A l'aide urgent win32 : trat BHO[tRJ]

Question

Bonjour,

je n' y connais pas grand chose, mais Avast a détecté ce virus, suivant certains forums j'ai changer avast pour antivir(perso plus pénible car il indique sans arrêt la rpésence des virus et bloque l'utilisation du scan)
Après désactivation de l'antivirus j'ai lancé un scan
puis un highjack.
Pouvez vous m'aider à résoudre mon problème svp.

Finallement j'ai remis avast.

log file antivir : 


AntiVir PersonalEdition Classic
Report file date: mardi 8 janvier 2008  19:47

Scanning for 1017413 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         SYSTEM
Computer name:    DCFC0Q2J

Version information:
BUILD.DAT    : 270           15603 Bytes    19.09.07 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes    23.08.07 13:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes    16.08.07 12:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes    14.08.07 15:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes    21.08.07 12:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes    18.07.07 14:27:15
ANTIVIR1.VDF : 7.0.1.95    3367424 Bytes    14.12.07 17:51:48
ANTIVIR2.VDF : 7.0.1.205    620544 Bytes    08.01.08 17:51:48
ANTIVIR3.VDF : 7.0.1.208      9728 Bytes    08.01.08 17:51:48
AVEWIN32.DLL : 7.6.0.46    3084800 Bytes    08.01.08 17:51:50
AVWINLL.DLL  : 1.0.0.7       14376 Bytes    26.02.07 10:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes    18.07.07 07:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes    16.04.07 13:16:24
AVPACK32.DLL : 7.6.0.2      360488 Bytes    08.01.08 17:51:50
AVREG.DLL    : 7.0.1.6       30760 Bytes    18.07.07 07:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes    28.08.07 12:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes    18.07.07 07:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes    08.03.07 11:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes    07.08.07 12:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes    21.08.07 12:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes    23.07.07 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 8 janvier 2008  19:47

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'HOTSYNC.EXE' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'DSAgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'PicasaMediaDetector.exe' - '1' Module(s) have been scanned
Scan process 'vVX3000.exe' - '1' Module(s) have been scanned
Scan process 'BacsTray.exe' - '1' Module(s) have been scanned
Scan process 'E_FATIBVE.EXE' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'Corel Photo Downloader.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'DMXLauncher.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
50 processes with 50 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
      [NOTE]      No virus was found!
Master boot sector HD1
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0015
Master boot sector HD2
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0015
Master boot sector HD3
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0015
Master boot sector HD4
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0015
Master boot sector HD5
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0015

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\jkkifec.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [WARNING]   An error has occurred and the file was not deleted. ErrorID: 16003
      [WARNING]   The file could not be deleted!
C:\WINDOWS\system32\jkkifec.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen

