Lire un rapport "hijackthis

kris40 Messages postés 3 Statut Membre -  
FillPCA Messages postés 2264 Statut Contributeur sécurité -
Bonjour,je cherche juste quelqu'un qui sache lire un rapport hijackthis pour savoir si mon ordi est désinfecté ou pas...merci beaucoup
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:28, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
C:\WINDOWS\mrofinu1148.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\alexandre sarrazin\Application Data\Microsoft\Windows\rayiou.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\ICROSO~1.NET\rundll32.exe
C:\WINDOWS\system32\W?nSxS\j?vaw.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {171AF532-1C87-6E00-ABBB-12A3908FAAE8} - C:\WINDOWS\system32\ewjhj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\alexandre sarrazin\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [Orep] "C:\WINDOWS\ICROSO~1.NET\rundll32.exe" -vt yazb
O4 - HKCU\..\Run: [Juhqvgl] C:\WINDOWS\system32\W?nSxS\j?vaw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-148dbd752bf683b3.spaces.live.com/PhotoUpload/MsnPUpld.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 11524 bytes
Configuration: Windows XP
Internet Explorer 7.0

17 réponses

  1. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Bonjour,

    1/ # Télécharge Vundofix (par Atribune) sur ton Bureau : http://www.atribune.org/ccount/click.php?id=4
    # Double-clique VundoFix.exe afin de le lancer.
    # Clique sur le bouton Scan for Vundo.
    # Lorsque le scan est complété, clique sur le bouton Remove Vundo (uniquement si des fichiers infectieux sont trouvés).
    # Une invite te demandera si tu veux supprimer les fichiers, clique YES.
    # Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    # Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
    # Copie/colle le contenu du rapport situé dans C:\vundofix.txt

    2/ * Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Double clique combofix.exe et suis les invites.
    * Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    3/ Edite les deux rapports précédents et un rapport Hijackthis.

    FillPCA
    0
  2. kris40
     
    bonjour..un grand merci pour l'interet porté...j'ai téléchargé vundofix.exe et aucun fichier infectieux n'a été trouvé...puis combofix a eliminé certain fichiers a eteint l'ordi et a rebooté windows...et j'ai refait un rapport hijackthis ComboFix 08-01-23.1 - alexandre sarrazin 2008-01-23 6:32:35.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.148 [GMT 1:00]
    Endroit: C:\Documents and Settings\alexandre sarrazin\Local Settings\Temporary Internet Files\Content.IE5\75ZFQAOF\ComboFix[1].exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .
    [color=purple]The following files were disabled during the run:[/color]
    C:\WINDOWS\system32\sockspy.dll

