VIRUS WIN32 Trat BHO

Fermé
musicos - 5 janv. 2008 à 12:53
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 - 23 janv. 2008 à 22:15
Bonjour,


je suis infecté par ce trojan et je ne parviens pas à m'en débarasser.
impossible de faire un scan en ligne avec bitdefender ni avec panda car avast le reconnait comme un virus lorsque le conrole activex essaye de s'installer.
depuis quelques jours, j'ai aussi ce message "sniperspy trial expired" et il me demande si je vaux consulter le site sniperspy.com
je ne sais pas comment m'en débarasser
A voir également:

78 réponses

ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
5 janv. 2008 à 12:57
Bonjour

commence par ça

Télécharge sur le bureau
ftp://ftp.commentcamarche.com/download/HJTInstall.exe

=> Double-clic dessus
=> installe
=> Clic Do a system scan and save the log
=> coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

@+
0
voici le rapoort et merci pour l'aide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:00:41, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\GSICON.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtstt.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {14ffbc24-7cbb-4ae9-98d4-f2dc5f4943a2} - {2a3494f5-cd2f-4d89-9ea4-bbc742cbff41} - C:\WINDOWS\system32\fbgfdoaj.dll
O2 - BHO: (no name) - {3AEC3373-C823-4853-97D4-5B5549833BC3} - C:\WINDOWS\system32\khfgfca.dll
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\iehelper3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\conflict.1\googletoolbar4.dll
O2 - BHO: (no name) - {C8381365-17ED-42A6-B294-4BB08F720DB4} - C:\WINDOWS\system32\vtstt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {655cc670-bd28-486e-8bc7-5cb3e6ca27a5} - (no file)
O3 - Toolbar: Systran40stand.IEPlugIn - {EDDEB5CF-6CC3-11D6-ABAA-00B0D094B576} - C:\Program Files\Systran\4_0\Standard\IEPlugIn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\conflict.1\googletoolbar4.dll
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [sysclean] C:\Documents and Settings\All Users\Application Data\registry\regsvc32 .exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [sysclean] C:\Documents and Settings\All Users\Application Data\registry\regsvc32 .exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word - res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /300
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version8/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3AE9ED90-4B59-47A0-873B-7B71554B3C3E} (JoystickCtl Class) - http://www.miniclip.com/football/joystick.cab
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - http://selfcare.cegetel.net/templates/static/ocx/AFAutoConfig.ocx
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1264beaffeb3d6603b05/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://secure.photobox.com/assets/aurigma/ImageUploader4.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.boulanger.ofoto.fr/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.zonealarm.com/
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://www.flatcast.com/obj/NpFp415.dll
O16 - DPF: {ADC3EA10-8A28-41A9-96B4-534ADFC3CA0A} (Configuratore Auto Control) - http://www.e-alfaromeo.com/components/ocx/autopricer/ConfiguratoreAuto.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} - http://www.e-alfaromeo.com/Components/Ocx/Exterior/Outside.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_18_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E03A6955-BA75-4E65-BD41-D44C37FFACB3}: NameServer = 84.103.237.141 86.64.145.141
O20 - Winlogon Notify: khfgfca - C:\WINDOWS\SYSTEM32\khfgfca.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
5 janv. 2008 à 13:12
en effet pas que du beau monde :-)

commence par ceci
Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4

=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt

-------------
ensuite
Télécharge sur le bureau
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
=> Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau

ensuite une fois ceci fait refais un rapport hijack
@+
0
wl74 Messages postés 5 Date d'inscription samedi 5 janvier 2008 Statut Membre Dernière intervention 8 janvier 2008
5 janv. 2008 à 13:40
Bonjour, j'ai aussi sur mon PC le trojan tratBHO. Il ne cesse de revenir malgré sa mise en quarantaine par Avast.
J'ai fait un scan avec HJT, je vous copie le rapport ci-dessous. En espérant que quelqu'un pourra m'aider.
Merci d'avance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31:45, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\windows\system\hpsysdrv .exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hphmon06 .exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\WINDOWS\system32\LVCOMSX .EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\LogiTray .exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\service .exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.printme.com/support/adobe/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\vturq.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {b5944879-c4b4-56f9-d1b4-1cbc34ce4af3} - {3fa4ec43-cbc1-4b1d-9f65-4b4c9784495b} - C:\WINDOWS\system32\uxmjfpnb.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C69E732A-E58B-483E-85DA-F3A8332A6013} - (no file)
O2 - BHO: (no name) - {E44527F6-1296-4A84-B67D-A6CEA6ED4B69} - (no file)
O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - C:\WINDOWS\system32\qomkihh.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service .exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi .exe"
O4 - HKLM\..\Run: [0cce221a] rundll32.exe "C:\WINDOWS\system32\lyrvsbaf.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: Pandion.lnk = C:\Program Files\Pandion\Pandion.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll (file missing)
O20 - Winlogon Notify: cbxutrq - cbxutrq.dll (file missing)
O20 - Winlogon Notify: qomkihh - C:\WINDOWS\SYSTEM32\qomkihh.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
5 janv. 2008 à 13:52
Salut il faut créer ton propre sujet
http://perso.orange.fr/rginformatique/section%20virus/demofairesontmessage.htm
merci
@+
0
wl74 Messages postés 5 Date d'inscription samedi 5 janvier 2008 Statut Membre Dernière intervention 8 janvier 2008
5 janv. 2008 à 13:54
désolé je ne savais pas.
Je ferai cela ce soir car je dois retourner au boulot. Merci d'avance
0
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
5 janv. 2008 à 13:56
Merci pour ta compréhension
@+
0
voila le rapport vundo ; mais j'ai du redémarrer moi m^^eme le pc.


VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 17:01:27 05/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\divx.dll
C:\WINDOWS\system32\fbgfdoaj.dll
C:\WINDOWS\system32\khfgfca.dll
C:\WINDOWS\system32\rgywxlst.ini
C:\WINDOWS\system32\tslxwygr.dll
C:\WINDOWS\system32\vtstt.exe

Beginning removal...
je continue la procédure. merci pour ton aide.
0
que faire avec ça?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:29, on 2008-01-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr .exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Dell\Media Experience\DMXLauncher .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon .exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn .exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=fr&client=dell-row-rel&channel=ca&ibd=1061216
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=fr&client=dell-row-rel&channel=ca&ibd=1061216
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - C:\WINDOWS\system32\wvurstq.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {35508f4b-614b-723b-f7c4-09e06921d9e0} - {0e9d1296-0e90-4c7f-b327-b416b4f80553} - C:\WINDOWS\system32\ysopicek.dll
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C7E5107A9CAF6E2A1FBB39BFE4976E26CAEDDA7E557D472A39C6C0 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll (file missing)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [e03d2cd2] rundll32.exe "C:\WINDOWS\system32\jytqievx.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent .exe" --force_start_minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\10.0.342.0\Weather.exe" -auto
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Compagnon d'AOL.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Mini-icône d'AOL 8.0.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZR
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://142.176.20.26/islandcam/AxisCamControl.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8697A419-F03F-44D9-89C7-E170495341D9}: NameServer = 207.164.234.129 207.164.234.193
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: wvurstq - C:\WINDOWS\SYSTEM32\wvurstq.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll (file missing)
O22 - SharedTaskScheduler: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
voila la suite

rapport vbg :