The registry was scanned ( '39' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
      [WARNING]   The file could not be opened!
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Documents and Settings\dany rabory\Local Settings\Temp	emp.frAD4F\bin\10.0.370.0\ZangoUnInstaller.exe
      [DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.4
      [INFO]      The file was moved to '47f1c67d.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temp	emp.frE868\bin\10.0.370.0\SeekmoUnInstaller.exe
      [DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.9
      [INFO]      The file was moved to '47e8c688.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\8TFJ9WSD\md5[1]
      [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
      [INFO]      The file was moved to '47b8c699.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\8TFJ9WSD\md5[2]
      [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
      [INFO]      The file was moved to '47b8c69c.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\IMGES7XK\md5[1]
      [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
      [INFO]      The file was moved to '47b8c6b0.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\IMGES7XK\md5[2]
      [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
      [INFO]      The file was moved to '47b8c6b4.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\IMGES7XK\md5[3]
      [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
      [INFO]      The file was moved to '47b8c6b7.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\RTZTO57D\md5[1]
      [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
      [INFO]      The file was moved to '47b8c6c8.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\RTZTO57D\md5[2]
      [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
      [INFO]      The file was moved to '47b8c6cb.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\VSGL9YAV\md5[1]
      [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
      [INFO]      The file was moved to '47b8c6de.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\VSGL9YAV\md5[2]
      [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
      [INFO]      The file was moved to '461a6d0f.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\VSGL9YAV\md5[3]
      [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
      [INFO]      The file was moved to '47b8c6df.qua'!
C:\Documents and Settings\paulo lourenço\Local Settings\Temporary Internet Files\Content.IE5\9KDMU2IR	race[1].htm
      [DETECTION] Contains suspicious code HEUR/Exploit.HTML
      [INFO]      The file was moved to '47e4c84b.qua'!
C:\Program Files\Panda Security\TotalScan\pskavs.dll
      [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
      [INFO]      The file was moved to '47eecd8d.qua'!
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP332\A0084238.exe
      [DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.9
      [INFO]      The file was moved to '47b3d03e.qua'!
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP357\A0091441.exe
      [DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.4
      [INFO]      The file was moved to '47b3d093.qua'!
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095924.dll
      [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
      [INFO]      The file was moved to '47b3d0ad.qua'!
C:\WINDOWS\system32\ddabx.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [WARNING]   An error has occurred and the file was not deleted. ErrorID: 16003
      [WARNING]   The file could not be deleted!
C:\WINDOWS\system32\jkkifec.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [WARNING]   An error has occurred and the file was not deleted. ErrorID: 16003
      [WARNING]   The file could not be deleted!
C:\WINDOWS\system32\sstqo.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO]      The file was moved to '47f7e0d8.qua'!


End of the scan: mardi 8 janvier 2008  21:44
Used time:  1:57:06 min

The scan has been done completely.

   7817 Scanning directories
 409763 Files were scanned
     20 viruses and/or unwanted programs were found
      1 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
     18 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 409743 Files not concerned
   4635 Archives were scanned
      5 Warnings
      2 Notes

log file HIGHJACK : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:29, on 09/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070116
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070116
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S9A.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.370.0\OEAddOn.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Lyonnais92 · Answer

Bonjour,

1) Tu sembles ne pas avoir de parefeu contrôlant les connexions sortantes, ce qui est un risque de sécurité.

Si c'est le cas tu as le choix entre ces deux possibilités :

Zone Alarm Tuto et lien de téléchargement ici :
https://www.malekal.com/tutoriel-zonealarm-firewall/

Kerio Tuto et lien de téléchargement ici :
http://www.malekal.com/kerio_firewall.php

Il y en a d'autres que tu peux trouver en ouvrant ce lien :
http://www.malekal.com/menu_tutorials_logiciels.php 

Il faut que tu désactives le parefeu de Windows (panneau de configuration, parefeu de Windows) après le téléchargement et avant l'installation (déconnecte toi du Net à ce moment là).
2) Télécharge VundoFix.exe (par Atribune) sur ton Bureau. 
http://www.atribune.org/ccount/click.php?id=4 
Double-clique VundoFix.exe afin de le lancer. 

Clique sur le bouton Scan for Vundo. 
Lorsque le scan est complété, clique sur le bouton Remove Vundo. 
Une invite te demandera si tu veux supprimer les fichiers, clique YES 
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers. 
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK 
Démarre ton PC à nouveau. 
Copie/colle le rapport (c:\vundofix.txt) dans ta réponse
3) Télécharge BTFix de Bibi26 
http://cluster1.easy-hebergement.net/ de Bibi26 
Dézippe l'archive sur ton Bureau. 
Ouvre le dossier BTFix. 
Double clique sur BTFix.exe. 
Clique sur Rechercher. 
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

paulchette · Answer

Slt,
Merci pour ton aide,
le rapport btfix : 

BTFix 1.068 (par bibi26) - 12/01/2008 11:14:54 - Analyse
Lanc§Û depuis C:\Documents and Settings\dany rabory\Bureau\BTFix\BTFix\BTFix.exe

---> Fichiers/Dossiers trouv§Ûs

 - C:\Program Files\ShoppingReport
 - C:\Documents and Settings\dany rabory\Application Data\ShoppingReport
 - C:\Documents and Settings\All Users\Application Data\ZangoSA
 - C:\Documents and Settings\All Users\Application Data\SeekmoSA
 - C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
 - C:\Documents and Settings\All Users\Menu Demarrer\Programmes\Seekmo

