Bonjours win32bho-kd

Résolu
cyrilsp37 Messages postés 37 Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,je n'arrive pas a suprimer ce virus , voici mon rapport hijackthis merci de me donner une solution pour suprimer ce virus

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:56, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\svchost.exe
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\MSSQL7\binn\sqlagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\PROGRA~1\HotKeys\Ikeymain.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\dllcache\spoolms.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\thomson\wlancfg.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: (no name) - {61C2BD6D-8C4C-4C6B-BAFE-DAD1FDCA3357} - C:\WINDOWS\system32\avwa.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OWS Setup CmdLine] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" /r /pkg "Office 2000 Server Extensions" /q
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HotKeys\Ikeymain.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [spoolms] C:\WINDOWS\system32\dllcache\spoolms.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Gestionnaire de services SQL Server.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: Raccourci vers wlancfg.lnk = C:\thomson\wlancfg.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.n9ws.com/webscanner/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cyrilsp37france.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1200137595375
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cyrilsp37.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Server Extensions Notification Service (OWSTimer) - Unknown owner - C:\Program Files\Microsoft Office\Office\OWSTIMER.EXE

--
End of file - 12856 bytes
Configuration: Windows XP
Internet Explorer 7.0

37 réponses

  • 1
  • 2
Résumé de la discussion

Un utilisateur signale une infection et demande une solution pour supprimer le virus détecté via un rapport HijackThis, sous Windows XP SP2, en expliquant la liste longue de processus et de services actifs.
Plusieurs éléments de réponse montrent surtout une demande de republier le rapport HijackThis et d'obtenir des conseils, tandis qu'aussi une réponse évoque un scan avec AntiVir PersonalEdition Classic.
La réponse anti-virus fournit un diagnostic détaillé des composants et des fichiers, mais ne donne pas encore une méthode de suppression clairement validée ou éprouvée sur ce type de configuration.
D'autres éléments observables indiquent que le malware potentiel apparaît dans les listes de startup et de services, ce qui suggère des domaines à vérifier lors d'une suppression manuelle.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    @+
    0
    1. cyrilsp37 Messages postés 37 Statut Membre
       
      voici mon rapport combofix





      ComboFix 08-01-23.2 - Angelique 2008-01-23 15:18:52.2 - NTFSx86

      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.522 [GMT 1:00]
      Endroit: C:\Documents and Settings\Angelique\Bureau\ComboFix.exe

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      ---- Previous Run -------
      .
      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
      C:\Documents and Settings\All Users\Application Data\salesmonitor
      C:\Documents and Settings\Angelique\new.txt
      C:\Program Files\webmediaplayer
      C:\Program Files\webmediaplayer\resources\languages.xml
      C:\Program Files\webmediaplayer\resources\webmedias
      C:\Program Files\webmediaplayer\skins\classic.skn
      C:\Program Files\webmediaplayer\WebMediaPlayer.url
      C:\WINDOWS\pack.epk
      C:\WINDOWS\system32\befcdrupto.dat
      C:\WINDOWS\system32\befcdrupto_nav.dat
      C:\WINDOWS\system32\befcdrupto_navps.dat
      C:\WINDOWS\system32\neksbixfmb.dat
      C:\WINDOWS\system32\neksbixfmb_nav.dat
      C:\WINDOWS\system32\neksbixfmb_navps.dat

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\LEGACY_IPRIP
      -------\Iprip




      ((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
      .

