Sujet Précédent Sujet Suivant

Lire un rapport "hijackthis

kris40 Messages postés 3 Statut Membre -  
FillPCA Messages postés 2264 Statut Contributeur sécurité -
Bonjour,je cherche juste quelqu'un qui sache lire un rapport hijackthis pour savoir si mon ordi est désinfecté ou pas...merci beaucoup
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:28, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
C:\WINDOWS\mrofinu1148.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\alexandre sarrazin\Application Data\Microsoft\Windows\rayiou.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\ICROSO~1.NET\rundll32.exe
C:\WINDOWS\system32\W?nSxS\j?vaw.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {171AF532-1C87-6E00-ABBB-12A3908FAAE8} - C:\WINDOWS\system32\ewjhj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\alexandre sarrazin\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [Orep] "C:\WINDOWS\ICROSO~1.NET\rundll32.exe" -vt yazb
O4 - HKCU\..\Run: [Juhqvgl] C:\WINDOWS\system32\W?nSxS\j?vaw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-148dbd752bf683b3.spaces.live.com/PhotoUpload/MsnPUpld.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
A voir également:

17 réponses

Réponse 1 / 17
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Bonjour,

1/ # Télécharge Vundofix (par Atribune) sur ton Bureau : http://www.atribune.org/ccount/click.php?id=4
# Double-clique VundoFix.exe afin de le lancer.
# Clique sur le bouton Scan for Vundo.
# Lorsque le scan est complété, clique sur le bouton Remove Vundo (uniquement si des fichiers infectieux sont trouvés).
# Une invite te demandera si tu veux supprimer les fichiers, clique YES.
# Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
# Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
# Copie/colle le contenu du rapport situé dans C:\vundofix.txt

2/ * Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Double clique combofix.exe et suis les invites.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

3/ Edite les deux rapports précédents et un rapport Hijackthis.

FillPCA
0
Réponse 2 / 17
kris40
 
bonjour..un grand merci pour l'interet porté...j'ai téléchargé vundofix.exe et aucun fichier infectieux n'a été trouvé...puis combofix a eliminé certain fichiers a eteint l'ordi et a rebooté windows...et j'ai refait un rapport hijackthis ComboFix 08-01-23.1 - alexandre sarrazin 2008-01-23 6:32:35.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.148 [GMT 1:00]
Endroit: C:\Documents and Settings\alexandre sarrazin\Local Settings\Temporary Internet Files\Content.IE5\75ZFQAOF\ComboFix[1].exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
[color=purple]The following files were disabled during the run:[/color]
C:\WINDOWS\system32\sockspy.dll

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\alexandre sarrazin\Menu D‚marrer\Programmes\Outerinfo
C:\Documents and Settings\alexandre sarrazin\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\alexandre sarrazin\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Router
C:\Program Files\Router\UnInstall.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\WINDOWS\icroso~1.net
C:\WINDOWS\icroso~1.net\?icrosoft.NET\
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\system32\ewjhj.dll
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\wnsxs~1\j?vaw.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.