---> Analyse termin§Ûe

par contre vundo n'a rien d¨¦tect¨¦, pas de rapport.

j'ai install¨¦ zona alarm avant mais il me bloquait l'acces a internet(donc  ¨¤ ton msg pour pouvoir faire les manip)car 26 intrusions, je l'ai donc d¨¦sactiv¨¦ et remis celui de windows le temps de faire vundo.

j'attend la suite de la proc¨¦dure.

paulchette

Lyonnais92 · Answer

Re,

Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Double clique sur BTFix.exe.
Clique sur Nettoyer.


Redémarre en mode normal;

télécharge combofix (par sUBs)ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


et enregistre le sur le bureau.

2 double-clique sur combofix.exe et suis les instructions

3 à la fin, il va produire un rapport C:\ComboFix.txt

4 copie/colle ce rapport dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Poste le rapport dans ta réponse avec un nouveau rapport Hijackthis.

paulchette · Answer

Slt,

ComboFix 08-01-13.1 - dany rabory 2008-01-13 9:38:21.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1251.996.1036.18.588 [GMT 1:00]
Running from: C:\Documents and Settings\dany rabory\Bureau\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\SeekmoSA
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEula.mht
C:\Documents and Settings\dany rabory\Application Data\ShoppingReport
C:\Documents and Settings\dany rabory\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\dany rabory\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\dany rabory\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\dany rabory\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\dany rabory\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\dany rabory\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\dany rabory\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini2

.
((((((((((((((((((((((((((((( Fichiers cr©©s 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))))))))
.

2008-01-13 09:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 10:53 . 2008-01-12 10:53 <REP> d-------- C:\VundoFix Backups
2008-01-12 10:37 . 2008-01-12 10:37 132,608 --a------ C:\Program Files\VundoFix.exe
2008-01-12 09:34 . 2008-01-13 09:45 227,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-12 09:34 . 2008-01-13 09:42 3,620 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-12 09:31 . 2008-01-12 09:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-12 09:31 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-01-12 09:31 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-01-12 09:31 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-01-12 09:31 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-01-12 09:31 . 2008-01-12 09:32 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-12 09:29 . 2008-01-12 10:47 <REP> d-------- C:\WINDOWS\Internet Logs
2008-01-12 09:25 . 2008-01-12 09:25 210,416 --a------ C:\Program Files\zaSetup_fr.exe
2008-01-09 21:24 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-09 21:24 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-09 21:24 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2008-01-09 21:24 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-09 21:24 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-09 21:24 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-09 21:24 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-09 21:24 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-08 19:16 . 2008-01-08 19:16 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-01-08 18:49 . 2008-01-09 21:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-08 18:31 . 2008-01-08 18:31 <REP> d-------- C:\Program Files\Panda Security
2008-01-08 18:01 . 2008-01-09 20:29 <REP> d-------- C:\Program Files\HTJ
2008-01-08 18:01 . 2008-01-08 18:01 318,369 --a------ C:\HiJackThis.zip
2008-01-06 13:39 . 2008-01-06 13:39 <REP> d-------- C:\Documents and Settings\dany rabory\Application Data\Snapfish
2008-01-01 11:38 . 2008-01-02 10:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ZangoSA

