Win32.Agent.ctz Résolu/Fermé

Question

Bonjour,
Cela fait quand meme pas mal de temps que mon ordinateur é infecter de virus que j'arive a supprimer mais il revienne de nouveau aprés mon redemarage. Aprés tous ce temps a chercher une reponse a mon probleme je m'en remet à vous! 

Mon anti virus (avast) a détecté Trojan.Win32.BHO.zn, Trojan.Win32.BHO.alf, Adware.Win32.SuperJuan.bb, ainsi que plein d'autres dans pas mal de mes fichier 

En regardant les solution péché sur internet j'ai instalé 2a-squared Free qui pendant son scan à trouver pas mal de chose mais a fait s'affolé mon anti virus Avast. Ad-Aware SE Personal, Avast et 2a-squared Free on trouvé pas mal de chose mais a mon grand regret au demarage suivant mon anti virus a redecouvert les mm virus. A L'AIDE !!!! 
En vous remerciant et en attente de votre reponce, je vous colle un rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:15, on 26/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\bymmhocr.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\a-squared Free\a2free.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sapo.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [74a2ef0b] rundll32.exe "C:\WINDOWS\system32\mwtftbeu.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - https://www.f-secure.com/en/home/support
O18 - Protocol: hola - {626601A0-4BAE-11D1-A7E1-00A0246C1E64} - (no file)
O18 - Protocol: holb - {626601A1-4BAE-11D1-A7E1-00A0246C1E64} - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService -   - C:\WINDOWS\system32\bymmhocr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

philae83 · Answer

bonsoir,

 Télécharge navilog1 (Merci il.mafioso!)

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    * Ensuite double clique sur navilog1.exe pour lancer l'installation.

    * Une fois l'installation terminée, le fix s'exécutera automatiquement.

    * (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

* Laisse-toi guider. Au menu principal, choisis 1 et valides.

/*\ Ne fais pas le choix 2,3 ou 4 sans notre avis/accord /*\

* Patiente jusqu'au message : *** Analyse terminée le ..... ***

    * Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.

    * Copie-colle l'intégralité du rapport dans ta prochaine réponse. Referme le Bloc-notes.

    * Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

AlexR31 · Answer

Bonsoir Philae, je vous remercie pour votre reponce aussi rapide. J'ai lancer une analyse navilog1 une foi celle ci terminer je vous enverez l'intégralité du rapport.

AlexR31 · Answer

voci le rapport Navilog1:

Search Navipromo version 3.3.8 commencé le 26/12/2007 à 18:17:44,59

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11 
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\HP_Propriétaire\application data" *** 


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\HP_Propriétaire\local settings\application data" * 



*** Recherche fichiers *** 


C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS	mlpcert2007 trouvé !


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé ! 

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

cvxnqxh.dat trouvé !
cvxnqxh_nav.dat trouvé !

* Dans "C:\Documents and Settings\HP_Propriétaire\local settings\application data" : 


3)Recherche Certificats :

Certificat Egroup trouvé !

4)Recherche fichiers connus :

C:\WINDOWS\system32
qtwa.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32
qtwa.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32
qtwa.bak2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 26/12/2007 à 18:42:46,85 ***

philae83 · Answer

re ok, plusieurs infections donc

on continue

* Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.

    * Au menu principal, choisis 2 et valide.

    * Le fix va t'informer qu'il va alors redémarrer ton PC

    * Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts

    * Appuie sur une touche comme demandé. (si ton Pc ne redémarre pas automatiquement, fais le toi même)

    * Au redémarrage de ton PC, choisis ta session habituelle.

* Patiente jusqu'au message : *** Nettoyage Termine le ..... ***

    * Le Bloc-notes va s'ouvrir.

    * Sauvegarde le rapport de manière à le retrouver.

    * Referme le Bloc-Notes. Ton bureau va réapparaître.

* Note : Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.

    * Rends-toi à l'onglet "Processus", clique en haut à gauche sur > Fichiers et choisis > Exécuter

    * Tape  explorer et valide. Celà te fera apparaître ton Bureau.

* Tu posteras le rapport de Navilog1 

ensuite

* Télécharge VundoFix.exe (par Atribune) sur ton Bureau

http://www.atribune.org/ccount/click.php?id=4

 * Double-clique VundoFix.exe afin de le lancer

* Clique sur le bouton Scan for Vundo

* Lorsque le scan est complété, clique sur le bouton Remove Vundo

* Une invite te demandera si tu veux supprimer les fichiers, clique YES

* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

 
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".


ainsi qu'un nouveau rapport hijackthis


je serais là après diner

AlexR31 · Answer

Re, voci le rapport de Navilog1 dans mon prochain message j'y mettrai le rapport Vundo.


Clean Navipromo version 3.3.8 commencé le 26/12/2007 à 19:11:53,13

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique 


 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *


* Suppression dans "C:\Documents and Settings\HP_Propriétaire\local settings\application data" * 



*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***


*** Suppression dossiers dans "C:\Documents and Settings\HP_Propriétaire\application data" *** 


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS	mlpcert2007 supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\HP_Propri‚taire\local settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans C:\WINDOWS\system32 *

cvxnqxh.dat trouvé !
Copie cvxnqxh.dat réalisée avec succès !
cvxnqxh.dat supprimé !

cvxnqxh_nav.dat trouvé !
Copie cvxnqxh_nav.dat réalisée avec succès !
cvxnqxh_nav.dat supprimé !

cvxnqxh_navps.dat trouvé !
Copie cvxnqxh_navps.dat réalisée avec succès !
cvxnqxh_navps.dat supprimé !


* Dans "C:\Documents and Settings\HP_Propriétaire\local settings\application data" * 


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !

*** Nettoyage terminé le 26/12/2007 à 19:16:37,64 ***

philae83 · Answer

tu reposteras un nouveau rapport hijackthis stp

je verrais après dîner

AlexR31 · Answer

voici le rapport vundo, mais apres plusieur annalyse il en reste toujours un qui perciste:


VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 19:28:51 26/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\amnryyyn.dll
C:\WINDOWS\system32\avilnjbe.exe
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\ayccwpsd.dll
C:\WINDOWS\system32\bgyjyvpf.dll
C:\WINDOWS\system32\bkufwonb.ini
C:\WINDOWS\system32\blrpxmsc.dll
C:\WINDOWS\system32\bnowfukb.dll
C:\WINDOWS\system32\boruhfoa.dll
C:\WINDOWS\system32\bymmhocr.exe
C:\WINDOWS\system32\cjtvejcp.dll
C:\WINDOWS\system32\dcjpfsfr.dll
C:\WINDOWS\system32\depkygkp.dll
C:\WINDOWS\system32\dspwccya.ini
C:\WINDOWS\system32\faspwsca.dll
C:\WINDOWS\system32\fypqwqvb.dll
C:\WINDOWS\system32\hbpjimte.dll
C:\WINDOWS\system32\ijbepcrj.dll
C:\WINDOWS\system32\itycfkgb.dll
C:\WINDOWS\system32\jnhroibn.dll
C:\WINDOWS\system32\kncynakv.dll
C:\WINDOWS\system32\ldxpwpdw.dll
C:\WINDOWS\system32\mwtftbeu.dll
C:\WINDOWS\system32
olbypfn.dll
C:\WINDOWS\system32
qtwa.bak1
C:\WINDOWS\system32
qtwa.bak2
C:\windows\system32
qtwa.ini
C:\windows\system32
qtwa.ini2
C:\windows\system32
qtwa.tmp
C:\WINDOWS\system32\obkqwcqx.dll
C:\WINDOWS\system32\ovkhyynv.dll
C:\WINDOWS\system32\pildbbok.dll
C:\WINDOWS\system32\pkvymyxv.dll
C:\WINDOWS\system32\qiothgum.dll
C:\WINDOWS\system32\qonsvblb.dll
C:\WINDOWS\system32\quwiuust.dll
C:\WINDOWS\system32\qvmraoqf.dll
C:\WINDOWS\system32sllqsah.dll
C:\WINDOWS\system32vbivofd.dll
C:\WINDOWS\system32\smulwiyg.dll
C:\WINDOWS\system32	apbmryx.dll
C:\WINDOWS\system32	ritwsvd.dll
C:\WINDOWS\system32\ugcjmpum.dll
C:\WINDOWS\system32\uktynypc.dll
C:\WINDOWS\system32\umkodabd.dll
C:\WINDOWS\system32\uyskoeqy.dll
C:\WINDOWS\system32\xfwijgqf.dll
C:\WINDOWS\system32\ydgyleey.dll
C:\WINDOWS\system32\yfjfgqib.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\amnryyyn.dll
C:\WINDOWS\system32\amnryyyn.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\avilnjbe.exe
C:\WINDOWS\system32\avilnjbe.exe Has been deleted!

 Attempting to delete C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\awtqn.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ayccwpsd.dll
C:\WINDOWS\system32\ayccwpsd.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\bgyjyvpf.dll
C:\WINDOWS\system32\bgyjyvpf.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\bkufwonb.ini
C:\WINDOWS\system32\bkufwonb.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\blrpxmsc.dll
C:\WINDOWS\system32\blrpxmsc.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\bnowfukb.dll
C:\WINDOWS\system32\bnowfukb.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\boruhfoa.dll
C:\WINDOWS\system32\boruhfoa.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\bymmhocr.exe
C:\WINDOWS\system32\bymmhocr.exe Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\cjtvejcp.dll
C:\WINDOWS\system32\cjtvejcp.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\dcjpfsfr.dll
C:\WINDOWS\system32\dcjpfsfr.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\depkygkp.dll
C:\WINDOWS\system32\depkygkp.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\dspwccya.ini
C:\WINDOWS\system32\dspwccya.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\faspwsca.dll
C:\WINDOWS\system32\faspwsca.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\fypqwqvb.dll
C:\WINDOWS\system32\fypqwqvb.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hbpjimte.dll
C:\WINDOWS\system32\hbpjimte.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ijbepcrj.dll
C:\WINDOWS\system32\ijbepcrj.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\itycfkgb.dll
C:\WINDOWS\system32\itycfkgb.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jnhroibn.dll
C:\WINDOWS\system32\jnhroibn.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\kncynakv.dll
C:\WINDOWS\system32\kncynakv.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ldxpwpdw.dll
C:\WINDOWS\system32\ldxpwpdw.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mwtftbeu.dll
C:\WINDOWS\system32\mwtftbeu.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32
olbypfn.dll
C:\WINDOWS\system32
olbypfn.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32
qtwa.bak1
C:\WINDOWS\system32
qtwa.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32
qtwa.bak2
C:\WINDOWS\system32
qtwa.bak2 Has been deleted!