2008-01-23 06:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 19:55 . 2008-01-22 19:55 <REP> d-------- C:\VundoFix Backups
2008-01-22 16:46 . 2008-01-22 16:46 <REP> d-------- C:\Program Files\Trend Micro
2008-01-22 15:25 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-22 14:47 . 2008-01-22 14:47 <REP> d-------- C:\Program Files\CCleaner
2008-01-21 19:01 . 2008-01-21 19:01 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-01-21 08:41 . 2008-01-23 06:44 1,093,664 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-21 08:41 . 2008-01-23 06:43 13,844 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-21 08:37 . 2008-01-21 08:40 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-21 08:34 . 2008-01-23 06:27 <REP> d-------- C:\WINDOWS\Internet Logs
2008-01-20 20:46 . 2008-01-20 21:49 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-20 20:41 . 2008-01-20 20:41 <REP> d-------- C:\Program Files\Panda Security
2008-01-20 13:58 . 2008-01-20 13:58 36,864 --a------ C:\WINDOWS\17PHolmes1148.exe
2008-01-20 13:53 . 2008-01-21 02:06 <REP> d-------- C:\Program Files\Dot1XCfg
2008-01-20 13:50 . 2008-01-20 13:50 36,864 --a------ C:\WINDOWS\mrofinu1148.exe.tmp
2008-01-14 12:00 . 2008-01-14 12:25 <REP> d-------- C:\Program Files\Azureus
2008-01-12 19:12 . 2008-01-12 19:12 268 --ah----- C:\sqmdata04.sqm
2008-01-12 19:12 . 2008-01-12 19:12 244 --ah----- C:\sqmnoopt04.sqm
2008-01-12 16:09 . 2008-01-12 16:09 268 --ah----- C:\sqmdata03.sqm
2008-01-12 16:09 . 2008-01-12 16:09 244 --ah----- C:\sqmnoopt03.sqm
2008-01-12 16:08 . 2008-01-12 16:08 <REP> d-------- C:\temp\ext34454
2008-01-12 16:08 . 2008-01-13 18:20 <REP> d-------- C:\temp
2008-01-12 16:08 . 2000-05-11 13:06 397,312 --a------ C:\WINDOWS\system32\MSRDO20.DLL
2008-01-12 16:08 . 2000-08-02 15:44 151,552 --a------ C:\WINDOWS\system32\rdocurs.dll
2008-01-12 16:08 . 2005-09-20 12:26 53,248 --a------ C:\WINDOWS\system32\mavideo.scr
2008-01-12 16:08 . 1998-10-19 12:34 37,062 --a------ C:\WINDOWS\system32\odbcinst.hlp
2008-01-12 16:08 . 1998-10-19 12:34 324 --a------ C:\WINDOWS\system32\odbcinst.cnt
2008-01-12 16:07 . 2008-01-12 16:07 <REP> d-------- C:\Program Files\Micro Application
2008-01-12 16:02 . 2008-01-12 16:02 <REP> d-------- C:\Program Files\Nero
2008-01-12 15:51 . 2008-01-12 15:51 0 --a------ C:\WINDOWS\Irremote.ini
2008-01-08 16:16 . 2008-01-08 16:16 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-01-06 23:02 . 2008-01-06 23:02 <REP> d-------- C:\Poker
2008-01-06 22:55 . 2008-01-22 21:43 116 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-28 18:26 . 2008-01-14 09:27 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-12-28 14:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-27 16:01 . 2007-12-27 16:01 244 --ah----- C:\sqmnoopt02.sqm
2007-12-27 16:01 . 2007-12-27 16:01 232 --ah----- C:\sqmdata02.sqm
2007-12-27 15:16 . 2007-12-27 15:16 244 --ah----- C:\sqmnoopt01.sqm
2007-12-27 15:16 . 2007-12-27 15:16 232 --ah----- C:\sqmdata01.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 05:46 --------- d-----w C:\Program Files\Wanadoo
2008-01-21 18:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-21 18:00 --------- d-----w C:\Program Files\Windows Live
2008-01-20 12:28 --------- d-----w C:\Program Files\eMule
2008-01-12 15:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 15:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-12 15:02 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-01-12 14:53 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-01-04 19:54 --------- d-----w C:\Program Files\AskTBar
2007-12-28 13:27 --------- d-----w C:\Program Files\Java
2007-12-18 08:46 --------- d-----w C:\Program Files\QuickTime
2007-12-13 18:27 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-12-13 18:27 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
2007-12-11 17:25 --------- d-----w C:\Program Files\Ahead
2007-12-11 14:51 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-10 08:17 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-09 21:38 --------- d-----w C:\Program Files\HP
2007-12-08 12:00 --------- d-----w C:\Program Files\QuickZip4
2007-12-04 18:57 --------- d-----w C:\Program Files\FDSoftware
2007-12-04 09:45 --------- d-----w C:\Program Files\LM Version-2.5-F
2007-12-04 08:01 --------- d-----w C:\Program Files\DivX
2007-12-04 08:00 --------- d-----w C:\Program Files\Yahoo!
2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-11-29 02:00 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-28 15:37 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2007-11-27 23:53 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-27 23:48 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-27 23:44 --------- d-----w C:\Program Files\Google
2007-11-27 21:09 --------- d-----w C:\Program Files\InterVideo
2007-11-27 19:29 --------- d-----w C:\Program Files\SAGEM
2007-11-27 19:23 --------- d-----w C:\Program Files\Securitoo
2007-11-27 19:10 --------- d--h--w C:\Program Files\Uninstall Information
2007-11-27 19:04 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-27 19:04 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-11-27 19:03 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-11-27 19:03 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-11-27 18:38 --------- d-----w C:\Program Files\Services en ligne
2007-11-27 18:37 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"Orep"="C:\WINDOWS\ICROSO~1.NET\rundll32.exe" [ ]
"Juhqvgl"="C:\WINDOWS\system32\W?nSxS\j?vaw.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792]
"nwiz"="nwiz.exe" [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 07:32 86016]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-18 09:46 282624]
"NWEReboot"="" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-30 09:55]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-23 05:48:12 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:55, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Orep] "C:\WINDOWS\ICROSO~1.NET\rundll32.exe" -vt yazb
O4 - HKCU\..\Run: [Juhqvgl] C:\WINDOWS\system32\W?nSxS\j?vaw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-148dbd752bf683b3.spaces.live.com/PhotoUpload/MsnPUpld.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 3 / 17
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Bonjour,