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 08:46 --------- d-----w C:\Program Files\Steam
2008-01-08 17:36 --------- d-----w C:\Documents and Settings\dany rabory\Application Data\Lavasoft
2008-01-02 17:39 --------- d-----w C:\Documents and Settings\dany rabory\Application Data\Skype
2007-12-13 18:27 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-19 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-03-20 01:24 251 ----a-w C:\Program Files\wt3d.ini
2007-01-19 16:17 0 ----a-w C:\Documents and Settings\dany rabory\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ©l©ments vides & les ©l©ments initiaux l©gitimes ne sont pas list©s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{014B52FC-3FF4-472C-A0F7-B0E52C924052}]
C:\WINDOWS\system32\sstqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBF2F087-EDCC-42E7-BA9B-25A8DBBC43A6}]
C:\WINDOWS\system32\ddabx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57 395776]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 17:05 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"Steam"="c:\program files\steam\steam.exe" [2007-11-30 00:38 1266936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 04:00 282624 C:\WINDOWS\stsystra.exe]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-22 22:36 1838592]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-28 21:29 32768]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 15:20 462336]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"bacstray"="C:\Program Files\Broadcom\BACS\BacsTray.exe" [2006-06-03 23:37 118784]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 13:49 1121280]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 16:04 707376]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 16:01 277296]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15 366400]
"nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 16:01]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S3 se57bus;Sony Ericsson Device 087 driver (WDM);C:\WINDOWS\system32\DRIVERS\se57bus.sys [2006-11-30 14:12]
S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se57mdfl.sys [2006-11-30 14:12]
S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se57mdm.sys [2006-11-30 14:12]
S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se57mgmt.sys [2006-11-30 14:12]
S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);C:\WINDOWS\system32\DRIVERS\se57nd5.sys [2006-11-30 14:12]
S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se57obex.sys [2006-11-30 14:12]
S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);C:\WINDOWS\system32\DRIVERS\se57unic.sys [2006-11-30 14:12]

.
Contenu du dossier 'Scheduled Tasks/T¢ches planifi©es'
"2008-01-12 10:34:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 09:46:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 9:48:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-13 08:48:38
.
2008-01-08 11:41:15 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:53:16, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070116
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {014B52FC-3FF4-472C-A0F7-B0E52C924052} - C:\WINDOWS\system32\sstqp.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EBF2F087-EDCC-42E7-BA9B-25A8DBBC43A6} - C:\WINDOWS\system32\ddabx.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Lyonnais92 · Answer

Bonjour,

je pourrais avoir le rapport de BTFix.

paulchette · Answer

BTFix 1.069 (par bibi26) - 13/01/2008 11:43:16 - Analyse
Lanc&#1081; depuis C:\Documents and Settings\dany rabory\Bureau\BTFix\BTFix.exe

---> Fichiers/Dossiers trouv&#1081;s

 - C:\Documents and Settings\All Users\Application Data\ZangoSA
 - C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
 - C:\Documents and Settings\All Users\Menu Demarrer\Programmes\Seekmo

---> Analyse termin&#1081;e

Lyonnais92 · Answer

Re,

tu as raté ça au post 3 :

Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Double clique sur BTFix.exe.
Clique sur Nettoyer.


refais le et poste le rapport ensuite.

paulchette · Answer

BTFix 1.069 (par bibi26) - 13/01/2008 13:24:16 - Nettoyage - Mode sans &#1081;chec
Lanc&#1081; depuis C:\Documents and Settings\dany rabory\Bureau\BTFix\BTFix.exe

---> Fichiers/dossiers supprim&#1081;s (Premi&#1080;re passe)

 - Fichiers temporaires effac&#1081;s
 - C:\Documents and Settings\All Users\Application Data\ZangoSA\*.*
 - C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65\*.*
 - C:\Documents and Settings\All Users\Menu Demarrer\Programmes\Seekmo\*.*

---> Nettoyage termin&#1081;

Lyonnais92 · Answer

Re,

comment va l'ordi ?

remets un rapport Hijackthis.

paulchette · Answer

Je ne pense pas qu'il soit guerri, quaund je l'allume zone alarm me met : Le parefeu a bloqué l'accès à votre ordinateur [session net BIOS]depuis car 75.8.88.166.207.102.Fbx.proxad.net

et il me dit que 11 intrusions bloquées alerte de niveau élévé.

Je suis obligé de désactiver  le parefeu pour aller sur internet.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:18:57, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32undll32.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070116
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {014B52FC-3FF4-472C-A0F7-B0E52C924052} - C:\WINDOWS\system32\sstqp.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EBF2F087-EDCC-42E7-BA9B-25A8DBBC43A6} - C:\WINDOWS\system32\ddabx.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Lyonnais92 · Answer

Re,

aucune raison pour que ZA bloque tes accès internet.

