Analyse scan HJT
Résolu
polothentik
Messages postés
32
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Salut,
J'ai comme la nette impression que mon ordinateur est virusé (le contraire m'étonnerait vraiment). J'ai fait un scan HJT et j'aurais souhaité savoir si quelqu'un pouvait me l'analyser. Merci d'avance. Pour info, je viens d'installer le Service Pack 2 de Windows XP (necessaire pour etablir une connexion entre mon iPod et iTunes), il me semble que ça n'a pas fait que du bien !!!
Logfile of HijackThis v1.99.1
Scan saved at 19:20:53, on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\JupitCo.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\ardCo01\ardCo011065.exe
C:\WINDOWS\system32\ardCo01\ardCo011065.exe
C:\WINDOWS\system32\ardCo01\ardCo011065.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ardCo01\ardCo011065.exe
C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\winvsnet.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\NI.UGA6P_0001_N122M2210\setup.exe
C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\~uavsetup.exe
C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\is-IMJSM.tmp\is-JMBE3.tmp
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Fichiers communs\SpyGuardPro\ugac.exe
C:\Program Files\Fichiers communs\SpyGuardPro\bm.exe
C:\Program Files\SpyGuardPro\pgs.exe
C:\Documents and Settings\hamelin garrec paul\Bureau\polo\Multimédia\Curededesintox\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [USB SECURITY DEVICE CoInstaller] JupitCo.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\winvsnet.exe"
O4 - HKLM\..\Run: [SpyGuardPro] C:\Program Files\SpyGuardPro\pgs.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\FICHIE~1\SPYGUA~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\SpyGuardPro\bm.exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\SpyGuardPro\pgs.exe" /empty
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polothentik.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/24b07dfe403816aa7706/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC1F99E4-448C-4306-8982-F65178003363}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Merci
J'ai comme la nette impression que mon ordinateur est virusé (le contraire m'étonnerait vraiment). J'ai fait un scan HJT et j'aurais souhaité savoir si quelqu'un pouvait me l'analyser. Merci d'avance. Pour info, je viens d'installer le Service Pack 2 de Windows XP (necessaire pour etablir une connexion entre mon iPod et iTunes), il me semble que ça n'a pas fait que du bien !!!
Logfile of HijackThis v1.99.1
Scan saved at 19:20:53, on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\JupitCo.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\ardCo01\ardCo011065.exe
C:\WINDOWS\system32\ardCo01\ardCo011065.exe
C:\WINDOWS\system32\ardCo01\ardCo011065.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ardCo01\ardCo011065.exe
C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\winvsnet.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\NI.UGA6P_0001_N122M2210\setup.exe
C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\~uavsetup.exe
C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\is-IMJSM.tmp\is-JMBE3.tmp
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Fichiers communs\SpyGuardPro\ugac.exe
C:\Program Files\Fichiers communs\SpyGuardPro\bm.exe
C:\Program Files\SpyGuardPro\pgs.exe
C:\Documents and Settings\hamelin garrec paul\Bureau\polo\Multimédia\Curededesintox\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [USB SECURITY DEVICE CoInstaller] JupitCo.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\winvsnet.exe"
O4 - HKLM\..\Run: [SpyGuardPro] C:\Program Files\SpyGuardPro\pgs.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\FICHIE~1\SPYGUA~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\SpyGuardPro\bm.exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\SpyGuardPro\pgs.exe" /empty
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polothentik.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/24b07dfe403816aa7706/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC1F99E4-448C-4306-8982-F65178003363}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Merci
A voir également:
- Analyse scan HJT
- Scan qr code pc - Guide
- Sfc scan - Guide
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Echec de l'analyse antivirus - Astuces et Solutions
5 réponses
slt,
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\winvsnet.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O20 - AppInit_DLLs:
___________________
lance cwshredder (faire fix)
https://www.trendmicro.com/en_us/forHome.html
https://www.01net.com/actualites/
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/27497.html
_____________________
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\winvsnet.ex
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
___________________
Ouvrez le poste de travail puis ouvrez le disque C et le dossier Program Files, supprimez les dossiers suivants : si presents
FunWebProducts
MyWebSearch
___________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
__________________
analyse sur virus total ces deux fichiers et colle moi le rapport: https://www.virustotal.com/gui/
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\SpyGuardPro\pgs.exe
___________________
recolle hijackhtis et dis tes soucis
_________________________
on verra apres: je me les mets de coté! la suite
