 75,248 --a------ C:\WINDOWS\zllsputility.exe 2007-12-02 18:35 . 2007-06-21 21:55 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2007-12-02 18:35 . 2007-06-21 21:55 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2007-12-02 18:35 . 2007-06-21 21:55 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2007-12-02 18:35 . 2007-06-21 21:55 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2007-12-02 18:35 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-12-02 18:35 . 2007-12-02 18:40 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-12-02 18:34 . 2007-12-02 18:34 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-12-02 18:34 . 2007-12-02 18:34 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-12-02 18:33 . 2007-12-11 21:32 22,358,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-02 18:33 . 2007-12-10 18:30 262,820 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-02 18:33 . 2007-05-31 00:03 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys 2007-12-02 18:31 . 2007-12-02 20:01 d-------- C:\WINDOWS\system32\ZoneLabs 2007-12-02 18:31 . 2007-06-21 21:54 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-12-02 18:31 . 2007-12-11 21:18 58,727 --a------ C:\WINDOWS\system32\vsconfig.xml 2007-12-02 18:28 . 2007-12-11 21:19 d-------- C:\WINDOWS\Internet Logs 2007-12-02 15:56 . 2007-12-09 08:00 d-------- C:\Documents and Settings\Leroy\Application Data\AVG7 2007-12-02 15:55 . 2007-12-02 15:55 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-12-02 15:54 . 2007-12-09 20:26 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-12-02 15:24 . 2007-12-02 15:24 d-------- C:\Program Files\ZNsoft Corporation 2007-12-02 15:24 . 2004-10-06 12:08 606,208 --a------ C:\WINDOWS\system32\BtnPlus1.ocx 2007-12-02 15:24 . 2004-10-06 12:24 471,040 --a------ C:\WINDOWS\system32\FraPlus1.ocx 2007-12-02 15:24 . 2000-10-01 23:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL 2007-12-02 15:24 . 1997-05-01 00:00 57,856 --a------ C:\WINDOWS\system32\DrvFacts.ocx 2007-12-01 03:02 . 2007-12-01 03:02 d-------- C:\Program Files\Windows Live Favorites 2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys 2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat 2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat 2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat 2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf 2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf 2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-29 16:29 . 2007-11-29 16:29 d-------- C:\WINDOWS\Applian FLV Player 2007-11-29 16:29 . 2007-11-29 16:29 d-------- C:\Program Files\FLV Player 2007-11-28 00:50 . 2007-12-08 14:59 d-------- C:\Program Files\eMule 2007-11-27 19:33 . 2007-01-12 23:50 215,144 --a------ C:\WINDOWS\pw32a0.dll 2007-11-27 19:30 . 2007-12-06 13:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-11-27 19:30 . 2007-12-06 13:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-11-26 11:56 . 2007-11-26 11:56 335 --a------ C:\WINDOWS\mozregistry.dat 2007-11-25 19:06 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Korg\Voisinage réseau 2007-11-25 19:06 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Korg\Voisinage d'impression 2007-11-25 19:06 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Korg\Modèles 2007-11-25 19:06 . 2007-11-25 19:07 dr-h----- C:\Documents and Settings\Korg\Mes documents 2007-11-25 19:06 . 2005-10-26 11:52 dr-h----- C:\Documents and Settings\Korg\Menu Démarrer 2007-11-25 19:06 . 2007-11-25 19:07 dr-h----- C:\Documents and Settings\Korg\Favoris 2007-11-25 19:06 . 2007-12-09 20:27 d--h----- C:\Documents and Settings\Korg\Bureau 2007-11-25 16:15 . 2007-11-25 16:15 1,156 --a------ C:\WINDOWS\mozver.dat 2007-11-25 14:49 . 2007-11-25 14:49 d-------- C:\Program Files\Lavalys 2007-11-25 03:16 . 2007-11-25 03:16 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-11-25 01:55 . 2007-11-25 01:56 d-------- C:\WINDOWS\system32\NtmsData 2007-11-25 00:52 . 2007-11-25 00:52 2 --a------ C:\WINDOWS\msoffice.ini 2007-11-25 00:27 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\PH2\Voisinage réseau 2007-11-25 00:27 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\PH2\Voisinage d'impression 2007-11-25 00:27 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\PH2\Modèles 2007-11-25 00:27 . 2007-11-25 00:34 dr------- C:\Documents and Settings\PH2\Mes documents 2007-11-25 00:27 . 2005-10-26 11:52 dr------- C:\Documents and Settings\PH2\Menu Démarrer 2007-11-25 00:27 . 2007-11-25 00:28 dr------- C:\Documents and Settings\PH2\Favoris 2007-11-25 00:27 . 2007-11-25 00:27 d-------- C:\Documents and Settings\PH2\Bureau 2007-11-24 22:45 . 2007-11-24 22:45 d-------- C:\Program Files\Windows Resource Kits 2007-11-24 00:01 . 2007-11-24 00:01 0 --a------ C:\Documents and Settings\Administrateur\Application Data\wklnhst.dat 2007-11-23 23:50 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2007-11-23 23:50 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-23 23:50 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Administrateur\Modèles 2007-11-23 23:50 . 2005-10-26 03:58 dr------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-23 23:50 . 2005-10-26 11:52 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2007-11-23 23:50 . 2005-10-26 03:58 dr------- C:\Documents and Settings\Administrateur\Favoris 2007-11-23 23:50 . 2007-12-09 20:27 d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-23 23:50 . 2005-10-26 04:27 d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec 2007-11-23 23:50 . 2005-10-26 04:25 d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer 2007-11-23 19:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-11-23 19:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2007-11-23 19:45 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-11-23 19:45 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll 2007-11-23 19:45 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-11-23 19:45 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-11-23 19:45 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-11-23 19:45 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-11 20:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2007-12-09 19:16 5,894 ----a-w C:\Documents and Settings\Leroy\Application Data\wklnhst.dat 2007-12-06 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-12-06 12:29 --------- d-----w C:\Program Files\Symantec 2007-12-06 12:28 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-12-06 12:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-03 18:23 --------- d-----w C:\Program Files\iPod 2007-12-03 18:19 --------- d-----w C:\Program Files\QuickTime 2007-12-03 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-01 02:04 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-28 14:17 --------- d-----w C:\Program Files\Java 2007-11-27 21:56 --------- d-----w C:\Program Files\Google 2007-11-27 18:55 --------- d-----w C:\Program Files\Norton Save and Restore 2007-11-27 18:42 --------- d-----w C:\Program Files\Norton Internet Security 2007-11-25 13:11 --------- d-----w C:\Program Files\Yahoo! 2007-11-25 13:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-25 13:10 --------- d-----w C:\Program Files\HPQ 2007-11-25 13:10 --------- d-----w C:\Program Files\Fichiers communs\AOL 2007-11-25 10:51 --------- d-----w C:\Program Files\Easy Internet signup 2007-11-24 23:53 --------- d-----w C:\Documents and Settings\Invité\Application Data\AOL 2007-11-24 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-11-07 13:28 68,248 ----a-w C:\Documents and Settings\Leroy\Application Data\GDIPFONTCACHEV1.DAT 2007-11-07 00:45 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-06 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-11-06 03:03 --------- d-----w C:\Program Files\MSN Messenger 2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-09-14 12:28 55,560 ----a-w C:\WINDOWS\system32\adssite-remove.exe 2007-01-28 15:51 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2006-12-28 17:36 424 ----a-w C:\Documents and Settings\Invité\Application Data\wklnhst.dat 2006-09-08 01:50 774,144 ----a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((( snapshot@2007-12-09_20.51.56.18 ))))))))))))))))))))))))))))))))))))))))) . + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\ERDNT.EXE + 2007-12-09 22:00:05 6,225,920 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\Users\[u]0[/u]0000001\ntuser.dat + 2007-12-09 22:00:05 147,456 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\Users\[u]0[/u]0000002\UsrClass.dat + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\10-12-2007\ERDNT.EXE + 2007-12-10 16:22:52 7,286,784 ----a-w C:\WINDOWS\erdnt\10-12-2007\Users\[u]0[/u]0000001\ntuser.dat + 2007-12-10 16:22:52 147,456 ----a-w C:\WINDOWS\erdnt\10-12-2007\Users\[u]0[/u]0000002\UsrClass.dat + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\AutoBackup\10-12-2007\ERDNT.EXE + 2007-12-10 00:19:30 7,286,784 ----a-w C:\WINDOWS\erdnt\AutoBackup\10-12-2007\Users\[u]0[/u]0000001\ntuser.dat + 2007-12-10 00:19:34 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\10-12-2007\Users\[u]0[/u]0000002\UsrClass.dat + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\AutoBackup\11-12-2007\ERDNT.EXE + 2007-12-11 20:12:43 7,286,784 ----a-w C:\WINDOWS\erdnt\AutoBackup\11-12-2007\Users\[u]0[/u]0000001\ntuser.dat + 2007-12-11 20:12:46 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\11-12-2007\Users\[u]0[/u]0000002\UsrClass.dat + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-10\ERDNT.EXE + 2007-12-09 23:44:35 6,230,016 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-10\Users\[u]0[/u]0000001\ntuser.dat + 2007-12-09 23:44:39 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-10\Users\[u]0[/u]0000002\UsrClass.dat + 2007-12-11 20:07:53 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_180.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-04-19 06:39] "MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [2001-07-25 09:00] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 09:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 20:05] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 21:50] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 09:59] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-09-03 00:04] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 15:17] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 13:26] "Control Center"="C:\Program Files\WLAN Card Utilities\Center.exe" [2005-02-18 16:49] "WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-09 13:28] "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2004-07-11 19:56] "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-05 16:51] "Norton Save and Restore"="C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe" [2007-03-26 15:45] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22] "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 12:54] "MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 09:00] "PicasaNet"="C:\Program Files\Hello\Hello.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-07-17 19:43] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [] C:\Documents and Settings\Rob\Menu D‚marrer\Programmes\D‚marrage\ ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-03-06 15:26:48] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys R2 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\PROGRA~1\WLANCA~1\ASNDIS5.SYS R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys S0 wynohuqt;wynohuqt;C:\WINDOWS\system32\drivers\ylfiqyhy.dat S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c943251-9d1f-11dc-8718-0014a577d395}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe *Newly Created Service* - COMHOST . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-12-08 06:41:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-07 19:00:01 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - Korg.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK: "2007-12-11 20:20:12 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\DOCUME~1\Rob\LOCALS~1\Temp\qqgtjsrb.dll . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-11 21:32:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?0?9?0??@???? ???B?????????????hLC? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-11 21:35:55 C:\ComboFix2.txt ... 2007-12-11 16:51 C:\ComboFix3.txt ... 2007-12-10 00:45 . --- E O F --- C'est bien ?!

philae83 · Answer

ce n'est pas aussi clean que j'aimerais

fait analyser ca stp
C:\Documents and Settings\Leroy\Application Data\wklnhst.dat 

et

* Télécharge CCleaner.

https://www.pcastuces.com/logitheque/ccleaner.htm

Installe le dans un répertoire dédié.

Décoche pendant l'installation

--- les deux cases "Ajouter l'option ... "

--- Contrôler les mises à jour

--- Ajouter la Barre d'Outils Yahoo! CCleaner

* Lance Ccleaner pour un nettoyage complet.

et

ensuite télécharge
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
suis le mode d'emploi

tu me diras si il a trouvé quelque chose

puis

* Copie les lignes de la citation suivante, d'un trait :

Drivers to unload:   
C:\WINDOWS\system32\drivers\fidbox.dat
C:\WINDOWS\system32\drivers\fidbox.idx 
C:\WINDOWS\system32\drivers\ylfiqyhy.dat

--> Clic droit / "copier"

Maintenant crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau" > "Document Texte".

* Ouvre-le et colle dedans ce que tu viens de copier précédemment
* Enregistre ce fichier sur ton bureau (nom : mad.txt)

* Télécharge à présent The Avenger
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
* Dézippe-le sur ton bureau et double-clique sur le fichier "avenger.exe"
* Clique sur "Ok"
* Sélectionne "Load Script from File" et clique sur l'icône en forme de dossier.
* Sélectionne le fichier mad.txt qui est sur ton bureau
* Clique sur le feu vert pour lancer le script
* Clique sur "Oui"
* Accepte de redémarrer ton pc

après le redémarrage :

* Ouvre le fichier C:\avenger.txt et copie/colle son contenu ici.

tu vas aller voir manuellement dans la base de registre si tu trouves ce qui est en gras stp
démarrer------------exécuter-------------regedit----------ok
déplie l'arborescence pour arriver jusqu'à 
tu peux également faire un copier coller de 
{7c9432 51-9d1f-11dc-8718-0014a577d395}
en faisant dans le registre Edition---------rechercher

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c9432 51-9d1f-11dc-8718-0014a577d395}
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe 

je ne comprends pas pourquoi il apparait encore après le passage de ravantivirus.

@ +

Marxes · Answer

j'utilise quoi pour analyser    C:\Documents and Settings\Leroy\Application Data\wklnhst.dat 

Virustotal ?

philae83 · Answer

oui virus total stp

Marxes · Answer

de retour,

J'ai donné un coup de CCleaner, puis de Flash_Disinfector qui n'a rien trouvé de suspect.
j'ai ensuite copié les lignes suivante

Drivers to unload:   
C:\WINDOWS\system32\drivers\fidbox.dat
C:\WINDOWS\system32\drivers\fidbox.idx 
C:\WINDOWS\system32\drivers\ylfiqyhy.dat

pour avenger qui les a traités.
Voici le résultat :



Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dkuwysmn

*******************

Script file located at: \??\C:\WINDOWS\dwufrklv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key \Registry\Machine\System\CurrentControlSet\Services\C:\WINDOWS\system32\drivers\fidbox.dat not found!
Unload of driver C:\WINDOWS\system32\drivers\fidbox.dat failed!