[01/05/2008, 19:36:34] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\JEAN-CLAUDE GALET\Bureau\VirtumundoBeGone.exe" )
[01/05/2008, 19:37:01] - Detected System Information:
[01/05/2008, 19:37:01] - Windows Version: 5.1.2600, Service Pack 2
[01/05/2008, 19:37:01] - Current Username: JEAN-CLAUDE GALET (Admin)
[01/05/2008, 19:37:01] - Windows is in NORMAL mode.
[01/05/2008, 19:37:01] - Searching for Browser Helper Objects:
[01/05/2008, 19:37:01] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[01/05/2008, 19:37:01] - BHO 2: {2a3494f5-cd2f-4d89-9ea4-bbc742cbff41} ()
[01/05/2008, 19:37:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 19:37:01] - Checking for HKLM\...\Winlogon\Notify\fbgfdoaj
[01/05/2008, 19:37:01] - Key not found: HKLM\...\Winlogon\Notify\fbgfdoaj, continuing.
[01/05/2008, 19:37:01] - BHO 3: {3AEC3373-C823-4853-97D4-5B5549833BC3} ()
[01/05/2008, 19:37:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 19:37:01] - Checking for HKLM\...\Winlogon\Notify\khfgfca
[01/05/2008, 19:37:01] - Found: HKLM\...\Winlogon\Notify\khfgfca - This is probably Virtumundo.
[01/05/2008, 19:37:01] - Assigning {3AEC3373-C823-4853-97D4-5B5549833BC3} MSEvents Object
[01/05/2008, 19:37:01] - BHO list has been changed! Starting over...
[01/05/2008, 19:37:01] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[01/05/2008, 19:37:01] - BHO 2: {2a3494f5-cd2f-4d89-9ea4-bbc742cbff41} ()
[01/05/2008, 19:37:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 19:37:01] - Checking for HKLM\...\Winlogon\Notify\fbgfdoaj
[01/05/2008, 19:37:01] - Key not found: HKLM\...\Winlogon\Notify\fbgfdoaj, continuing.
[01/05/2008, 19:37:01] - BHO 3: {3AEC3373-C823-4853-97D4-5B5549833BC3} (MSEvents Object)
[01/05/2008, 19:37:01] - ALERT: Found MSEvents Object!
[01/05/2008, 19:37:01] - BHO 4: {49E0E0F0-5C30-11D4-945D-000000000000} ()
[01/05/2008, 19:37:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 19:37:01] - Checking for HKLM\...\Winlogon\Notify\iehelper3
[01/05/2008, 19:37:02] - Key not found: HKLM\...\Winlogon\Notify\iehelper3, continuing.
[01/05/2008, 19:37:02] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/05/2008, 19:37:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 19:37:02] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/05/2008, 19:37:02] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/05/2008, 19:37:02] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/05/2008, 19:37:02] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/05/2008, 19:37:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 19:37:02] - No filename found. Continuing.
[01/05/2008, 19:37:02] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/05/2008, 19:37:02] - BHO 9: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[01/05/2008, 19:37:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 19:37:02] - Checking for HKLM\...\Winlogon\Notify\mnyviewer
[01/05/2008, 19:37:02] - Key not found: HKLM\...\Winlogon\Notify\mnyviewer, continuing.
[01/05/2008, 19:37:02] - Finished Searching Browser Helper Objects
[01/05/2008, 19:37:02] - *** Detected MSEvents Object
[01/05/2008, 19:37:02] - Trying to remove MSEvents Object...
[01/05/2008, 19:37:03] - Terminating Process: IEXPLORE.EXE
[01/05/2008, 19:37:04] - Terminating Process: RUNDLL32.EXE
[01/05/2008, 19:37:05] - Disabling Automatic Shell Restart
[01/05/2008, 19:37:05] - Terminating Process: EXPLORER.EXE
[01/05/2008, 19:37:06] - Suspending the NT Session Manager System Service
[01/05/2008, 19:37:06] - Terminating Windows NT Logon/Logoff Manager
[01/05/2008, 19:37:07] - Re-enabling Automatic Shell Restart
[01/05/2008, 19:37:07] - File to disable: C:\WINDOWS\system32\khfgfca.dll
[01/05/2008, 19:37:07] - Renaming C:\WINDOWS\system32\khfgfca.dll -> C:\WINDOWS\system32\khfgfca.dll.vir
[01/05/2008, 19:37:07] - File successfully renamed!
[01/05/2008, 19:37:07] - Removing HKLM\...\Browser Helper Objects\{3AEC3373-C823-4853-97D4-5B5549833BC3}
[01/05/2008, 19:37:07] - Removing HKCR\CLSID\{3AEC3373-C823-4853-97D4-5B5549833BC3}
[01/05/2008, 19:37:08] - Adding Kill Bit for ActiveX for GUID: {3AEC3373-C823-4853-97D4-5B5549833BC3}
[01/05/2008, 19:37:08] - Deleting ATLEvents/MSEvents Registry entries
[01/05/2008, 19:37:08] - Removing HKLM\...\Winlogon\Notify\khfgfca
[01/05/2008, 19:37:08] - Searching for Browser Helper Objects:
[01/05/2008, 19:37:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[01/05/2008, 19:37:08] - BHO 2: {2a3494f5-cd2f-4d89-9ea4-bbc742cbff41} ()
[01/05/2008, 19:37:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 19:37:08] - Checking for HKLM\...\Winlogon\Notify\fbgfdoaj
[01/05/2008, 19:37:08] - Key not found: HKLM\...\Winlogon\Notify\fbgfdoaj, continuing.
[01/05/2008, 19:37:08] - BHO 3: {49E0E0F0-5C30-11D4-945D-000000000000} ()
[01/05/2008, 19:37:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 19:37:08] - Checking for HKLM\...\Winlogon\Notify\iehelper3
[01/05/2008, 19:37:08] - Key not found: HKLM\...\Winlogon\Notify\iehelper3, continuing.
[01/05/2008, 19:37:08] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/05/2008, 19:37:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 19:37:08] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/05/2008, 19:37:08] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/05/2008, 19:37:08] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/05/2008, 19:37:08] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/05/2008, 19:37:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 19:37:08] - No filename found. Continuing.
[01/05/2008, 19:37:08] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/05/2008, 19:37:08] - BHO 8: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[01/05/2008, 19:37:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 19:37:08] - Checking for HKLM\...\Winlogon\Notify\mnyviewer
[01/05/2008, 19:37:08] - Key not found: HKLM\...\Winlogon\Notify\mnyviewer, continuing.
[01/05/2008, 19:37:08] - Finished Searching Browser Helper Objects
[01/05/2008, 19:37:08] - Finishing up...
[01/05/2008, 19:37:08] - A restart is needed.
[01/05/2008, 19:37:08] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[01/05/2008, 19:37:18] - Attempting to Restart via STOP error (Blue Screen!)