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\wintouch.cfg
    C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\WinTouch.exe
    C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\WTUninstaller.exe
    C:\Documents and Settings\alexandre sarrazin\Menu D‚marrer\Programmes\Outerinfo
    C:\Documents and Settings\alexandre sarrazin\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
    C:\Documents and Settings\alexandre sarrazin\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
    C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
    C:\Program Files\inetget2
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\FF\chrome.manifest
    C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
    C:\Program Files\outerinfo\FF\install.rdf
    C:\Program Files\outerinfo\Terms.rtf
    C:\Program Files\Router
    C:\Program Files\Router\UnInstall.exe
    C:\Program Files\Temporary
    C:\Program Files\Temporary\kernInst.exe
    C:\WINDOWS\icroso~1.net
    C:\WINDOWS\icroso~1.net\?icrosoft.NET\
    C:\WINDOWS\mrofinu1148.exe
    C:\WINDOWS\system32\ewjhj.dll
    C:\WINDOWS\system32\wnsxs~1
    C:\WINDOWS\system32\wnsxs~1\j?vaw.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-23 06:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-22 19:55 . 2008-01-22 19:55 <REP> d-------- C:\VundoFix Backups
    2008-01-22 16:46 . 2008-01-22 16:46 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-22 15:25 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-22 14:47 . 2008-01-22 14:47 <REP> d-------- C:\Program Files\CCleaner
    2008-01-21 19:01 . 2008-01-21 19:01 <REP> d-------- C:\Program Files\Windows Live Favorites
    2008-01-21 08:41 . 2008-01-23 06:44 1,093,664 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-01-21 08:41 . 2008-01-23 06:43 13,844 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-01-21 08:37 . 2008-01-21 08:40 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-01-21 08:34 . 2008-01-23 06:27 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-01-20 20:46 . 2008-01-20 21:49 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-01-20 20:41 . 2008-01-20 20:41 <REP> d-------- C:\Program Files\Panda Security
    2008-01-20 13:58 . 2008-01-20 13:58 36,864 --a------ C:\WINDOWS\17PHolmes1148.exe
    2008-01-20 13:53 . 2008-01-21 02:06 <REP> d-------- C:\Program Files\Dot1XCfg
    2008-01-20 13:50 . 2008-01-20 13:50 36,864 --a------ C:\WINDOWS\mrofinu1148.exe.tmp
    2008-01-14 12:00 . 2008-01-14 12:25 <REP> d-------- C:\Program Files\Azureus
    2008-01-12 19:12 . 2008-01-12 19:12 268 --ah----- C:\sqmdata04.sqm
    2008-01-12 19:12 . 2008-01-12 19:12 244 --ah----- C:\sqmnoopt04.sqm
    2008-01-12 16:09 . 2008-01-12 16:09 268 --ah----- C:\sqmdata03.sqm
    2008-01-12 16:09 . 2008-01-12 16:09 244 --ah----- C:\sqmnoopt03.sqm
    2008-01-12 16:08 . 2008-01-12 16:08 <REP> d-------- C:\temp\ext34454
    2008-01-12 16:08 . 2008-01-13 18:20 <REP> d-------- C:\temp
    2008-01-12 16:08 . 2000-05-11 13:06 397,312 --a------ C:\WINDOWS\system32\MSRDO20.DLL
    2008-01-12 16:08 . 2000-08-02 15:44 151,552 --a------ C:\WINDOWS\system32\rdocurs.dll
    2008-01-12 16:08 . 2005-09-20 12:26 53,248 --a------ C:\WINDOWS\system32\mavideo.scr
    2008-01-12 16:08 . 1998-10-19 12:34 37,062 --a------ C:\WINDOWS\system32\odbcinst.hlp
    2008-01-12 16:08 . 1998-10-19 12:34 324 --a------ C:\WINDOWS\system32\odbcinst.cnt
    2008-01-12 16:07 . 2008-01-12 16:07 <REP> d-------- C:\Program Files\Micro Application
    2008-01-12 16:02 . 2008-01-12 16:02 <REP> d-------- C:\Program Files\Nero
    2008-01-12 15:51 . 2008-01-12 15:51 0 --a------ C:\WINDOWS\Irremote.ini
    2008-01-08 16:16 . 2008-01-08 16:16 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-01-06 23:02 . 2008-01-06 23:02 <REP> d-------- C:\Poker
    2008-01-06 22:55 . 2008-01-22 21:43 116 --a------ C:\WINDOWS\NeroDigital.ini
    2007-12-28 18:26 . 2008-01-14 09:27 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2007-12-28 14:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2007-12-27 16:01 . 2007-12-27 16:01 244 --ah----- C:\sqmnoopt02.sqm
    2007-12-27 16:01 . 2007-12-27 16:01 232 --ah----- C:\sqmdata02.sqm
    2007-12-27 15:16 . 2007-12-27 15:16 244 --ah----- C:\sqmnoopt01.sqm
    2007-12-27 15:16 . 2007-12-27 15:16 232 --ah----- C:\sqmdata01.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-23 05:46 --------- d-----w C:\Program Files\Wanadoo
    2008-01-21 18:01 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-01-21 18:00 --------- d-----w C:\Program Files\Windows Live
    2008-01-20 12:28 --------- d-----w C:\Program Files\eMule
    2008-01-12 15:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-12 15:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-01-12 15:02 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-01-12 14:53 --------- d-----w C:\Program Files\Fichiers communs\Nero
    2008-01-04 19:54 --------- d-----w C:\Program Files\AskTBar
    2007-12-28 13:27 --------- d-----w C:\Program Files\Java
    2007-12-18 08:46 --------- d-----w C:\Program Files\QuickTime
    2007-12-13 18:27 75,248 ----a-w C:\WINDOWS\zllsputility.exe
    2007-12-13 18:27 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
    2007-12-11 17:25 --------- d-----w C:\Program Files\Ahead
    2007-12-11 14:51 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-12-10 08:17 --------- d-----w C:\Program Files\Hewlett-Packard
    2007-12-09 21:38 --------- d-----w C:\Program Files\HP
    2007-12-08 12:00 --------- d-----w C:\Program Files\QuickZip4
    2007-12-04 18:57 --------- d-----w C:\Program Files\FDSoftware
    2007-12-04 09:45 --------- d-----w C:\Program Files\LM Version-2.5-F
    2007-12-04 08:01 --------- d-----w C:\Program Files\DivX
    2007-12-04 08:00 --------- d-----w C:\Program Files\Yahoo!
    2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-11-29 02:00 --------- d-----w C:\Program Files\MSXML 4.0
    2007-11-28 15:37 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
    2007-11-27 23:53 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2007-11-27 23:48 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-11-27 23:44 --------- d-----w C:\Program Files\Google
    2007-11-27 21:09 --------- d-----w C:\Program Files\InterVideo
    2007-11-27 19:29 --------- d-----w C:\Program Files\SAGEM
    2007-11-27 19:23 --------- d-----w C:\Program Files\Securitoo
    2007-11-27 19:10 --------- d--h--w C:\Program Files\Uninstall Information
    2007-11-27 19:04 --------- d-----w C:\Program Files\microsoft frontpage
    2007-11-27 19:04 --------- d-----w C:\Program Files\Fichiers communs\Java
    2007-11-27 19:03 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-11-27 19:03 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-11-27 18:38 --------- d-----w C:\Program Files\Services en ligne
    2007-11-27 18:37 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [ ]
    "Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
    "Router"="C:\Program Files\Router\Router.exe" [ ]
    "Orep"="C:\WINDOWS\ICROSO~1.NET\rundll32.exe" [ ]
    "Juhqvgl"="C:\WINDOWS\system32\W?nSxS\j?vaw.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792]
    "nwiz"="nwiz.exe" [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 07:32 86016]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-18 09:46 282624]
    "NWEReboot"="" []
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-30 09:55]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-23 05:48:12 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 06:55, on 2008-01-23
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
    O4 - HKCU\..\Run: [Orep] "C:\WINDOWS\ICROSO~1.NET\rundll32.exe" -vt yazb
    O4 - HKCU\..\Run: [Juhqvgl] C:\WINDOWS\system32\W?nSxS\j?vaw.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-148dbd752bf683b3.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    0
  3. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Bonjour,