Could not process line:
C:\WINDOWS\system32\drivers\fidbox.dat
Status: 0xc0000034



Registry key \Registry\Machine\System\CurrentControlSet\Services\C:\WINDOWS\system32\drivers\fidbox.idx not found!
Unload of driver C:\WINDOWS\system32\drivers\fidbox.idx failed!

Could not process line:
C:\WINDOWS\system32\drivers\fidbox.idx
Status: 0xc0000034



Registry key \Registry\Machine\System\CurrentControlSet\Services\C:\WINDOWS\system32\drivers\ylfiqyhy.dat not found!
Unload of driver C:\WINDOWS\system32\drivers\ylfiqyhy.dat failed!

Could not process line:
C:\WINDOWS\system32\drivers\ylfiqyhy.dat
Status: 0xc0000034


Completed script processing.

*******************

Finished!  Terminate.





Je suis allé dans le registre manuellement, voici l'arborescence que j'ai suivi :

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c9432 51-9d1f-11dc-8718-0014a577d395}
après plus rien, juste trois ligne a droite :

(par défaut)      REG_SZ          (valeur non définie)
_AutorunStatus    REG_BINARY      01 01 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff...
BaseClass         REG_SZ          Drive



Question : C'est quoi antihost.exe ?!


Merci de ton soutien

philae83 · Answer

Je suis allé dans le registre manuellement, voici l'arborescence que j'ai suivi :

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c9432 51-9d1f-11dc-8718-0014a577d395}
après plus rien, juste trois ligne a droite :

(par défaut) REG_SZ (valeur non définie)
_AutorunStatus REG_BINARY 01 01 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff...
BaseClass REG_SZ Drive

avais tu ceci ou non 
{7c9432 51-9d1f-11dc-8718-0014a577d395}

fait un screen au besoin stp.


Question : C'est quoi antihost.exe ?! 
un petit tour ici
http://www.malekal.com/Worm.Win32.Delf.ca.php
une infection

Marxes · Answer

résultat de l'analyse du fichier wklnhst.dat :

Fichier wklnhst.dat reçu le 2007.12.11 23:37:21 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)
Information additionnelle
File size: 5894 bytes
MD5: c5caf058b1f9e4a7102323fd5a26e20d
SHA1: 5217f7db4292b8535b74f3ad5dda60ad071d45b1
PEiD: -


Je te confirme j'avais bien ce dossier dans l'arborescence :{7c9432 51-9d1f-11dc-8718-0014a577d395}
mais ca n'allais pas plus loin... (juste les 3 lignes dont je t'ai parlé)

ps : Tu ne pourras pas me dire que je ne te fait pas progresser hein ! ;-)
au faite, comment je  peux envoyer un screen sur ce site ?!

philae83 · Answer

si on progresse, moi avec.....merci merci :) je m'ennuyais le" soir lol

pour le screen, tu passes par un site du style
https://www.enregistrersous.com/

edit : je reviens

philae83 · Answer

bon on reprend comme ceci maintenant

1 tu vas refaire une nouvelle sauvegarde d'erunt
tuto ici point 2
http://pageperso.aol.fr/loraline60/tuto_erunt.htm


puis

2 Sélectionne le texte suivant :

   
Driver::
wynohuqt

Registry::
[-HKEY_CURRENT_USER \software\microsoft\windows\currentversion\explorer\mountpoints2\{7c9432 51-9d1f-11dc-8718-0014a577d395}]

File::
C:\WINDOWS\system32\drivers\ylfiqyhy.dat 

# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


3 reviens avec un nouveau rapport hijackthis + un nouveau rapport SREng et le rapport de combo bien sûr suite à la manip

.

Marxes · Answer

Je me mets au travail... 

A tout de suite.

philae83 · Answer

apparemment, tu n'es pas revenu, j'espère que tu n'as pas de nouveaux soucis

possible que j'aille me coucher bientôt, serais là demain en soirée peut être pas avant

Marxes · Answer

Tu es la ?

philae83 · Answer

oui

Marxes · Answer

Je ne sais pas si tu es allée te coucher, si c'est le cas, bonne soirée et beau reve. A tout cas voila pour commencer le rapport Combofix : (la suite arrive rapport hijack et SReng) ComboFix 07-12-08.1 - Leroy 2007-12-12 0:25:01.5 - NTFSx86 Running from: C:\Documents and Settings\Leroy\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Leroy\Bureau\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\drivers\ylfiqyhy.dat . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))))))) . 2007-12-10 18:20 . 2007-12-10 18:20 d-------- C:\Documents and Settings\Leroy\Application Data\Grisoft 2007-12-10 18:19 . 2007-12-10 18:19 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-10 18:19 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-10 18:03 . 2007-12-10 18:03 23,570,258 --a------ C:\upload_moi_B-DOG.tar.gz 2007-12-10 00:12 . 2007-12-10 00:13 d-------- C:\CCleaner 2007-12-10 00:08 . 2007-12-11 16:43 d-------- C:\Hijackthis 2007-12-08 16:30 . 2007-12-08 16:33 d-------- C:\Documents and Settings\Administrateur\Application Data\AVG7 2007-12-08 13:51 . 2007-12-08 13:51 d-------- C:\VundoFix Backups 2007-12-07 20:12 . 2007-12-07 20:12 d-------- C:\Program Files\Lavasoft 2007-12-07 20:12 . 2007-12-07 20:12 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-06 13:34 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2007-12-06 13:34 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat 2007-12-06 13:34 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf 2007-12-05 18:46 . 2007-12-05 18:46 d-------- C:\Program Files\The Weather Channel FW 2007-12-05 11:48 . 2007-12-05 11:48 d-------- C:\Program Files\Alwil Software 2007-12-04 21:40 . 2007-12-05 18:46 d-------- C:\Program Files\a-squared Free 2007-12-03 19:23 . 2007-12-03 19:24 d-------- C:\Program Files\iTunes 2007-12-03 19:16 . 2007-12-10 21:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-03 19:16 . 2007-12-03 19:16 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-03 19:09 . 2007-12-03 19:09 d-------- C:\Program Files\Apple Software Update 2007-12-02 18:36 . 2007-12-02 18:36 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-02 18:35 . 2007-06-21 21:54 75,248 --a------ C:\WINDOWS\zllsputility.exe 2007-12-02 18:35 . 2007-06-21 21:55 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2007-12-02 18:35 . 2007-06-21 21:55 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2007-12-02 18:35 . 2007-06-21 21:55 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2007-12-02 18:35 . 2007-06-21 21:55 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2007-12-02 18:35 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-12-02 18:35 . 2007-12-02 18:40 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-12-02 18:34 . 2007-12-02 18:34 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-12-02 18:34 . 2007-12-02 18:34 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-12-02 18:33 . 2007-12-12 00:40 22,423,584 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-02 18:33 . 2007-12-12 00:34 263,828 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-02 18:33 . 2007-05-31 00:03 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys 2007-12-02 18:31 . 2007-12-02 20:01 d-------- C:\WINDOWS\system32\ZoneLabs 2007-12-02 18:31 . 2007-06-21 21:54 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-12-02 18:31 . 2007-12-12 00:35 58,727 --a------ C:\WINDOWS\system32\vsconfig.xml 2007-12-02 18:28 . 2007-12-12 00:18 d-------- C:\WINDOWS\Internet Logs 2007-12-02 15:56 . 2007-12-09 08:00 d-------- C:\Documents and Settings\Leroy\Application Data\AVG7 2007-12-02 15:55 . 2007-12-02 15:55 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-12-02 15:54 . 2007-12-09 20:26 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-12-02 15:24 . 2007-12-02 15:24 d-------- C:\Program Files\ZNsoft Corporation 2007-12-02 15:24 . 2004-10-06 12:08 606,208 --a------ C:\WINDOWS\system32\BtnPlus1.ocx 2007-12-02 15:24 . 2004-10-06 12:24 471,040 --a------ C:\WINDOWS\system32\FraPlus1.ocx 2007-12-02 15:24 . 2000-10-01 23:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL 2007-12-02 15:24 . 1997-05-01 00:00 57,856 --a------ C:\WINDOWS\system32\DrvFacts.ocx 2007-12-01 03:02 . 2007-12-01 03:02 d-------- C:\Program Files\Windows Live Favorites 2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys 2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat 2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat 2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat 2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf 2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf 2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-29 16:29 . 2007-11-29 16:29 d-------- C:\WINDOWS\Applian FLV Player 2007-11-29 16:29 . 2007-11-29 16:29 d-------- C:\Program Files\FLV Player 2007-11-28 00:50 . 2007-12-08 14:59 d-------- C:\Program Files\eMule 2007-11-27 19:33 . 2007-01-12 23:50 215,144 --a------ C:\WINDOWS\pw32a0.dll 2007-11-27 19:30 . 2007-12-06 13:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-11-27 19:30 . 2007-12-06 13:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-11-26 11:56 . 2007-11-26 11:56 335 --a------ C:\WINDOWS\mozregistry.dat 2007-11-25 19:06 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Korg\Voisinage r‚seau 2007-11-25 19:06 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Korg\Voisinage d'impression 2007-11-25 19:06 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Korg\ModŠles 2007-11-25 19:06 . 2007-11-25 19:07 dr-h----- C:\Documents and Settings\Korg\Mes documents 2007-11-25 19:06 . 2005-10-26 11:52 dr-h----- C:\Documents and Settings\Korg\Menu D‚marrer 2007-11-25 19:06 . 2007-11-25 19:07 dr-h----- C:\Documents and Settings\Korg\Favoris 2007-11-25 19:06 . 2007-12-09 20:27 d--h----- C:\Documents and Settings\Korg\Bureau 2007-11-25 16:15 . 2007-11-25 16:15 1,156 --a------ C:\WINDOWS\mozver.dat 2007-11-25 14:49 . 2007-11-25 14:49 d-------- C:\Program Files\Lavalys 2007-11-25 03:16 . 2007-11-25 03:16 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-11-25 01:55 . 2007-11-25 01:56 d-------- C:\WINDOWS\system32\NtmsData 2007-11-25 00:52 . 2007-11-25 00:52 2 --a------ C:\WINDOWS\msoffice.ini 2007-11-25 00:27 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\PH2\Voisinage r‚seau 2007-11-25 00:27 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\PH2\Voisinage d'impression 2007-11-25 00:27 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\PH2\ModŠles 2007-11-25 00:27 . 2007-11-25 00:34 dr------- C:\Documents and Settings\PH2\Mes documents 2007-11-25 00:27 . 2005-10-26 11:52 dr------- C:\Documents and Settings\PH2\Menu D‚marrer 2007-11-25 00:27 . 2007-11-25 00:28 dr------- C:\Documents and Settings\PH2\Favoris 2007-11-25 00:27 . 2007-11-25 00:27 d-------- C:\Documents and Settings\PH2\Bureau 2007-11-24 22:45 . 2007-11-24 22:45 d-------- C:\Program Files\Windows Resource Kits 2007-11-24 00:01 . 2007-11-24 00:01 0 --a------ C:\Documents and Settings\Administrateur\Application Data\wklnhst.dat 2007-11-23 23:50 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2007-11-23 23:50 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-23 23:50 . 2005-10-26 11:52 d--h----- C:\Documents and Settings\Administrateur\ModŠles 2007-11-23 23:50 . 2005-10-26 03:58 dr------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-23 23:50 . 2005-10-26 11:52 dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2007-11-23 23:50 . 2005-10-26 03:58 dr------- C:\Documents and Settings\Administrateur\Favoris 2007-11-23 23:50 . 2007-12-09 20:27 d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-23 23:50 . 2005-10-26 04:27 d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec 2007-11-23 23:50 . 2005-10-26 04:25 d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer 2007-11-23 19:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-11-23 19:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2007-11-23 19:45 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-11-23 19:45 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll 2007-11-23 19:45 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-11-23 19:45 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-11-23 19:45 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-11-23 19:45 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-11 23:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2007-12-11 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-12-09 19:16 5,894 ----a-w C:\Documents and Settings\Leroy\Application Data\wklnhst.dat 2007-12-06 12:29 --------- d-----w C:\Program Files\Symantec 2007-12-06 12:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-03 18:23 --------- d-----w C:\Program Files\iPod 2007-12-03 18:19 --------- d-----w C:\Program Files\QuickTime 2007-12-03 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-01 02:04 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-28 14:17 --------- d-----w C:\Program Files\Java 2007-11-27 21:56 --------- d-----w C:\Program Files\Google 2007-11-27 18:55 --------- d-----w C:\Program Files\Norton Save and Restore 2007-11-27 18:42 --------- d-----w C:\Program Files\Norton Internet Security 2007-11-25 13:11 --------- d-----w C:\Program Files\Yahoo! 2007-11-25 13:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-25 13:10 --------- d-----w C:\Program Files\HPQ 2007-11-25 13:10 --------- d-----w C:\Program Files\Fichiers communs\AOL 2007-11-25 10:51 --------- d-----w C:\Program Files\Easy Internet signup 2007-11-24 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-11-07 13:28 68,248 ----a-w C:\Documents and Settings\Leroy\Application Data\GDIPFONTCACHEV1.DAT 2007-11-07 00:45 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-06 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-11-06 03:03 --------- d-----w C:\Program Files\MSN Messenger 2007-01-28 15:51 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2006-09-08 01:50 774,144 ----a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((( snapshot@2007-12-09_20.51.56.18 ))))))))))))))))))))))))))))))))))))))))) . + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\ERDNT.EXE + 2007-12-09 22:00:05 6,225,920 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\Users\[u]0[/u]0000001\ntuser.dat + 2007-12-09 22:00:05 147,456 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\Users\[u]0[/u]0000002\UsrClass.dat + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\10-12-2007\ERDNT.EXE + 2007-12-10 16:22:52 7,286,784 ----a-w C:\WINDOWS\erdnt\10-12-2007\Users\[u]0[/u]0000001\ntuser.dat + 2007-12-10 16:22:52 147,456 ----a-w C:\WINDOWS\erdnt\10-12-2007\Users\[u]0[/u]0000002\UsrClass.dat + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\12-12-2007\ERDNT.EXE + 2007-12-11 23:17:36 7,286,784 ----a-w C:\WINDOWS\erdnt\12-12-2007\Users\[u]0[/u]0000001\ntuser.dat + 2007-12-11 23:17:37 147,456 ----a-w C:\WINDOWS\erdnt\12-12-2007\Users\[u]0[/u]0000002\UsrClass.dat + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\AutoBackup\10-12-2007\ERDNT.EXE + 2007-12-10 00:19:30 7,286,784 ----a-w C:\WINDOWS\erdnt\AutoBackup\10-12-2007\Users\[u]0[/u]0000001\ntuser.dat + 2007-12-10 00:19:34 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\10-12-2007\Users\[u]0[/u]0000002\UsrClass.dat + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\AutoBackup\11-12-2007\ERDNT.EXE + 2007-12-11 20:12:43 7,286,784 ----a-w C:\WINDOWS\erdnt\AutoBackup\11-12-2007\Users\[u]0[/u]0000001\ntuser.dat + 2007-12-11 20:12:46 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\11-12-2007\Users\[u]0[/u]0000002\UsrClass.dat + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-10\ERDNT.EXE + 2007-12-09 23:44:35 6,230,016 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-10\Users\[u]0[/u]0000001\ntuser.dat + 2007-12-09 23:44:39 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-10\Users\[u]0[/u]0000002\UsrClass.dat + 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2007-12-11 23:39:15 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_a04.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-04-19 06:39] "MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [2001-07-25 09:00] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 09:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 20:05] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 21:50] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 09:59] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-09-03 00:04] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 15:17] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 13:26] "Control Center"="C:\Program Files\WLAN Card Utilities\Center.exe" [2005-02-18 16:49] "WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-09 13:28] "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2004-07-11 19:56] "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-05 16:51] "Norton Save and Restore"="C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe" [2007-03-26 15:45] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22] "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 12:54] "MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 09:00] "PicasaNet"="C:\Program Files\Hello\Hello.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-07-17 19:43] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) *Newly Created Service* - ASNDIS5 *Newly Created Service* - COMHOST . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-12-08 06:41:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-07 19:00:01 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - Korg.job" "2007-12-11 23:20:04 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\DOCUME~1\Leroy\LOCALS~1\Temp\qqgtjsrb.dll . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-12 00:39:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?0?9?0??p???? ???B?????????????hLC? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ASNDIS5] "ImagePath"="\??\C:\PROGRA~1\WLANCA~1\ASNDIS5.SYS" . Completion time: 2007-12-12 0:49:50 - machine was rebooted C:\ComboFix2.txt ... 2007-12-11 21:35 C:\ComboFix3.txt ... 2007-12-11 16:51 . --- E O F --- voila pour ça.