et mainteant le rapport hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:02, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\dslagent.exe
C:\Documents and Settings\All Users\Application Data\registry\regsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\All Users\Application Data\registry\regsvc32 .exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtstt.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {14ffbc24-7cbb-4ae9-98d4-f2dc5f4943a2} - {2a3494f5-cd2f-4d89-9ea4-bbc742cbff41} - C:\WINDOWS\system32\fbgfdoaj.dll
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\iehelper3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\conflict.1\googletoolbar4.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {655cc670-bd28-486e-8bc7-5cb3e6ca27a5} - (no file)
O3 - Toolbar: Systran40stand.IEPlugIn - {EDDEB5CF-6CC3-11D6-ABAA-00B0D094B576} - C:\Program Files\Systran\4_0\Standard\IEPlugIn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\conflict.1\googletoolbar4.dll
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [sysclean] C:\Documents and Settings\All Users\Application Data\registry\regsvc32 .exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [sysclean] C:\Documents and Settings\All Users\Application Data\registry\regsvc32 .exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word - res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /300
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version8/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3AE9ED90-4B59-47A0-873B-7B71554B3C3E} (JoystickCtl Class) - http://www.miniclip.com/football/joystick.cab
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - http://selfcare.cegetel.net/templates/static/ocx/AFAutoConfig.ocx
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1264beaffeb3d6603b05/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://secure.photobox.com/assets/aurigma/ImageUploader4.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.boulanger.ofoto.fr/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.zonealarm.com/
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://www.flatcast.com/obj/NpFp415.dll
O16 - DPF: {ADC3EA10-8A28-41A9-96B4-534ADFC3CA0A} (Configuratore Auto Control) - http://www.e-alfaromeo.com/components/ocx/autopricer/ConfiguratoreAuto.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} - http://www.e-alfaromeo.com/Components/Ocx/Exterior/Outside.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_18_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E03A6955-BA75-4E65-BD41-D44C37FFACB3}: NameServer = 84.103.237.143 86.64.145.143
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
5 janv. 2008 à 19:51
Bonjour chevreuil
en effet ton rapport montre plein d'infection
mais je te demande de créer ton propre sujet pour éviter que le sujet de musicos
soit plus simple à gérer
http://perso.orange.fr/rginformatique/section%20virus/demofairesontmessage.htm
merci
@+

0
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
5 janv. 2008 à 19:55
Musicos

bien on progresse
maintenant
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
@+
0
musicos2 Messages postés 18 Date d'inscription samedi 5 janvier 2008 Statut Membre Dernière intervention 8 octobre 2008
5 janv. 2008 à 20:32
voila le rapport combofix
j'attends tes instructions



ComboFix 08-01-04.1 - JEAN-CLAUDE GALET 2008-01-05 20:01:20.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.179 [GMT 1:00]
Running from: C:\Documents and Settings\JEAN-CLAUDE GALET\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\JEAN-CLAUDE GALET\new.txt
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\Downloaded Program Files.\dhtmlaccess.inf
C:\WINDOWS\ktd32.atm
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\fbgfdoaj.dll
C:\WINDOWS\system32\rgywxlst.ini
C:\WINDOWS\system32\system
C:\WINDOWS\system32\system\msxml4.dll
C:\WINDOWS\system32\system\msxml4r.dll
C:\WINDOWS\system32\tslxwygr.dll
C:\WINDOWS\system32\vtstt.exe
C:\WINDOWS\system32\winspool.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.