    1/
    * Sélectionne le texte suivant :

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Dot1XCfg"=-
    "Router"=-
    "Orep"=-
    "Juhqvgl"=-

    Folder::
    C:\Program Files\Dot1XCfg
    C:\Program Files\Router
    C:\WINDOWS\system32\W?nSxS


    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-note (programme>Accessoire>bloc-note).
    * Colle le texte copié dans ce bloc-note (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    2/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
    * Choisis Kaspersky.
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système.
    * Sauvegarde le rapport en mode texte à l'issue du scan.

    3/ Edite le rapport Combofix, le rapport Kaspersky et un nouveau rapport Hijackthis.

    FillPCA
    0
  4. kris40
     
    ComboFix 08-01-23.2 - alexandre sarrazin 2008-01-23 11:51:10.3 - NTFSx86
    Endroit: C:\Documents and Settings\alexandre sarrazin\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\alexandre sarrazin\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\wintouch.cfg
    C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\WinTouch.exe
    C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\WTUninstaller.exe
    C:\Documents and Settings\alexandre sarrazin\Menu D‚marrer\Programmes\Outerinfo
    C:\Documents and Settings\alexandre sarrazin\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
    C:\Documents and Settings\alexandre sarrazin\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
    C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
    C:\Program Files\inetget2
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\FF\chrome.manifest
    C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
    C:\Program Files\outerinfo\FF\install.rdf
    C:\Program Files\outerinfo\Terms.rtf
    C:\Program Files\Router
    C:\Program Files\Router\UnInstall.exe
    C:\Program Files\Temporary
    C:\Program Files\Temporary\kernInst.exe
    C:\WINDOWS\icroso~1.net
    C:\WINDOWS\icroso~1.net\?icrosoft.NET\
    C:\WINDOWS\mrofinu1148.exe
    C:\WINDOWS\system32\ewjhj.dll
    C:\WINDOWS\system32\wnsxs~1
    C:\WINDOWS\system32\wnsxs~1\j?vaw.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-23 06:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-22 19:55 . 2008-01-22 19:55 <REP> d-------- C:\VundoFix Backups
    2008-01-22 16:46 . 2008-01-22 16:46 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-22 15:25 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-22 14:47 . 2008-01-22 14:47 <REP> d-------- C:\Program Files\CCleaner
    2008-01-21 19:01 . 2008-01-21 19:01 <REP> d-------- C:\Program Files\Windows Live Favorites
    2008-01-21 08:41 . 2008-01-23 11:57 1,181,728 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-01-21 08:41 . 2008-01-23 06:43 13,844 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-01-21 08:37 . 2008-01-21 08:40 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-01-21 08:34 . 2008-01-23 11:38 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-01-20 20:46 . 2008-01-20 21:49 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-01-20 20:41 . 2008-01-20 20:41 <REP> d-------- C:\Program Files\Panda Security
    2008-01-20 13:58 . 2008-01-20 13:58 36,864 --a------ C:\WINDOWS\17PHolmes1148.exe
    2008-01-20 13:53 . 2008-01-21 02:06 <REP> d-------- C:\Program Files\Dot1XCfg
    2008-01-20 13:50 . 2008-01-20 13:50 36,864 --a------ C:\WINDOWS\mrofinu1148.exe.tmp
    2008-01-14 12:00 . 2008-01-14 12:25 <REP> d-------- C:\Program Files\Azureus
    2008-01-12 19:12 . 2008-01-12 19:12 268 --ah----- C:\sqmdata04.sqm
    2008-01-12 19:12 . 2008-01-12 19:12 244 --ah----- C:\sqmnoopt04.sqm
    2008-01-12 16:09 . 2008-01-12 16:09 268 --ah----- C:\sqmdata03.sqm
    2008-01-12 16:09 . 2008-01-12 16:09 244 --ah----- C:\sqmnoopt03.sqm
    2008-01-12 16:08 . 2008-01-12 16:08 <REP> d-------- C:\temp\ext34454
    2008-01-12 16:08 . 2008-01-13 18:20 <REP> d-------- C:\temp
    2008-01-12 16:08 . 2000-05-11 13:06 397,312 --a------ C:\WINDOWS\system32\MSRDO20.DLL
    2008-01-12 16:08 . 2000-08-02 15:44 151,552 --a------ C:\WINDOWS\system32\rdocurs.dll
    2008-01-12 16:08 . 2005-09-20 12:26 53,248 --a------ C:\WINDOWS\system32\mavideo.scr
    2008-01-12 16:08 . 1998-10-19 12:34 37,062 --a------ C:\WINDOWS\system32\odbcinst.hlp
    2008-01-12 16:08 . 1998-10-19 12:34 324 --a------ C:\WINDOWS\system32\odbcinst.cnt
    2008-01-12 16:07 . 2008-01-12 16:07 <REP> d-------- C:\Program Files\Micro Application
    2008-01-12 16:02 . 2008-01-12 16:02 <REP> d-------- C:\Program Files\Nero
    2008-01-12 15:51 . 2008-01-12 15:51 0 --a------ C:\WINDOWS\Irremote.ini
    2008-01-08 16:16 . 2008-01-08 16:16 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-01-06 23:02 . 2008-01-06 23:02 <REP> d-------- C:\Poker
    2008-01-06 22:55 . 2008-01-22 21:43 116 --a------ C:\WINDOWS\NeroDigital.ini
    2007-12-28 18:26 . 2008-01-14 09:27 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2007-12-28 14:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2007-12-27 16:01 . 2007-12-27 16:01 244 --ah----- C:\sqmnoopt02.sqm