Marxes · Answer

On pourra reprendre plus tard si tu veux.
Tu va etre completement décalée par ma faute.

J'suis impardonnable !

philae83 · Answer

j'attendais que tu reviennes, je suis sur un autre topic, je reviens ensuite

regarder le rapport

Marxes · Answer

Pas de probleme, je suis sur le point de faire le scan Hijack / SReng
ps : Qu'est-ce que ça rame...

philae83 · Answer

ça rame ? pourtant ca a l'air pas mal du tout.

juste ceci :

DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\Leroy\LOCALS~1\Temp\qqgtjsrb.dll  
peux tu regarder manuellement en ayant affiché les fichiers et dossiers cachés, si tu vois la dll stp. Vide tout le contenu de temp de toute manière.

Marxes · Answer

apres le rapport combofix, voila la rapport hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:12:52, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\WLAN Card Utilities\Center.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] ; C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] ; "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LSBWatcher] ; c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] ; "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [PicasaNet] ; "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] ; C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [googletalk] ; "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MoneyAgent] ; "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [msnmsgr] ; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ; "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/fr/check/qdiagh.cab?326
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Marxes · Answer

A dire vrai je trouve meme pas le chemin d'acces

C:\DOCUME~1\Leroy\LOCALS~1\Temp\qqgtjsrb.dll

DOCUME~1    ???? J'arrive pas a le voir...

edit : C:\Documents and Settings\Leroy\Local Settings\Temp  ???

philae83 · Answer

si il faut faire

c:\documents & settings\leroy\local setting	emp

pour le rapport hijackthis il est ok mais il l'était déjà :)

je crois que je vais m'arrêter là on continuera demain n'oublie pas de poster sreng, et de me dire pour le dossier TEMP

bonne nuit

Marxes · Answer

Bonne nuit

A demain.

Marxes · Answer

Il est tard mais je voulais finir, Alors pour l'info : c:\documents & settings\leroy\local setting emp dans le fichier "temp" pas de "qqgtjsrb.dll" suspect. Juste 2 elements "JET3C07.tmp" & "Perflib_Perfdata_88.dat" Je vide le dossier Temp ?! (En 2 post) Voila le rapport SRENG que tu voulais : [CODE] 2007-12-12,01:37:58 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart> [Google] <; "C:\Program Files\Microsoft Money\System\Money Express.exe"> [Microsoft Corporation] <; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation] <; "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet> [(Verified)Yahoo! Inc.] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.] [(Verified)Microsoft Windows Publisher] [Hewlett-Packard Company] <"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation] [Hewlett-Packard ] [] [] [Microsoft® Corporation] [Microsoft® Corporation] [Microsoft® Corporation] <"C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"> [(Verified)Symantec Corporation] <"C:\Program Files\Norton Internet Security\osCheck.exe"> [(Verified)Symantec Corporation] <"C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"> [N/A] <"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"> [(Verified)Check Point Software Technologies Ltd.] <"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."] <"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD] <; C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe> [Hewlett-Packard Co.] <; "C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)"Apple Computer, Inc."] <; c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe> [Hewlett-Packard Company] <; "C:\Program Files\Microsoft Money\System\Activation.exe"> [Microsoft Corporation] <; "C:\Program Files\Hello\Hello.exe" -b> [N/A] <; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.] <; C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}> [(Verified)GRISOFT LTD] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] ================================== Startup Folders [HP Digital Imaging Monitor] C:\PROGRA~1\Hp\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]> [ERUNT AutoBackup] C:\PROGRA~1\ERUNT\AUTOBACK.EXE [N/A]> ================================== Services [Apple Mobile Device / Apple Mobile Device][Running/Auto Start] <"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"> [Gestion d'applications / AppMgmt][Stopped/Manual Start] %SystemRoot%\System32\appmgmts.dll> [Service d'état ASP.NET / aspnet_state][Stopped/Manual Start] [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start] [Symantec Event Manager / ccEvtMgr][Running/Auto Start] <"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon> [Symantec Settings Manager / ccSetMgr][Running/Auto Start] <"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon> [Symantec Lic NetConnect service / CLTNetCnService][Running/Auto Start] <"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon> [COM Host / comHost][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe"> [Google Updater Service / gusvc][Stopped/Manual Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [HP WMI Interface / hpqwmi][Running/Manual Start]

[InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"> [Service de l'iPod / iPod Service][Stopped/Manual Start] <"C:\Program Files\iPod\bin\iPodService.exe"> [Validation de mot de passe Symantec IS / ISPwdSvc][Stopped/Manual Start] <"C:\Program Files\Norton Internet Security\isPwdSvc.exe"> [LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start] <"C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"> [LiveUpdate / LiveUpdate][Stopped/Manual Start] <"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"> [LiveUpdate Notice Service Ex / LiveUpdate Notice Ex][Running/Auto Start] <"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon> [LiveUpdate Notice Service / LiveUpdate Notice Service][Stopped/Auto Start] <"C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"> [Norton Save and Restore / Norton Save and Restore][Running/Auto Start] [Norton Protection Center Service / NSCService][Stopped/Disabled] <"C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE"> [Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Stopped/Auto Start] <"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"> [Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start] [Symantec Core LC / Symantec Core LC][Running/Auto Start] <"C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"><> [Symantec AppCore Service / SymAppCore][Running/Auto Start] <"C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe"> [TrueVector Internet Monitor / vsmon][Stopped/Auto Start] ================================== Drivers [AliIde / AliIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\aliide.sys> [Pilote de processeur AMD / AmdK8][Running/System Start] [ati2mtag / ati2mtag][Running/Manual Start] [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start] <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys> [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start] [Pilote pour carte réseau Broadcom 802.11 / BCM43XX][Running/Manual Start] [Conexant AMC Audio / CAMCAUD][Running/Manual Start] [CAMCHALA / CAMCHALA][Running/Manual Start] [catchme / catchme][Running/Manual Start] <\??\C:\DOCUME~1\Leroy\LOCALS~1\Temp\catchme.sys> [eabfiltr / eabfiltr][Running/System Start] <\??\C:\WINDOWS\system32\drivers\EABFiltr.sys> [eabusb / eabusb][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\eabusb.sys> [Symantec Eraser Control driver / eeCtrl][Running/System Start] <\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys> [EraserUtilRebootDrv / EraserUtilRebootDrv][Running/Manual Start] <\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys> [GEARAspiWDM / GEARAspiWDM][Running/Manual Start] [IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start] [Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start] [USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start] [HSFHWATI / HSFHWATI][Running/Manual Start] [HSF_DP / HSF_DP][Running/Manual Start] [kl1 / kl1][Running/Boot Start] <\SystemRoot\system32\DRIVERS\kl1.sys> [KLIF / KLIF][Running/System Start] [AEGIS Protocol (IEEE 802.1x) v2.3.1.9 / MDC8021X][Running/Auto Start] [mdmxsdk / mdmxsdk][Running/Auto Start] [NAVENG / NAVENG][Running/Manual Start] <\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20071129.006\NAVENG.SYS> [NAVEX15 / NAVEX15][Running/Manual Start] <\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20071129.006\NAVEX15.SYS> [PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start] <\??\C:\WINDOWS\system32\PCAMPR5.SYS> [PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start] <\??\C:\WINDOWS\system32\PCANDIS5.SYS> [PCASp50 NDIS Protocol Driver / PCASp50][Stopped/Manual Start] [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [ASUS USB Wireless LAN Driver / RT2500USB][Stopped/Manual Start] [Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [Pilote de périphérique SMC IrCC Miniport / SMCIRDA][Stopped/Manual Start] [SPBBCDrv / SPBBCDrv][Running/System Start] <\??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys> [srescan / srescan][Running/Boot Start] <\SystemRoot\system32\ZoneLabs\srescan.sys> [SRTSP / SRTSP][Running/System Start] [SRTSPL / SRTSPL][Stopped/Manual Start] [SRTSPX / SRTSPX][Running/System Start] [SYMDNS / SYMDNS][Running/Manual Start] <\SystemRoot\System32\Drivers\SYMDNS.SYS> [SymEvent / SymEvent][Running/Manual Start] <\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS> [SYMFW / SYMFW][Running/Manual Start] <\SystemRoot\System32\Drivers\SYMFW.SYS> [SYMIDS / SYMIDS][Running/Manual Start] <\SystemRoot\System32\Drivers\SYMIDS.SYS> [SYMIDSCO / SYMIDSCO][Running/Manual Start] <\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20061025.029\SymIDSCo.sys> [symlcbrd / symlcbrd][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\symlcbrd.sys> [SYMNDIS / SYMNDIS][Running/Manual Start] <\SystemRoot\System32\Drivers\SYMNDIS.SYS> [SYMREDRV / SYMREDRV][Running/Manual Start] <\SystemRoot\System32\Drivers\SYMREDRV.SYS> [SYMTDI / SYMTDI][Running/System Start] <\SystemRoot\System32\Drivers\SYMTDI.SYS> [Synaptics TouchPad Driver / SynTP][Running/Manual Start] [ViaIde / ViaIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\viaide.sys> [vsdatant / vsdatant][Running/System Start] [WAN Miniport (ATW) / wanatw][Stopped/Manual Start] [winachsf / winachsf][Running/Manual Start] [ASNDIS5 Protocol Driver / ASNDIS5][Running/Manual Start] <\??\C:\PROGRA~1\WLANCA~1\ASNDIS5.SYS> ================================== Browser Add-ons [Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [] {1E8A6170-7264-4D0F-BEAE-D42A53123C75} [Yahoo! IE Services Button] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [] {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [Java Plug-in 1.6.0_03] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [Yahoo! IE Services Button] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [Real.com] {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [] {E023F504-0C5A-4750-A1E7-A9046DEA8A21} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [Vue HP] {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.6.0_01] {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [QDiagHUpdateObj Class] {EB387D2F-E27B-4D36-979E-847D1036C65D} [Google Script Object] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Shockwave ActiveX Control] {166B1BCA-3F9C-11CF-8075-444553540000} [] {1E8A6170-7264-4D0F-BEAE-D42A53123C75} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\MSXML3.DLL, N/A> [HtmlDlgSafeHelper Class] {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\MSXML3.DLL, N/A> [Yahoo! IE Services Button] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [Afficher Norton Toolbar] {90222687-F593-4738-B738-FBEE9C7B26DF} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [Vue HP] {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Yahoo! VersionInfo] {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} [iTunesDetector Class] {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [MessengerChecker Class] {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} [QuickTimeCheck Class] {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [Messenger Class] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <, N/A> [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\MSXML3.DLL, N/A> [Yahoo! Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [XML DOM Document 3.0] {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\MSXML3.DLL, N/A> [XML HTTP 3.0] {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\MSXML3.DLL, N/A> [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\MSXML3.DLL, N/A> [] {FDD3B846-8D59-4FFB-8758-209B6AD74ACC} [&Google Search] [&Windows Live Search] [Add to Windows &Live Favorites] [Pages liées] [Pages similaires] [Version de la page actuelle disponible dans le cache Google]