 Attempting to delete C:\windows\system32
qtwa.ini
C:\windows\system32
qtwa.ini Has been deleted!

 Attempting to delete C:\windows\system32
qtwa.ini2
C:\windows\system32
qtwa.ini2 Has been deleted!

 Attempting to delete C:\windows\system32
qtwa.tmp
C:\windows\system32
qtwa.tmp Has been deleted!

 Attempting to delete C:\WINDOWS\system32\obkqwcqx.dll
C:\WINDOWS\system32\obkqwcqx.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ovkhyynv.dll
C:\WINDOWS\system32\ovkhyynv.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\pildbbok.dll
C:\WINDOWS\system32\pildbbok.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\pkvymyxv.dll
C:\WINDOWS\system32\pkvymyxv.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qiothgum.dll
C:\WINDOWS\system32\qiothgum.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qonsvblb.dll
C:\WINDOWS\system32\qonsvblb.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\quwiuust.dll
C:\WINDOWS\system32\quwiuust.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qvmraoqf.dll
C:\WINDOWS\system32\qvmraoqf.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32sllqsah.dll
C:\WINDOWS\system32sllqsah.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32vbivofd.dll
C:\WINDOWS\system32vbivofd.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\smulwiyg.dll
C:\WINDOWS\system32\smulwiyg.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32	apbmryx.dll
C:\WINDOWS\system32	apbmryx.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32	ritwsvd.dll
C:\WINDOWS\system32	ritwsvd.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\ugcjmpum.dll
C:\WINDOWS\system32\ugcjmpum.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\uktynypc.dll
C:\WINDOWS\system32\uktynypc.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\umkodabd.dll
C:\WINDOWS\system32\umkodabd.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\uyskoeqy.dll
C:\WINDOWS\system32\uyskoeqy.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xfwijgqf.dll
C:\WINDOWS\system32\xfwijgqf.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ydgyleey.dll
C:\WINDOWS\system32\ydgyleey.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\yfjfgqib.dll
C:\WINDOWS\system32\yfjfgqib.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 19:59:20 26/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\bymmhocr.exe
C:\WINDOWS\system32\dvswtirt.ini
C:\WINDOWS\system32	ritwsvd.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\bymmhocr.exe
C:\WINDOWS\system32\bymmhocr.exe Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\dvswtirt.ini
C:\WINDOWS\system32\dvswtirt.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32	ritwsvd.dll
C:\WINDOWS\system32	ritwsvd.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\bymmhocr.exe
C:\WINDOWS\system32\bymmhocr.exe Could not be deleted.

Performing Repairs to the registry.
Done!

AlexR31 · Answer

voici le rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:52, on 26/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\bymmhocr.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sapo.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0158351F-EAE2-40A9-8043-C519F6DD893B} - (no file)
O2 - BHO: (no name) - {036e2109-f9be-488a-8c52-3194e09f4d48} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E6584FC-5675-45BE-9447-231E21B8F054} - (no file)
O2 - BHO: (no name) - {0F8B3A97-6CCA-47E9-A0EC-ED47B7AAB253} - (no file)
O2 - BHO: (no name) - {108AD16E-81C8-447B-85EA-B3496706477E} - (no file)
O2 - BHO: (no name) - {18880181-ed36-4adc-96f6-3a0f55bca445} - (no file)
O2 - BHO: (no name) - {1B3F756C-418D-410B-852C-F82F79B37166} - (no file)
O2 - BHO: (no name) - {23153EBC-39A7-4A0B-89BD-86BA900A229A} - (no file)
O2 - BHO: (no name) - {3B375025-0C4A-4D2B-8C83-26D5A18144A4} - (no file)
O2 - BHO: (no name) - {458D217F-16CD-4335-A01E-A31481A26CDE} - (no file)
O2 - BHO: (no name) - {4753DF9C-210D-45CC-B2C8-B5A5E0023C1D} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: (no name) - {4C161245-22BC-4732-8B1C-263346F439F7} - (no file)
O2 - BHO: (no name) - {4d0d6e37-4184-404e-ac14-9796ccfce243} - (no file)
O2 - BHO: (no name) - {55028745-FDF4-461E-AA31-4C3642E6D17E} - (no file)
O2 - BHO: (no name) - {579a91bf-ece2-4b85-8146-d61b59dd0a3d} - (no file)
O2 - BHO: (no name) - {62A343BD-143D-45FF-B2E2-057CAF814CEA} - (no file)
O2 - BHO: (no name) - {66AACC8E-3933-4219-BF8A-87E8BC62DA08} - (no file)
O2 - BHO: (no name) - {6746F1E3-DFE2-4009-A2A0-289693ABABB8} - (no file)
O2 - BHO: (no name) - {6B987E65-1671-40FB-BF2A-2DE821B9BD62} - (no file)
O2 - BHO: (no name) - {6F8A4B70-86F4-4719-962D-7D5B19912B68} - (no file)
O2 - BHO: (no name) - {764D8C35-A69A-4074-9A08-116B74520806} - (no file)
O2 - BHO: (no name) - {7C7557BA-217F-4D28-BE4C-E0135E56E9AA} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {ce9f6183-ac9f-446b-0a54-69082954f088} - {880f4592-8096-45a0-b644-f9ca3816f9ec} - C:\WINDOWS\system32\qvmraoqf.dll (file missing)
O2 - BHO: (no name) - {8e694f47-366a-427b-a1d0-9c96acab4664} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92CF17B8-97BA-45F0-87A5-659E90496CB5} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9728B320-FD65-4375-B687-EC6449A64C62} - (no file)
O2 - BHO: (no name) - {980E5A99-D684-4346-9024-5B4DAEE7DC94} - (no file)
O2 - BHO: (no name) - {A0F85361-45A8-4B58-8CDA-C782AFA01D63} - (no file)
O2 - BHO: (no name) - {a42fa66d-7152-4f43-b238-a15a0b5040a7} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: (no name) - {abce94ad-7f9b-4f1b-baa9-6d3d9d638f35} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {AFA85A03-3A73-45EA-AC62-BC8330D82000} - (no file)
O2 - BHO: (no name) - {B55DB1B3-D239-46B0-A828-D1F6A9CC36B4} - (no file)
O2 - BHO: (no name) - {B723A736-024E-404C-9732-1ED8E83D6AF3} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {D2EFD432-CAE6-40D0-AB12-B03802710C2F} - (no file)
O2 - BHO: (no name) - {DA244D3D-2AA3-4E92-A7E1-BE7465DD065C} - (no file)
O2 - BHO: (no name) - {DADC99AE-3619-43BA-9A89-C8E2AB04300F} - (no file)
O2 - BHO: (no name) - {DEF14CF2-7F2E-4A3A-8A3C-34A3633E2DC7} - (no file)
O2 - BHO: (no name) - {e716cbf5-6958-447f-a8a0-76cb02ced9e5} - (no file)
O2 - BHO: (no name) - {E73DF09D-E7A5-44A0-A411-BF0D91BE9C72} - (no file)
O2 - BHO: (no name) - {ED34EF0C-1F27-4150-8BFF-056227FC8F73} - (no file)
O2 - BHO: (no name) - {EFB6EF28-20D6-4E02-B52D-767D3412734A} - (no file)
O2 - BHO: (no name) - {F7ADCC66-9534-4ECC-9801-B6CDCAFE1E17} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [74a2ef0b] rundll32.exe "C:\WINDOWS\system32	ritwsvd.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - https://www.f-secure.com/en/home/support
O18 - Protocol: hola - {626601A0-4BAE-11D1-A7E1-00A0246C1E64} - (no file)
O18 - Protocol: holb - {626601A1-4BAE-11D1-A7E1-00A0246C1E64} - (no file)
O20 - Winlogon Notify: urqrqno - C:\WINDOWS\
O20 - Winlogon Notify: xxyvuro - C:\WINDOWS\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService -   - C:\WINDOWS\system32\bymmhocr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

philae83 · Answer

me revoilà

du joli monde tout ça....

on continue, ce n'est pas terminé

* Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
IMPORTANT

*désactive ton antivirus, antispyware, et spybot (résident) durant l'utilisation de ComboFix . Merci. Tu réactives ensuite
puis

* Double clique combofix.exe.

* Tape sur la touche Y (Yes) pour démarrer le scan.

* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

et reposte un nouveau rapport hijackthis stp

AlexR31 · Answer

voci le rapport de l'analyse de ComboFix: ComboFix 07-12-21.4 - HP_Propriétaire 2007-12-26 21:35:25.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.554 [GMT 1:00] Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk C:\Documents and Settings\HP_Propriétaire\Favoris\Online Security Guide.lnk C:\Program Files\Temporary C:\Program Files\WinAble C:\svchost.exe C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\WINDOWS\cookies.ini C:\WINDOWS\Fonts\a.zip C:\WINDOWS\system32\b3 C:\WINDOWS\system32\bymmhocr.exe C:\WINDOWS\system32\e1 C:\WINDOWS\system32\eeqkcgif.ini C:\WINDOWS\system32\eqfythhi.dll C:\WINDOWS\system32\figckqee.dll C:\WINDOWS\system32\ihhtyfqe.ini C:\WINDOWS\system32\myrqvwwu.ini C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\u4 C:\WINDOWS\system32\uwwvqrym.dll C:\x.dat C:\z.dat D:\Autorun.inf K:\Autorun.inf C:\WINDOWS\Fonts\' . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))))))) . 2007-12-26 19:28 . 2007-12-26 20:32 d-------- C:\VundoFix Backups 2007-12-26 18:13 . 2007-12-26 19:16 d-------- C:\Program Files\Navilog1 2007-12-26 17:01 . 2007-12-26 19:17 474 ---hs---- C:\WINDOWS\system32\uebtftwm.ini 2007-12-26 13:19 . 2007-12-26 16:17 d-------- C:\Program Files\a-squared Free 2007-12-26 13:17 . 2007-12-26 16:59 354 ---hs---- C:\WINDOWS\system32\fcjlowku.ini 2007-12-26 13:13 . 2007-12-26 13:13 294 ---hs---- C:\WINDOWS\system32\yqeoksyu.ini 2007-12-26 12:00 . 2007-12-26 12:00 714 ---hs---- C:\WINDOWS\system32\dbadokmu.ini 2007-12-26 11:53 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-12-26 11:53 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-26 11:53 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-26 11:53 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-26 11:53 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-26 11:53 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-26 11:52 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-12-26 11:51 . 2007-12-26 11:58 654 ---hs---- C:\WINDOWS\system32\fyxdnpwv.ini 2007-12-26 11:38 . 2007-12-26 11:45 534 ---hs---- C:\WINDOWS\system32\fkmyeglj.ini 2007-12-26 02:12 . 2007-12-26 11:33 414 ---hs---- C:\WINDOWS\system32\fhbifkap.ini 2007-12-24 15:07 . 2007-12-24 15:07 d-------- C:\Program Files\Dusco 2007-12-24 15:07 . 2007-12-24 15:07 294 ---hs---- C:\WINDOWS\system32\ksajugbd.ini 2007-12-24 11:45 . 2007-12-24 11:46 414 ---hs---- C:\WINDOWS\system32\miirscde.ini 2007-12-23 22:13 . 2007-12-24 11:40 354 ---hs---- C:\WINDOWS\system32\afovjtnq.ini 2007-12-23 21:34 . 2007-12-23 22:09 406 ---hs---- C:\WINDOWS\system32\hfdtkfws.ini 2007-12-23 20:40 . 2007-12-23 20:40 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2007-12-23 19:08 . 2007-12-23 19:08 d-------- C:\Program Files\Eidos 2007-12-23 17:28 . 2007-12-23 17:28 d-------- C:\Program Files\Ubi Soft 2007-12-23 17:28 . 2002-09-29 01:09 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll 2007-12-23 17:28 . 2002-09-29 01:09 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll 2007-12-23 17:28 . 2002-09-29 01:09 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca 2007-12-23 17:28 . 2002-12-23 17:54 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe 2007-12-23 17:28 . 2002-09-29 01:09 24,576 -ra------ C:\WINDOWS\system32\msxml3a.dll 2007-12-23 17:00 . 2007-12-23 17:48 d-------- C:\Program Files\ubi.com 2007-12-23 17:00 . 2007-12-23 19:07 d-------- C:\Program Files\Red Storm Entertainment 2007-12-23 13:43 . 2007-12-23 21:31 406 ---hs---- C:\WINDOWS\system32\fqgjiwfx.ini 2007-12-22 18:51 . 2007-12-22 19:02 354 ---hs---- C:\WINDOWS\system32\xyrmbpat.ini 2007-12-22 18:42 . 2007-12-22 18:51 354 ---hs---- C:\WINDOWS\system32\acswpsaf.ini 2007-12-19 16:48 . 2007-12-19 16:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-19 16:48 . 2007-12-19 16:48 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-10 18:57 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb 2007-12-10 18:57 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2007-12-10 18:57 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb 2007-12-10 18:55 . 2007-12-10 18:56 d-------- C:\Program Files\Windows Media Connect 2 2007-12-10 18:51 . 2007-12-10 18:53 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-12-08 15:31 . 2007-12-09 15:40 d-------- C:\Program Files\IMVU 2007-12-07 18:52 . 2007-12-20 18:08 774 ---hs---- C:\WINDOWS\system32\qfqiisnp.ini 2007-12-05 19:25 . 2007-12-05 19:25 414 ---hs---- C:\WINDOWS\system32\bdhaaaij.ini 2007-12-05 18:00 . 2007-12-05 18:00 294 ---hs---- C:\WINDOWS\system32\ewbgckqx.ini 2007-12-04 19:17 . 2007-12-05 19:20 354 ---hs---- C:\WINDOWS\system32 lbbhhfl.ini 2007-11-27 19:42 . 2007-11-27 19:42 d-------- C:\fsaua.data . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-26 15:47 --------- d-----w C:\Program Files\eMule 2007-12-26 01:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-12-23 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-26 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-25 19:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-25 12:38 120 ----a-w C: .bat 2007-11-24 22:20 36,864 ----a-w C:\Documents and Settings\SANDRA\services.exe 2007-11-20 19:23 --------- d-----w C:\Program Files\RogueRemover FREE 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 10:01 --------- d-----w C:\Program Files\Trend Micro 2007-11-04 21:21 --------- d-----w C:\Program Files\Custom-Strike 2007-10-10 09:13 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-05-04 16:10 80,232 ----a-w C:\Documents and Settings\SANDRA\Application Data\GDIPFONTCACHEV1.DAT 2006-05-31 17:29 19,968 ----a-w C:\Program Files\msn blok.doc 2006-03-31 11:40 484,560 ----a-w C:\Program Files\DXSETUP.exe 2006-03-31 11:40 2,248,912 ----a-w C:\Program Files\dsetup32.dll 2006-03-31 11:39 74,448 ----a-w C:\Program Files\DSETUP.dll 2006-01-04 18:29 1,884,336 ----a-w C:\Program Files\ptvector.exe 2006-01-04 11:27 1,210,249 ----a-w C:\Program Files ecolored_recolored_0.6.0_beta_francais_18429.exe 2005-12-19 14:17 35,246,592 ----a-w C:\Program Files\directx_9c_oct05sdk_redist.exe 2004-07-30 12:16 2,805 ----a-w C:\Program Files\history.txt 2004-07-29 18:03 173,056 ----a-w C:\Program Files\chaoscope.EN 2004-07-29 17:57 1,377,280 ----a-w C:\Program Files\chaoscope.exe 2004-04-08 01:43 592,896 ----a-w C:\Program Files\converter.exe 2007-06-24 13:16 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007062420070625\index.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4753DF9C-210D-45CC-B2C8-B5A5E0023C1D}] C:\WINDOWS\system32\awtqn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{880f4592-8096-45a0-b644-f9ca3816f9ec}] C:\WINDOWS\system32\qvmraoqf.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 23:15] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:43] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 13:03] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43] "SiSPower"="Rundll32.exe" [2004-08-19 15:10 C:\WINDOWS\system32 undll32.exe] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2005-01-01 10:09] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-04-23 19:34] "NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32 undll32.exe] "nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32 undll32.exe] "ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" [2006-11-23 02:45] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 02:24] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00] "74a2ef0b"="C:\WINDOWS\system32 ritwsvd.dll" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\urqrqno] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\xxyvuro] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk] path=C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\TribalWeb.lnk backup=C:\WINDOWS\pss\TribalWeb.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor] ALCXMNTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] C:\Program Files\BearShare\BearShare.exe /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bibshim] C:\DOCUME~1\HP_PRO~1\APPLIC~1\README~1\boobwait.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process] C:\WINDOWS\Fonts\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06] 2004-06-07 18:53 49152 --a------ c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2004-06-08 20:31 286720 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] 2003-02-11 12:02 61440 --a------ C:\HP\KBD\KBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe /WinStart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2001-07-09 11:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza] C:\Program Files\Shareaza\Shareaza.exe -tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySpotter] C:\Program Files\SpySpotter3\SpySpotter.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /startintray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\steam\Steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files\TomTom HOME\TomTomHOME.exe -s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trans Safe Bags Team] C:\Documents and Settings\All Users\Application Data\Blah gram trans safe\Acid real.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector] 2003-11-19 12:03 45056 --------- C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2007-05-14 23:22 35328 --a------ C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SPBBCSvc"=2 (0x2) "SAVScan"=3 (0x3) R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 22:41] R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 22:41] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10:08] R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 10:08] S3 lredbooo;lredbooo;C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\lredbooo.sys [] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 10:08] S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 10:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94cd7612-645e-11dc-aa07-0011d873ea37}] \Shell\AutoRun\command - K:\InstallTomTomHOME.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-12-26 20:00:00 C:\WINDOWS\Tasks\AD0D03E1918AB325.job" - c:\docume~1\hp_pro~1\applic~1 eadme~1\CAST OWNS ISO.exe "2007-12-21 19:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-24 14:12:26 C:\WINDOWS\Tasks\SesamTVMC.job" . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-26 21:49:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-26 21:51:15 - machine was rebooted [HP_Propri‚taire] . 2007-12-13 01:12:37 --- E O F ---

AlexR31 · Answer

voila un nouveau rapport HijackThis: 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:14, on 26/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sapo.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4753DF9C-210D-45CC-B2C8-B5A5E0023C1D} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: {ce9f6183-ac9f-446b-0a54-69082954f088} - {880f4592-8096-45a0-b644-f9ca3816f9ec} - C:\WINDOWS\system32\qvmraoqf.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [74a2ef0b] rundll32.exe "C:\WINDOWS\system32	ritwsvd.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - https://www.f-secure.com/en/home/support
O18 - Protocol: hola - {626601A0-4BAE-11D1-A7E1-00A0246C1E64} - (no file)
O18 - Protocol: holb - {626601A1-4BAE-11D1-A7E1-00A0246C1E64} - (no file)
O20 - Winlogon Notify: urqrqno - C:\WINDOWS\
O20 - Winlogon Notify: xxyvuro - C:\WINDOWS\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

philae83 · Answer

ok merci

je suis en train de te préparer la suite à donner.
réponse dans un petit moment

AlexR31 · Answer

c'est moi qui te remerci pour ton aide. je suis en attente de ta reponce.