O4 - HKLM\..\Run: [SpyGuardPro] C:\Program Files\SpyGuardPro\pgs.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\FICHIE~1\SPYGUA~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\SpyGuardPro\bm.exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\SpyGuardPro\pgs.exe" /empty
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\winvsnet.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O20 - AppInit_DLLs:
___________________
lance cwshredder (faire fix)
https://www.trendmicro.com/en_us/forHome.html
https://www.01net.com/actualites/
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/27497.html
_____________________
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\winvsnet.ex
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
___________________
Ouvrez le poste de travail puis ouvrez le disque C et le dossier Program Files, supprimez les dossiers suivants : si presents
FunWebProducts
MyWebSearch
___________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
__________________
analyse sur virus total ces deux fichiers et colle moi le rapport: https://www.virustotal.com/gui/
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\SpyGuardPro\pgs.exe
___________________
recolle hijackhtis et dis tes soucis
_________________________
on verra apres: je me les mets de coté! la suite
O4 - HKLM\..\Run: [SpyGuardPro] C:\Program Files\SpyGuardPro\pgs.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\FICHIE~1\SPYGUA~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\SpyGuardPro\bm.exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\SpyGuardPro\pgs.exe" /empty
Salut,
Tout d'abord je tiens à te remercier pour l'aide précieuse que tu m'apportes... J'ai réaliser toutes les étapes indiquées ci avant.
Voici le rapport Combofix :
ComboFix 07-12-31.4 - hamelin garrec paul 2007-12-31 15:26:33.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.93 [GMT 1:00]
Running from: C:\Documents and Settings\hamelin garrec paul\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\hamelin garrec paul\Application Data\SpyGuardPro
C:\Documents and Settings\hamelin garrec paul\Application Data\SpyGuardPro\Logs\threats.log
C:\Documents and Settings\hamelin garrec paul\Application Data\SpyGuardPro\Logs\update.log
C:\Documents and Settings\hamelin garrec paul\Application Data\YSTEM~1
C:\Documents and Settings\hamelin garrec paul\Mes documents\CROSOF~1
C:\Documents and Settings\hamelin garrec paul\Mes documents\CROSOF~1.NET
C:\Documents and Settings\hamelin garrec paul\Mes documents\DOBE~1
C:\Documents and Settings\hamelin garrec paul\Mes documents\MCROSO~1.NET
C:\Documents and Settings\hamelin garrec paul\Mes documents\RACLE~1
C:\Documents and Settings\hamelin garrec paul\Mes documents\SEMBLY~1
C:\Documents and Settings\hamelin garrec paul\Mes documents\WNSXS~1
C:\Documents and Settings\hamelin garrec paul\ravmonlog
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Fichiers communs\Yazzle1281OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1281OinUninstaller.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\icroso~1.net
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\mwsoemon .exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]06BFD91.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]06C1928.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]06C2184.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DA8F5A
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DA974A
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DA999B.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DAA767.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DAA880.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DAAA55.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DAACA6.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DAAE6C
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DF43D2.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DF4597.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DF47E9.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DF4B83.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DF5845.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\SpyGuardPro
C:\Program Files\SpyGuardPro\history.db
C:\Program Files\SpyGuardPro\main.log
C:\Program Files\SpyGuardPro\ResErrors.log
C:\Program Files\sstem3~1
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\SpyGuardPro
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\dobe~1
C:\WINDOWS\stem~1
C:\WINDOWS\system32\cbxyyxw.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\dllvirtual.exe
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\f1
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\jkkjife.dll
C:\WINDOWS\SYSTEM32\kjllm.ini
C:\WINDOWS\SYSTEM32\kjllm.ini2
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\mlljk.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qscmccln.exe
C:\WINDOWS\system32\r3
C:\WINDOWS\system32\rqrqoml.dll
C:\WINDOWS\system32\security.exe
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\urlmsnlink.dat
C:\WINDOWS\system32\wnsapisv.exe
C:\WINDOWS\system32\wvuuuvs.dll
C:\WINDOWS\system32\y2
C:\WINDOWS\system32\y2\gyreo83122.exe
C:\WINDOWS\system32\yayvwvs.dll
C:\WINDOWS\system32\yvgughvx.dll
C:\WINDOWS\ymante~1
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
-------\nm
-------\SECURITY
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))))))))
.