Marxes · Answer

La suite du rapport SReng :

==================================
Running Processes
[PID: 716 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 788 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 820 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4121]
    [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 864 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 876 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1040 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4121]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2499]
[PID: 1064 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1180 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1220 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1356 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1404 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[PID: 1788 / SYSTEM][C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe]  [Symantec Corporation, 106.0.1.10]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccL60U.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccSvc.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccSet.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\CCSETPLG.DLL]  [Symantec Corporation, 106.0.1.10]
    [C:\PROGRA~1\NORTON~1\NORTON~1\AVPSVC32.DLL]  [Symantec Corporation, 14.0.0.89]
    [C:\PROGRA~1\NORTON~1\NORTON~1\AVPSVC32.loc]  [Symantec Corporation, 14.0.0.89]
    [C:\Program Files\Norton Internet Security\Norton AntiVirus\AVSubmit.dll]  [Symantec Corporation, 14.0.0.89]
    [C:\Program Files\Norton Internet Security\Norton AntiVirus\AVSubmit.loc]  [Symantec Corporation, 14.0.0.89]
    [C:\PROGRA~1\NORTON~1\ISDATASV.DLL]  [Symantec Corporation, 10.0.0.247]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\NPC\NPCWMIMN.DLL]  [Symantec Corporation, 2007.4.00.2]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\SNDSVC.DLL]  [Symantec Corporation, 7.0.0.170]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccL60.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\SUBMIS~1\SUBENG.DLL]  [Symantec Corporation, 2.0.0.164]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\SUBMIS~1\SUBRES.loc]  [Symantec Corporation, 2.0.0.164]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\SPBBC\TPROCPLG.DLL]  [Symantec Corporation, 3.0.1.10]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\CCEVTPLG.DLL]  [Symantec Corporation, 106.0.1.10]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\PIF\{B8E1D~1\PIFENG.DLL]  [Symantec Corporation, 1.2.0.18]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccEvtCli.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\FIREWALL\FWAGENT.DLL]  [Symantec Corporation, 2.0.2.5]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\SPBBC\SPBBCEVT.DLL]  [Symantec Corporation, 3.0.1.10]
    [C:\Program Files\Norton Internet Security\SetEvtHp.dll]  [Symantec Corporation, 10.0.0.247]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\SRTSP\SRTSP32.DLL]  [Symantec Corporation, 10.2.2.6]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\CCLOGIN.DLL]  [Symantec Corporation, 104.0.3.10]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\ccL40.dll]  [Symantec Corporation, 104.0.3.10]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\CCSETEVT.DLL]  [Symantec Corporation, 106.0.1.10]
    [C:\WINDOWS\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\NORTON~1\ISSVC.DLL]  [Symantec Corporation, 10.0.0.86]
    [C:\PROGRA~1\NORTON~1\NORTON~1\NAVEVENT.DLL]  [Symantec Corporation, 14.0.0.89]
    [C:\WINDOWS\system32\SymNeti.dll]  [Symantec Corporation, 7.0.0.170]
    [C:\Program Files\Norton Internet Security\isDataCl.dll]  [Symantec Corporation, 10.0.0.247]
    [C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus\AVIfc.dll]  [Symantec Corporation, 1.0.00.194]
    [C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppMgr32.dll]  [Symantec Corporation, 1.0.00.101]
    [C:\Program Files\Fichiers communs\Symantec Shared\Firewall\FWHelper.dll]  [Symantec Corporation, 2.0.2.5]
    [C:\Program Files\Norton Internet Security\fwPlugin.dll]  [Symantec Corporation, 10.0.0.247]
    [C:\Program Files\Fichiers communs\Symantec Shared\NcoItf.dll]  [Symantec Corporation, 2007.1.00.133]
    [C:\Program Files\Norton Internet Security\fwEvent.dll]  [Symantec Corporation, 10.0.0.247]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\OPC\{31011~1\CLTNETCN.DLL]  [Symantec Corporation, 7.0.0.108]
    [C:\Program Files\Norton Internet Security\IMCfg.dll]  [Symantec Corporation, 10.0.0.247]
    [C:\Program Files\Fichiers communs\Symantec Shared\NPC
pcWmiDt.dll]  [Symantec Corporation, 2007.4.00.2]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\PIF\{B8E1D~1\PollMgr.dll]  [Symantec Corporation, 1.2.0.18]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\SUBMIS~1\SubConn.dll]  [Symantec Corporation, 2.0.0.164]
[PID: 1988 / Leroy][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4121]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2499]
[PID: 136 / Leroy][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Unlocker\UnlockerCOM.dll]  [N/A, ]
    [C:\Program Files\Norton Save and Restore\Browser\VProShellExt.dll]  [Symantec Corporation, 11.0.2.20309]
    [C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll]  [Zone Labs, LLC, 7.0.362.000]
    [C:\Program Files\Zone Labs\ZoneAlarm\zlavscan_Loc040c.dll]  [Zone Labs Inc., 5.3.017.000]
    [C:\PROGRA~1\Yahoo!\Common\ymmapi2005010104.dll]  [Yahoo! Inc., 2005, 1, 1, 4]
    [C:\Program Files\WinRARarext.dll]  [N/A, ]
    [C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll]  [Symantec Corporation, 14.0.0.89]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccL60U.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.loc]  [N/A, ]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
    [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\wpdshext.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
    [C:\WINDOWS\system32\MSCOREE.DLL]  [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [C:\Program Files\Microsoft Money\System\urlmapps.dll]  [Microsoft Corporation, 10.00.0831]
    [C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll]  [Hewlett-Packard Company, 1.0.0.7]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\Program Files\Microsoft Money\System\mnyviewer.dll]  [Microsoft Corporation, 10.00.0831]
    [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
[PID: 428 / SYSTEM][C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe]  [Symantec Corporation, 1.0.00.101]
    [C:\WINDOWS\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccL60U.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppMgr32.dll]  [Symantec Corporation, 1.0.00.101]
    [C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSet32.dll]  [Symantec Corporation, 1.0.00.101]
    [C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus\AVScan.dll]  [Symantec Corporation, 1.0.00.194]
    [C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus\AV.loc]  [Symantec Corporation, 1.0.00.194]
    [C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus\avDefMgr.dll]  [Symantec Corporation, 1.0.00.194]
    [C:\Program Files\Fichiers communs\Symantec Shared\DefUtDCD.dll]  [Symantec Corporation, 3.2.10.0]
    [C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus\avModule.dll]  [Symantec Corporation, 1.0.00.194]
    [C:\Program Files\Fichiers communs\Symantec Shared\QBackup.dll]  [Symantec Corporation, 1.0.00.194]
    [C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus\AVExclu.dll]  [Symantec Corporation, 1.0.00.194]
    [C:\Program Files\Fichiers communs\Symantec Shared\SRTSP\Srtsp32.dll]  [Symantec Corporation, 10.2.2.6]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccScanw.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\Program Files\Fichiers communs\Symantec Shared\ecmldr32.DLL]  [Symantec Corporation, 61.3.0.17]
    [C:\Program Files\Fichiers communs\Symantec Shared\MSL\msl.dll]  [Symantec Corporation, 5.0.069.000]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\ccEvtCli.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccSvc.dll]  [Symantec Corporation, 106.0.1.10]
[PID: 540 / SYSTEM][C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe]  [, ]
    [C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcnet.dll]  [, ]
[PID: 1372 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\hpzsnt07.dll]  [HP, 2,140,0,0]
[PID: 204 / SYSTEM][C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe]  [Apple, Inc., 1, 14, 0, 0]
[PID: 1004 / Leroy][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5168]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5168]
    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.FRA]  [ATI Technologies, Inc., 6.14.10.5168]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5168]
[PID: 2140 / SYSTEM][C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe]  [Hewlett-Packard Company, 1.4.44.1]
    [C:\Program Files\Fichiers communs\LightScribe\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Fichiers communs\LightScribe\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 2228 / Leroy][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  [Synaptics, Inc., 8.0.13 17Jun05]
    [C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 8.0.13 17Jun05]
    [C:\WINDOWS\system32\SynTPAPI.dll]  [Synaptics, Inc., 8.0.13 17Jun05]
[PID: 2564 / SYSTEM][C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe]  [Symantec Corporation, 11.0.2.20309]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.3.10]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\Program Files\Norton Save and Restore\Shared\VProObj.dll]  [Symantec Corporation, 11.0.2.20309]
    [C:\Program Files\Norton Save and Restore\Shared\NotifyHandler.dll]  [Symantec Corporation, 11.0.2.20309]
    [C:\Program Files\Norton Save and Restore\shared\ErrorGui.dll]  [Symantec Corporation, 11.0.2.20309]
    [C:\Program Files\Norton Save and Restore\Shared\VProScheduler.dll]  [Symantec Corporation, 11.0.2.20309]
    [C:\Program Files\Norton Save and Restore\Agent\VProImaging.dll]  [Symantec Corporation, 11.0.2.20309]
    [C:\Program Files\Norton Save and Restore\Shared\FileBackup.dll]  [Symantec Corporation, 11.0.2.20309]
    [C:\Program Files\Norton Save and Restore\Agent\gwrks32.dll]  [GEAR-Software, 3.53.002.08]
    [C:\Program Files\Norton Save and Restore\Agent\GEARAW32.dll]  [GEAR-Software, 3.53.002.08]
    [C:\Program Files\Norton Save and Restore\Agent\gwlangEN.dll]  [GEAR-Software, 3.53.002.08]
[PID: 3044 / Leroy][C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe]  [Symantec Corporation, 106.0.1.10]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccL60U.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\WINDOWS\system32\SymNeti.dll]  [Symantec Corporation, 7.0.0.170]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccSvc.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccSet.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppPlg32.dll]  [Symantec Corporation, 1.0.00.101]
    [C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppMgr32.dll]  [Symantec Corporation, 1.0.00.101]
    [C:\WINDOWS\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSet32.dll]  [Symantec Corporation, 1.0.00.101]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\CCALERT.DLL]  [Symantec Corporation, 106.0.1.10]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\CCEMLPXY.DLL]  [Symantec Corporation, 106.0.1.10]
    [C:\Program Files\Norton Internet Security\fwAlert.dll]  [Symantec Corporation, 10.0.0.247]
    [C:\Program Files\Norton Internet Security\fwAlRes.dll]  [Symantec Corporation, 10.0.0.247]
    [C:\PROGRA~1\NORTON~1\NORTON~1\DEFALERT.DLL]  [Symantec Corporation, 14.5.0.9]
    [C:\PROGRA~1\NORTON~1\NORTON~1\AVPAPP32.DLL]  [Symantec Corporation, 14.0.0.89]
    [C:\PROGRA~1\NORTON~1\NISTRAY.DLL]  [Symantec Corporation, 10.0.0.86]
    [C:\PROGRA~1\NORTON~1\ISLALERT.DLL]  [Symantec Corporation, 10.5.0.10]
    [C:\Program Files\Fichiers communs\Symantec Shared\NPC
pcTRAY.dll]  [Symantec Corporation, 2007.4.00.2]
    [C:\Program Files\Fichiers communs\Symantec Shared\CF\PEP2.dll]  [Symantec Corporation, 2006.1.00.58]
    [C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll]  [Symantec Corporation, 1.2.0.18]
    [C:\Program Files\Fichiers communs\Symantec Shared\COH\sesHlp.dll]  [Symantec Corporation, 6.1.3.20]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\Program Files\Fichiers communs\Symantec Shared\COH\sH0001.dll]  [Symantec Corporation, 6,1,3,20]
    [C:\PROGRA~1\NORTON~1\AlertRes.dll]  [Symantec Corporation, 10.0.0.86]
    [C:\Program Files\Norton Internet Security\fwEvent.dll]  [Symantec Corporation, 10.0.0.247]
    [C:\Program Files\Fichiers communs\Symantec Shared\NcoItf.dll]  [Symantec Corporation, 2007.1.00.133]
    [C:\PROGRA~1\NORTON~1\NISTrRes.dll]  [Symantec Corporation, 10.0.0.86]
    [C:\PROGRA~1\NORTON~1\NORTON~1\AVPAPP32.loc]  [Symantec Corporation, 14.0.0.89]
    [C:\Program Files\Norton Internet Security\SetEvtHp.dll]  [Symantec Corporation, 10.0.0.247]
    [C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus\AVIfc.dll]  [Symantec Corporation, 1.0.00.194]
    [C:\Program Files\Norton Internet Security\isDataCl.dll]  [Symantec Corporation, 10.0.0.247]
    [C:\Program Files\Fichiers communs\Symantec Shared\NPC\DataPvdr.dll]  [Symantec Corporation, 2007.4.00.2]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\ccEvtCli.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\Program Files\Fichiers communs\Symantec Shared\NPC\NSCHlpr2.dll]  [Symantec Corporation, 2007.4.00.2]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1cEmlPxy.dll]  [Symantec Corporation, 106.0.1.10]
    [C:\WINDOWS\system32\SymRedir.dll]  [Symantec Corporation, 7.0.0.170]
    [C:\Program Files\Fichiers communs\Symantec Shared\NPC\pcStatus.dll]  [Symantec Corporation, 2007.4.00.2]
    [C:\Program Files\Fichiers communs\Symantec Shared\NPC\uiLicPlg.dll]  [Symantec Corporation, 2007.4.00.2]
    [C:\Program Files\Fichiers communs\Symantec Shared\NPC\NSCWSCR2.DLL]  [Symantec Corporation, 2007.4.00.2]
    [C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus\AVMail.dll]  [Symantec Corporation, 1.0.00.194]
    [C:\Program Files\Fichiers communs\Symantec Shared\NPC
pcWmiCl.dll]  [Symantec Corporation, 2007.4.00.2]
    [C:\Program Files\Fichiers communs\Symantec Shared\NPC
pcWmiDt.dll]  [Symantec Corporation, 2007.4.00.2]
    [C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus\AVExclu.dll]  [Symantec Corporation, 1.0.00.194]
    [C:\Program Files\Norton Internet Security\IMCfg.dll]  [Symantec Corporation, 10.0.0.247]
    [C:\Program Files\Fichiers communs\Symantec Shared\NPC\PEPEvnt.dll]  [Symantec Corporation, 2007.4.00.2]
    [C:\Program Files\Fichiers communs\Symantec Shared\CF\cfV2Pack.dll]  [Symantec Corporation, 2006.1.00.58]
    [C:\Program Files\Fichiers communs\Symantec Shared\CF\cfEPack.dll]  [Symantec Corporation, 2006.1.00.58]
    [C:\PROGRA~1\FICHIE~1\SYMANT~1\PIF\{B8E1D~1\AlertUi.dll]  [Symantec Corporation, 1.2.0.18]
[PID: 3100 / Leroy][C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe]  [Hewlett-Packard , 5, 20, 4, 2]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL]  [Hewlett-Packard , 5, 20, 4, 2]
[PID: 3848 / Leroy][C:\Program Files\WLAN Card Utilities\Center.exe]  [, 2.2.6.8]
    [C:\Program Files\WLAN Card Utilities\ASAUTHEN.DLL]  [, 2, 0, 0, 0]
    [C:\Program Files\WLAN Card Utilities\ASW32N50.dll]  [Printing Communications Assoc., Inc. (PCAUSA), 5.00.13.50]
    [C:\Program Files\WLAN Card Utilities\AegisE5.dll]  [Meetinghouse Data Communications, 1, 8, 41, 1]
[PID: 768 / Leroy][C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe]  [Microsoft® Corporation, 6.00.3215.0]
[PID: 224 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2964 / Leroy][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.30.5]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[PID: 3764 / Leroy][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3760 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 400 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 984 / SYSTEM][C:\Program Files\HPQ\SHARED\HPQWMI.exe]  [Hewlett-Packard Development Company, L.P., 1, 0, 6, 1]
[PID: 3672 / Leroy][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\system32\mucltui.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 3876 / Leroy][C:\Documents and Settings\Rob\Bureau\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\Documents and Settings\Leroy\Bureau\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 204, C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1004, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3100, C:\PROGRAM FILES\HPQ\QUICK LAUNCH BUTTONS\EABSERVR.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3848, C:\PROGRAM FILES\WLAN CARD UTILITIES\CENTER.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 768, C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