1/
* Sélectionne le texte suivant :

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dot1XCfg"=-
"Router"=-
"Orep"=-
"Juhqvgl"=-

Folder::
C:\Program Files\Dot1XCfg
C:\Program Files\Router
C:\WINDOWS\system32\W?nSxS

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

2/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
* Choisis Kaspersky.
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.

3/ Edite le rapport Combofix, le rapport Kaspersky et un nouveau rapport Hijackthis.

FillPCA
0
Réponse 4 / 17
kris40
 
ComboFix 08-01-23.2 - alexandre sarrazin 2008-01-23 11:51:10.3 - NTFSx86
Endroit: C:\Documents and Settings\alexandre sarrazin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\alexandre sarrazin\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\alexandre sarrazin\Menu D‚marrer\Programmes\Outerinfo
C:\Documents and Settings\alexandre sarrazin\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\alexandre sarrazin\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Router
C:\Program Files\Router\UnInstall.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\WINDOWS\icroso~1.net
C:\WINDOWS\icroso~1.net\?icrosoft.NET\
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\system32\ewjhj.dll
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\wnsxs~1\j?vaw.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.

2008-01-23 06:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 19:55 . 2008-01-22 19:55 <REP> d-------- C:\VundoFix Backups
2008-01-22 16:46 . 2008-01-22 16:46 <REP> d-------- C:\Program Files\Trend Micro
2008-01-22 15:25 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-22 14:47 . 2008-01-22 14:47 <REP> d-------- C:\Program Files\CCleaner
2008-01-21 19:01 . 2008-01-21 19:01 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-01-21 08:41 . 2008-01-23 11:57 1,181,728 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-21 08:41 . 2008-01-23 06:43 13,844 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-21 08:37 . 2008-01-21 08:40 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-21 08:34 . 2008-01-23 11:38 <REP> d-------- C:\WINDOWS\Internet Logs
2008-01-20 20:46 . 2008-01-20 21:49 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-20 20:41 . 2008-01-20 20:41 <REP> d-------- C:\Program Files\Panda Security
2008-01-20 13:58 . 2008-01-20 13:58 36,864 --a------ C:\WINDOWS\17PHolmes1148.exe
2008-01-20 13:53 . 2008-01-21 02:06 <REP> d-------- C:\Program Files\Dot1XCfg
2008-01-20 13:50 . 2008-01-20 13:50 36,864 --a------ C:\WINDOWS\mrofinu1148.exe.tmp
2008-01-14 12:00 . 2008-01-14 12:25 <REP> d-------- C:\Program Files\Azureus
2008-01-12 19:12 . 2008-01-12 19:12 268 --ah----- C:\sqmdata04.sqm
2008-01-12 19:12 . 2008-01-12 19:12 244 --ah----- C:\sqmnoopt04.sqm
2008-01-12 16:09 . 2008-01-12 16:09 268 --ah----- C:\sqmdata03.sqm
2008-01-12 16:09 . 2008-01-12 16:09 244 --ah----- C:\sqmnoopt03.sqm
2008-01-12 16:08 . 2008-01-12 16:08 <REP> d-------- C:\temp\ext34454
2008-01-12 16:08 . 2008-01-13 18:20 <REP> d-------- C:\temp
2008-01-12 16:08 . 2000-05-11 13:06 397,312 --a------ C:\WINDOWS\system32\MSRDO20.DLL
2008-01-12 16:08 . 2000-08-02 15:44 151,552 --a------ C:\WINDOWS\system32\rdocurs.dll
2008-01-12 16:08 . 2005-09-20 12:26 53,248 --a------ C:\WINDOWS\system32\mavideo.scr
2008-01-12 16:08 . 1998-10-19 12:34 37,062 --a------ C:\WINDOWS\system32\odbcinst.hlp
2008-01-12 16:08 . 1998-10-19 12:34 324 --a------ C:\WINDOWS\system32\odbcinst.cnt
2008-01-12 16:07 . 2008-01-12 16:07 <REP> d-------- C:\Program Files\Micro Application
2008-01-12 16:02 . 2008-01-12 16:02 <REP> d-------- C:\Program Files\Nero
2008-01-12 15:51 . 2008-01-12 15:51 0 --a------ C:\WINDOWS\Irremote.ini
2008-01-08 16:16 . 2008-01-08 16:16 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-01-06 23:02 . 2008-01-06 23:02 <REP> d-------- C:\Poker
2008-01-06 22:55 . 2008-01-22 21:43 116 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-28 18:26 . 2008-01-14 09:27 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-12-28 14:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-27 16:01 . 2007-12-27 16:01 244 --ah----- C:\sqmnoopt02.sqm
2007-12-27 16:01 . 2007-12-27 16:01 232 --ah----- C:\sqmdata02.sqm
2007-12-27 15:16 . 2007-12-27 15:16 244 --ah----- C:\sqmnoopt01.sqm