    2007-12-27 16:01 . 2007-12-27 16:01 232 --ah----- C:\sqmdata02.sqm
    2007-12-27 15:16 . 2007-12-27 15:16 244 --ah----- C:\sqmnoopt01.sqm
    2007-12-27 15:16 . 2007-12-27 15:16 232 --ah----- C:\sqmdata01.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-23 10:54 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-01-23 05:47 --------- d-----w C:\Program Files\Wanadoo
    2008-01-22 16:41 448,512 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2008-01-22 16:41 1,378,304 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
    2008-01-22 14:01 1,385,984 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-01-21 18:03 238,592 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-01-21 18:01 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-01-21 18:00 --------- d-----w C:\Program Files\Windows Live
    2008-01-20 12:28 --------- d-----w C:\Program Files\eMule
    2008-01-12 15:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-12 15:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-01-12 15:02 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-01-12 14:53 --------- d-----w C:\Program Files\Fichiers communs\Nero
    2008-01-04 19:54 --------- d-----w C:\Program Files\AskTBar
    2007-12-28 13:27 --------- d-----w C:\Program Files\Java
    2007-12-18 08:46 --------- d-----w C:\Program Files\QuickTime
    2007-12-13 18:27 75,248 ----a-w C:\WINDOWS\zllsputility.exe
    2007-12-13 18:27 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
    2007-12-13 18:27 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
    2007-12-13 18:27 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
    2007-12-13 18:27 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2007-12-13 18:27 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    2007-12-11 17:25 --------- d-----w C:\Program Files\Ahead
    2007-12-11 14:51 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-12-10 08:17 --------- d-----w C:\Program Files\Hewlett-Packard
    2007-12-09 21:38 --------- d-----w C:\Program Files\HP
    2007-12-08 12:00 --------- d-----w C:\Program Files\QuickZip4
    2007-12-04 18:57 --------- d-----w C:\Program Files\FDSoftware
    2007-12-04 09:45 --------- d-----w C:\Program Files\LM Version-2.5-F
    2007-12-04 08:01 --------- d-----w C:\Program Files\DivX
    2007-12-04 08:00 --------- d-----w C:\Program Files\Yahoo!
    2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-11-29 02:00 --------- d-----w C:\Program Files\MSXML 4.0
    2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-11-28 15:37 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
    2007-11-27 23:53 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2007-11-27 23:48 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-11-27 23:44 --------- d-----w C:\Program Files\Google
    2007-11-27 21:09 --------- d-----w C:\Program Files\InterVideo
    2007-11-27 19:29 --------- d-----w C:\Program Files\SAGEM
    2007-11-27 19:23 --------- d-----w C:\Program Files\Securitoo
    2007-11-27 19:10 --------- d--h--w C:\Program Files\Uninstall Information
    2007-11-27 19:04 --------- d-----w C:\Program Files\microsoft frontpage
    2007-11-27 19:04 --------- d-----w C:\Program Files\Fichiers communs\Java
    2007-11-27 19:03 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-11-27 19:03 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-11-27 18:38 --------- d-----w C:\Program Files\Services en ligne
    2007-11-27 18:37 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-23_ 6.51.40.29 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-23 05:31:24 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-23 10:50:52 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-23 05:31:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-23 10:50:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-23 05:31:24 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-23 10:50:52 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-23 05:31:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-23 10:50:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-23 05:31:25 2,703,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-23 10:50:53 2,703,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-23 05:31:25 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-23 10:50:53 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [ ]
    "Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
    "Router"="C:\Program Files\Router\Router.exe" [ ]
    "Orep"="C:\WINDOWS\ICROSO~1.NET\rundll32.exe" [ ]
    "Juhqvgl"="C:\WINDOWS\system32\W?nSxS\j?vaw.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792]
    "nwiz"="nwiz.exe" [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 07:32 86016]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-18 09:46 282624]
    "NWEReboot"="" []
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-30 09:55]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-23 10:48:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    [Danger]