[/CODE]


Fini pour aujourd'hui !

philae83 · Answer

bonjour,

de rapide passage, je dois repartir, pour ce soir si tu peux faire ceci stp

* Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

* Redémarre ton ordinateur en mode sans échec

* Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd  pour lancer le script.

* Appuie sur Y pour commencer le processus de nettoyage.

Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis  te demandera d'appuyer sur une touche pour redémarrer.

* Appuie sur une touche pour redémarrer le PC.

Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter  et supprimer des fichiers.

Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,

Marxes · Answer

Bonjour, 

Je me suis occupé de SDFix comme tu me la demandé, voici le rapport :


SDFix: Version 1.118

Run by Leroy on 12/12/2007 at 16:05

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\Leroy\Bureau\SDfix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\autorun.inf  - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 16:18:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\lis

t]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\Leroy\Bureau\SDfix\backups\backups.zip

Files with Hidden Attributes:

Mon 18 Sep 2006         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 13 Dec 2006             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 29 Dec 2006        43,520 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\ModŠles\~WRL0590.tmp"
Wed 19 Jul 2006        30,208 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\ModŠles\~WRL3576.tmp"
Fri 22 Sep 2006        42,496 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\Word\~WRL0388.tmp"
Mon 11 Dec 2006        43,520 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\Word\~WRL1000.tmp"
Tue 12 Dec 2006        44,032 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\Word\~WRL1182.tmp"
Thu 15 Feb 2007        50,688 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\Word\~WRL1186.tmp"
Wed 20 Jun 2007        56,320 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\Word\~WRL2599.tmp"
Tue 12 Dec 2006        44,544 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\Word\~WRL2681.tmp"
Sun 14 Jan 2007        46,592 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\Word\~WRL2746.tmp"
Fri 22 Dec 2006        43,520 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\Word\~WRL2801.tmp"
Fri 15 Sep 2006        40,448 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\Word\~WRL3109.tmp"
Mon 18 Sep 2006         4,348 ...H. --- "C:\Documents and Settings\PH\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 18 Sep 2006            20 A..H. --- "C:\Documents and Settings\PH\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Mon 18 Sep 2006           312 A.SH. --- "C:\Documents and Settings\PH\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Tue 17 Aug 2004        10,397 A..H. --- "C:\Documents and Settings\Korg\Application Data\Microsoft\Internet Explorer\brndlog.bak"

Mon 31 Jul 2006        25,088 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL0503.tmp"
Wed 16 Aug 2006        22,016 A..H. --- "C:\Program Files\xerox\fichier a rendre\PhJ Docu,ments\~WRL0768.tmp"
Wed 20 Jun 2007        24,064 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL1040.tmp"
Thu 20 Jul 2006        20,992 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL1078.tmp"
Fri 29 Sep 2006        20,480 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL1165.tmp"
Sun 30 Jul 2006        23,040 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL1332.tmp"
Thu 20 Jul 2006        20,992 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL1457.tmp"
Sat  2 Sep 2006        19,968 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL1654.tmp"
Mon 31 Jul 2006        24,064 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL1801.tmp"
Mon 31 Jul 2006        25,088 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL1807.tmp"
Tue 18 Jul 2006        22,016 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL2219.tmp"
Thu 14 Sep 2006        19,968 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL3578.tmp"
Fri 14 Sep 2007        58,400 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Documents administratifs\wcs.exe"
Thu  1 Nov 2007        26,112 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Misc docs\~WRL1223.tmp"
Fri  2 Nov 2007        40,960 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Misc docs\~WRL2787.tmp"
Fri  2 Nov 2007        48,640 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Misc docs\~WRL3384.tmp"
Sat 27 Jan 2007        30,720 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL0202.tmp"
Sat 27 Jan 2007        29,696 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL0279.tmp"
Sat 27 Jan 2007        27,136 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL0434.tmp"
Sat 27 Jan 2007        27,648 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL1320.tmp"
Sun 28 Jan 2007        35,328 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL1624.tmp"
Sun 28 Jan 2007        39,936 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL2228.tmp"
Sat 27 Jan 2007        20,992 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL2819.tmp"
Sat 27 Jan 2007        32,256 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL3060.tmp"
Sat 27 Jan 2007        30,208 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL3065.tmp"
Sun  6 May 2007        40,448 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL3594.tmp"
Wed 19 Jul 2006             8 A..H. --- "C:\Documents and Settings\All Users\Application 

Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished! 



Merci,

ps : J'espere que l'on va s'en sortir!  En revanche le deuxieme pc me semble capricieux depuis l'histoire de la clé (erreur serieuse a l'ouverture d'un fichier word entre autre), je te transmettrai le rapport combo de celui la aussi, juste question de checker... :-(

philae83 · Answer

bonsoir,

désolée, j'ai été retenue plus longtemps que prévu


pour le 2 ème pc, on va voir ca aussi, évite pour ne pas dire n'utilise pas la clé d'un pc sur l'autre stp. SInon on n'en sortira pas.
pour éviter certaines infections justement, jète un oeil ici (vacciner sa clé)
rend toi sur ce lien
https://forum.zebulon.fr/topic/131959-infections-par-supports-amovibles/
c'est justement l'infection que tu avais. et que tu as peut être encore d'ailleurs sur le 2ème pc cause la clé usb
descend dans la page jusqu'à 

	
Je suis infecté, que faire ?

ensuite tu iras jusqu'à 
Conserver sa clé saine, la "vacciner"

et tu feras ce qui est expliqué pour garder ta clé saine. 
Si tu as un soucis, reviens le dire mais c'est très bien expliqué, je pense que tout ira bien.

Ensuite

pour résumer la situation, elle ne me parait pas trop mal maintenant. Pourrais tu stp faire un scan en ligne
ici
* Fait un scan antivirus en ligne Panda et copie colle le résultat ici
https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
(avec Internet Explorer et désactive ton Antivirus pendant le scan)

* tuto en image
http://pageperso.aol.fr/loraline60/panda_scan.htm

oui si problème ici
* Fait un scan antivirus en ligne avec Internet Explorer
 https://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

tuto en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

@ +

Marxes · Answer

bonsoir,

je suis en train de faire le scan panda sur le pc.
En ce moment je suis sur le pc numero 2 je te donne le rapport HiJack de celui la :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:07, on 13/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\WINDOWS\System32\lxcycoms.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\LVComsX.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar	bu3E\AOL_security_toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar	bu3E\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-343818398-1383384898-1957994488-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Louise')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device -   - C:\WINDOWS\System32\lxcycoms.exe

Marxes · Answer

Le scan panda a déja trouvé 16 spyware sur le Pc1 (le pc a l'origine de ce forum)...

philae83 · Answer

pour le 2ème qq petites choses à virer, mais rien d'alarmant. As tu fait les manips d'après le lien que je t'ai donné ce soir ?

tu feras également un scan en ligne pour celui ci

edit nos messages se sont croisés. Ce peut être des cookies, panda met spywares. Attend la fin avant de t'alarmer :)

Marxes · Answer

Pour le pc 2 j'ai quelques petits probleme, word ne marche plus "erreur sérieuse", il rame beaucoup.. et explorer ne peux pas rafraichir la page, il me déconnecte du site (je dois remettre mon mot de passe a chaque post)

ps : les manipulations pour désinfecter les clé usb...je vais m'y mettre.

philae83 · Answer

ps : les manipulations pour désinfecter les clé usb...je vais m'y mettre.

et désinfecter le pc en même tps si l'infection s'y trouve bien qu'on ne voit rien dans HJT.

on verra ensuite. Il tournait bien avant le pc ?

Marxes · Answer

Oui il tournait pas trop mal, la j'ai l'impression que ca s'aggrave. 