philae83 · Answer

merci, 
IMPORTANT

* télécharge ERUNT pour sauvegarder ta base de registre avant de continuer les manips stp.

https://www.zebulon.fr/telechargements/utilitaires/systeme-utilitaires/erunt.html
tuto
http://pageperso.aol.fr/loraline60/tuto_erunt.htm

ensuite tu feras les manips dans l'ordre indiquée stp.


puis

Sélectionne le texte suivant :

File::
C:\WINDOWS\system32\uebtftwm.ini 
C:\WINDOWS\system32\fcjlowku.ini 
C:\WINDOWS\system32\yqeoksyu.ini 
C:\WINDOWS\system32\dbadokmu.ini 
C:\WINDOWS\system32\fyxdnpwv.ini 
C:\WINDOWS\system32\fkmyeglj.ini 
C:\WINDOWS\system32\fhbifkap.ini 
C:\WINDOWS\system32\ksajugbd.ini 
C:\WINDOWS\system32\miirscde.ini 
C:\WINDOWS\system32\afovjtnq.ini 
C:\WINDOWS\system32\hfdtkfws.ini 
C:\WINDOWS\system32\fqgjiwfx.ini 
C:\WINDOWS\system32\xyrmbpat.ini 
C:\WINDOWS\system32\acswpsaf.ini 
C:\WINDOWS\system32\qfqiisnp.ini 
C:\WINDOWS\system32\bdhaaaij.ini 
C:\WINDOWS\system32\ewbgckqx.ini 
C:\WINDOWS\system32
lbbhhfl.ini 

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1636FDA8-5F11-418D-AB43-22D93B418309}]

[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4753DF9C-210D-45CC-B2C8-B5A5E0023C1D}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\urqrqno]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\xxyvuro] 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trans Safe Bags Team]

# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe 

    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
      Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

puis

* lance hijackthis "do a system scan only" puis coche ces lignes :

O2 - BHO: (no name) - {4753DF9C-210D-45CC-B2C8-B5A5E0023C1D} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: {ce9f6183-ac9f-446b-0a54-69082954f088} - {880f4592-8096-45a0-b644-f9ca3816f9ec} - C:\WINDOWS\system32\qvmraoqf.dll (file missing) 
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe 
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe" -osboot 
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
O4 - HKLM\..\Run: [74a2ef0b] rundll32.exe "C:\WINDOWS\system32	ritwsvd.dll",b 
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe 
O18 - Protocol: hola - {626601A0-4BAE-11D1-A7E1-00A0246C1E64} - (no file)
O18 - Protocol: holb - {626601A1-4BAE-11D1-A7E1-00A0246C1E64} - (no file)
O20 - Winlogon Notify: urqrqno - C:\WINDOWS\
O20 - Winlogon Notify: xxyvuro - C:\WINDOWS\ 

* toutes applications fermées et HORS CONNEXION, clique sur FIX CHECKED

puis

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe


double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WINDOWS\Fonts\svchost.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.

puis

relance combo et poste le rapport

ainsi qu'un nouveau rapport hijackthis

et tu feras ceci 

Télécharge System Repair Engineer - SREng (par Smallfrogs) de ce lien:
http://www.kztechs.com/eng/download.html

Extrais tout son contenu sur ton Bureau
(clic droit sur le fichier .zip >> "Extraire tout...")
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double-clique sur SREngPS.exe afin de lancer l'outil
Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]. L'analyse durera quelques instants.

Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse, s'il te plaît.

AlexR31 · Answer

ja n'arrive pas a trouver le pack de langue français ( erunt-loc_fr.zip)

philae83 · Answer

dans cette page
https://www.zebulon.fr/telechargements/utilitaires/systeme-utilitaires/erunt.html

tu cliques sur '"ce fichier" tu auras le patch français
Vous pouvez télécharger ce fichier pour obtenir ERUNT en français (a déziper dans le répertoire de ERUNT).

AlexR31 · Answer

voici le rapport Combofix: ComboFix 07-12-21.4 - HP_Propriétaire 2007-12-26 22:47:03.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.575 [GMT 1:00] Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\HP_Propriétaire\Bureau\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\acswpsaf.ini C:\WINDOWS\system32\afovjtnq.ini C:\WINDOWS\system32\bdhaaaij.ini C:\WINDOWS\system32\dbadokmu.ini C:\WINDOWS\system32\ewbgckqx.ini C:\WINDOWS\system32\fcjlowku.ini C:\WINDOWS\system32\fhbifkap.ini C:\WINDOWS\system32\fkmyeglj.ini C:\WINDOWS\system32\fqgjiwfx.ini C:\WINDOWS\system32\fyxdnpwv.ini C:\WINDOWS\system32\hfdtkfws.ini C:\WINDOWS\system32\ksajugbd.ini C:\WINDOWS\system32\miirscde.ini C:\WINDOWS\system32\nlbbhhfl.ini C:\WINDOWS\system32\qfqiisnp.ini C:\WINDOWS\system32\uebtftwm.ini C:\WINDOWS\system32\xyrmbpat.ini C:\WINDOWS\system32\yqeoksyu.ini . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\acswpsaf.ini C:\WINDOWS\system32\afovjtnq.ini C:\WINDOWS\system32\bdhaaaij.ini C:\WINDOWS\system32\dbadokmu.ini C:\WINDOWS\system32\ewbgckqx.ini C:\WINDOWS\system32\fcjlowku.ini C:\WINDOWS\system32\fhbifkap.ini C:\WINDOWS\system32\fkmyeglj.ini C:\WINDOWS\system32\fqgjiwfx.ini C:\WINDOWS\system32\fyxdnpwv.ini C:\WINDOWS\system32\hfdtkfws.ini C:\WINDOWS\system32\ksajugbd.ini C:\WINDOWS\system32\miirscde.ini C:\WINDOWS\system32\nlbbhhfl.ini C:\WINDOWS\system32\qfqiisnp.ini C:\WINDOWS\system32\uebtftwm.ini C:\WINDOWS\system32\xyrmbpat.ini C:\WINDOWS\system32\yqeoksyu.ini . ((((((((((((((((((((((((((((( Fichiers créés 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))))))) . 2007-12-26 19:28 . 2007-12-26 20:32 d-------- C:\VundoFix Backups 2007-12-26 18:13 . 2007-12-26 19:16 d-------- C:\Program Files\Navilog1 2007-12-26 13:19 . 2007-12-26 16:17 d-------- C:\Program Files\a-squared Free 2007-12-26 11:53 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-12-26 11:53 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-26 11:53 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-26 11:53 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-26 11:53 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-26 11:53 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-26 11:52 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-12-24 15:07 . 2007-12-24 15:07 d-------- C:\Program Files\Dusco 2007-12-23 20:40 . 2007-12-23 20:40 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2007-12-23 19:08 . 2007-12-23 19:08 d-------- C:\Program Files\Eidos 2007-12-23 17:28 . 2007-12-23 17:28 d-------- C:\Program Files\Ubi Soft 2007-12-23 17:28 . 2002-09-29 01:09 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll 2007-12-23 17:28 . 2002-09-29 01:09 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll 2007-12-23 17:28 . 2002-09-29 01:09 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca 2007-12-23 17:28 . 2002-12-23 17:54 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe 2007-12-23 17:28 . 2002-09-29 01:09 24,576 -ra------ C:\WINDOWS\system32\msxml3a.dll 2007-12-23 17:00 . 2007-12-23 17:48 d-------- C:\Program Files\ubi.com 2007-12-23 17:00 . 2007-12-23 19:07 d-------- C:\Program Files\Red Storm Entertainment 2007-12-19 16:48 . 2007-12-19 16:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-19 16:48 . 2007-12-19 16:48 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-10 18:57 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb 2007-12-10 18:57 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2007-12-10 18:57 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb 2007-12-10 18:55 . 2007-12-10 18:56 d-------- C:\Program Files\Windows Media Connect 2 2007-12-10 18:51 . 2007-12-10 18:53 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-12-08 15:31 . 2007-12-09 15:40 d-------- C:\Program Files\IMVU 2007-12-08 15:31 . 2007-12-26 21:49 d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\IMVU 2007-11-27 19:42 . 2007-11-27 19:42 d-------- C:\fsaua.data . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-26 15:47 --------- d-----w C:\Program Files\eMule 2007-12-26 01:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-12-23 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-23 18:42 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-12-01 20:48 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Skype 2007-11-27 19:28 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\SopCast 2007-11-26 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-25 19:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-25 19:17 36,864 ----a-w C:\Documents and Settings\HP_Propriétaire\services.exe 2007-11-25 19:17 36,864 ----a-w C:\Documents and Settings\HP_Propriétaire\services.exe 2007-11-25 12:38 120 ----a-w C:\n.bat 2007-11-25 12:38 0 ----a-w C:\Documents and Settings\HP_Propriétaire\x.dat 2007-11-25 12:38 0 ----a-w C:\Documents and Settings\HP_Propriétaire\x.dat 2007-11-25 12:37 531 ----a-w C:\Documents and Settings\HP_Propriétaire\z.dat 2007-11-25 12:37 531 ----a-w C:\Documents and Settings\HP_Propriétaire\z.dat 2007-11-24 22:20 36,864 ----a-w C:\Documents and Settings\SANDRA\services.exe 2007-11-20 19:23 --------- d-----w C:\Program Files\RogueRemover FREE 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 12:45 4,586 ----a-w C:\WINDOWS\system32\tmp.reg 2007-11-07 10:01 --------- d-----w C:\Program Files\Trend Micro 2007-11-05 14:18 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll 2007-11-04 21:21 --------- d-----w C:\Program Files\Custom-Strike 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-10 09:13 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe 2007-09-08 11:18 81,008 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT 2007-05-04 16:10 80,232 ----a-w C:\Documents and Settings\SANDRA\Application Data\GDIPFONTCACHEV1.DAT 2006-05-31 17:29 19,968 ----a-w C:\Program Files\msn blok.doc 2006-03-31 11:40 484,560 ----a-w C:\Program Files\DXSETUP.exe 2006-03-31 11:40 2,248,912 ----a-w C:\Program Files\dsetup32.dll 2006-03-31 11:39 74,448 ----a-w C:\Program Files\DSETUP.dll 2006-01-04 18:29 1,884,336 ----a-w C:\Program Files\ptvector.exe 2006-01-04 11:27 1,210,249 ----a-w C:\Program Files\recolored_recolored_0.6.0_beta_francais_18429.exe 2005-12-19 14:17 35,246,592 ----a-w C:\Program Files\directx_9c_oct05sdk_redist.exe 2005-12-11 15:36 13,306 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat 2004-07-30 12:16 2,805 ----a-w C:\Program Files\history.txt 2004-07-29 18:03 173,056 ----a-w C:\Program Files\chaoscope.EN 2004-07-29 17:57 1,377,280 ----a-w C:\Program Files\chaoscope.exe 2004-04-08 01:43 592,896 ----a-w C:\Program Files\converter.exe 2007-06-24 13:16 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007062420070625\index.dat . ((((((((((((((((((((((((((((( snapshot@2007-12-26_21.50.45.64 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 11:02:28 163,328 ----a-w C:\WINDOWS\erdnt\26-12-2007\ERDNT.EXE + 2007-12-26 21:39:25 23,785,472 ----a-w C:\WINDOWS\erdnt\26-12-2007\Users\[u]0[/u]0000001\NTUSER.DAT + 2007-12-26 21:39:25 28,672 ----a-w C:\WINDOWS\erdnt\26-12-2007\Users\[u]0[/u]0000002\UsrClass.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4753DF9C-210D-45CC-B2C8-B5A5E0023C1D}] C:\WINDOWS\system32\awtqn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{880f4592-8096-45a0-b644-f9ca3816f9ec}] C:\WINDOWS\system32\qvmraoqf.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 23:15] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:43] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 13:03] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43] "SiSPower"="Rundll32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2005-01-01 10:09] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-04-23 19:34] "NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe] "ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" [2006-11-23 02:45] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 02:24] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00] "74a2ef0b"="C:\WINDOWS\system32\tritwsvd.dll" [] C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08] IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe [2007-12-20 03:00:16] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk] path=C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\TribalWeb.lnk backup=C:\WINDOWS\pss\TribalWeb.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor] ALCXMNTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] C:\Program Files\BearShare\BearShare.exe /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bibshim] C:\DOCUME~1\HP_PRO~1\APPLIC~1\README~1\boobwait.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process] C:\WINDOWS\Fonts\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06] 2004-06-07 18:53 49152 --a------ c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2004-06-08 20:31 286720 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] 2003-02-11 12:02 61440 --a------ C:\HP\KBD\KBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe /WinStart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2001-07-09 11:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza] C:\Program Files\Shareaza\Shareaza.exe -tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySpotter] C:\Program Files\SpySpotter3\SpySpotter.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /startintray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\steam\Steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files\TomTom HOME\TomTomHOME.exe -s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector] 2003-11-19 12:03 45056 --------- C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2007-05-14 23:22 35328 --a------ C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SPBBCSvc"=2 (0x2) "SAVScan"=3 (0x3) R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 22:41] R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 22:41] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10:08] R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 10:08] S3 lredbooo;lredbooo;C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\lredbooo.sys [] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 10:08] S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 10:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94cd7612-645e-11dc-aa07-0011d873ea37}] \Shell\AutoRun\command - K:\InstallTomTomHOME.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-12-26 21:00:00 C:\WINDOWS\Tasks\AD0D03E1918AB325.job" - c:\docume~1\hp_pro~1\applic~1\readme~1\CAST OWNS ISO.exe "2007-12-21 19:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-24 14:12:26 C:\WINDOWS\Tasks\SesamTVMC.job" . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-26 22:52:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-12-26 22:53:24 C:\ComboFix2.txt ... 2007-12-26 21:51 . 2007-12-13 01:12:37 --- E O F ---