2007-12-27 15:16 . 2007-12-27 15:16 232 --ah----- C:\sqmdata01.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 10:54 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-01-23 05:47 --------- d-----w C:\Program Files\Wanadoo
2008-01-22 16:41 448,512 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-01-22 16:41 1,378,304 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-01-22 14:01 1,385,984 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-01-21 18:03 238,592 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-01-21 18:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-21 18:00 --------- d-----w C:\Program Files\Windows Live
2008-01-20 12:28 --------- d-----w C:\Program Files\eMule
2008-01-12 15:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 15:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-12 15:02 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-01-12 14:53 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-01-04 19:54 --------- d-----w C:\Program Files\AskTBar
2007-12-28 13:27 --------- d-----w C:\Program Files\Java
2007-12-18 08:46 --------- d-----w C:\Program Files\QuickTime
2007-12-13 18:27 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-12-13 18:27 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
2007-12-13 18:27 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
2007-12-13 18:27 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-12-13 18:27 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-12-13 18:27 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-12-11 17:25 --------- d-----w C:\Program Files\Ahead
2007-12-11 14:51 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-10 08:17 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-09 21:38 --------- d-----w C:\Program Files\HP
2007-12-08 12:00 --------- d-----w C:\Program Files\QuickZip4
2007-12-04 18:57 --------- d-----w C:\Program Files\FDSoftware
2007-12-04 09:45 --------- d-----w C:\Program Files\LM Version-2.5-F
2007-12-04 08:01 --------- d-----w C:\Program Files\DivX
2007-12-04 08:00 --------- d-----w C:\Program Files\Yahoo!
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-29 02:00 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-28 15:37 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2007-11-27 23:53 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-27 23:48 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-27 23:44 --------- d-----w C:\Program Files\Google
2007-11-27 21:09 --------- d-----w C:\Program Files\InterVideo
2007-11-27 19:29 --------- d-----w C:\Program Files\SAGEM
2007-11-27 19:23 --------- d-----w C:\Program Files\Securitoo
2007-11-27 19:10 --------- d--h--w C:\Program Files\Uninstall Information
2007-11-27 19:04 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-27 19:04 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-11-27 19:03 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-11-27 19:03 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-11-27 18:38 --------- d-----w C:\Program Files\Services en ligne
2007-11-27 18:37 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_ 6.51.40.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 05:31:24 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 10:50:52 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 05:31:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 10:50:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 05:31:24 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 10:50:52 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 05:31:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 10:50:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 05:31:25 2,703,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-23 10:50:53 2,703,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 05:31:25 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 10:50:53 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"Orep"="C:\WINDOWS\ICROSO~1.NET\rundll32.exe" [ ]
"Juhqvgl"="C:\WINDOWS\system32\W?nSxS\j?vaw.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792]
"nwiz"="nwiz.exe" [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 07:32 86016]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-18 09:46 282624]
"NWEReboot"="" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-30 09:55]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-23 10:48:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
[Danger]