Ps : Pour le pc 1 (en cours d'analyse) hacking tools and rootkits = 7  Spyware = 36

philae83 · Answer

on attend le résultat final

Marxes · Answer

Bon voila j'ai désinfecter les clés usb... que dois-je faire sur ce pc ?

ps : Le pc 1 est toujours en scan.

philae83 · Answer

Bon voila j'ai désinfecter les clés usb... que dois-je faire sur ce pc ? 

y avait il infection ou pas ?

on attend le rapport du pc1

pour le pc 2
on va véfifier directement avec combo.
je ne te redonne pas la manip, tu la connais :)

Marxes · Answer

Les clé semblaient clean, j'ai fait la manip pour vacciner aussi. voici le log de combofix du pc 2 en attendant que le scan de panda ce finisse pour le pc1. ComboFix 07-12-12.3 - Anthony 2007-12-13 23:20:13.2 - NTFSx86 Running from: C:\Documents and Settings\Anthony\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))))))) . 2007-12-13 22:08 . 2007-12-13 22:10 d-------- C:\Hijackthis 2007-11-30 01:44 . 2007-11-30 21:19 d---s---- C:\Documents and Settings\Lou\UserData 2007-11-28 01:13 . 2007-11-28 01:13 d-------- C:\Documents and Settings\Lou\Application Data\FaxCtr 2007-11-28 01:12 . 2007-02-13 15:16 d--h----- C:\Documents and Settings\Lou\Voisinage réseau 2007-11-28 01:12 . 2007-02-13 15:16 d--h----- C:\Documents and Settings\Lou\Voisinage d'impression 2007-11-28 01:12 . 2007-02-13 15:26 d--h----- C:\Documents and Settings\Lou\Modèles 2007-11-28 01:12 . 2007-11-28 01:13 dr------- C:\Documents and Settings\Lou\Mes documents 2007-11-28 01:12 . 2007-02-13 15:16 dr------- C:\Documents and Settings\Lou\Menu Démarrer 2007-11-28 01:12 . 2007-11-28 01:13 dr------- C:\Documents and Settings\Lou\Favoris 2007-11-28 01:12 . 2007-12-13 21:41 d-------- C:\Documents and Settings\Lou\Bureau . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-01 20:35 --------- d-----w C:\Program Files\eMule 2007-11-30 20:12 531,944 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-30 20:12 41,907,744 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-30 20:12 118,784 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-30 20:12 1,319,456 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-04 11:22 --------- d-----w C:\Program Files\Lavalys . ((((((((((((((((((((((((((((( snapshot@2007-12-12_21.59.58,24 ))))))))))))))))))))))))))))))))))))))))) . - 2007-02-13 15:04:06 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2007-12-13 12:02:04 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2007-02-13 15:04:06 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2007-12-13 12:02:05 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2007-02-13 15:04:06 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2007-12-13 12:02:05 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2007-02-13 15:04:05 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe + 2007-12-13 12:02:04 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe - 2007-02-13 15:04:06 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2007-12-13 12:02:05 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2007-02-13 15:04:06 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2007-12-13 12:02:05 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2007-02-13 15:04:06 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2007-12-13 12:02:05 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2007-02-13 15:04:06 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2007-12-13 12:02:05 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2007-02-13 15:04:05 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2007-12-13 12:02:04 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2007-02-13 15:04:05 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2007-12-13 12:02:04 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2007-02-13 15:04:06 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2007-12-13 12:02:06 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2007-02-13 15:04:05 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2007-12-13 12:02:04 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2007-02-13 15:04:05 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2007-12-13 12:02:04 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2007-12-11 20:54:28 241,664 ----a-w C:\WINDOWS\system32\config\systemprofile tuser.dat + 2007-12-13 22:20:06 241,664 ----a-w C:\WINDOWS\system32\config\systemprofile tuser.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 10:45] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-06-14 17:05] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIModeChange"="Ati2mdxx.exe" [2002-07-17 20:21 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-06 14:35] "SoundMan"="SOUNDMAN.EXE" [2002-07-19 08:53 C:\WINDOWS\SOUNDMAN.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2002-06-21 10:47 C:\WINDOWS\AGRSMMSG.exe] "lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [2006-01-25 17:02] "EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [2006-02-07 06:10] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 09:11] "LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 19:38] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22] "aol"="C:\Program Files\AOL\Active Virus Shield\avp.exe" [2006-05-30 11:13] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36] "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-06-20 11:26] "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-06-20 11:25] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 16:32] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14] "WD Button Manager"="WDBtnMgr.exe" [2007-09-04 19:26 C:\WINDOWS\system32\WDBtnMgr.exe] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 10:45] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-13 16:29:13] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader eader_sl.exe [2006-10-23 01:48:20] Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2007-02-13 16:16:45] R3 lxcy_device;lxcy_device;C:\WINDOWS\System32\lxcycoms.exe -service R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\System32\DRIVERS\WlanUZXP.sys R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\System32\ZDPNDIS5.SYS S3 Pcmahisquncp;Pcmahisquncp;C:\WINDOWS\System32\freecell.exe S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\System32\ZDCndis5.SYS *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 *Newly Created Service* - ZDPNDIS5 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-12-11 14:29:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-13 23:23:01 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCYCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2800.1106] -> C:\Program Files\Unlocker\UnlockerHook.dll -> C:\Program Files\Unlocker\UnlockerCOM.dll . Completion time: 2007-12-13 23:24:15 C:\ComboFix2.txt ... 2007-12-12 22:01 ps : a venir....

philae83 · Answer

combo est ok pour celui ci.

faudra faire un scan en ligne (tu peux tu penses ?)

Marxes · Answer

Ps : Voila, en ce moment je suis revenu sur le pc1 (celui avec l'analyse panda dessus) parce que je ne pouvais plus envoyer de message a partir de l'autre, pourquoi ? et bien quand j'envoyais un message "ajouter" il me deconnecte et me demande de rentrer un code anti spam, jusque la ca va, seulement, maintenant le truc qui devrais m'indiquer le mot antispam ne s'affiche plus, donc... je ne peux pas le rentrer. donc, je ne peux plus envoyer de message sur le site.

hm.....j'installe Firefox a la place d'explorer ?  :-)

Marxes · Answer

oui je veux bien essayer, j'utilise quoi pour l'analyse en ligne ? panda aussi ?!

philae83 · Answer

oui pour les 2

Marxes · Answer

scan du PC1 bientot fini... je fait disinfection advice ensuite ?!

ps : le scan du pc 2, il y a deja des virus detecter, des hackings tools and roolkits, des dialers....ouah.

philae83 · Answer

tu vires ce qui est possible de virer, mais surtout sauvegarde les rapports

je ne vais pas pouvoir rester très longtemps, moi besoin "dodo".
demain journée----------------je ne pense pas pouvoir passer. Serais là le soir

Marxes · Answer

Aucun probleme, je te donnerai les rapports demain de panda pour les 2 computers...

Dors bien, et merci encore.

A demain.

philae83 · Answer

OK merci bonne nuit à demain

Marxes · Answer

Bonjour, 

Dernier jour de guerre :-)

l'analyse panda pour le pc 1 :
c'était des cookies pour la plupart (que j'ai supprimer),
reste :
Potentially unwanted tool:Application/Pskill.K                                  Not disinfected               C:\Documents and Settings\Leroy\Bureau\clean\pskill.exe                                                                                                                                                                                                           
Potentially unwanted tool:Application/Pskill.K                                  Not disinfected               C:\Documents and Settings\Leroy\Bureau\clean.zip[clean/pskill.exe]                                                                                                                                                                                                
Potentially unwanted tool:Application/NirCmd.A                                  Not disinfected               C:\Documents and Settings\Leroy\Bureau\ComboFix.exe[nircmd.exe]                                                                                                                                                                                                   
Potentially unwanted tool:Application/NirCmd.A                                  Not disinfected               C:\Documents and Settings\Leroy\Bureau\ComboFix.exe[nircmd.cfexe]                                                                                                                                                                                                 
Potentially unwanted tool:Application/NirCmd.A                                  Not disinfected               C:\Documents and Settings\Leroy\Bureau\Flash_Disinfector.exe[nircmd.exe]                                                                                                                                                                                          
Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\Leroy\Bureau\SDfix\apps\Process.exe                                                                                                                                                                                                     
Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\Leroy\Bureau\SDFix.exe[SDFix\apps\Process.exe]                                                                                                                                                                                          
Adware:Adware/AVSystemCare                                                      Not disinfected               C:\upload_moi_B-DOG.tar.gz[upload_moi.tar][qoobox/Quarantine/catchme2007-12-10_ 03733.45.zip][cmcfg3.dll]                                                                                                                                                       
Potentially unwanted tool:Application/NirCmd.A                                  Not disinfected               C:\WINDOWS\NirCmd.exe 

Rien de bien dangereux, j'pense. ;-)

Marxes · Answer

Analyse du pc2 cette fois ;
Plus sérieux non ?!

Incident                                                                        Status                        Location                                                                                                                                                                   & nbsp;            
                                                                       
Adware:Adware/ActiveSearch                                                      Not disinfected               C:\Program Files\AOL Security Toolbar	bu3E	bhelper.dll                                                                                                                                                                
& nbsp;         
                             
Virus:vbs/psyme.gen                                                             Not disinfected               Operating system                                                                                                                                                                   &nb sp;                              
                                             
Dialer:dialer.su                                                                Not disinfected               hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Switch                                                                                                                                                       &nbs p;                          

Adware:adware/sbsoft                                                            Not disinfected               Windows Registry                                                                                                                                                                   & nbsp;                                                                           

Potentially unwanted tool:Application/NirCmd.A                                  Not disinfected               C:\Documents and Settings\Anthony\Bureau\ComboFix.exe[nircmd.exe]                                                                                                                                                            &nb sp;                                 

Potentially unwanted tool:Application/NirCmd.A                                  Not disinfected               C:\Documents and Settings\Anthony\Bureau\ComboFix.exe[nircmd.cfexe]                                                                                                                                                            & nbsp;                               

Potentially unwanted tool:Application/NirCmd.A                                  Not disinfected               C:\Documents and Settings\Anthony\Bureau\Flash_Disinfector.exe[nircmd.exe]                                                                                                                                                                                                          
& nbsp;      
                        
Adware:Adware/ActiveSearch                                                      Not disinfected               C:\Program Files\AOL Security Toolbar	bhelper.dll                                                                                                                                                                 
& nbsp;                                           

Adware:Adware/ActiveSearch                                                      Not disinfected               C:\WINDOWS\Installer\181f81.msi[unk_0032][tbhelper.dll]                                                                                                                                                           &n bsp;                                            

Potentially unwanted tool:Application/NirCmd.A                                  Not disinfected               C:\WINDOWS\NirCmd.exe

philae83 · Answer

bonjour

de passage pour l'instant c'est en relation avec aol toobar, donc si on en croit castelcops, c'est tjs la même chose les toolbars ne sont pas souvent bien vues c'est toujours "à débattre". Tout dépend si tu t'en sers ou non.
Rien de castastrophique sinon. tout le reste c'est en relation avec les outils qu'on a téléchargé pour le nettoyage.

pour le pc 1 je pense que maintenant c'est ok si tu n'as plus de soucis
pour le pc2 vu que tu dis avoir encore des problèmes. 

* Télécharge DiagHelp.zip sur ton bureau(Merci Malekal) 
http://www.malekal.com/download/DiagHelp.zip
Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php

* Ne double-clique pas dessus !! Fais un clic droit sur le fichier et extraire tout.
* Un nouveau dossier chercher va être créé.
* Ouvre le et double-clic sur go.cmd(le .cmd peut ne pas apparaître)
* Une fenêtre va s'ouvrir, choisis l'option 1
* L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
* Pendant l'analyse après le rapport CATCHME sur l'écran rouge, tu dois appuyer sue entrée pour que l'outil continue ses recherches. Suis les consignes écrites.

* Une fenêtre avec le rapport s'ouvre alors. Copie/colle son contenu. (Il se trouve aussi ici : c:\resultat.txt)
* Double-clique sur ce fichier, Fais CTRL+A puis CTRL+C.
* Dans ta prochaine réponse, colle le rapport en faisant CTRL+V.