2007-12-31 15:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 14:31 . 2007-12-31 14:31 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon .exe
2007-12-31 14:24 . 2007-12-31 14:30 155,648 --a------ C:\WINDOWS\SYSTEM32\NeroCheck .exe
2007-12-31 14:24 . 2007-12-31 14:30 28,672 --a------ C:\WINDOWS\SYSTEM32\DSentry .exe
2007-12-31 02:24 . 2007-12-31 02:24 <REP> d-------- C:\Program Files\Red Kawa
2007-12-31 02:24 . 2007-12-31 02:24 <REP> d-------- C:\Program Files\AviSynth 2.5
2007-12-30 19:18 . 2007-12-30 19:18 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2007-12-30 19:10 . 2007-12-30 19:10 <REP> d-------- C:\Program Files\Free iPod Video Converter
2007-12-30 19:10 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\SYSTEM32\ac3filter.ax
2007-12-30 19:10 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\SYSTEM32\GplMpgDec.ax
2007-12-30 18:55 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-12-30 18:52 . 2007-12-30 18:50 365,056 --a------ C:\WINDOWS\SYSTEM32\OLD77.tmp
2007-12-30 18:45 . 2007-12-30 18:45 <REP> d-------- C:\WINDOWS\SYSTEM32\ardCo01
2007-12-30 18:45 . 2007-12-30 18:45 <REP> d-------- C:\Temp\cEeer12
2007-12-30 18:45 . 2007-12-31 15:39 <REP> d-------- C:\Temp
2007-12-30 18:45 . 2007-12-30 18:45 224,816 --a------ C:\Temp\iniag2101.exe
2007-12-30 01:44 . 2007-12-30 01:44 <REP> d-------- C:\Program Files\iPod
2007-12-30 01:43 . 2007-12-31 15:38 <REP> d-------- C:\Program Files\iTunes
2007-12-30 01:43 . 2007-12-30 01:43 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-30 01:43 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
2007-12-29 20:04 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fltmgr.sys
2007-12-29 20:04 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fltmc.exe
2007-12-29 20:04 . 2006-08-21 13:26 16,896 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fltlib.dll
2007-12-29 20:00 . 2007-12-29 20:00 <REP> d-------- C:\Program Files\MSXML 4.0
2007-12-29 19:55 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2007-12-29 19:44 . 2007-12-29 19:44 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2007-12-29 19:29 . 2007-12-30 02:28 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-29 19:26 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2007-12-29 19:21 . 2007-12-29 19:21 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-12-29 19:18 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]02457_.tmp
2007-12-29 19:14 . 2007-12-29 19:14 <REP> d-------- C:\WINDOWS\EHome
2007-12-28 23:18 . 2007-12-31 14:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-28 23:18 . 2007-12-30 01:44 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-28 23:17 . 2007-12-28 23:17 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-28 23:17 . 2007-12-28 23:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-18 00:21 . 2007-12-18 00:21 <REP> d-------- C:\Program Files\Google
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2007-12-02 23:39 . 2007-12-02 23:40 <REP> d-------- C:\NDK
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 14:38 --------- d-----w C:\Program Files\QuickTime
2007-12-31 14:38 --------- d-----w C:\Program Files\MSN Messenger
2007-12-30 17:39 --------- d-----w C:\Program Files\MessengerDiscovery
2007-12-30 00:45 --------- d-----w C:\Documents and Settings\hamelin garrec paul\Application Data\Apple Computer
2007-12-28 22:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-25 12:55 --------- d-----w C:\Program Files\Jasc Software Inc
2007-11-25 12:51 --------- d-----w C:\Program Files\Dell