    HIGH = 0
    MEDIUM = 1
    LOW = 2
    INFORMATIONAL = 3

    [Verdicts]

    Undefined = 0, HIGH
    VirWare = 1, HIGH
    TrojWare = 2, HIGH
    MalWare = 3, MEDIUM
    AdWare = 4, MEDIUM
    PornWare = 5, MEDIUM
    RiskWare = 6, LOW
    X-Files = 20, INFORMATIONAL
    SoftWare = 21, INFORMATIONAL
    UNDETECT = 30

    [Behaviour]

    Trojan-ArcBomb = 100, TrojWare
    Backdoor = 101, TrojWare
    Trojan = 102, TrojWare
    Trojan-AOL = 103, TrojWare
    Trojan-Clicker = 104, TrojWare
    Trojan-Downloader = 105, TrojWare
    Trojan-Dropper = 106, TrojWare
    ;Trojan-MSN = 107, TrojWare
    Trojan-Notifier = 108, TrojWare
    Trojan-Proxy = 109, TrojWare
    Trojan-PSW = 110, TrojWare
    Trojan-Spy = 111, TrojWare
    Trojan-DDoS = 113, TrojWare
    Trojan-IM = 114, TrojWare
    RootKit = 115, TrojWare
    Trojan-SMS = 116, TrojWare

    Email-Worm = 200, VirWare
    IM-Worm = 201, VirWare
    IRC-Worm = 202, VirWare
    Net-Worm = 203, VirWare
    P2P-Worm = 204, VirWare
    Worm = 205, VirWare
    Virus = 206, VirWare

    Constructor = 300, MalWare
    DoS = 301, MalWare
    Exploit = 302, MalWare
    FileCryptor = 303, MalWare
    Flooder = 304, MalWare
    HackTool = 305, MalWare
    not-virus:Hoax = 306, MalWare
    not-virus:BadJoke = 307, MalWare
    Nuker = 308, MalWare
    PolyCryptor = 309, MalWare
    PolyEngine = 310, MalWare
    Sniffer = 311, MalWare
    SpamTool = 312, MalWare
    Spoofer = 313, MalWare
    VirTool = 314, MalWare
    Email-Flooder = 315, MalWare
    IM-Flooder = 316, MalWare
    SMS-Flooder = 317, MalWare

    not-a-virus:AdWare = 400, AdWare

    not-a-virus:Porn-Dialer = 500, PornWare
    not-a-virus:Porn-Downloader = 501, PornWare
    not-a-virus:Porn-Tool = 502, PornWare