à ce soir

Marxes · Answer

Bonsoir a toi, Philae ! Voila le rapport de diaghelp concernant le pc2 : DiagHelp version v1.4 - http://www.malekal.com excute le 14/12/2007 à 18:39:26,60 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\LVCOMSX.EXE-0AC1D558.pf -->14/12/2007 12:06:21 C:\WINDOWS\prefetch\IPODSERVICE.EXE-3192DE38.pf -->14/12/2007 12:06:21 C:\WINDOWS\prefetch\LOGITRAY.EXE-22C68076.pf -->14/12/2007 12:06:14 C:\WINDOWS\prefetch\ITUNESHELPER.EXE-15823303.pf -->14/12/2007 12:06:14 C:\WINDOWS\prefetch\QTTASK.EXE-342507FB.pf -->14/12/2007 12:06:11 C:\WINDOWS\prefetch\GOOGLETALK.EXE-17DCCC56.pf -->14/12/2007 12:06:10 C:\WINDOWS\prefetch\AVP.EXE-27EA870A.pf -->14/12/2007 12:06:10 C:\WINDOWS\prefetch\ISSTART.EXE-04E9E452.pf -->14/12/2007 12:06:06 C:\WINDOWS\prefetch\LXCYCOMS.EXE-10325246.pf -->14/12/2007 12:06:05 C:\WINDOWS\prefetch\LXCYTIME.EXE-005CD64C.pf -->14/12/2007 12:05:56 C:\WINDOWS\System32\drivers\fidbox2.idx -->14/12/2007 12:02:34 C:\WINDOWS\System32\drivers\fidbox2.dat -->14/12/2007 12:02:34 C:\WINDOWS\System32\drivers\fidbox.idx -->14/12/2007 12:02:33 C:\WINDOWS\System32\drivers\fidbox.dat -->14/12/2007 12:02:33 C:\WINDOWS\System32\drivers\klin.sys -->11/09/2007 21:35:13 C:\WINDOWS\System32\drivers\klick.sys -->11/09/2007 21:35:13 C:\WINDOWS\System32\drivers\PxHelp20.sys -->23/02/2007 05:29:52 C:\WINDOWS\System32\perfh00C.dat -->14/12/2007 12:04:36 C:\WINDOWS\System32\perfh009.dat -->14/12/2007 12:04:36 C:\WINDOWS\System32\perfc00C.dat -->14/12/2007 12:04:36 C:\WINDOWS\System32\perfc009.dat -->14/12/2007 12:04:36 C:\WINDOWS\System32\PerfStringBackup.INI -->14/12/2007 12:04:35 C:\WINDOWS\System32\wpa.dbl -->14/12/2007 12:03:19 C:\WINDOWS\System32\asfiles.txt -->14/12/2007 00:13:28 C:\WINDOWS\System32\Uninstall.ico -->14/12/2007 00:01:49 C:\WINDOWS\System32\Help.ico -->14/12/2007 00:01:49 C:\WINDOWS\System32\pavas.ico -->14/12/2007 00:01:48 C:\WINDOWS\System32\swsc.exe -->04/12/2007 01:00:42 C:\WINDOWS\System32\WDBtnMgr.exe -->04/09/2007 19:26:45 C:\WINDOWS\System32\wuaucpl.cpl.mui -->30/07/2007 19:20:06 C:\WINDOWS\System32\wuapi.dll.mui -->30/07/2007 19:19:52 C:\WINDOWS\System32\wuaueng.dll -->30/07/2007 19:19:42 C:\WINDOWS\System32\wuapi.dll -->30/07/2007 19:19:36 C:\WINDOWS\System32\wucltui.dll -->30/07/2007 19:19:32 C:\WINDOWS\System32\wuweb.dll -->30/07/2007 19:19:28 C:\WINDOWS\System32\wuaucpl.cpl -->30/07/2007 19:19:28 C:\WINDOWS\System32\cdm.dll -->30/07/2007 19:19:20 C:\WINDOWS\System32\wuauclt.exe -->30/07/2007 19:19:16 C:\WINDOWS\System32\wups2.dll -->30/07/2007 19:19:12 C:\WINDOWS\System32\wucltui.dll.mui -->30/07/2007 19:19:04 C:\WINDOWS\System32\wuaueng.dll.mui -->30/07/2007 19:18:48 C:\WINDOWS\System32\swreg.exe -->22/07/2007 18:39:27 C:\WINDOWS\WindowsUpdate.log -->14/12/2007 18:36:17 C:\WINDOWS\setupapi.log -->14/12/2007 18:35:50 C:\WINDOWS\msnfix.txt -->14/12/2007 12:05:32 C:\WINDOWS\0.log -->14/12/2007 12:04:16 C:\WINDOWS\wiadebug.log -->14/12/2007 12:03:25 C:\WINDOWS\wiaservc.log -->14/12/2007 12:03:23 C:\WINDOWS\bootstat.dat -->14/12/2007 12:03:18 C:\WINDOWS\SchedLgU.Txt -->14/12/2007 12:02:14 C:\WINDOWS\win.ini -->14/12/2007 00:12:26 C:\WINDOWS\system.ini -->13/12/2007 23:22:35 C:\WINDOWS\ODBC.INI -->13/12/2007 13:02:10 C:\WINDOWS\catchme.exe -->09/12/2007 19:04:27 C:\WINDOWS tbtlog.txt -->11/11/2007 15:38:15 C:\WINDOWS\wmsetup.log -->07/11/2007 21:51:23 C:\WINDOWS\setupact.log -->21/07/2007 20:36:33 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1452 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x01000000 0xf9000 6.00.2800.1106 C:\WINDOWS\Explorer.EXE *** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image: *** File timestamp: Thu Aug 29 20:44:41 2002 *** Loaded image timestamp: Thu Aug 29 20:44:42 2002 0x77be0000 0x53000 7.00.2600.1106 C:\WINDOWS\system32\msvcrt.dll 0x77290000 0x64000 6.00.2800.1106 C:\WINDOWS\system32\SHLWAPI.dll 0x77390000 0x805000 6.00.2800.1106 C:\WINDOWS\system32\SHELL32.dll 0x770e0000 0x8b000 3.50.5016.0000 C:\WINDOWS\system32\OLEAUT32.dll 0x75f10000 0xfc000 6.00.2800.1106 C:\WINDOWS\System32\BROWSEUI.dll 0x76960000 0x14a000 6.00.2800.1106 C:\WINDOWS\System32\SHDOCVW.dll 0x5b090000 0x34000 6.00.2800.1106 C:\WINDOWS\System32\UxTheme.dll 0x78090000 0xe4000 6.00.2800.1106 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 0x77300000 0x8b000 5.82.2800.1106 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x78000 2001.12.4414.0042 C:\WINDOWS\System32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll 0x5b950000 0x72000 6.00.2800.1106 C:\WINDOWS\System32 hemeui.dll 0x76080000 0x7a000 6.00.2800.1106 C:\WINDOWS\system32\urlmon.dll 0x07610000 0x17000 9.00.0000.2980 C:\PROGRA~1\WINDOW~2\wmpband.dll 0x76ac0000 0x15000 3.00.9435.0000 C:\WINDOWS\System32\ATL.DLL 0x74aa0000 0x43000 6.00.2800.1106 C:\WINDOWS\System32\webcheck.dll 0x74a60000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll 0x74a40000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll 0x01570000 0x2c6000 3.01.4000.2435 C:\WINDOWS\System32\msi.dll 0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll 0x76250000 0x8d000 5.131.2600.1106 C:\WINDOWS\system32\CRYPT32.dll 0x10000000 0x4000 C:\Program Files\Unlocker\UnlockerHook.dll 0x76190000 0x99000 6.00.2800.1106 C:\WINDOWS\system32\WININET.dll 0x1f7b0000 0x31000 3.520.9030.0000 C:\WINDOWS\System32\ODBC32.dll 0x76340000 0x46000 6.00.2800.1106 C:\WINDOWS\system32\comdlg32.dll 0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\System32\odbcint.dll 0x732d0000 0x52000 6.00.2800.1106 C:\WINDOWS\System32\zipfldr.dll 0x00ed0000 0x6000 C:\Program Files\Unlocker\UnlockerCOM.dll 0x67800000 0xb000 6.00.0000.0299 C:\Program Files\AOL\Active Virus Shield\shellex.dll 0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\System32\MSVCP60.dll 0x723a0000 0x13000 6.00.2800.1106 C:\WINDOWS\System32\browselc.dll 0x01840000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 0x02b20000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll 0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 0x02e10000 0x5b000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x02e70000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 776 Command line: winlogon.exe Base Size Version Path 0x01000000 0x84000 \??\C:\WINDOWS\system32\winlogon.exe *** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image: *** File timestamp: Thu Aug 29 20:44:41 2002 *** Loaded image timestamp: Thu Aug 29 20:44:42 2002 0x77be0000 0x53000 7.00.2600.1106 C:\WINDOWS\system32\msvcrt.dll 0x76250000 0x8d000 5.131.2600.1106 C:\WINDOWS\system32\CRYPT32.dll 0x77390000 0x805000 6.00.2800.1106 C:\WINDOWS\system32\SHELL32.dll 0x77290000 0x64000 6.00.2800.1106 C:\WINDOWS\system32\SHLWAPI.dll 0x77300000 0x8b000 5.82.2800.1106 C:\WINDOWS\system32\COMCTL32.dll 0x1f7b0000 0x31000 3.520.9030.0000 C:\WINDOWS\System32\ODBC32.dll 0x76340000 0x46000 6.00.2800.1106 C:\WINDOWS\system32\comdlg32.dll 0x78090000 0xe4000 6.00.2800.1106 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\System32\odbcint.dll 0x76b70000 0x20000 6.00.2800.1106 C:\WINDOWS\System32\SHSVCS.dll 0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll 0x5b090000 0x34000 6.00.2800.1106 C:\WINDOWS\System32\uxtheme.dll 0x10000000 0x7000 6.00.0000.0299 C:\WINDOWS\System32\klogon.dll 0x770e0000 0x8b000 3.50.5016.0000 C:\WINDOWS\system32\OLEAUT32.dll 0x70de0000 0x13000 3.50.5014.0000 C:\WINDOWS\System32\asycfilt.dll 0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll 0x76f80000 0x78000 2001.12.4414.0042 C:\WINDOWS\System32\CLBCATQ.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est FC17-DD31 Répertoire de C:\WINDOWS\system32 28/08/2001 13:00 4 096 csrss.exe 1 fichier(s) 4 096 octets 0 Rép(s) 3 590 242 304 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est FC17-DD31 Répertoire de C:\WINDOWS\Downloaded Program Files 14/12/2007 01:02 . 14/12/2007 01:02 .. 24/08/2006 08:28 141 424 asinst.dll 22/08/2006 09:06 537 asinst.inf 13/02/2007 15:30 65 desktop.ini 14/10/1997 18:52 697 DirectAnimation Java Classes.osd 20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd 26/10/2006 09:03 79 032 ntractivex118.dll 05/10/2006 15:41 2 279 ntractivex118.inf 09/11/2006 14:36 5 019 swflash.inf 8 fichier(s) 230 215 octets Total des fichiers listés : 8 fichier(s) 230 215 octets 2 Rép(s) 3 590 242 304 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 Export de la clef SharedTaskScheduler [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-14 18:40:35 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden services & system hive ... IPC error: 2 Le fichier spécifié est introuvable. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\27:\xf4wjY\1] "DisplayName"=" " "DeviceDesc"=" " "ProviderName"="" "MFG"="\xf58" "ReinstallString"="2002, 6.13.10.6137" "DeviceInstanceIds"=str(7):"" scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 256 - LVCOMSX.EXE 352 - iPodService.exe 612 - WDBtnMgr.exe 656 - ctfmon.exe 752 - csrss.exe 776 - winlogon.exe 824 - services.exe 836 - lsass.exe 1008 - svchost.exe 1032 - svchost.exe 1176 - ezprint.exe 1208 - svchost.exe 1232 - svchost.exe 1336 - AGRSMMSG.exe 1412 - avp.exe 1448 - lxcymon.exe 1452 - explorer.exe 1652 - ati2evxx.exe 1700 - avp.exe 1708 - lxcycoms.exe 2184 - notepad.exe 2276 - WLANUTL.exe 2300 - IEXPLORE.EXE 3072 - wuauclt.exe 3164 - wuauclt.exe 3180 - cmd.exe Total number of processes = 27 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D4000 - \WINDOWS\system32 toskrnl.exe 806C8000 - \WINDOWS\system32\hal.dll FA411000 - \WINDOWS\system32\KDCOM.DLL FA321000 - \WINDOWS\system32\BOOTVID.dll F9EC4000 - ACPI.sys FA413000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS F9F11000 - pci.sys F9F21000 - isapnp.sys F9F31000 - ohci1394.sys F9F41000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS FA325000 - compbatt.sys FA329000 - \WINDOWS\System32\DRIVERS\BATTC.SYS FA415000 - aliide.sys FA191000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F9F51000 - MountMgr.sys F9EA5000 - ftdisk.sys FA417000 - dmload.sys F9E81000 - dmio.sys FA32D000 - ACPIEC.sys FA4D9000 - \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS FA199000 - PartMgr.sys F9F61000 - VolSnap.sys F9E6B000 - atapi.sys F9F71000 - disk.sys F9F81000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F9E5A000 - sr.sys F9F91000 - PxHelp20.sys F9E46000 - KSecDD.sys F9DBC000 - Ntfs.sys F9D93000 - NDIS.sys F9D79000 - Mup.sys FA331000 - kl1.sys FA335000 - \WINDOWS\System32\drivers\TDI.SYS FA4DA000 - ENECBPTH.sys FA1A1000 - atisgkaf.sys FA141000 - \SystemRoot\System32\DRIVERS\amdk7.sys F9798000 - \SystemRoot\System32\DRIVERS\ati2mtag.sys F9786000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS FA405000 - \SystemRoot\System32\DRIVERS\usbohci.sys F9764000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F964F000 - \SystemRoot\System32\DRIVERS\AGRSM.sys FA229000 - \SystemRoot\System32\Drivers\Modem.SYS FA151000 - \SystemRoot\System32\DRIVERS\imapi.sys FA161000 - \SystemRoot\System32\DRIVERS\cdrom.sys FA171000 - \SystemRoot\System32\DRIVERS edbook.sys F962F000 - \SystemRoot\System32\DRIVERS\ks.sys FA231000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys FA181000 - \SystemRoot\System32\DRIVERS\i8042prt.sys FA239000 - \SystemRoot\System32\DRIVERS\kbdclass.sys FA241000 - \SystemRoot\System32\DRIVERS\mouclass.sys FA249000 - \SystemRoot\System32\DRIVERS\fdc.sys F961C000 - \SystemRoot\System32\DRIVERS\parport.sys F9FB1000 - \SystemRoot\System32\DRIVERS\serial.sys F9D40000 - \SystemRoot\System32\DRIVERS\serenum.sys F9D3C000 - \SystemRoot\System32\DRIVERS\CmBatt.sys F95E5000 - \SystemRoot\system32\drivers\ALCXWDM.SYS F95C4000 - \SystemRoot\system32\drivers\portcls.sys F9FC1000 - \SystemRoot\system32\drivers\drmk.sys FA251000 - \SystemRoot\System32\DRIVERS\RTL8139.SYS F9FD1000 - \SystemRoot\System32\DRIVERS ic1394.sys F958B000 - \SystemRoot\System32\DRIVERS\pcmcia.sys FA61C000 - \SystemRoot\System32\DRIVERS\audstub.sys F9FF1000 - \SystemRoot\System32\DRIVERS asl2tp.sys F9D38000 - \SystemRoot\System32\DRIVERS distapi.sys F9575000 - \SystemRoot\System32\DRIVERS diswan.sys FA001000 - \SystemRoot\System32\DRIVERS aspppoe.sys FA011000 - \SystemRoot\System32\DRIVERS aspptp.sys F94C4000 - \SystemRoot\System32\DRIVERS\psched.sys FA021000 - \SystemRoot\System32\DRIVERS\msgpc.sys FA261000 - \SystemRoot\System32\DRIVERS\ptilink.sys FA269000 - \SystemRoot\System32\DRIVERS aspti.sys F946F000 - \SystemRoot\System32\DRIVERS dpdr.sys FA061000 - \SystemRoot\System32\DRIVERS ermdd.sys FA4E8000 - \SystemRoot\System32\DRIVERS\swenum.sys F944D000 - \SystemRoot\System32\DRIVERS\update.sys FA071000 - \SystemRoot\System32\DRIVERS\usbhub.sys FA439000 - \SystemRoot\System32\DRIVERS\USBD.SYS FA081000 - \SystemRoot\System32\Drivers\NDProxy.SYS FA279000 - \SystemRoot\System32\DRIVERS\flpydisk.sys FA449000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS FA51E000 - \SystemRoot\System32\Drivers\Null.SYS FA44B000 - \SystemRoot\System32\Drivers\Beep.SYS FA2B1000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS FA2B9000 - \SystemRoot\System32\drivers\vga.sys FA44D000 - \SystemRoot\System32\Drivers\mnmdd.SYS FA44F000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys FA2C1000 - \SystemRoot\System32\Drivers\Msfs.SYS FA2C9000 - \SystemRoot\System32\Drivers\Npfs.SYS F94B0000 - \SystemRoot\System32\DRIVERS asacd.sys FA0F1000 - \SystemRoot\System32\DRIVERS\ipsec.sys F028D000 - \SystemRoot\System32\DRIVERS cpip.sys F0266000 - \SystemRoot\System32\DRIVERS etbt.sys FA101000 - \SystemRoot\System32\DRIVERS etbios.sys F023E000 - \SystemRoot\System32\DRIVERS dbss.sys F01B2000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys F0178000 - \??\C:\WINDOWS\System32\drivers\klif.sys FA111000 - \SystemRoot\System32\Drivers\Fips.SYS FA131000 - \SystemRoot\System32\DRIVERS\wanarp.sys F9565000 - \SystemRoot\System32\DRIVERS\arp1394.sys FA2D9000 - \SystemRoot\System32\DRIVERS\usbccgp.sys F0138000 - \SystemRoot\System32\DRIVERS\WlanUZXP.sys F9439000 - \SystemRoot\System32\DRIVERS\hidusb.sys F9535000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS F9525000 - \SystemRoot\System32\Drivers\Cdfs.SYS FA3FD000 - \SystemRoot\System32\DRIVERS\mouhid.sys F94C0000 - \SystemRoot\System32\DRIVERS\kbdhid.sys F00FA000 - \SystemRoot\System32\Drivers\dump_atapi.sys FA46B000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F0232000 - \SystemRoot\System32\watchdog.sys F022E000 - \SystemRoot\System32\drivers\Dxapi.sys BFF80000 - \SystemRoot\System32\drivers\dxg.sys FA5A0000 - \SystemRoot\System32\drivers\dxgthk.sys BF9BB000 - \SystemRoot\System32\ati2dvag.dll BF9F1000 - \SystemRoot\System32\ati3d1ag.dll BFFA0000 - \SystemRoot\System32\ATMFD.DLL EFF44000 - \SystemRoot\System32\drivers\afd.sys EFFC1000 - \SystemRoot\System32\DRIVERS disuio.sys EFD39000 - \SystemRoot\System32\DRIVERS\mrxdav.sys FA4AD000 - \SystemRoot\System32\Drivers\ParVdm.SYS EFBD0000 - \SystemRoot\System32\DRIVERS\srv.sys EFA2C000 - \SystemRoot\System32\DRIVERS\ipnat.sys EFB60000 - \SystemRoot\system32\drivers\sysaudio.sys EF52D000 - \SystemRoot\system32\drivers\wdmaud.sys EF575000 - \??\C:\WINDOWS\System32\ZDPNDIS5.SYS EEE49000 - \SystemRoot\system32\drivers\kmixer.sys EF6C5000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 127 Liste des programmes installes ABBYY FineReader 6.0 Sprint Active Virus Shield Active Virus Shield Adobe Flash Player 9 ActiveX Adobe Photoshop CS Adobe Reader 8 - Français Agere Systems AC'97 Modem AOL Security Toolbar Apple Software Update ATI Control Panel ATI Display Driver AutoUpdate Avance AC'97 Audio Canon IXY 200a, PowerShot S200, IXUS v2 WIA Driver Canon PhotoRecord Canon Utilities PhotoStitch 3.1 Canon Utilities RAW Image Converter2 Canon Utilities RemoteCapture 2.4 Canon Utilities ZoomBrowser EX CLIE MS SCSI Driver DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player eMule ERUNT 1.1j EVEREST Home Edition v2.20 Express Burn Google Talk (remove only) HijackThis 2.0.2 iTunes K-Lite Codec Pack 2.89 Full Lexmark 3400 Series Lexmark Barre d'outils Livebox Logiciel QuickCam de Logitech Logitech ImageStudio Logitech Print Service Media Player Classic fr Microsoft Office Professional Edition 2003 MSN Messenger 7.0 Panda ActiveScan PictureGear 4.4Lite Programme de gestion Camera de Logitech® QuickTime SAGEM Wi-Fi 11g USB adapter (Driver) SAGEM Wi-Fi 11g USB adapter (Tool) Solutions de télécopie Lexmark SoulSeek Client 157 test 8 Switch Unlocker 1.8.5 WavePad Uninstall WD Diagnostics WD Firewire HID Driver WebFldrs XP Windows Installer 3.1 (KB893803) Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est FC17-DD31 Répertoire de C:\Program Files 14/12/2007 11:46 . 14/12/2007 11:46 .. 15/02/2007 22:32 Abbyy FineReader 6.0 Sprint 23/06/2007 16:12 Adobe 13/02/2007 18:31 AOL 13/02/2007 18:33 AOL Security Toolbar 28/02/2007 14:14 Apple Software Update 13/02/2007 15:49 ATI Technologies 13/02/2007 15:50 AvRack 13/02/2007 16:38 Canon 27/03/2007 08:26 directx 13/02/2007 17:01 Dirext X9 27/03/2007 19:26 DivX 01/12/2007 21:35 eMule 14/12/2007 11:46 ERUNT 27/03/2007 08:33 Fichiers communs 13/02/2007 18:29 Google 14/12/2007 00:57 Internet Explorer 28/02/2007 14:19 iPod 14/12/2007 00:57 iTunes 20/04/2007 09:27 K-Lite Codec Pack 04/11/2007 12:22 Lavalys 14/12/2007 00:58 Lexmark 3400 Series 21/02/2007 16:37 Lexmark 3400 Series(2) 14/12/2007 00:58 Lexmark Fax Solutions 21/02/2007 16:37 Lexmark Fax Solutions(2) 14/12/2007 00:58 Lexmark Toolbar 04/04/2007 11:13 Logitech 21/09/2007 09:35 lx_cats 04/04/2007 11:37 Media Player Classic 13/02/2007 15:26 Messenger 13/02/2007 15:33 microsoft frontpage 13/02/2007 16:03 Microsoft Office 13/02/2007 15:29 Movie Maker 13/02/2007 15:26 MSN Gaming Zone 13/02/2007 17:29 MSN Messenger 12/04/2007 20:56 NCH Swift Sound 13/02/2007 15:28 NetMeeting 13/02/2007 15:28 Outlook Express 14/12/2007 01:01 QuickTime 13/02/2007 16:16 SAGEM 14/12/2007 01:01 SAGEM Wi-Fi USB 802.11g 13/02/2007 15:46 Services en ligne 20/07/2007 18:25 Sony 20/07/2007 18:26 Sony Handheld 20/06/2007 19:19 Soulseek-Test 12/04/2007 20:38 tmpAvantGo 14/12/2007 01:01 Unlocker 13/02/2007 16:21 Wanadoo 04/09/2007 19:27 Western Digital Technologies 27/03/2007 08:27 Windows Media Components 14/12/2007 01:02 Windows Media Player 13/02/2007 15:26 Windows NT 06/12/2007 13:00 xerox 0 fichier(s) 0 octets 54 Rép(s) 3 580 956 672 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est FC17-DD31 Répertoire de C:\Program Files\fichiers communs 27/03/2007 08:33 . 27/03/2007 08:33 .. 23/06/2007 16:12 Adobe 13/02/2007 16:29 Adobe Systems Shared 13/02/2007 16:03 DESIGNER 27/03/2007 08:32 FotoWire 13/02/2007 16:26 InstallShield 04/04/2007 11:14 Logitech 13/02/2007 16:03 Microsoft Shared 13/02/2007 15:28 MSSoap 13/02/2007 15:17 ODBC 27/03/2007 08:48 Real 13/02/2007 15:28 Services 13/02/2007 15:17 SpeechEngines 13/02/2007 16:02 System 0 fichier(s) 0 octets 15 Rép(s) 3 580 956 672 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est FC17-DD31 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 13/02/2007 16:03 . 13/02/2007 16:03 .. 13/02/2007 16:03 1033 13/02/2007 16:03 1036 11/07/2003 10:15 1 292 872 MSONSEXT.DLL 15/07/2003 06:52 35 896 MSOSV.DLL 03/06/1999 14:09 122 937 MSOWS409.DLL 07/03/2001 09:00 127 033 MSOWS40c.DLL 11/07/2003 02:25 80 448 PKMWS.DLL 5 fichier(s) 1 659 186 octets 4 Rép(s) 3 580 956 672 octets libres Attention : C:\autorun.inf existe c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe c:\Documents and Settings\Anthony\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe c:\Documents and Settings\Anthony\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe c:\Documents and Settings\Anthony\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe c:\Documents and Settings\Anthony\Application Data\Microsoft\Installer\{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}\ARPPRODUCTICON.exe c:\Documents and Settings\Anthony\Bureau\ComboFix.exe c:\Documents and Settings\Anthony\Bureau\erunt-setup.exe c:\Documents and Settings\Anthony\Bureau\Flash_Disinfector.exe c:\Documents and Settings\Anthony\Bureau avmon.exe c:\Documents and Settings\Anthony\Bureau\VaccinUSB.exe c:\Documents and Settings\Anthony\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Anthony\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Anthony\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Anthony\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Anthony\Bureau\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\Anthony\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Anthony\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Anthony\Bureau\DiagHelp\DiagHelp\gzip.exe c:\Documents and Settings\Anthony\Bureau\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\Anthony\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Anthony\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Anthony\Bureau\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\Anthony\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Anthony\Bureau\DiagHelp\DiagHelp\sigcheck.exe c:\Documents and Settings\Anthony\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Anthony\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Anthony\Bureau\DiagHelp\DiagHelp ar.exe c:\Documents and Settings\Anthony\Bureau\MSNFix\msnchk.exe c:\Documents and Settings\Anthony\Bureau\MSNFix\incl\MD5File.exe c:\Documents and Settings\Anthony\Bureau\MSNFix\incl\msnchk.exe c:\Documents and Settings\Anthony\Bureau\MSNFix\incl\Process.exe c:\Documents and Settings\Anthony\Bureau\MSNFix\incl\swreg.exe c:\Documents and Settings\Anthony\Bureau\MSNFix\incl\zip.exe c:\Documents and Settings\Anthony\Bureau\Telechargement ktools.exe c:\Documents and Settings\Anthony\Bureau\Telechargement\WIN RAR[40jours].exe c:\Documents and Settings\Anthony\Bureau\Telechargement\TESTING PC\everest_everest_2.20_francais (analyse pc).exe c:\Documents and Settings\All Users\Application Data\AOL\AVP6\Bases\avcmhk4.dll c:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Google Talk\sgsapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_ARISTOTE.tar.gz a l'adresse http://upload.malekal.com