HIGH = 0
MEDIUM = 1
LOW = 2
INFORMATIONAL = 3

[Verdicts]

Undefined = 0, HIGH
VirWare = 1, HIGH
TrojWare = 2, HIGH
MalWare = 3, MEDIUM
AdWare = 4, MEDIUM
PornWare = 5, MEDIUM
RiskWare = 6, LOW
X-Files = 20, INFORMATIONAL
SoftWare = 21, INFORMATIONAL
UNDETECT = 30

[Behaviour]

Trojan-ArcBomb = 100, TrojWare
Backdoor = 101, TrojWare
Trojan = 102, TrojWare
Trojan-AOL = 103, TrojWare
Trojan-Clicker = 104, TrojWare
Trojan-Downloader = 105, TrojWare
Trojan-Dropper = 106, TrojWare
;Trojan-MSN = 107, TrojWare
Trojan-Notifier = 108, TrojWare
Trojan-Proxy = 109, TrojWare
Trojan-PSW = 110, TrojWare
Trojan-Spy = 111, TrojWare
Trojan-DDoS = 113, TrojWare
Trojan-IM = 114, TrojWare
RootKit = 115, TrojWare
Trojan-SMS = 116, TrojWare

Email-Worm = 200, VirWare
IM-Worm = 201, VirWare
IRC-Worm = 202, VirWare
Net-Worm = 203, VirWare
P2P-Worm = 204, VirWare
Worm = 205, VirWare
Virus = 206, VirWare

Constructor = 300, MalWare
DoS = 301, MalWare
Exploit = 302, MalWare
FileCryptor = 303, MalWare
Flooder = 304, MalWare
HackTool = 305, MalWare
not-virus:Hoax = 306, MalWare
not-virus:BadJoke = 307, MalWare
Nuker = 308, MalWare
PolyCryptor = 309, MalWare
PolyEngine = 310, MalWare
Sniffer = 311, MalWare
SpamTool = 312, MalWare
Spoofer = 313, MalWare
VirTool = 314, MalWare
Email-Flooder = 315, MalWare
IM-Flooder = 316, MalWare
SMS-Flooder = 317, MalWare

not-a-virus:AdWare = 400, AdWare

not-a-virus:Porn-Dialer = 500, PornWare
not-a-virus:Porn-Downloader = 501, PornWare
not-a-virus:Porn-Tool = 502, PornWare