philae83 · Answer

n'oublie pas SRENG et un nouveau rapport hijackthis stp

AlexR31 · Answer

lorsque je click sur movelt il y a un message d'erreur qui s'affiche:
Cannot create file C:\_OTMoveIt\MovedFiles\12262007_231520.log.

philae83 · Answer

et sais tu quelle action il a faite ?

n'oublie pas SRENG et un nouveau rapport hijackthis stp

AlexR31 · Answer

bin moi G coller ceci: C:\WINDOWS\Fonts\svchost.exe dans la colonne de gauche é ken G clicker sur movelt il y a ce fameu message d'erreur qui est apparut.

philae83 · Answer

ok laisse tomber pour le moment, passe à la suite stp

AlexR31 · Answer

voici le rapport ComboFix: ComboFix 07-12-21.4 - HP_Propriétaire 2007-12-26 23:32:37.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.596 [GMT 1:00] Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))))))) . 2007-12-26 19:28 . 2007-12-26 20:32 d-------- C:\VundoFix Backups 2007-12-26 18:13 . 2007-12-26 19:16 d-------- C:\Program Files\Navilog1 2007-12-26 13:19 . 2007-12-26 16:17 d-------- C:\Program Files\a-squared Free 2007-12-26 11:53 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-12-26 11:53 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-26 11:53 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-26 11:53 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-26 11:53 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-26 11:53 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-26 11:52 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-12-24 15:07 . 2007-12-24 15:07 d-------- C:\Program Files\Dusco 2007-12-23 20:40 . 2007-12-23 20:40 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2007-12-23 19:08 . 2007-12-23 19:08 d-------- C:\Program Files\Eidos 2007-12-23 17:28 . 2007-12-23 17:28 d-------- C:\Program Files\Ubi Soft 2007-12-23 17:28 . 2002-09-29 01:09 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll 2007-12-23 17:28 . 2002-09-29 01:09 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll 2007-12-23 17:28 . 2002-09-29 01:09 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca 2007-12-23 17:28 . 2002-12-23 17:54 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe 2007-12-23 17:28 . 2002-09-29 01:09 24,576 -ra------ C:\WINDOWS\system32\msxml3a.dll 2007-12-23 17:00 . 2007-12-23 17:48 d-------- C:\Program Files\ubi.com 2007-12-23 17:00 . 2007-12-23 19:07 d-------- C:\Program Files\Red Storm Entertainment 2007-12-19 16:48 . 2007-12-19 16:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-19 16:48 . 2007-12-19 16:48 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-10 18:57 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb 2007-12-10 18:57 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2007-12-10 18:57 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb 2007-12-10 18:55 . 2007-12-10 18:56 d-------- C:\Program Files\Windows Media Connect 2 2007-12-10 18:51 . 2007-12-10 18:53 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-12-08 15:31 . 2007-12-09 15:40 d-------- C:\Program Files\IMVU 2007-12-08 15:31 . 2007-12-26 21:49 d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\IMVU 2007-11-27 19:42 . 2007-11-27 19:42 d-------- C:\fsaua.data . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-26 15:47 --------- d-----w C:\Program Files\eMule 2007-12-26 01:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-12-23 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-23 18:42 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-12-01 20:48 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Skype 2007-11-27 19:28 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\SopCast 2007-11-26 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-25 19:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-25 19:17 36,864 ----a-w C:\Documents and Settings\HP_Propriétaire\services.exe 2007-11-25 19:17 36,864 ----a-w C:\Documents and Settings\HP_Propriétaire\services.exe 2007-11-25 12:38 120 ----a-w C:\n.bat 2007-11-25 12:38 0 ----a-w C:\Documents and Settings\HP_Propriétaire\x.dat 2007-11-25 12:38 0 ----a-w C:\Documents and Settings\HP_Propriétaire\x.dat 2007-11-25 12:37 531 ----a-w C:\Documents and Settings\HP_Propriétaire\z.dat 2007-11-25 12:37 531 ----a-w C:\Documents and Settings\HP_Propriétaire\z.dat 2007-11-24 22:20 36,864 ----a-w C:\Documents and Settings\SANDRA\services.exe 2007-11-20 19:23 --------- d-----w C:\Program Files\RogueRemover FREE 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 12:45 4,586 ----a-w C:\WINDOWS\system32\tmp.reg 2007-11-07 10:01 --------- d-----w C:\Program Files\Trend Micro 2007-11-05 14:18 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll 2007-11-04 21:21 --------- d-----w C:\Program Files\Custom-Strike 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-10 09:13 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe 2007-09-08 11:18 81,008 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT 2007-05-04 16:10 80,232 ----a-w C:\Documents and Settings\SANDRA\Application Data\GDIPFONTCACHEV1.DAT 2006-05-31 17:29 19,968 ----a-w C:\Program Files\msn blok.doc 2006-03-31 11:40 484,560 ----a-w C:\Program Files\DXSETUP.exe 2006-03-31 11:40 2,248,912 ----a-w C:\Program Files\dsetup32.dll 2006-03-31 11:39 74,448 ----a-w C:\Program Files\DSETUP.dll 2006-01-04 18:29 1,884,336 ----a-w C:\Program Files\ptvector.exe 2006-01-04 11:27 1,210,249 ----a-w C:\Program Files\recolored_recolored_0.6.0_beta_francais_18429.exe 2005-12-19 14:17 35,246,592 ----a-w C:\Program Files\directx_9c_oct05sdk_redist.exe 2005-12-11 15:36 13,306 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat 2004-07-30 12:16 2,805 ----a-w C:\Program Files\history.txt 2004-07-29 18:03 173,056 ----a-w C:\Program Files\chaoscope.EN 2004-07-29 17:57 1,377,280 ----a-w C:\Program Files\chaoscope.exe 2004-04-08 01:43 592,896 ----a-w C:\Program Files\converter.exe 2007-06-24 13:16 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007062420070625\index.dat . ((((((((((((((((((((((((((((( snapshot@2007-12-26_21.50.45.64 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 11:02:28 163,328 ----a-w C:\WINDOWS\erdnt\26-12-2007\ERDNT.EXE + 2007-12-26 21:39:25 23,785,472 ----a-w C:\WINDOWS\erdnt\26-12-2007\Users\[u]0[/u]0000001\NTUSER.DAT + 2007-12-26 21:39:25 28,672 ----a-w C:\WINDOWS\erdnt\26-12-2007\Users\[u]0[/u]0000002\UsrClass.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 23:15] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:43] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 13:03] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43] "SiSPower"="Rundll32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2005-01-01 10:09] "NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe] "ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" [2006-11-23 02:45] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00] C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08] IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe [2007-12-20 03:00:16] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk] path=C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\TribalWeb.lnk backup=C:\WINDOWS\pss\TribalWeb.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor] ALCXMNTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] C:\Program Files\BearShare\BearShare.exe /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bibshim] C:\DOCUME~1\HP_PRO~1\APPLIC~1\README~1\boobwait.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process] C:\WINDOWS\Fonts\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06] 2004-06-07 18:53 49152 --a------ c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2004-06-08 20:31 286720 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] 2003-02-11 12:02 61440 --a------ C:\HP\KBD\KBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe /WinStart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2001-07-09 11:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza] C:\Program Files\Shareaza\Shareaza.exe -tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySpotter] C:\Program Files\SpySpotter3\SpySpotter.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /startintray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\steam\Steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files\TomTom HOME\TomTomHOME.exe -s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector] 2003-11-19 12:03 45056 --------- C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2007-05-14 23:22 35328 --a------ C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SPBBCSvc"=2 (0x2) "SAVScan"=3 (0x3) R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 22:41] R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 22:41] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10:08] R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 10:08] S3 lredbooo;lredbooo;C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\lredbooo.sys [] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 10:08] S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 10:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94cd7612-645e-11dc-aa07-0011d873ea37}] \Shell\AutoRun\command - K:\InstallTomTomHOME.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-12-26 22:00:00 C:\WINDOWS\Tasks\AD0D03E1918AB325.job" - c:\docume~1\hp_pro~1\applic~1\readme~1\CAST OWNS ISO.exe "2007-12-21 19:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-24 14:12:26 C:\WINDOWS\Tasks\SesamTVMC.job" . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-26 23:33:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-26 23:34:16 C:\ComboFix2.txt ... 2007-12-26 22:53 C:\ComboFix3.txt ... 2007-12-26 21:51 . 2007-12-13 01:12:37 --- E O F ---