Tu autorises  generic host process ... (c:\windows\system32\svchosts.exe) à accéder à Internet ?

paulchette · Answer

JE NE COMPRENDS PAS TA QUESTION
ZA fait que d'envoyer des alertes j'autorise tout mais ça ne fait rien, je suis obligée de couper quand même pour l'accés internet, qu'est ce que je dois faire ?

Lyonnais92 · Answer

Re,

remets le parefeu de windows, désinstalel ZA.

fais ça :

Lis bien et exécute cette manip dans l’ordre.

#Télécharge et installe ces logiciels (si tu ne les as pas) pour les 3 premiers
mets les à jour, comme indiqué dans les démos ou tutos.

Ne les utilise pas tout de suite.


Antispywares et autres :

*Ad-Aware (gratuit)
Téléchargement :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
Le patch en Français pour Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
Tuto :
http://perso.orange.fr/rginformatique/section%20virus/adawrevid.asf

*Spybot (gratuit) :
Téléchargement :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
voir demo d utilisation (merci Balltrap)
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm

* AVG AS

AVG anti spyware
https://www.01net.com/telecharger/
Mets le a jour avant de lancer le scan.
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html


Nettoyeurs (de fichiers inutiles) et autres :

*Ccleaner (gratuit)
Téléchargement :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Tuto :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !

========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

[Coche] « afficher les dossiers et fichiers cachés »

[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

[Décoche] « masquer les extensions dont le type est connu »

Puis fais [appliquer] pour valider les changements.

Et [Ok]
=
=======================================

->Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec
puis tape « entrée ».
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
========================================
-
->Lance CCleaner.

Suppression des fichiers temporaires

Va dans la section "Options" situé dans la marge gauche.
Décoche "Avancé"
Retourne ensuite dans la section "Nettoyeur"
Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)
• Clique sur [Analyse]
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
• Une fois le scan terminé, clique sur [Lancer le Nettoyage]



========================================
->Lance AVG pour un scan complet "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau et [copie/colle le rapport en forum]
========================================
->Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
========================================
->Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
========================================
->Relance CCleaner.
Suppression des incohérences du registre

• Clique sur l'icône [Erreurs] situés dans la marge à gauche
• Puis clique sur [Analyser les erreurs]
• Patiente pendant que CCleaner scan ton registre.
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
• Tu peux cliquer ensuite sur [Corriger les erreurs].

Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement.
========================================
->Vide ta Corbeille.
========================================
->Redémarre en mode normal,


- > Ouvre ce lien pour scanner ton PC avec un BitDefender en ligne (uniquement sous Internet Explorer) :

https://www.bitdefender.com/toolbox/

Utilisation :
Cliquer sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et l'installer.
Ensuite, cliquer sur "Cliquez ici pour scanner".
Patienter jusqu'à la fin du scan qui peut durer assez longtemps...

Copier/coller le rapport entier sur le forum.

Tutoriel en images ici : http://pageperso.aol.fr/rginformatique/mapage/defender.htm (merci à Balltrap34 pour cette réalisation)
[Recoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

Relance Hijackthis et copie/colle un nouveau rapport sur le forum.

paulchette · Answer

les 3 rapports : 

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	19:16:05 13/01/2008

 + Résultat de l'analyse:	



C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@site.skype[1].txt -> TrackingCookie.Skype : Nettoyé.
C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@skype[1].txt -> TrackingCookie.Skype : Nettoyé.
C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.