2007-11-25 12:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-25 12:50 --------- d-----w C:\Program Files\Canon
2007-11-25 12:47 --------- d-----w C:\Program Files\IRAI
2007-11-25 12:47 --------- d-----w C:\Program Files\Azureus
2007-11-25 12:46 --------- d-----w C:\Program Files\AutoCAD 2004
2007-11-25 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2007-11-25 12:41 --------- d-----w C:\Program Files\Logitech
2007-11-25 12:41 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-11-25 12:37 --------- d-----w C:\Program Files\Wanadoo
2007-11-25 12:36 --------- d-----w C:\Program Files\PartyGaming.Net
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.
[code]
----a-w 75,392 2007-12-31 13:30:43 C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w 209,800 2007-12-31 13:30:30 C:\Program Files\Dell\AccessDirect\dadapp .exe
----a-w 127,022 2007-12-31 13:30:35 C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS .EXE
----a-w 49,152 2007-12-31 13:30:36 C:\Program Files\HP\HP Software Update\HPWuSchd .exe
----a-w 241,664 2007-12-31 13:30:38 C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
----a-w 267,048 2007-12-31 13:30:52 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2007-12-31 13:30:43 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 5,674,352 2007-12-31 13:31:18 C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w 286,720 2007-12-31 13:30:49 C:\Program Files\QuickTime\QTTask .exe
----a-w 610,304 2007-12-31 13:30:31 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 110,592 2007-12-31 13:30:30 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 15,360 2007-12-31 13:31:01 C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w 28,672 2007-12-31 13:30:33 C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w 155,648 2007-12-31 13:30:35 C:\WINDOWS\SYSTEM32\NeroCheck .exe
----a-w 114,741 2007-12-31 13:30:35 C:\WINDOWS\SYSTEM32\dla\tfswctrl .exe
[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{856D3658-D223-45C6-9F97-949FA9B9F669}]
C:\Program Files\Services en ligne\holesuC:\WINDOWS\system32\y2\gyreo83122.exe.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-11-20 09:10 4866048]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 06:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [ ]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [ ]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [ ]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [ ]
"USB SECURITY DEVICE CoInstaller"="JupitCo.exe" [2002-05-03 12:08 28931 C:\WINDOWS\SYSTEM32\JupitCo.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
"MS Unix Binary"="msnq3insller.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:52 44544]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DHCP Client]
@="Service"
S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S3 ASUS_USB;ASUS SpaceLink WLAN USB Driver;C:\WINDOWS\system32\DRIVERS\AWLUSB.sys [2002-08-06 09:28]
S3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\System32\AWINDIS5.SYS [2002-04-11 16:43]
S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;C:\WINDOWS\system32\Drivers\BULKUSB.sys []
S3 CA500AV;Digital Video Camera(Video);C:\WINDOWS\system32\DRIVERS\CA500AV.SYS []
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 13:23]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\wg511nd5.sys []
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2005-08-16 10:23]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-29 16:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 15:43:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-31 15:47:14 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 14:47:10
.