not-a-virus:Tool = 600, RiskWare
not-a-virus:Client-IRC = 601, RiskWare
not-a-virus:Dialer = 602, RiskWare
not-a-virus:Downloader = 603, RiskWare
not-a-virus:Monitor = 604, RiskWare
not-a-virus:PSWTool = 605, RiskWare
not-a-virus:RemoteAdmin = 606, RiskWare
not-a-virus:Server-FTP = 607, RiskWare
not-a-virus:Server-Proxy = 608, RiskWare
not-a-virus:Server-Telnet = 609, RiskWare
not-a-virus:Server-Web = 610, RiskWare
not-a-virus:RiskTool = 611, RiskWare
not-a-virus:NetTool = 612, RiskWare
not-a-virus:Client-P2P = 613, RiskWare
not-a-virus:Client-SMTP = 614, RiskWare
not-a-virus:AdTool = 615, RiskWare
not-a-virus:FraudTool = 616, RiskWare

not-a-virus: = 700, X-Files

DEFAULT = 206, VirWare

; 0XLSznpdI71fB300e7Uwj1xkHtrq3JiLKVtqN3twFFZ0DbR35mEgggR2E+­­
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
kris40
 
je t'envoie le rapport "hijackthis" dans la foulée..encore merci...
0
Réponse 6 / 17
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

Combofix n'a pas marché. Il ne faut pas double-cliquer sur l'icone rouge mais faire un glisser-déposer du fixchier texte que tu as créé ainsi :
http://img502.imageshack.us/img502/8978/cfscriptas4.gif

FillPCA
0
Réponse 7 / 17
kris40
 
et voici le dernier rapport "hijackthis"..merci encore pour ton aide...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:55, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Orep] "C:\WINDOWS\ICROSO~1.NET\rundll32.exe" -vt yazb
O4 - HKCU\..\Run: [Juhqvgl] C:\WINDOWS\system32\W?nSxS\j?vaw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-148dbd752bf683b3.spaces.live.com/PhotoUpload/MsnPUpld.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 8 / 17
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

Tu n'as pas vu mon message de 13 h 54. Combofix a été mal employé. Utilise-le comme je l'ai nidiqué et édite le rapport Combofix et un nouveau rapport Hijackthis.

FillPCA
0
Réponse 9 / 17
kris40
 
re.....navré mais lorsque j'ai "glissé -déposé" j'ai attendu..et puis rien ne s'est produit..donc j'ai double cliqué dessus..apparemment "grosse erreur" de ma part..mais si rien ne se passe ..quoi faire?...le dernier rapport "hijackthis" t'informe t'il de quelque chose de nouveau?....je ne cesse de te remercier mais encore merci...
0
Réponse 10 / 17
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

Non, la situation est la même car le nettoyage avec combofix ne s'est pas déroulé correctement.
Télécharge ce fichier sur ton bureau : https://spaces.hightail.com/resolve/ufid/EE46EA3E2E99D595
Fais un glisser-déposer sur le programme Combofix et édite le rapport généré et un nouveau rapport Hijackthis.

FillPCA
0
Réponse 11 / 17
kris40
 
re..donc lorsque j'ai fait ce "glissé-déposé"..on me demande si je veux executer le logiciel combofix...je dis oui...car c'est ce que j'ai exactement fait toute à l'heure....
0
Réponse 12 / 17
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

Oui.
0
Réponse 13 / 17
kris40
 
ok...chef..je fais....
0
Réponse 14 / 17
kris40
 
ComboFix 08-01-23.2 - alexandre sarrazin 2008-01-23 14:48:03.5 - NTFSx86
Endroit: C:\Documents and Settings\alexandre sarrazin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\alexandre sarrazin\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Dot1XCfg
.
---- Previous Run -------
.
C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\alexandre sarrazin\Menu D‚marrer\Programmes\Outerinfo
C:\Documents and Settings\alexandre sarrazin\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\alexandre sarrazin\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Router
C:\Program Files\Router\UnInstall.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\WINDOWS\icroso~1.net
C:\WINDOWS\icroso~1.net\?icrosoft.NET\
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\system32\ewjhj.dll
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\wnsxs~1\j?vaw.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.