Fin du rapport


BitDefender Online Scanner
  
  
 
Scan report generated at: Sun, Jan 13, 2008 - 21:51:26
 
 
  
  
 
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;
  
  
 
 
  
  
 
Statistics
 
Time
 00:50:38
 
Files
 323331
 
Folders
 7306
 
Boot Sectors
 4
 
Archives
 4380
 
Packed Files
 18908
 
  
  
 
Results
 
Identified Viruses 
 2
 
Infected Files 
 16
 
Suspect Files 
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 16
 
  
  
 
Engines Info
 
Virus Definitions
 889930
 
Engine build
 AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
 
Scan plugins
 14
 
Archive plugins
 38
 
Unpack plugins
 7
 
E-mail plugins
 6
 
System plugins
 1
 
  
  
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
  
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
  
  
 
  Scanned File
  Status
 
C:\QooBox\Quarantine\C\WINDOWS\system32\pqtss.ini.vir
 Infected with: Trojan.Vundo.DVS
 
C:\QooBox\Quarantine\C\WINDOWS\system32\pqtss.ini.vir
 Disinfection failed
 
C:\QooBox\Quarantine\C\WINDOWS\system32\pqtss.ini.vir
 Deleted
 
C:\QooBox\Quarantine\C\WINDOWS\system32\pqtss.ini2.vir
 Infected with: Trojan.Vundo.DVS
 
C:\QooBox\Quarantine\C\WINDOWS\system32\pqtss.ini2.vir
 Disinfection failed
 
C:\QooBox\Quarantine\C\WINDOWS\system32\pqtss.ini2.vir
 Deleted
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP358\A0092436.ini
 Infected with: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP358\A0092436.ini
 Disinfection failed
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP358\A0092436.ini
 Deleted
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP358\A0092445.ini
 Infected with: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP358\A0092445.ini
 Disinfection failed
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP358\A0092445.ini
 Deleted
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP358\A0093447.ini
 Infected with: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP358\A0093447.ini
 Disinfection failed
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP358\A0093447.ini
 Deleted
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP359\A0093515.ini
 Infected with: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP359\A0093515.ini
 Disinfection failed
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP359\A0093515.ini
 Deleted
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP359\A0094447.ini
 Infected with: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP359\A0094447.ini
 Disinfection failed
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP359\A0094447.ini
 Deleted
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP360\A0094539.ini
 Infected with: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP360\A0094539.ini
 Disinfection failed
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP360\A0094539.ini
 Deleted
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP361\A0094613.ini
 Infected with: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP361\A0094613.ini
 Disinfection failed
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP361\A0094613.ini
 Deleted
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0094937.ini
 Infected with: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0094937.ini
 Disinfection failed
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0094937.ini
 Deleted
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095908.ini
 Infected with: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095908.ini
 Disinfection failed
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095908.ini
 Deleted
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095916.ini
 Infected with: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095916.ini
 Disinfection failed
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095916.ini
 Deleted
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095931.ini
 Infected with: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095931.ini
 Disinfection failed
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095931.ini
 Deleted
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095939.ini
 Infected with: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095939.ini
 Disinfection failed
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095939.ini
 Deleted
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP365\A0097374.dll
 Infected with: Trojan.Vundo.DVO
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP365\A0097374.dll
 Disinfection failed
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP365\A0097374.dll
 Deleted
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP366\A0097417.ini
 Infected with: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP366\A0097417.ini
 Disinfection failed
 
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP366\A0097417.ini
 Deleted
 
 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:29, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070116
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {014B52FC-3FF4-472C-A0F7-B0E52C924052} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EBF2F087-EDCC-42E7-BA9B-25A8DBBC43A6} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Lyonnais92 · Answer

Re,

1) Relance HijackThis.

Choisis Do a scan only

Coche la case devant les lignes suivantes

 	O2 - BHO: (no name) - {014B52FC-3FF4-472C-A0F7-B0E52C924052} - (no file)
 	O2 - BHO: (no name) - {EBF2F087-EDCC-42E7-BA9B-25A8DBBC43A6} - (no file)

Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

Clique sur fix checked.

Ferme Hijackthis.

2) ouvre ce lien 

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924

en suivant ces indications, tu désactives la restauration système, tu fermes pour revenir sur le bureau et tu réactives la restauration.

Tu redémarres l"ordi.

3)     * Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.

http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe

    * Clique sur Recherche et laisse le scan se terminer.


    * Clique, sur Suppression pour finaliser.