philae83 · Answer

je t'ai aussi demandé SRENG et un nouveau rapport hijackthis stp
si tu pouvais me les poster

AlexR31 · Answer

voici le rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:41:14, on 26/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32undll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sapo.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - https://www.f-secure.com/en/home/support
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

philae83 · Answer

ok pour ce rapport,

j'en profite car j'ai oublié tout à l'heure il faut supprimer SPYSPOTTER qui est un ROGUE

AlexR31 · Answer

tu me demende de supprimerSPYSPOTTER qui est un ROGUE? voici le rapport SRENG: en te remerciant encore une fois. [CODE] 2007-12-26,23:48:22 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Google Inc] [(Verified)Microsoft Windows Publisher] <"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [Hewlett-Packard Company] [Hewlett-Packard] [InstallShield Software Corporation] [] [Silicon Integrated Systems Corporation] [Hewlett-Packard Company] [] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [www.ppmate.com] [(Verified)ALWIL Software] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; AGRSMMSG.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <; ALCXMNTR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <; "C:\Program Files\BearShare\BearShare.exe" /pause> [N/A] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\DOCUME~1\HP_PRO~1\APPLIC~1\README~1\boobwait.exe> [N/A] <; "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized> [N/A] <; "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DAEMON Tools Code Signing Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\D-Tools\daemon.exe" -lang 1033> [N/A] <; C:\WINDOWS\Fonts\svchost.exe> [N/A] <; c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe> [Hewlett-Packard] <; "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation] <; C:\Program Files\iTunes\iTunesHelper.exe> [Apple Computer, Inc.] <; C:\HP\KBD\KBD.EXE> [Hewlett-Packard Company] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart> [(Verified)Patchou] <; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher] <; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh] <; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\Shareaza\Shareaza.exe" -tray> [Shareaza Development Team] <; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [(Verified)Skype Technologies SA] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\Program Files\SpySpotter3\SpySpotter.exe -startup> [N/A] <; C:\Program Files\SpySpotter3\Defender.exe -startup> [N/A] <; "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray> [N/A] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\steam\Steam.exe" -silent> [(Verified)Valve] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot> [RealNetworks, Inc.] <; "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s> [(Verified)TomTom International BV] <; C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe> [Ulead Systems, Inc.] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; VTTimer.exe> [N/A] <; C:\Program Files\Winamp\winampa.exe> [] ================================== Startup Folders [ERUNT AutoBackup] C:\PROGRA~1\ERUNT\AUTOBACK.EXE [N/A]> [IMVU] C:\PROGRA~1\IMVU\IMVUCL~1.EXE []> ================================== Services [a-squared Free Service / a2free][Running/Auto Start] <"C:\Program Files\a-squared Free\a2service.exe"> [Gestion d'applications / AppMgmt][Stopped/Manual Start] %SystemRoot%\System32\appmgmts.dll> [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"> [avast! Antivirus / avast! Antivirus][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"> [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service> [avast! Web Scanner / avast! Web Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service> [Google Updater Service / gusvc][Stopped/Manual Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [iPod Service / iPodService][Stopped/Manual Start] <"C:\Program Files\iPod\bin\iPodService.exe"> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] [Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start] [SymWMI Service / SymWSC][Running/Auto Start] <"c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe"> ================================== Drivers [a347bus / a347bus][Running/Boot Start] <\SystemRoot\system32\DRIVERS\a347bus.sys><> [a347scsi / a347scsi][Running/Boot Start] <\SystemRoot\System32\Drivers\a347scsi.sys><> [Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start] [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] [Contrôleur de disque dur IDE/ESDI standard / atapi][Running/Boot Start] <\SystemRoot\system32\DRIVERS\atapi.sys> [catchme / catchme][Stopped/Manual Start] <\??\C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\catchme.sys> [d346bus / d346bus][Running/Boot Start] <\SystemRoot\system32\DRIVERS\d346bus.sys><> [d346prt / d346prt][Running/Boot Start] <\SystemRoot\System32\Drivers\d346prt.sys><> [GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start] [IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start] [Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start] [USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start] [ialm / ialm][Stopped/Manual Start] [IVI ASPI Shell / Iviaspi][Running/Manual Start] [lredbooo / lredbooo][Stopped/Manual Start] <\??\C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\lredbooo.sys> [nv / nv][Running/Manual Start] [VGA USB Camera / ovt519][Stopped/Manual Start] [Padus ASPI Shell / Pfc][Running/Manual Start] [StarForce Protection Environment Driver v6 / prodrv06][Running/System Start] <\SystemRoot\System32\drivers\prodrv06.sys> [StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start] <\SystemRoot\System32\drivers\prohlp02.sys> [StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start] <\SystemRoot\System32\drivers\prosync1.sys> [Ps2 / Ps2][Running/Manual Start] [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139][Stopped/Manual Start] [Secdrv / Secdrv][Running/Auto Start] [StarForce Protection Helper Driver / sfhlp01][Running/Boot Start] <\SystemRoot\System32\drivers\sfhlp01.sys> [SiS315 / SiS315][Stopped/Manual Start] [SiSkp / SiSkp][Running/System Start] [SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start] [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys> [DualCamera / SQTECH905C][Stopped/Manual Start] [SAMSUNG Mobile USB Device II 1.0 driver (WDM) / ssm_bus][Stopped/Manual Start] [SAMSUNG Mobile USB Modem II 1.0 Filter / ssm_mdfl][Stopped/Manual Start] [SAMSUNG Mobile USB Modem II 1.0 Drivers / ssm_mdm][Stopped/Manual Start] [viagfx / viagfx][Stopped/Manual Start] [ViaIde / ViaIde][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\viaide.sys> [Logitech Virtual Bus Enumerator Driver / WmBEnum][Running/Manual Start] [Logitech WingMan HID Filter Driver / WmFilter][Stopped/Manual Start] [Logitech Virtual Hid Device Driver / WmVirHid][Stopped/Manual Start] [Logitech WingMan Translation Layer Driver / WmXlCore][Running/Manual Start] [Codec Teletext standard / WSTCODEC][Stopped/Manual Start] ================================== Browser Add-ons [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [ST] {9394EDE7-C8B5-483E-8773-474BF36AF6E4} [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [MSNToolBandBHO] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Barre de recherche Encarta] {B205A35E-1FC4-4CE3-818B-899DBBB3388C} [Run IMVU] {d9288080-1baa-4bc4-9cf8-a92d743db949} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [Vue HP] {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [CKAVWebScan Object] {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [Shockwave ActiveX Control] {233C1507-6A77-46A4-9443-F871F945D258} [Office Update Installation Engine] {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [BDSCANONLINE Control] {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [Java Plug-in 1.4.2_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [F-Secure Online Scanner 3.2] {A4069847-C342-48E2-9257-01A24E5C78EA} [Java Plug-in 1.4.2_03] {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [Google Script Object] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [CKAVWebScan Object] {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} [PeerDraw Class] {10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, N/A> [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [InformationCardSigninHelper Class] {19916E01-B44E-4E31-94A4-4696DF46157B} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} [Shockwave ActiveX Control] {233C1507-6A77-46A4-9443-F871F945D258} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} [Microsoft HTML Document 6.0] {25336921-03F9-11CF-8FD0-00AA00686F13} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} [Tabular Data Control] {333C7BC4-460F-11D0-BC04-0080C7055A83} [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} [QuickTime Object] {4063BE15-3B08-470D-A0D5-B37161CFFD69} [Redirect Control] {47F66446-563D-11D3-9733-906958C17458} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} [] {4F07F79F-087F-42CF-8B36-7A88D06088E9} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} [BDSCANONLINE Control] {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [CKAVReportCtrl Object] {6117669B-8C2D-41FA-A6D9-9E484B999CF0} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [DivXBrowserPlugin Object] {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> [Windows Media Services DRM Storage object] {760C4B83-E211-11D2-BF3E-00805FBE84A6} [client Object] {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [XML HTTP 4.0] {88D969C5-F192-11D4-A65F-0040963251E5} [XML DOM Document 5.0] {88D969E5-F192-11D4-A65F-0040963251E5} [Java Plug-in 1.4.2_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [SopCore Control] {8FEFF364-6A5F-4966-A917-A3AC28411659} [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} [ST] {9394EDE7-C8B5-483E-8773-474BF36AF6E4} [Keyroute Control] {9D450881-607A-11D3-9733-208858C10000} [Skype Detection Object] {9E385F0A-0BA2-430C-96AA-4399C5E40F6C} <, N/A> [F-Secure Online Scanner 3.2] {A4069847-C342-48E2-9257-01A24E5C78EA} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [Vue