philae83 · Answer

bonsoir,

plusieurs choses à vérifier
encore autorun.inf qui est présent. As tu fait la manip avec flash disinfector ?

il faudra :

Télécharge ce tool de sUBs : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
Double-cliquez sur le fichier, si votre antivirus fait une alerte, ignorez la. 

    *  Télécharge  clean.zip  de Malekal (merci Malekal).
      http://www.malekal.com/download/clean.zip
    * Dézippe-le sur le bureau.
    * Ouvre le dossier jaune nommé clean sur ton bureau.
    * Double-clique sur clean.cmd
    * Choisis l'option 1  et copie sur le bureau le rapport généré. Il doit normalement aussi se trouver là : c:\rapport_clean.txt
    * Clique sur Q pour quitter le programme.

si il te trouve quelque chose
continue
    *  Redémarre en mode sans échec. Pour cela : au démarrage du PC, tapote sur F8 (ou F5). Ton PC démarre, mais sans accès à Internet.
    * Ouvre le dossier jaune nommé clean  sur ton bureau.
    * Double-clique sur clean.cmd
    * Choisis l'option 2 et copie sur le bureau le rapport généré.
    * Si une fenêtre s'ouvre, laisse-la.
    * Clique sur Q pour quitter le programme.
    * Redémarre normalement.

tu posteras le rapport

et 


* Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

* Installe le à la racine de C
 
* double clic sur l'exe pour le décompresser et lancer le fix.
Utilisation ----- option 1 - Recherche :
* Double clique sur smitfraudfix.cmd 
* Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
* Poste le rapport ici
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Trojan system32\cmcfg3.dll

81 réponses

Discussions similaires