    * Tu peux, si tu le souhaites, te servir des Options facultatives.


    * Clique sur Quitter, pour que le rapport puisse se créer.


    * Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

paulchette · Answer

La page de toolscleaner n'existe plus je remplace par autre chose ?

Lyonnais92 · Answer

Bonjour,

on va attendre, elle  devrait revenir.

Tu retélécharges ZA et tu l'installes (coupé d'internet).

Tu le règles sur "demander".

tu acceptes pour svchost (generic hosts process pour windows)

tu acceptes pour les autres (sauf si ils te paraissent suspects).

Un lien pour savoir où le logiciel veut aller :

https://generic-nic.net/

tu colles l'ip de destination (ZA te la donne).

paulchette · Answer

slt,

La page n'est toujours pas dispo, il faut encore attendre ? est-ce que je peut me servir normalement de mon ordi, aller sur internet, jouer en réseau ... sans  endommager quoique ce soit ?

MErci

@+

Lyonnais92 · Answer

Re,

    * Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.

http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
 

    * Clique sur Recherche et laisse le scan se terminer.


    * Clique, sur Suppression pour finaliser.


    * Tu peux, si tu le souhaites, te servir des Options facultatives.


    * Clique sur Quitter, pour que le rapport puisse se créer.


    * Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

Comment ça se passe averc ZA ?

Pour le reste, tu peux utiliser l'ordi normalement.

paulchette · Answer

slt,

bon pour le rapport j'ai un peu merdé, vu que je ne le trouvais pas, je j'ai refais un scan donc le rapport est vide !
Et pour ZA ça marche,
Mais tout ça, ça m'donne quoi pour mon virus, parcqu'au bout du compte il est tjrs là !

Lyonnais92 · Answer

Bonjour,

1) as tu fait une restauration systeme ?

 2) quel outil te le décèle et où ?

3) retélécharge combofix (par sUBs)ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 


et enregistre le sur le bureau. 

2 double-clique sur combofix.exe et suis les instructions 

3 à la fin, il va produire un rapport C:\ComboFix.txt 

4 copie/colle ce rapport dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 
Poste le rapport dans ta réponse avec un nouveau rapport Hijackthis.