2008-01-05 20:19 . 2008-01-05 20:19 344,576 --a------ C:\WINDOWS\system32\vtstt.dll
2008-01-05 19:59 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 18:00 . 2008-01-05 18:00 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-05 17:01 . 2008-01-05 17:01 <REP> d-------- C:\VundoFix Backups
2008-01-05 11:55 . 2008-01-05 11:57 <REP> d-------- C:\Program Files\Panda Security
2008-01-04 18:12 . 2008-01-04 18:12 <REP> d-------- C:\Program Files\AxBx
2008-01-04 17:55 . 2008-01-04 17:55 <REP> d-------- C:\Program Files\Trend Micro
2008-01-04 10:53 . 2008-01-04 16:47 6,542 --ahs---- C:\WINDOWS\system32\ttstv.ini2
2007-12-31 20:36 . 2007-12-31 20:37 <REP> d-------- C:\Documents and Settings\JEAN-CLAUDE GALET\Application Data\Weflirt
2007-12-31 16:06 . 2007-12-31 16:06 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-31 15:47 . 2007-12-31 15:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-30 11:37 . 2008-01-04 11:39 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-29 13:40 . 2007-12-29 13:38 365,056 --a------ C:\WINDOWS\system32\OLDB8.tmp
2007-12-29 13:38 . 2008-01-04 16:50 6,542 --ahs---- C:\WINDOWS\system32\ttstv.ini
2007-12-29 13:32 . 2007-12-29 13:32 39,424 --a------ C:\WINDOWS\system32\khfgfca.dll.vir
2007-12-29 12:55 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-12-29 12:55 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-12-29 12:55 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-12-29 12:54 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-12-29 12:24 . 2008-01-05 20:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\registry
2007-12-17 19:21 . 2007-12-17 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeTest
2007-12-15 17:37 . 2007-12-15 17:37 <REP> d-------- C:\Documents and Settings\JEAN-CLAUDE GALET\Application Data\EPSON

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 23:04 --------- d-----w C:\Documents and Settings\JEAN-CLAUDE GALET\Application Data\uTorrent
2008-01-04 19:55 --------- d-----w C:\Program Files\eMule
2008-01-04 16:04 --------- d-----w C:\Program Files\Hijackthis Version Française
2007-12-28 15:37 --------- d-----w C:\Documents and Settings\JEAN-CLAUDE GALET\Application Data\Corel
2007-12-20 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 22:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-16 22:04 --------- d-----w C:\Documents and Settings\JEAN-CLAUDE GALET\Application Data\LimeWire
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 00:03 --------- d-----w C:\Program Files\Picasa2
2007-10-20 11:17 238,384 ----a-w C:\Documents and Settings\JEAN-CLAUDE GALET\Application Data\GDIPFONTCACHEV1.DAT
2006-12-29 19:56 81,920 ----a-w C:\Documents and Settings\JEAN-CLAUDE GALET\Application Data\ezpinst.exe
2006-12-29 19:56 47,360 ----a-w C:\Documents and Settings\JEAN-CLAUDE GALET\Application Data\pcouffin.sys
2003-08-16 17:56 579,584 --sha-r C:\WINDOWS\system32\cd.exe
.
[code]<pre>
----a-w 176,128 2008-01-04 09:53:30 C:\Documents and Settings\All Users\Application Data\registry\regsvc32 .exe
----a-w 176,128 2008-01-05 19:19:41 C:\Documents and Settings\All Users\Application Data\registry\regsvc32 .exe
----a-w 79,224 2008-01-04 19:03:35 C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w 714,000 2008-01-05 18:39:51 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w 15,360 2008-01-04 10:39:34 C:\WINDOWS\system32\ctfmon .exe
</pre>[/code]


((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"sysclean"="C:\Documents and Settings\All Users\Application Data\registry\regsvc32 .exe" [2008-01-05 20:19 176128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GSICONEXE"="GSICON.EXE" [2002-01-22 20:01 90112 C:\WINDOWS\system32\gsicon.exe]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 14:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"DSLAGENTEXE"="dslagent.exe" [2002-01-22 20:01 16384 C:\WINDOWS\system32\dslagent.exe]
"sysclean"="C:\Documents and Settings\All Users\Application Data\registry\regsvc32 .exe" [2008-01-05 20:19 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk]
backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^CanoScan FB310 Utilities.lnk]
backup=C:\WINDOWS\pss\CanoScan FB310 Utilities.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digimax Viewer 1.0.lnk]
backup=C:\WINDOWS\pss\Digimax Viewer 1.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hyperappel.lnk]
backup=C:\WINDOWS\pss\hyperappel.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
backup=C:\WINDOWS\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcctMgr]
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GNTDEL]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Grenouille]
C:\Program Files\Grenouille.com\Grenouille\Grenouille.exe /NOSPLASH

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_316984]
H:\INSTALL LOGICIELS\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2003-12-16 22:37 188416 --a------ C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2003-12-16 22:39 77824 --a------ C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDico]
C:\Program Files\Micro Application\MediaDICO\MediaDICO.exe Lancement