2008-01-23 12:48 . 2008-01-23 12:48 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-23 12:48 . 2008-01-23 12:48 <REP> d-------- C:\WINDOWS\LastGood
2008-01-23 06:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 19:55 . 2008-01-22 19:55 <REP> d-------- C:\VundoFix Backups
2008-01-22 16:46 . 2008-01-22 16:46 <REP> d-------- C:\Program Files\Trend Micro
2008-01-22 15:25 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-22 14:47 . 2008-01-22 14:47 <REP> d-------- C:\Program Files\CCleaner
2008-01-21 19:01 . 2008-01-21 19:01 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-01-21 08:41 . 2008-01-23 14:53 1,286,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-21 08:41 . 2008-01-23 06:43 13,844 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-21 08:37 . 2008-01-21 08:40 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-21 08:34 . 2008-01-23 14:42 <REP> d-------- C:\WINDOWS\Internet Logs
2008-01-20 20:46 . 2008-01-20 21:49 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-20 20:41 . 2008-01-20 20:41 <REP> d-------- C:\Program Files\Panda Security
2008-01-20 13:58 . 2008-01-20 13:58 36,864 --a------ C:\WINDOWS\17PHolmes1148.exe
2008-01-20 13:50 . 2008-01-20 13:50 36,864 --a------ C:\WINDOWS\mrofinu1148.exe.tmp
2008-01-14 12:00 . 2008-01-14 12:25 <REP> d-------- C:\Program Files\Azureus
2008-01-12 19:12 . 2008-01-12 19:12 268 --ah----- C:\sqmdata04.sqm
2008-01-12 19:12 . 2008-01-12 19:12 244 --ah----- C:\sqmnoopt04.sqm
2008-01-12 16:09 . 2008-01-12 16:09 268 --ah----- C:\sqmdata03.sqm
2008-01-12 16:09 . 2008-01-12 16:09 244 --ah----- C:\sqmnoopt03.sqm
2008-01-12 16:08 . 2008-01-12 16:08 <REP> d-------- C:\temp\ext34454
2008-01-12 16:08 . 2008-01-13 18:20 <REP> d-------- C:\temp
2008-01-12 16:08 . 2000-05-11 13:06 397,312 --a------ C:\WINDOWS\system32\MSRDO20.DLL
2008-01-12 16:08 . 2000-08-02 15:44 151,552 --a------ C:\WINDOWS\system32\rdocurs.dll
2008-01-12 16:08 . 2005-09-20 12:26 53,248 --a------ C:\WINDOWS\system32\mavideo.scr
2008-01-12 16:08 . 1998-10-19 12:34 37,062 --a------ C:\WINDOWS\system32\odbcinst.hlp
2008-01-12 16:08 . 1998-10-19 12:34 324 --a------ C:\WINDOWS\system32\odbcinst.cnt
2008-01-12 16:07 . 2008-01-12 16:07 <REP> d-------- C:\Program Files\Micro Application
2008-01-12 16:02 . 2008-01-12 16:02 <REP> d-------- C:\Program Files\Nero
2008-01-12 15:51 . 2008-01-12 15:51 0 --a------ C:\WINDOWS\Irremote.ini
2008-01-08 16:16 . 2008-01-08 16:16 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-01-06 23:02 . 2008-01-06 23:02 <REP> d-------- C:\Poker
2008-01-06 22:55 . 2008-01-22 21:43 116 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-28 18:26 . 2008-01-14 09:27 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-12-28 14:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-27 16:01 . 2007-12-27 16:01 244 --ah----- C:\sqmnoopt02.sqm
2007-12-27 16:01 . 2007-12-27 16:01 232 --ah----- C:\sqmdata02.sqm
2007-12-27 15:16 . 2007-12-27 15:16 244 --ah----- C:\sqmnoopt01.sqm
2007-12-27 15:16 . 2007-12-27 15:16 232 --ah----- C:\sqmdata01.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 13:51 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-01-23 05:47 --------- d-----w C:\Program Files\Wanadoo
2008-01-22 16:41 448,512 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-01-22 16:41 1,378,304 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-01-22 14:01 1,385,984 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-01-21 18:03 238,592 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-01-21 18:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-21 18:00 --------- d-----w C:\Program Files\Windows Live
2008-01-20 12:28 --------- d-----w C:\Program Files\eMule
2008-01-12 15:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 15:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-12 15:02 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-01-12 14:53 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-01-04 19:54 --------- d-----w C:\Program Files\AskTBar
2007-12-28 13:27 --------- d-----w C:\Program Files\Java
2007-12-18 08:46 --------- d-----w C:\Program Files\QuickTime
2007-12-13 18:27 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-12-13 18:27 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
2007-12-13 18:27 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
2007-12-13 18:27 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-12-13 18:27 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-12-13 18:27 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-12-11 17:25 --------- d-----w C:\Program Files\Ahead