    not-a-virus:Tool = 600, RiskWare
    not-a-virus:Client-IRC = 601, RiskWare
    not-a-virus:Dialer = 602, RiskWare
    not-a-virus:Downloader = 603, RiskWare
    not-a-virus:Monitor = 604, RiskWare
    not-a-virus:PSWTool = 605, RiskWare
    not-a-virus:RemoteAdmin = 606, RiskWare
    not-a-virus:Server-FTP = 607, RiskWare
    not-a-virus:Server-Proxy = 608, RiskWare
    not-a-virus:Server-Telnet = 609, RiskWare
    not-a-virus:Server-Web = 610, RiskWare
    not-a-virus:RiskTool = 611, RiskWare
    not-a-virus:NetTool = 612, RiskWare
    not-a-virus:Client-P2P = 613, RiskWare
    not-a-virus:Client-SMTP = 614, RiskWare
    not-a-virus:AdTool = 615, RiskWare
    not-a-virus:FraudTool = 616, RiskWare

    not-a-virus: = 700, X-Files

    DEFAULT = 206, VirWare

    ; 0XLSznpdI71fB300e7Uwj1xkHtrq3JiLKVtqN3twFFZ0DbR35mEgggR2E+­­
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. kris40
     
    je t'envoie le rapport "hijackthis" dans la foulée..encore merci...
    0
  7. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Combofix n'a pas marché. Il ne faut pas double-cliquer sur l'icone rouge mais faire un glisser-déposer du fixchier texte que tu as créé ainsi :
    http://img502.imageshack.us/img502/8978/cfscriptas4.gif

    FillPCA
    0
  8. kris40
     
    et voici le dernier rapport "hijackthis"..merci encore pour ton aide...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 06:55, on 2008-01-23
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
    O4 - HKCU\..\Run: [Orep] "C:\WINDOWS\ICROSO~1.NET\rundll32.exe" -vt yazb
    O4 - HKCU\..\Run: [Juhqvgl] C:\WINDOWS\system32\W?nSxS\j?vaw.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-148dbd752bf683b3.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    0
  9. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Tu n'as pas vu mon message de 13 h 54. Combofix a été mal employé. Utilise-le comme je l'ai nidiqué et édite le rapport Combofix et un nouveau rapport Hijackthis.

    FillPCA
    0
  10. kris40
     
    re.....navré mais lorsque j'ai "glissé -déposé" j'ai attendu..et puis rien ne s'est produit..donc j'ai double cliqué dessus..apparemment "grosse erreur" de ma part..mais si rien ne se passe ..quoi faire?...le dernier rapport "hijackthis" t'informe t'il de quelque chose de nouveau?....je ne cesse de te remercier mais encore merci...
    0
  11. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Non, la situation est la même car le nettoyage avec combofix ne s'est pas déroulé correctement.
    Télécharge ce fichier sur ton bureau : https://spaces.hightail.com/resolve/ufid/EE46EA3E2E99D595
    Fais un glisser-déposer sur le programme Combofix et édite le rapport généré et un nouveau rapport Hijackthis.

    FillPCA
    0
  12. kris40
     
    re..donc lorsque j'ai fait ce "glissé-déposé"..on me demande si je veux executer le logiciel combofix...je dis oui...car c'est ce que j'ai exactement fait toute à l'heure....
    0
  13. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Oui.
    0
  14. kris40
     