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-11-07 14:41 110592 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
Fichier c:\program files\musicmatch\musicmatch jukebox\mm_server.exe n'existe pas. n'existe pas. n'existe pas.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 11:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpScheduler]
C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware14]
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Converter Registry Controller]
2003-09-30 09:55 102400 --a------ C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\RegistryController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PROMT Integrator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSPrnAgent]
C:\Program Files\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorkFlowTray]
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ydirector1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zzzzzzzxtras]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CHotKey"=mHotkey.exe
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-07-22 12:07]
R2 as260n;as260n;C:\WINDOWS\system32\drivers\as260n.sys [1997-12-31 10:25]
R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2003-01-17 00:25]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ALIEHCI.sys [2003-12-18 20:56]
S2 gafwload;ECI Telecom USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2002-01-22 20:01]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 aligp;USB Composite Device;C:\WINDOWS\system32\DRIVERS\AliGP.sys [2003-12-18 10:43]
S3 aliroothub;USB 2.0 Root Hub;C:\WINDOWS\system32\DRIVERS\AliRtHub.sys [2003-12-18 10:45]
S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS [2001-07-09 15:12]
S3 ham50;V9X HAM 1394V;C:\WINDOWS\system32\DRIVERS\CTXH51.sys [2001-08-04 16:50]
S3 LUsbKbd;Logitech SetPoint USB Filter Driver;C:\WINDOWS\system32\drivers\LUsbKbd.sys [2005-03-10 13:08]
S3 PIXMC10;JVC Communication PIX-MC10 Driver;C:\WINDOWS\system32\Drivers\pixmc10c.sys [2002-09-27 20:42]
S3 PIXMC10A;JVC PIX-MC10 Audio Capture;C:\WINDOWS\system32\Drivers\pixmc10a.sys [2002-10-04 00:14]
S3 PIXMC10V;JVC PIX-MC10 Video Capture;C:\WINDOWS\system32\Drivers\pixmc10v.sys [2002-11-28 02:13]
S3 VSO_IOCD;VSO_IOCD;C:\WINDOWS\system32\drivers\vso_iocd.sys [2002-01-28 02:03]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\CODE.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
\Shell\AutoRun\command - P:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{279dd057-44d0-11dc-9478-00ff00300101}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{455ed0b3-4318-11da-9813-00ff00300101}]
\Shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{960891c6-ac43-11da-9c40-806d6172696f}]
\shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc1e95b2-4413-11db-9635-00ff00300101}]
\Shell\AutoRun\command - M:\Autorun.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-04 16:20:10 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 20:19:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 20:29:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-05 19:28:56
.
2007-12-21 23:09:09 --- E O F ---
0
merçi EP44 pour la réponse... je suis débutant avec les virus c'est tout un monde...

je ne sais même pas comment créer mon propre sujet et je ne veux pas nuire à musicos...

je ferai donc confiance à vos directives pour essayer de me familiariser avec tout ça

merçi encore
0
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
5 janv. 2008 à 21:18
selectionne ceci

File::

C:\WINDOWS\system32\khfgfca.dll.vir

=> Copie le texte sélectionné (CTRL+C).
=> Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
=> Colle le texte copié dans ce bloc-notes (CTRL+V).
=> Sauvegarde ce fichier sous le nom de CFScript.txt
=> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
=> Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
=> Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
=> Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
=> Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

ensuite refais un nouveau hijack
@+
0
musicos2 Messages postés 18 Date d'inscription samedi 5 janvier 2008 Statut Membre Dernière intervention 8 octobre 2008
6 janv. 2008 à 00:26
voici le rapport combofix

ComboFix 08-01-04.1 - JEAN-CLAUDE GALET 2008-01-06 0:00:25.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.220 [GMT 1:00]Running from: C:\Documents and Settings\JEAN-CLAUDE GALET\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\JEAN-CLAUDE GALET\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\khfgfca.dll.vir
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\khfgfca.dll.vir

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.

2008-01-05 19:59 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 18:00 . 2008-01-05 18:00 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-05 17:01 . 2008-01-05 17:01 <REP> d-------- C:\VundoFix Backups
2008-01-05 11:55 . 2008-01-05 20:53 <REP> d-------- C:\Program Files\Panda Security
2008-01-04 18:12 . 2008-01-04 18:12 <REP> d-------- C:\Program Files\AxBx
2008-01-04 17:55 . 2008-01-04 17:55 <REP> d-------- C:\Program Files\Trend Micro
2008-01-04 10:53 . 2008-01-04 16:47 6,542 --ahs---- C:\WINDOWS\system32\ttstv.ini2
2007-12-31 16:06 . 2007-12-31 16:06 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-31 15:47 . 2007-12-31 15:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-30 11:37 . 2008-01-04 11:39 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-29 13:40 . 2007-12-29 13:38 365,056 --a------ C:\WINDOWS\system32\OLDB8.tmp
2007-12-29 13:38 . 2008-01-04 16:50 6,542 --ahs---- C:\WINDOWS\system32\ttstv.ini
2007-12-29 12:55 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-12-29 12:55 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-12-29 12:55 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-12-29 12:54 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-12-29 12:24 . 2008-01-05 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\registry
2007-12-17 19:21 . 2007-12-17 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeTest
2007-12-15 17:37 . 2007-12-15 17:37 <REP> d-------- C:\Documents and Settings\JEAN-CLAUDE GALET\Application Data\EPSON