2007-12-11 14:51 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-10 08:17 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-09 21:38 --------- d-----w C:\Program Files\HP
2007-12-08 12:00 --------- d-----w C:\Program Files\QuickZip4
2007-12-04 18:57 --------- d-----w C:\Program Files\FDSoftware
2007-12-04 09:45 --------- d-----w C:\Program Files\LM Version-2.5-F
2007-12-04 08:01 --------- d-----w C:\Program Files\DivX
2007-12-04 08:00 --------- d-----w C:\Program Files\Yahoo!
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-29 02:00 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-28 15:37 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2007-11-27 23:53 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-27 23:48 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-27 23:44 --------- d-----w C:\Program Files\Google
2007-11-27 21:09 --------- d-----w C:\Program Files\InterVideo
2007-11-27 19:29 --------- d-----w C:\Program Files\SAGEM
2007-11-27 19:23 --------- d-----w C:\Program Files\Securitoo
2007-11-27 19:10 --------- d--h--w C:\Program Files\Uninstall Information
2007-11-27 19:04 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-27 19:04 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-11-27 19:03 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-11-27 19:03 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-11-27 18:38 --------- d-----w C:\Program Files\Services en ligne
2007-11-27 18:37 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_ 6.51.40.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 05:31:24 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 13:47:40 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 05:31:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 13:47:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 05:31:24 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 13:47:40 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 05:31:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 13:47:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 05:31:25 2,703,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-23 13:47:41 2,703,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 05:31:25 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 13:47:41 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2005-05-24 11:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 14:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 14:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792]
"nwiz"="nwiz.exe" [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 07:32 86016]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-18 09:46 282624]
"NWEReboot"="" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-30 09:55]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-23 13:48:21 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:55, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Orep] "C:\WINDOWS\ICROSO~1.NET\rundll32.exe" -vt yazb
O4 - HKCU\..\Run: [Juhqvgl] C:\WINDOWS\system32\W?nSxS\j?vaw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-148dbd752bf683b3.spaces.live.com/PhotoUpload/MsnPUpld.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 15 / 17
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

1/ Ouvre Hijackthis>"Do a scan only" et coche ceci :
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Orep] "C:\WINDOWS\ICROSO~1.NET\rundll32.exe" -vt yazb
O4 - HKCU\..\Run: [Juhqvgl] C:\WINDOWS\system32\W?nSxS\j?vaw.exe

Clique sur fix/réparer.

2/ * Télécharge OTMoveIt (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste List Of Files/Folders to be moved" :

C:\Program Files\Dot1XCfg
C:\Program Files\Router
C:\WINDOWS\ICROSO~1.NET
C:\WINDOWS\system32\W?nSxS

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

3/ Ouvre Ccleaner, clique sur "lancer le nettoyage".

4/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
* Choisis Kaspersky.
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.

5/ Edite ces rapports : OTMoveIt, Kaspersky et un nouveau rapport Hijackthis.

FillPCA
0
Réponse 16 / 17
kris40
 
re..dans hijacckthis aucun de ces fichiers a cocher n'apparaissent.....
0
Réponse 17 / 17
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

OK. Continue la procédure.

FillPCA
0

Discussions similaires

écrire un rapport de travail
asi -
REGINALD -

3 réponses