paulchette · Answer

- oui j'ai fais une restauration système - Avast qui me le décèle, j'ai fais un scan, mais je ne sais pas ou g pas de rapport. Et il ne m'envoie pas d'alerte - rapport combofix : ComboFix 08-01-17.5 - dany rabory 2008-01-17 10:27:46.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1251.996.1036.18.550 [GMT 1:00] Running from: C:\Documents and Settings\dany rabory\Bureau\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers crййs 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))))))) . 2008-01-14 19:27 . 2008-01-17 10:30 831,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-14 19:27 . 2008-01-17 08:47 10,364 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-14 19:24 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-01-14 19:24 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-01-14 19:24 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-01-14 19:24 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-01-14 19:24 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-01-13 20:54 . 2008-01-13 21:51 d-------- C:\WINDOWS\BDOSCAN8 2008-01-13 17:32 . 2008-01-13 17:32 d-------- C:\Documents and Settings\dany rabory\Application Data\Grisoft 2008-01-13 17:32 . 2008-01-13 17:32 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-13 17:32 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-13 17:14 . 2008-01-13 17:14 d-------- C:\Program Files\CCleaner 2008-01-13 17:14 . 2008-01-13 17:14 d-------- C:\Documents and Settings\dany rabory\Menu Demarrer 2008-01-13 17:03 . 2008-01-13 20:35 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-13 16:58 . 2008-01-13 16:58 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-01-13 16:58 . 2008-01-13 16:59 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-13 16:54 . 2008-01-13 16:58 d-------- C:\Program Files\Lavasoft 2008-01-13 09:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-12 09:31 . 2008-01-12 09:31 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-01-12 09:31 . 2008-01-14 19:25 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-01-12 09:30 . 2008-01-14 19:24 d-------- C:\WINDOWS\system32\ZoneLabs 2008-01-12 09:29 . 2008-01-17 10:21 d-------- C:\WINDOWS\Internet Logs 2008-01-12 09:25 . 2008-01-12 09:25 210,416 --a------ C:\Program Files\zaSetup_fr.exe 2008-01-09 21:24 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-09 21:24 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-09 21:24 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2008-01-09 21:24 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-09 21:24 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-09 21:24 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-09 21:24 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-09 21:24 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-08 19:16 . 2008-01-08 19:16 dr------- C:\Documents and Settings\LocalService\Favoris 2008-01-08 18:49 . 2008-01-09 21:11 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-01-08 18:31 . 2008-01-08 18:31 d-------- C:\Program Files\Panda Security 2008-01-08 18:01 . 2008-01-09 20:29 d-------- C:\Program Files\HTJ 2008-01-08 18:01 . 2008-01-08 18:01 318,369 --a------ C:\HiJackThis.zip 2008-01-06 13:39 . 2008-01-06 13:39 d-------- C:\Documents and Settings\dany rabory\Application Data\Snapfish . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-17 09:17 --------- d-----w C:\Program Files\Steam 2008-01-16 17:44 44,032 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2008-01-16 17:44 1,385,984 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2008-01-16 17:35 1,609,728 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-01-16 17:35 1,385,984 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-01-15 15:58 --------- d-----w C:\Program Files\FreeDial 2008-01-15 10:39 1,533,160 ----a-w C:\WINDOWS\Internet Logs vDebug.zip 2008-01-08 17:36 --------- d-----w C:\Documents and Settings\dany rabory\Application Data\Lavasoft 2008-01-02 17:39 --------- d-----w C:\Documents and Settings\dany rabory\Application Data\Skype 2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-13 18:27 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2007-11-19 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache cpip.sys 2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:36 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-22 18:57 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-03-20 01:24 251 ----a-w C:\Program Files\wt3d.ini 2007-01-19 16:17 0 ----a-w C:\Documents and Settings\dany rabory\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les йlйments vides & les йlйments initiaux lйgitimes ne sont pas listйs [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57 395776] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 17:05 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360] "Steam"="c:\program files\steam\steam.exe" [2007-11-30 00:38 1266936] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 04:00 282624 C:\WINDOWS\stsystra.exe] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-22 22:36 1838592] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-28 21:29 32768] "Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 15:20 462336] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920] "bacstray"="C:\Program Files\Broadcom\BACS\BacsTray.exe" [2006-06-03 23:37 118784] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 13:49 1121280] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424] "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 16:04 707376] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 16:01 277296] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15 366400] "nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07 81920] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11] R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 16:01] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08] S3 se57bus;Sony Ericsson Device 087 driver (WDM);C:\WINDOWS\system32\DRIVERS\se57bus.sys [2006-11-30 14:12] S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se57mdfl.sys [2006-11-30 14:12] S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se57mdm.sys [2006-11-30 14:12] S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se57mgmt.sys [2006-11-30 14:12] S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);C:\WINDOWS\system32\DRIVERS\se57nd5.sys [2006-11-30 14:12] S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se57obex.sys [2006-11-30 14:12] S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);C:\WINDOWS\system32\DRIVERS\se57unic.sys [2006-11-30 14:12] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd472cb8-c1de-11dc-8228-00188b85cb9f}] \Shell\AutoRun\command - K:\wd_windows_tools\setup.exe . Contenu du dossier 'Scheduled Tasks/Tвches planifiйes' "2008-01-16 23:34:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-17 10:30:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-17 10:31:42 ComboFix2.txt 2008-01-13 08:48:41 . 2008-01-15 07:54:30 --- E O F ---

Lyonnais92 · Answer

Re,

Clique sur ce lien 
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe 
pour télécharger le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.  

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là : 
C:\Program Files\Trend Micro\HijackThis

Accepte la license en cliquant sur le bouton "I Accept"

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement


Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
              http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm

paulchette · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47:07, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070116
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

A l'aide urgent win32 : trat BHO[tRJ]

24 réponses

Votre réponse

Discussions similaires

Newsletters