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 23:04 --------- d-----w C:\Documents and Settings\JEAN-CLAUDE GALET\Application Data\uTorrent
2008-01-04 19:55 --------- d-----w C:\Program Files\eMule
2008-01-04 16:04 --------- d-----w C:\Program Files\Hijackthis Version Française
2007-12-28 15:37 --------- d-----w C:\Documents and Settings\JEAN-CLAUDE GALET\Application Data\Corel
2007-12-20 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 22:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-16 22:04 --------- d-----w C:\Documents and Settings\JEAN-CLAUDE GALET\Application Data\LimeWire
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 00:03 --------- d-----w C:\Program Files\Picasa2
2007-11-03 10:18 999,424 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 11:17 238,384 ----a-w C:\Documents and Settings\JEAN-CLAUDE GALET\Application Data\GDIPFONTCACHEV1.DAT
2006-12-29 19:56 81,920 ----a-w C:\Documents and Settings\JEAN-CLAUDE GALET\Application Data\ezpinst.exe
2006-12-29 19:56 47,360 ----a-w C:\Documents and Settings\JEAN-CLAUDE GALET\Application Data\pcouffin.sys
2006-04-28 07:29 42,468 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_04_28_00_28_35_small.dmp.zip
2003-08-16 17:56 579,584 --sha-r C:\WINDOWS\system32\cd.exe
.
[code]<pre>
----a-w 176,128 2008-01-04 09:53:30 C:\Documents and Settings\All Users\Application Data\registry\regsvc32 .exe
----a-w 176,128 2008-01-05 19:19:41 C:\Documents and Settings\All Users\Application Data\registry\regsvc32 .exe
----a-w 79,224 2008-01-04 19:03:35 C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w 714,000 2008-01-05 18:39:51 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w 15,360 2008-01-04 10:39:34 C:\WINDOWS\system32\ctfmon .exe
</pre>[/code]


((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"sysclean"="C:\Documents and Settings\All Users\Application Data\registry\regsvc32 .exe" [2008-01-05 20:19 176128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GSICONEXE"="GSICON.EXE" [2002-01-22 20:01 90112 C:\WINDOWS\system32\gsicon.exe]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 14:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"DSLAGENTEXE"="dslagent.exe" [2002-01-22 20:01 16384 C:\WINDOWS\system32\dslagent.exe]
"sysclean"="C:\Documents and Settings\All Users\Application Data\registry\regsvc32 .exe" [2008-01-05 20:19 176128]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-11-19 17:35:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk]
backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^CanoScan FB310 Utilities.lnk]
backup=C:\WINDOWS\pss\CanoScan FB310 Utilities.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digimax Viewer 1.0.lnk]
backup=C:\WINDOWS\pss\Digimax Viewer 1.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hyperappel.lnk]
backup=C:\WINDOWS\pss\hyperappel.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
backup=C:\WINDOWS\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcctMgr]
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GNTDEL]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Grenouille]
C:\Program Files\Grenouille.com\Grenouille\Grenouille.exe /NOSPLASH

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_316984]
H:\INSTALL LOGICIELS\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2003-12-16 22:37 188416 --a------ C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2003-12-16 22:39 77824 --a------ C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDico]
C:\Program Files\Micro Application\MediaDICO\MediaDICO.exe Lancement