    ComboFix 08-01-23.2 - alexandre sarrazin 2008-01-23 14:48:03.5 - NTFSx86
    Endroit: C:\Documents and Settings\alexandre sarrazin\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\alexandre sarrazin\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Dot1XCfg
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\wintouch.cfg
    C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\WinTouch.exe
    C:\Documents and Settings\alexandre sarrazin\Application Data\WinTouch\WTUninstaller.exe
    C:\Documents and Settings\alexandre sarrazin\Menu D‚marrer\Programmes\Outerinfo
    C:\Documents and Settings\alexandre sarrazin\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
    C:\Documents and Settings\alexandre sarrazin\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
    C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
    C:\Program Files\inetget2
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\FF\chrome.manifest
    C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
    C:\Program Files\outerinfo\FF\install.rdf
    C:\Program Files\outerinfo\Terms.rtf
    C:\Program Files\Router
    C:\Program Files\Router\UnInstall.exe
    C:\Program Files\Temporary
    C:\Program Files\Temporary\kernInst.exe
    C:\WINDOWS\icroso~1.net
    C:\WINDOWS\icroso~1.net\?icrosoft.NET\
    C:\WINDOWS\mrofinu1148.exe
    C:\WINDOWS\system32\ewjhj.dll
    C:\WINDOWS\system32\wnsxs~1
    C:\WINDOWS\system32\wnsxs~1\j?vaw.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-23 12:48 . 2008-01-23 12:48 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-01-23 12:48 . 2008-01-23 12:48 <REP> d-------- C:\WINDOWS\LastGood
    2008-01-23 06:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-22 19:55 . 2008-01-22 19:55 <REP> d-------- C:\VundoFix Backups
    2008-01-22 16:46 . 2008-01-22 16:46 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-22 15:25 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-22 14:47 . 2008-01-22 14:47 <REP> d-------- C:\Program Files\CCleaner
    2008-01-21 19:01 . 2008-01-21 19:01 <REP> d-------- C:\Program Files\Windows Live Favorites
    2008-01-21 08:41 . 2008-01-23 14:53 1,286,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-01-21 08:41 . 2008-01-23 06:43 13,844 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-01-21 08:37 . 2008-01-21 08:40 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-01-21 08:34 . 2008-01-23 14:42 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-01-20 20:46 . 2008-01-20 21:49 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-01-20 20:41 . 2008-01-20 20:41 <REP> d-------- C:\Program Files\Panda Security
    2008-01-20 13:58 . 2008-01-20 13:58 36,864 --a------ C:\WINDOWS\17PHolmes1148.exe
    2008-01-20 13:50 . 2008-01-20 13:50 36,864 --a------ C:\WINDOWS\mrofinu1148.exe.tmp
    2008-01-14 12:00 . 2008-01-14 12:25 <REP> d-------- C:\Program Files\Azureus
    2008-01-12 19:12 . 2008-01-12 19:12 268 --ah----- C:\sqmdata04.sqm
    2008-01-12 19:12 . 2008-01-12 19:12 244 --ah----- C:\sqmnoopt04.sqm
    2008-01-12 16:09 . 2008-01-12 16:09 268 --ah----- C:\sqmdata03.sqm
    2008-01-12 16:09 . 2008-01-12 16:09 244 --ah----- C:\sqmnoopt03.sqm
    2008-01-12 16:08 . 2008-01-12 16:08 <REP> d-------- C:\temp\ext34454
    2008-01-12 16:08 . 2008-01-13 18:20 <REP> d-------- C:\temp
    2008-01-12 16:08 . 2000-05-11 13:06 397,312 --a------ C:\WINDOWS\system32\MSRDO20.DLL
    2008-01-12 16:08 . 2000-08-02 15:44 151,552 --a------ C:\WINDOWS\system32\rdocurs.dll
    2008-01-12 16:08 . 2005-09-20 12:26 53,248 --a------ C:\WINDOWS\system32\mavideo.scr
    2008-01-12 16:08 . 1998-10-19 12:34 37,062 --a------ C:\WINDOWS\system32\odbcinst.hlp
    2008-01-12 16:08 . 1998-10-19 12:34 324 --a------ C:\WINDOWS\system32\odbcinst.cnt
    2008-01-12 16:07 . 2008-01-12 16:07 <REP> d-------- C:\Program Files\Micro Application
    2008-01-12 16:02 . 2008-01-12 16:02 <REP> d-------- C:\Program Files\Nero
    2008-01-12 15:51 . 2008-01-12 15:51 0 --a------ C:\WINDOWS\Irremote.ini
    2008-01-08 16:16 . 2008-01-08 16:16 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-01-06 23:02 . 2008-01-06 23:02 <REP> d-------- C:\Poker
    2008-01-06 22:55 . 2008-01-22 21:43 116 --a------ C:\WINDOWS\NeroDigital.ini
    2007-12-28 18:26 . 2008-01-14 09:27 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2007-12-28 14:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2007-12-27 16:01 . 2007-12-27 16:01 244 --ah----- C:\sqmnoopt02.sqm
    2007-12-27 16:01 . 2007-12-27 16:01 232 --ah----- C:\sqmdata02.sqm
    2007-12-27 15:16 . 2007-12-27 15:16 244 --ah----- C:\sqmnoopt01.sqm
    2007-12-27 15:16 . 2007-12-27 15:16 232 --ah----- C:\sqmdata01.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-23 13:51 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-01-23 05:47 --------- d-----w C:\Program Files\Wanadoo
    2008-01-22 16:41 448,512 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2008-01-22 16:41 1,378,304 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
    2008-01-22 14:01 1,385,984 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-01-21 18:03 238,592 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-01-21 18:01 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-01-21 18:00 --------- d-----w C:\Program Files\Windows Live
    2008-01-20 12:28 --------- d-----w C:\Program Files\eMule
    2008-01-12 15:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-12 15:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-01-12 15:02 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-01-12 14:53 --------- d-----w C:\Program Files\Fichiers communs\Nero
    2008-01-04 19:54 --------- d-----w C:\Program Files\AskTBar