HP] {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [MSN] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [MSNToolBandBHO] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [Zylom Games Player] {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} [AUDIO__MID Moniker Class] {CD3AFA74-B84F-48F0-9393-7EDC34128127} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WVX Moniker Class] {CD3AFA95-B84F-48F0-9393-7EDC34128127} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Windows Live Sign-in Control] {D2517915-48CE-4286-970F-921E881B8C5C} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Microsoft Agent Control 2.0] {D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} [QuickTimeCheck Class] {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [] {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [VideoLAN VLC ActiveX Plugin v1] {E23FE9C6-778E-49D4-B537-38FCDE4887D8} [WebViewFolderIcon Class] {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [] {F06608C7-1874-4EEA-B3B2-DF99EBB144B8} [XML DOM Document 3.0] {F5078F32-C551-11D3-89B9-0000F81FE221} [XML HTTP 3.0] {F5078F35-C551-11D3-89B9-0000F81FE221} [XML DOM Document] {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} ================================== Running Processes [PID: 556 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 612 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 636 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 680 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [PID: 692 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 840 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 948 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1012 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 1100 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1144 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [PID: 1260 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1308 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ] [C:\Program Files\Alwil Software\Avast4\AhResJs.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1532 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\hpzsnt10.dll] [HP, 2.323.0.0] [PID: 1636 / SYSTEM][C:\Program Files\a-squared Free\a2service.exe] [Emsi Software GmbH, 3.0.0.384] [PID: 1740 / SYSTEM][C:\WINDOWS\system32 vsvc32.exe] [NVIDIA Corporation, 6.14.10.9371] [C:\WINDOWS\system32 vapi.dll] [N/A, ] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1800 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1900 / SYSTEM][c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe] [Symantec Corporation, 2005.1.2.20] [C:\Program Files\Fichiers communs\Symantec Shared\Security Center\WSCHlpr.dll] [Symantec Corporation, 2005.1.2.20] [c:\Program Files\Fichiers communs\Symantec Shared\Security Center\Plug-in\sscwmiAV.dll] [Symantec Corporation, 2005.1.00.111] [c:\Program Files\Fichiers communs\Symantec Shared\Security Center\Plug-in\zone-fw.dll] [Symantec Corporation, 2005.1.00.111] [c:\Program Files\Fichiers communs\Symantec Shared\Security Center\Plug-in\pccln-fw.dll] [Symantec Corporation, 2005.1.00.111] [c:\Program Files\Fichiers communs\Symantec Shared\Security Center\Plug-in\pccln-av.dll] [Symantec Corporation, 2005.1.00.111] [c:\Program Files\Fichiers communs\Symantec Shared\Security Center\Plug-in\etrst-fw.dll] [Symantec Corporation, 2005.1.00.111] [c:\Program Files\Fichiers communs\Symantec Shared\Security Center\Plug-in\etrst-av.dll] [Symantec Corporation, 2005.1.00.111] [c:\Program Files\Fichiers communs\Symantec Shared\Security Center\Plug-in\McAfeeFW.dll] [Symantec Corporation, 2005.1.00.111] [c:\Program Files\Fichiers communs\Symantec Shared\Security Center\Plug-in\McAfeeAV.dll] [Symantec Corporation, 2005.1.00.111] [c:\Program Files\Fichiers communs\Symantec Shared\Security Center\Plug-in\sscwmiFW.dll] [Symantec Corporation, 2005.1.00.111] [c:\Program Files\Fichiers communs\Symantec Shared\Security Center\Plug-in\ssc-wu.dll] [Symantec Corporation, 2005.1.00.111] [c:\Program Files\Fichiers communs\Symantec Shared\Security Center\Plug-in\ssciwp.dll] [Symantec Corporation, 2005.1.00.111] [c:\Program Files\Fichiers communs\Symantec Shared\Security Center\sscnis56.dll] [Symantec Corporation, 2005.1.2.20] [c:\Program Files\Fichiers communs\Symantec Shared\Security Center\sscnis7.dll] [Symantec Corporation, 2005.1.2.20] [c:\Program Files\Fichiers communs\Symantec Shared\Security Center\sscnav.dll] [Symantec Corporation, 2005.1.2.20] [c:\Program Files\Fichiers communs\Symantec Shared\Security Center\Plug-in\ssc-icf.dll] [Symantec Corporation, 2005.1.00.111] [PID: 536 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 200 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 916 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1924 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2384 / HP_Propriétaire][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\WINDOW~2\wmpband.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [PID: 2688 / HP_Propriétaire][C:\windows\system\hpsysdrv.exe] [Hewlett-Packard Company, 1, 7, 0, 0] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 2696 / HP_Propriétaire][C:\WINDOWS\system32\hphmon06.exe] [Hewlett-Packard, 6,0,72] [C:\WINDOWS\system32\hpzjrd01.dll] [Hewlett Packard, 1, 0, 0, 5] [C:\WINDOWS\system32\hpzjfw01.dll] [Hewlett-Packard, 4.02.009.0] [C:\WINDOWS\system32\HPZJSN01.dll] [Hewlett Packard Company, 1, 0, 0, 3] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 2736 / HP_Propriétaire][C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 2764 / HP_Propriétaire][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\NvMcTray.dll] [NVIDIA Corporation, 6.14.10.9371] [C:\WINDOWS\system32 vapi.dll] [N/A, ] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\NVRSFR.DLL] [NVIDIA Corporation, 6.14.10.9371] [PID: 2860 / HP_Propriétaire][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruijs.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 3200 / HP_Propriétaire][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654] [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164 es_fr.dll] [Google Inc., 2, 0, 301, 7164] [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164] [PID: 3220 / HP_Propriétaire][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 3272 / HP_Propriétaire][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\MSIMG32.dll] [Patchou, 4, 20, 0, 262] [C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1] [C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll] [Patchou, 4, 20, 0, 262] [C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, ] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll] [Patchou, 4, 20, 0, 262] [C:\Program Files\MSN Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files\MSN Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)] [C:\Program Files\MSN Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00] [C:\Program Files\Messenger Plus! Live\MPScripts.dll] [N/A, ] [C:\Program Files\Alwil Software\Avast4\AhAScr.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1820 / HP_Propriétaire][C:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 2272 / HP_Propriétaire][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)] [C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0] [C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609] [C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [c:\program files\google\googletoolbar6.dll] [Google Inc., 4, 0, 1601, 4978] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.5.2005092300] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll] [Microsoft Corporation, 4.000.249.1] [C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.000.249.1] [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164] [C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461] [C:\Program Files\Alwil Software\Avast4\AhAScr.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 3880 / HP_Propriétaire][C:\Documents and Settings\HP_Propriétaire\Bureau\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Documents and Settings\HP_Propriétaire\Bureau\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider N/A ================================== Autorun.Inf N/A ================================== HOSTS File 127.0.0.1 localhost ================================== Process Privileges Scan Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2688, C:\WINDOWS\SYSTEM\HPSYSDRV.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2696, C:\WINDOWS\SYSTEM32\HPHMON06.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2736, C:\PROGRAM FILES\JAVA\J2RE1.4.2_03\BIN\JUSCHED.EXE] Special Privilege Enabled: SeDebugPrivilege [PID = 3880, C:\DOCUMENTS AND SETTINGS\HP_PROPRIÉTAIRE\BUREAU\SRENGPS.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3880, C:\DOCUMENTS AND SETTINGS\HP_PROPRIÉTAIRE\BUREAU\SRENGPS.EXE] ================================== API HOOK N/A ================================== Hidden Process N/A ================================== [/CODE]

philae83 · Answer

tu me demende de supprimerSPYSPOTTER qui est un ROGUE? 

oui c'est cela, tu le supprimes c'est un ROGUE = faux utilitaire 

je regarde ton rapport ainsi que les autres, je reviens ensuite

philae83 · Answer

re

# Télécharge KillAFile (par Marckie) sur ton Bureau,
http://users.telenet.be/marcvn/tools/KillAFile.exe
# Double clique sur KillAFile.exe afin de le lancer. Une fenêtre DOS au fond rouge apparaîtra.
# Tape le chiffre 2 puis valide avec la touche Entrée pour choisir "Replace a file by a dummy on reboot".
# Tu verras maintenant une nouvelle invite : "Insert full path and filename to delete. and then press enter:"
# Tu dois taper ceci, au complet et très exactement :

 C:\WINDOWS\Fonts\svchost.exe

    *  Appuie sur la touche Entrée.
    * À l'invite qui suit, appuie sur n'importe quelle touche pour valider (Entrée par exemple).
    * Ton PC va maintenant redémarrer.
    * Edite le rapport généré par killafile. Il se trouve aussi ici : C:\kaflog.txt

AlexR31 · Answer

je met ceci: C:\WINDOWS\Fonts\svchost.exe ensuite je tape entrée et il y a ensuite marquer C:\WINDOWS\Fonts\svchost.exe 
does not exist try again.

philae83 · Answer

il n'existe pas.

alors.....