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-11-07 14:41 110592 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]
Fichier c:\program files\musicmatch\musicmatch jukebox\mm_server.exe n'existe pas. n'existe pas. n'existe pas.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 11:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpScheduler]
C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware14]
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Converter Registry Controller]
2003-09-30 09:55 102400 --a------ C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\RegistryController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PROMT Integrator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSPrnAgent]
C:\Program Files\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorkFlowTray]
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ydirector1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zzzzzzzxtras]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CHotKey"=mHotkey.exe
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-07-22 12:07]
R2 as260n;as260n;C:\WINDOWS\system32\drivers\as260n.sys [1997-12-31 10:25]
R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2003-01-17 00:25]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ALIEHCI.sys [2003-12-18 20:56]
S2 gafwload;ECI Telecom USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2002-01-22 20:01]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 aligp;USB Composite Device;C:\WINDOWS\system32\DRIVERS\AliGP.sys [2003-12-18 10:43]
S3 aliroothub;USB 2.0 Root Hub;C:\WINDOWS\system32\DRIVERS\AliRtHub.sys [2003-12-18 10:45]
S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS [2001-07-09 15:12]
S3 ham50;V9X HAM 1394V;C:\WINDOWS\system32\DRIVERS\CTXH51.sys [2001-08-04 16:50]
S3 LUsbKbd;Logitech SetPoint USB Filter Driver;C:\WINDOWS\system32\drivers\LUsbKbd.sys [2005-03-10 13:08]
S3 PIXMC10;JVC Communication PIX-MC10 Driver;C:\WINDOWS\system32\Drivers\pixmc10c.sys [2002-09-27 20:42]
S3 PIXMC10A;JVC PIX-MC10 Audio Capture;C:\WINDOWS\system32\Drivers\pixmc10a.sys [2002-10-04 00:14]
S3 PIXMC10V;JVC PIX-MC10 Video Capture;C:\WINDOWS\system32\Drivers\pixmc10v.sys [2002-11-28 02:13]
S3 VSO_IOCD;VSO_IOCD;C:\WINDOWS\system32\drivers\vso_iocd.sys [2002-01-28 02:03]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\CODE.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
\Shell\AutoRun\command - P:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{279dd057-44d0-11dc-9478-00ff00300101}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{455ed0b3-4318-11da-9813-00ff00300101}]
\Shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{960891c6-ac43-11da-9c40-806d6172696f}]
\shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc1e95b2-4413-11db-9635-00ff00300101}]
\Shell\AutoRun\command - M:\Autorun.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-04 16:20:10 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 00:10:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 0:16:24
ComboFix-quarantined-files.txt 2008-01-05 23:16:20
ComboFix2.txt 2008-01-05 19:29:02
.
2007-12-21 23:09:09 --- E O F ---


je fais suivre le hijack
merci pour toute ton aide
0
musicos2 Messages postés 18 Date d'inscription samedi 5 janvier 2008 Statut Membre Dernière intervention 8 octobre 2008
6 janv. 2008 à 00:29
et maintenant le hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:27:57, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\GSICON.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\iehelper3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\conflict.1\googletoolbar4.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {655cc670-bd28-486e-8bc7-5cb3e6ca27a5} - (no file)
O3 - Toolbar: Systran40stand.IEPlugIn - {EDDEB5CF-6CC3-11D6-ABAA-00B0D094B576} - C:\Program Files\Systran\4_0\Standard\IEPlugIn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\conflict.1\googletoolbar4.dll
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [sysclean] C:\Documents and Settings\All Users\Application Data\registry\regsvc32 .exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [sysclean] C:\Documents and Settings\All Users\Application Data\registry\regsvc32 .exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word - res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /300
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version8/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3AE9ED90-4B59-47A0-873B-7B71554B3C3E} (JoystickCtl Class) - http://www.miniclip.com/football/joystick.cab
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - http://selfcare.cegetel.net/templates/static/ocx/AFAutoConfig.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1264beaffeb3d6603b05/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://secure.photobox.com/assets/aurigma/ImageUploader4.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.boulanger.ofoto.fr/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.zonealarm.com/
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://www.flatcast.com/obj/NpFp415.dll
O16 - DPF: {ADC3EA10-8A28-41A9-96B4-534ADFC3CA0A} (Configuratore Auto Control) - http://www.e-alfaromeo.com/components/ocx/autopricer/ConfiguratoreAuto.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} - http://www.e-alfaromeo.com/Components/Ocx/Exterior/Outside.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_18_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E03A6955-BA75-4E65-BD41-D44C37FFACB3}: NameServer = 84.103.237.143 86.64.145.143
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
6 janv. 2008 à 00:29
maintenant Fais un scan antivirus en ligne avec Internet Explorer
https://www.bitdefender.fr/


=> En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
=> Dans la nouvelle fenêtre, clique sur I agree
=> La fenêtre change encore, clique sur Click here to scan
=> Les signatures se chargent, etc.
=> copie colle le résultat ici

tuto en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

et
reposte un nouveau rapport hijackthis
@+
0
musicos2 Messages postés 18 Date d'inscription samedi 5 janvier 2008 Statut Membre Dernière intervention 8 octobre 2008
6 janv. 2008 à 00:37
impossible d'effectuer le test avac bitdefender il ne parvient pas a scanner mon ordi.

faut il deconnecter avast avant le scan ?
0
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
6 janv. 2008 à 00:59
essaye ceci

fais un scan antivirus en ligne Panda https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
et copie colle le résultat ici
(avec Internet Explorer. Désactive ton antivirus pendant le scan)

tuto en image
@+
0