    2007-12-28 13:27 --------- d-----w C:\Program Files\Java
    2007-12-18 08:46 --------- d-----w C:\Program Files\QuickTime
    2007-12-13 18:27 75,248 ----a-w C:\WINDOWS\zllsputility.exe
    2007-12-13 18:27 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
    2007-12-13 18:27 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
    2007-12-13 18:27 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
    2007-12-13 18:27 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2007-12-13 18:27 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    2007-12-11 17:25 --------- d-----w C:\Program Files\Ahead
    2007-12-11 14:51 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-12-10 08:17 --------- d-----w C:\Program Files\Hewlett-Packard
    2007-12-09 21:38 --------- d-----w C:\Program Files\HP
    2007-12-08 12:00 --------- d-----w C:\Program Files\QuickZip4
    2007-12-04 18:57 --------- d-----w C:\Program Files\FDSoftware
    2007-12-04 09:45 --------- d-----w C:\Program Files\LM Version-2.5-F
    2007-12-04 08:01 --------- d-----w C:\Program Files\DivX
    2007-12-04 08:00 --------- d-----w C:\Program Files\Yahoo!
    2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-11-29 02:00 --------- d-----w C:\Program Files\MSXML 4.0
    2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-11-28 15:37 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
    2007-11-27 23:53 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2007-11-27 23:48 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-11-27 23:44 --------- d-----w C:\Program Files\Google
    2007-11-27 21:09 --------- d-----w C:\Program Files\InterVideo
    2007-11-27 19:29 --------- d-----w C:\Program Files\SAGEM
    2007-11-27 19:23 --------- d-----w C:\Program Files\Securitoo
    2007-11-27 19:10 --------- d--h--w C:\Program Files\Uninstall Information
    2007-11-27 19:04 --------- d-----w C:\Program Files\microsoft frontpage
    2007-11-27 19:04 --------- d-----w C:\Program Files\Fichiers communs\Java
    2007-11-27 19:03 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-11-27 19:03 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-11-27 18:38 --------- d-----w C:\Program Files\Services en ligne
    2007-11-27 18:37 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-23_ 6.51.40.29 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-23 05:31:24 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-23 13:47:40 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-23 05:31:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-23 13:47:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-23 05:31:24 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-23 13:47:40 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-23 05:31:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-23 13:47:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-23 05:31:25 2,703,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-23 13:47:41 2,703,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-23 05:31:25 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-23 13:47:41 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2005-05-24 11:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2007-08-29 14:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2007-08-29 14:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 07:32 5537792]
    "nwiz"="nwiz.exe" [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 07:32 86016]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-18 09:46 282624]
    "NWEReboot"="" []
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-30 09:55]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-23 13:48:21 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 06:55, on 2008-01-23
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
    O4 - HKCU\..\Run: [Orep] "C:\WINDOWS\ICROSO~1.NET\rundll32.exe" -vt yazb
    O4 - HKCU\..\Run: [Juhqvgl] C:\WINDOWS\system32\W?nSxS\j?vaw.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-148dbd752bf683b3.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    0
  15. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    1/ Ouvre Hijackthis>"Do a scan only" et coche ceci :
    O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
    O4 - HKCU\..\Run: [Orep] "C:\WINDOWS\ICROSO~1.NET\rundll32.exe" -vt yazb
    O4 - HKCU\..\Run: [Juhqvgl] C:\WINDOWS\system32\W?nSxS\j?vaw.exe


    Clique sur fix/réparer.

    2/ * Télécharge OTMoveIt (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
    * Double-clique sur OTMoveIt.exe pour lancer le programme,
    * Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste List Of Files/Folders to be moved" :

    C:\Program Files\Dot1XCfg
    C:\Program Files\Router
    C:\WINDOWS\ICROSO~1.NET
    C:\WINDOWS\system32\W?nSxS


    * Clique sur MoveIt! pour lancer la suppression,
    * Le résultat appraraîtra dans le cadre Results.
    * Clique sur Exit pour fermer le programme.
    * Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
    * Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

    3/ Ouvre Ccleaner, clique sur "lancer le nettoyage".

    4/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
    * Choisis Kaspersky.
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système.
    * Sauvegarde le rapport en mode texte à l'issue du scan.

    5/ Edite ces rapports : OTMoveIt, Kaspersky et un nouveau rapport Hijackthis.

    FillPCA
    0
  16. kris40
     
    re..dans hijacckthis aucun de ces fichiers a cocher n'apparaissent.....
    0
  17. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    OK. Continue la procédure.

    FillPCA
    0