* Télécharge OAD
http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau

Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de : 

svchost.exe 



- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

AlexR31 · Answer

voila le resultat de la recherche avec AOD:

 27/12/2007 ----  0:32:48,40  

----------------------------------
§§§§§§ [svchost.exe ] §§§§§§
----------------------------------
[X] Registre
 
-------------- [  ] rapide
-- Fichier --- [  ] disque systeme
 ------------- [X] complete


********************
     [Registre] 
********************

Aucune entrée détectée

*******************
     [Fichier] 
*******************



*********************
     [Même date] 
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§ 
----------------------------------

philae83 · Answer

re

ok, dernière chose va voir manuellement si tu le trouves

* Assure toi d'avoir accès à tous les fichiers

-démarrer

-poste de travail ou autre dossier

-menu outils

-options de dossier

-onglet affichage

puis

- activer la case : Afficher les fichiers et dossiers cachés

- désactiver la case : Masquer les extensions des fichiers dont le type est connu

- désactiver  la case : Masquer les fichier protégés du système d'exploitation

Puis  - Appliquer

C:\WINDOWS\Fonts\svchost.exe

as tu encore des problèmes ?

je vais aller me coucher, la suite demain
bonne nuit

AlexR31 · Answer

j'ai effectuer une recherche et j'ai effectivement trouver des fichier portant le nom de: svchost.exe. mais il ne ce trouve pas dans  C:\WINDOWS\Fonts\svchost.exe. est que je doit quand meme les supprimer manuellemen???

cgui33 · Answer

NON !!!!!!!!!!!
Le fichier svchost.exe légitime se trouve dans C:\windows\system32
Si tu trouves celui-ci ... NE LE SUPPRIME PAS !!!
Les autres OUI ... mais peux tu nous envoyer les chemins complets de ces fichiers
Merci
A+

philae83 · Answer

bonsoir

désolée pour ce retard. Effectivement je t'ai bien dit de le rechercher dans
C:\WINDOWS\Fonts\svchost.exe

ailleurs tu ne touches à rien, mais tu donnes le chemin 
le légitime de toutes façons est dans le system32

@ te lire

AlexR31 · Answer

bonsoir a vous, en faissan la recherche de svchost.exe je trouve 4 fichier portant ce nom.
SVCHOST.EXE-2D5FBD18.pf qui se trouve dans C:\WINDOWS\Prefetch
svchost.exe qui se trouve dans C:\WINDOWS\System32
svchost.exe.vir qui se trouve dans C:\QookBox\Quarantine\C   
svchost.exe qui se trouve dans: C:\WINDOWS\ServicePackFiles\i386

merci a toi cgui33 pour ton intervention.

philae83 · Answer

bonsoir,

C:\WINDOWS\Prefetch-----------------tu peux supprimer sans risque le contenu de prefetch, d'ailleurs ca fait le ménage aussi.
svchost.exe qui se trouve dans C:\WINDOWS\System32--------------LEGITIME
svchost.exe.vir qui se trouve dans C:\QookBox\Quarantine\C  bah celui là il est HS puisque dans la quarantaine de combo parfait donc
svchost.exe qui se trouve dans: C:\WINDOWS\ServicePackFiles\i386 -----------laisse le.

donc tout va bien de ce côté là.
en résumé -(je n'ai pas relu tout le topic je ne me souviens plus de tout) où en es tu de tes problèmes ?

AlexR31 · Answer

re,
 bin pour l'instant les fenettres intenpestive qui s'afficher lorsque j'etai sur Internet Explorer n'apparaissent plus du tou et G fait plusieurs annalyses anti virus et je trouve plus rien... ENFIN!!! voila je te colle un dernier Log HijackThis pour voir si tout est bien OK.
je te remercie.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:53:01, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\eMule\emule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sapo.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGRSMMSG] ; AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ; ALCXMNTR.EXE
O4 - HKLM\..\Run: [Host Process] ; C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [HPHUPD06] ; c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [ISUSScheduler] ; "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KBD] ; C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Ulead AutoDetector] ; C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [VTTimer] ; VTTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Bibshim] ; C:\DOCUME~1\HP_PRO~1\APPLIC~1\README~1\boobwait.exe
O4 - HKCU\..\Run: [updateMgr] ; C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - https://www.f-secure.com/en/home/support
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

philae83 · Answer

re

non tout n'est pas ok, justement, mais il y a des fois où je me mettrais des baffes

 Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

* Redémarre ton ordinateur en mode sans échec

* Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd  pour lancer le script.

* Appuie sur Y pour commencer le processus de nettoyage.

Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis  te demandera d'appuyer sur une touche pour redémarrer.

* Appuie sur une touche pour redémarrer le PC.

Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter  et supprimer des fichiers.

Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,

avec un nouveau log Hijackthis 

il y aura encore autre chose à voir après

AlexR31 · Answer

voici le rapport SDFix:

SDFix: Version 1.119

Run by HP_Propriétaire on 28/12/2007 at 01:36

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\HP_PRO~1\Bureau\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\Documents and Settings\HP_Propriétaire\x.dat - Deleted
C:\Documents and Settings\HP_Propriétaire\z.dat - Deleted
C:
.bat  - Deleted

x.dat and z.dat data copied to \SDFix\Data.txt



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 01:45:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:931dca08
"s2"=dword:7db863bb
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:7c,4d,05,b8,9e,20,df,0d,25,05,92,12,a4,02,c0,6b,25,10,50,de,c6,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:24,67,ed,d5,48,61,8d,57,92,a2,d0,91,3c,e5,5c,02,dc,ea,64,b5,7b,..
"a0"=hex:20,01,00,00,80,fc,6a,e0,d1,10,6b,74,b8,cb,5d,ba,14,b6,e0,9d,d6,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a7,04,64,38,d9,db,67,37,a7,23,e6,a0,32,13,ba,69,bd,33,54,1f,3e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:7c,4d,05,b8,9e,20,df,0d,25,05,92,12,a4,02,c0,6b,25,10,50,de,c6,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:24,67,ed,d5,48,61,8d,57,92,a2,d0,91,3c,e5,5c,02,dc,ea,64,b5,7b,..
"a0"=hex:20,01,00,00,80,fc,6a,e0,d1,10,6b,74,b8,cb,5d,ba,14,b6,e0,9d,d6,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a7,04,64,38,d9,db,67,37,a7,23,e6,a0,32,13,ba,69,bd,33,54,1f,3e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:7c,4d,05,b8,9e,20,df,0d,25,05,92,12,a4,02,c0,6b,25,10,50,de,c6,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:24,67,ed,d5,48,61,8d,57,92,a2,d0,91,3c,e5,5c,02,dc,ea,64,b5,7b,..
"a0"=hex:20,01,00,00,80,fc,6a,e0,d1,10,6b,74,b8,cb,5d,ba,14,b6,e0,9d,d6,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:0a,46,81,f5,2e,c8,bf,15,c5,e1,0d,0d,0f,d1,5e,0c,5f,4c,f7,15,2a,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 21


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\PPMate\PPMate\ppmate.exe"="C:\Program Files\PPMate\PPMate\ppmate.exe:*:Enabled:PPMate"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\HP_PRO~1\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 23 Feb 2005           218 A.SHR --- "C:\BOOT.BAK"
Wed 31 Aug 2005             8 ...H. --- "C:\WINDOWS\map.sys"
Sat 22 Oct 2005         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat  4 Nov 2006           305 A..H. --- "C:\Program Files\InterActual\InterActual Player\itiEC.tmp"
Fri 13 Aug 2004     1,953,792 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe"
Fri 13 Aug 2004        53,760 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll"
Fri 13 Aug 2004        94,208 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe"
Mon 16 Aug 2004        35,328 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll"
Fri 13 Aug 2004        20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe"
Mon 10 Dec 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu  3 May 2007     1,424,896 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documentsaport de mon 1er stage\~WRL2049.tmp"
Thu 29 Dec 2005           444 ...HR --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

AlexR31 · Answer

voici le Log HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:59:04, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sapo.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGRSMMSG] ; AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ; ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD06] ; c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [ISUSScheduler] ; "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KBD] ; C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Ulead AutoDetector] ; C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [VTTimer] ; VTTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Bibshim] ; C:\DOCUME~1\HP_PRO~1\APPLIC~1\README~1\boobwait.exe
O4 - HKCU\..\Run: [updateMgr] ; C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - https://www.f-secure.com/en/home/support
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

philae83 · Answer

bonjour,

peux tu faire analyser ce fichier stp 
C:\DOCUMENTS & SETTINGS \HP_PRO~1\APPLICATION DATA\README~1\boobwait.exe 
sur VIRUS TOTAL
http://www.virustotal.com/en/indexf.html

Tuto : http://pageperso.aol.fr/loraline60/virus_total.htm

tu feras ceci avant
-démarrer

-poste de travail ou autre dossier

-menu outils

-options de dossier

-onglet affichage

puis

- activer la case : Afficher les fichiers et dossiers cachés

- désactiver la case : Masquer les extensions des fichiers dont le type est connu

- désactiver  la case : Masquer les fichier protégés du système d'exploitation

Puis  - Appliquer

poste le rapport généré ici

AlexR31 · Answer

bonjour Philae,
dans le dossier ReadmeLessDeaf je ne trouve pas de fichier portant le nom de boobwait.exe. Il n'y a que un seul fichier portant le nom de 1A94B75.

philae83 · Answer

tu as afficher les fichiers et dossiers cachés ? et les extensions ?

c'est quoi ce dossier, tu sais ?

AlexR31 · Answer

a non pas du tou komen fai ton pour les differencié ???

philae83 · Answer

re

pour différencier quoi ? je t'ai mis la manip pour les afficher. l'as tu fait ?

AlexR31 · Answer

re
bin oui je les faites la manip

philae83 · Answer

étonnant que tu ne le trouves pas, pourtant il devrait y être.

sais tu ce qu'est ce dossier ?

Win32.Agent.ctz

49 réponses

Discussions similaires