2007-12-31 01:46:05 --- E O F ---
Voici le rapport HJT :
Logfile of HijackThis v1.99.1
Scan saved at 16:09:27, on 31/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\JupitCo.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\hamelin garrec paul\Bureau\polo\Multimédia\Curededesintox\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {856D3658-D223-45C6-9F97-949FA9B9F669} - C:\Program Files\Services en ligne\holesuC:\WINDOWS\system32\y2\gyreo83122.exe.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [USB SECURITY DEVICE CoInstaller] JupitCo.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polothentik.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/24b07dfe403816aa7706/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC1F99E4-448C-4306-8982-F65178003363}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Merci d'avance.
Tout d'abord je tiens à te remercier pour l'aide précieuse que tu m'apportes... J'ai réaliser toutes les étapes indiquées ci avant.
Voici le rapport Combofix :
ComboFix 07-12-31.4 - hamelin garrec paul 2007-12-31 15:26:33.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.93 [GMT 1:00]
Running from: C:\Documents and Settings\hamelin garrec paul\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\hamelin garrec paul\Application Data\SpyGuardPro
C:\Documents and Settings\hamelin garrec paul\Application Data\SpyGuardPro\Logs\threats.log
C:\Documents and Settings\hamelin garrec paul\Application Data\SpyGuardPro\Logs\update.log
C:\Documents and Settings\hamelin garrec paul\Application Data\YSTEM~1
C:\Documents and Settings\hamelin garrec paul\Mes documents\CROSOF~1
C:\Documents and Settings\hamelin garrec paul\Mes documents\CROSOF~1.NET
C:\Documents and Settings\hamelin garrec paul\Mes documents\DOBE~1
C:\Documents and Settings\hamelin garrec paul\Mes documents\MCROSO~1.NET
C:\Documents and Settings\hamelin garrec paul\Mes documents\RACLE~1
C:\Documents and Settings\hamelin garrec paul\Mes documents\SEMBLY~1
C:\Documents and Settings\hamelin garrec paul\Mes documents\WNSXS~1
C:\Documents and Settings\hamelin garrec paul\ravmonlog
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Fichiers communs\Yazzle1281OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1281OinUninstaller.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\icroso~1.net
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\mwsoemon .exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]06BFD91.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]06C1928.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]06C2184.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DA8F5A
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DA974A
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DA999B.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DAA767.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DAA880.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DAAA55.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DAACA6.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DAAE6C
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DF43D2.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DF4597.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DF47E9.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DF4B83.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DF5845.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\SpyGuardPro
C:\Program Files\SpyGuardPro\history.db
C:\Program Files\SpyGuardPro\main.log
C:\Program Files\SpyGuardPro\ResErrors.log
C:\Program Files\sstem3~1
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\SpyGuardPro
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\dobe~1
C:\WINDOWS\stem~1
C:\WINDOWS\system32\cbxyyxw.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\dllvirtual.exe
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\f1
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\jkkjife.dll
C:\WINDOWS\SYSTEM32\kjllm.ini
C:\WINDOWS\SYSTEM32\kjllm.ini2
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\mlljk.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qscmccln.exe
C:\WINDOWS\system32\r3
C:\WINDOWS\system32\rqrqoml.dll
C:\WINDOWS\system32\security.exe
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\urlmsnlink.dat
C:\WINDOWS\system32\wnsapisv.exe
C:\WINDOWS\system32\wvuuuvs.dll
C:\WINDOWS\system32\y2
C:\WINDOWS\system32\y2\gyreo83122.exe
C:\WINDOWS\system32\yayvwvs.dll
C:\WINDOWS\system32\yvgughvx.dll
C:\WINDOWS\ymante~1
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
-------\nm
-------\SECURITY
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))))))))
.
2007-12-31 15:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 14:31 . 2007-12-31 14:31 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon .exe
2007-12-31 14:24 . 2007-12-31 14:30 155,648 --a------ C:\WINDOWS\SYSTEM32\NeroCheck .exe
2007-12-31 14:24 . 2007-12-31 14:30 28,672 --a------ C:\WINDOWS\SYSTEM32\DSentry .exe
2007-12-31 02:24 . 2007-12-31 02:24 <REP> d-------- C:\Program Files\Red Kawa
2007-12-31 02:24 . 2007-12-31 02:24 <REP> d-------- C:\Program Files\AviSynth 2.5
2007-12-30 19:18 . 2007-12-30 19:18 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2007-12-30 19:10 . 2007-12-30 19:10 <REP> d-------- C:\Program Files\Free iPod Video Converter
2007-12-30 19:10 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\SYSTEM32\ac3filter.ax
2007-12-30 19:10 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\SYSTEM32\GplMpgDec.ax
2007-12-30 18:55 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2007-12-30 18:52 . 2007-12-30 18:50 365,056 --a------ C:\WINDOWS\SYSTEM32\OLD77.tmp
2007-12-30 18:45 . 2007-12-30 18:45 <REP> d-------- C:\WINDOWS\SYSTEM32\ardCo01
2007-12-30 18:45 . 2007-12-30 18:45 <REP> d-------- C:\Temp\cEeer12
2007-12-30 18:45 . 2007-12-31 15:39 <REP> d-------- C:\Temp
2007-12-30 18:45 . 2007-12-30 18:45 224,816 --a------ C:\Temp\iniag2101.exe
2007-12-30 01:44 . 2007-12-30 01:44 <REP> d-------- C:\Program Files\iPod
2007-12-30 01:43 . 2007-12-31 15:38 <REP> d-------- C:\Program Files\iTunes
2007-12-30 01:43 . 2007-12-30 01:43 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-30 01:43 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
2007-12-29 20:04 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fltmgr.sys
2007-12-29 20:04 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fltmc.exe
2007-12-29 20:04 . 2006-08-21 13:26 16,896 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fltlib.dll
2007-12-29 20:00 . 2007-12-29 20:00 <REP> d-------- C:\Program Files\MSXML 4.0
2007-12-29 19:55 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2007-12-29 19:44 . 2007-12-29 19:44 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2007-12-29 19:29 . 2007-12-30 02:28 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-29 19:26 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2007-12-29 19:21 . 2007-12-29 19:21 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-12-29 19:18 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]02457_.tmp
2007-12-29 19:14 . 2007-12-29 19:14 <REP> d-------- C:\WINDOWS\EHome
2007-12-28 23:18 . 2007-12-31 14:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-28 23:18 . 2007-12-30 01:44 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-28 23:17 . 2007-12-28 23:17 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-28 23:17 . 2007-12-28 23:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-18 00:21 . 2007-12-18 00:21 <REP> d-------- C:\Program Files\Google
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2007-12-02 23:39 . 2007-12-02 23:40 <REP> d-------- C:\NDK
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 14:38 --------- d-----w C:\Program Files\QuickTime
2007-12-31 14:38 --------- d-----w C:\Program Files\MSN Messenger
2007-12-30 17:39 --------- d-----w C:\Program Files\MessengerDiscovery
2007-12-30 00:45 --------- d-----w C:\Documents and Settings\hamelin garrec paul\Application Data\Apple Computer
2007-12-28 22:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-25 12:55 --------- d-----w C:\Program Files\Jasc Software Inc
2007-11-25 12:51 --------- d-----w C:\Program Files\Dell
2007-11-25 12:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-25 12:50 --------- d-----w C:\Program Files\Canon
2007-11-25 12:47 --------- d-----w C:\Program Files\IRAI
2007-11-25 12:47 --------- d-----w C:\Program Files\Azureus
2007-11-25 12:46 --------- d-----w C:\Program Files\AutoCAD 2004
2007-11-25 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2007-11-25 12:41 --------- d-----w C:\Program Files\Logitech
2007-11-25 12:41 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-11-25 12:37 --------- d-----w C:\Program Files\Wanadoo
2007-11-25 12:36 --------- d-----w C:\Program Files\PartyGaming.Net
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.
[code]
----a-w 75,392 2007-12-31 13:30:43 C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w 209,800 2007-12-31 13:30:30 C:\Program Files\Dell\AccessDirect\dadapp .exe
----a-w 127,022 2007-12-31 13:30:35 C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS .EXE
----a-w 49,152 2007-12-31 13:30:36 C:\Program Files\HP\HP Software Update\HPWuSchd .exe
----a-w 241,664 2007-12-31 13:30:38 C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
----a-w 267,048 2007-12-31 13:30:52 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2007-12-31 13:30:43 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 5,674,352 2007-12-31 13:31:18 C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w 286,720 2007-12-31 13:30:49 C:\Program Files\QuickTime\QTTask .exe
----a-w 610,304 2007-12-31 13:30:31 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 110,592 2007-12-31 13:30:30 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 15,360 2007-12-31 13:31:01 C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w 28,672 2007-12-31 13:30:33 C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w 155,648 2007-12-31 13:30:35 C:\WINDOWS\SYSTEM32\NeroCheck .exe
----a-w 114,741 2007-12-31 13:30:35 C:\WINDOWS\SYSTEM32\dla\tfswctrl .exe
[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{856D3658-D223-45C6-9F97-949FA9B9F669}]
C:\Program Files\Services en ligne\holesuC:\WINDOWS\system32\y2\gyreo83122.exe.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-11-20 09:10 4866048]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 06:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [ ]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [ ]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [ ]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [ ]
"USB SECURITY DEVICE CoInstaller"="JupitCo.exe" [2002-05-03 12:08 28931 C:\WINDOWS\SYSTEM32\JupitCo.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
"MS Unix Binary"="msnq3insller.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:52 44544]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DHCP Client]
@="Service"
S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S3 ASUS_USB;ASUS SpaceLink WLAN USB Driver;C:\WINDOWS\system32\DRIVERS\AWLUSB.sys [2002-08-06 09:28]
S3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\System32\AWINDIS5.SYS [2002-04-11 16:43]
S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;C:\WINDOWS\system32\Drivers\BULKUSB.sys []
S3 CA500AV;Digital Video Camera(Video);C:\WINDOWS\system32\DRIVERS\CA500AV.SYS []
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 13:23]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\wg511nd5.sys []
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2005-08-16 10:23]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-29 16:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 15:43:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-31 15:47:14 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 14:47:10
.
2007-12-31 01:46:05 --- E O F ---
Voici le rapport HJT :
Logfile of HijackThis v1.99.1
Scan saved at 16:09:27, on 31/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\JupitCo.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\hamelin garrec paul\Bureau\polo\Multimédia\Curededesintox\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {856D3658-D223-45C6-9F97-949FA9B9F669} - C:\Program Files\Services en ligne\holesuC:\WINDOWS\system32\y2\gyreo83122.exe.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [USB SECURITY DEVICE CoInstaller] JupitCo.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polothentik.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/24b07dfe403816aa7706/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC1F99E4-448C-4306-8982-F65178003363}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Merci d'avance.
fix cette ligne
O2 - BHO: (no name) - {856D3658-D223-45C6-9F97-949FA9B9F669} - C:\Program Files\Services en ligne\holesuC:\WINDOWS\system32\y2\gyreo83122.exe.dll (file missing)
________________
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
______________________
remplace avast par antivir et colle un rapport
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
et dis tes soucis
O2 - BHO: (no name) - {856D3658-D223-45C6-9F97-949FA9B9F669} - C:\Program Files\Services en ligne\holesuC:\WINDOWS\system32\y2\gyreo83122.exe.dll (file missing)
________________
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
______________________
remplace avast par antivir et colle un rapport
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
et dis tes soucis
Salut
Je te remercie infiniement...
Mon ordinateur a maintenant la patate !
Merci pour ton aide !
Tcho
Je te remercie infiniement...
Mon ordinateur a maintenant la patate !
Merci pour ton aide !
Tcho
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