      2008-01-23 14:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
      2008-01-23 14:25 . 2008-01-23 14:28 <REP> d-------- C:\Program Files\Navilog1
      2008-01-23 12:53 . 2008-01-23 12:53 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
      2008-01-23 12:35 . 2008-01-23 12:35 <REP> d-------- C:\Program Files\Trend Micro
      2008-01-23 12:26 . 2008-01-23 12:26 2,648 --a------ C:\WINDOWS\sql70.MIF
      2008-01-22 20:41 . 2008-01-22 20:41 <REP> d-------- C:\Program Files\Enigma Software Group
      2008-01-22 16:48 . 2008-01-23 15:04 25,752 --a------ C:\WINDOWS\DSC01497.zip
      2008-01-22 16:48 . 2008-01-22 12:49 25,600 -r-hsc--- C:\WINDOWS\system32\dllcache\spoolms.exe
      2008-01-18 18:45 . 2008-01-18 18:45 <REP> d---s---- C:\WINDOWS\system32\%SystemDrive%
      2008-01-18 18:45 . 2008-01-18 18:45 <REP> d-------- C:\WINDOWS\Google Toolbar
      2008-01-18 18:33 . 2008-01-18 18:46 <REP> d-------- C:\Program Files\Norton Security Scan
      2008-01-18 18:29 . 2008-01-18 18:29 867,560 --a------ C:\Program Files\Google Updater.exe
      2008-01-12 21:04 . 2008-01-12 21:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-01-12 21:04 . 2008-01-12 21:04 1,409 --a------ C:\WINDOWS\QTFont.for
      2008-01-12 09:16 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
      2008-01-12 09:16 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
      2008-01-12 09:16 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
      2008-01-12 09:16 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
      2008-01-12 09:16 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
      2008-01-12 09:16 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
      2008-01-12 09:16 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
      2008-01-12 09:16 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
      2008-01-12 09:11 . 2008-01-12 09:14 19,004,560 --a------ C:\Program Files\setupfre.exe
      2008-01-09 12:18 . 2008-01-09 12:18 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
      2008-01-09 12:18 . 2008-01-09 12:18 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
      2008-01-09 12:18 . 2008-01-09 12:18 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
      2008-01-09 12:18 . 2008-01-09 12:18 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
      2008-01-09 12:18 . 2008-01-09 12:18 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
      2008-01-09 12:18 . 2008-01-09 12:18 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
      2008-01-09 12:16 . 2008-01-09 12:16 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
      2008-01-09 12:16 . 2008-01-09 12:16 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
      2008-01-09 12:16 . 2008-01-09 12:16 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
      2008-01-09 12:16 . 2008-01-09 12:16 682,496 --a------ C:\WINDOWS\system32\DivX.dll
      2008-01-09 12:16 . 2008-01-09 12:16 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
      2008-01-09 12:16 . 2008-01-09 12:16 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
      2008-01-09 12:16 . 2008-01-09 12:16 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
      2008-01-09 12:16 . 2008-01-09 12:16 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
      2008-01-09 12:15 . 2008-01-09 12:15 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
      2008-01-06 21:25 . 2008-01-06 21:25 <REP> d-------- C:\Program Files\Macrogaming
      2008-01-04 16:16 . 2008-01-04 16:16 <REP> d-------- C:\Program Files\SAGEM
      2008-01-03 21:17 . 2008-01-04 16:17 21 --a------ C:\WINDOWS\kit.ini
      2008-01-03 19:42 . 2008-01-03 19:43 7,020,185 --a------ C:\Program Files\Gestionnaire_internetLB.exe
      2008-01-03 19:13 . 2008-01-03 19:13 535,512 --a------ C:\Program Files\pllangs.exe
      2008-01-03 19:11 . 2008-01-03 19:11 2,855,080 --a------ C:\Program Files\ad-aware-se-personal_ad-aware_se_personal_1.6_anglais_12797.exe
      2008-01-03 18:45 . 2008-01-03 18:45 407,680 --a------ C:\Program Files\aswclnr.exe
      2008-01-03 18:28 . 2008-01-03 18:24 18,164,640 --a------ C:\Program Files\aaw2007.exe
      2008-01-03 18:28 . 2008-01-03 18:23 2,724,328 --a------ C:\Program Files\ccsetup203.exe
      2008-01-01 13:04 . 2008-01-01 13:04 <REP> d-------- C:\Program Files\Browser Mouse
      2007-12-31 20:04 . 1999-01-05 11:57 32,060 --a------ C:\WINDOWS\system32\cliconf.hlp
      2007-12-31 20:03 . 2008-01-23 12:26 <REP> d-------- C:\MSSQL7
      2007-12-31 20:03 . 2008-01-02 18:45 899 --------- C:\WINDOWS\setup~0.iss
      2007-12-31 19:19 . 2007-12-31 19:22 16,840,120 --a------ C:\Program Files\IE7Setup_G_FR.exe
      2007-12-31 18:23 . 2007-12-31 18:23 244 --ah----- C:\sqmnoopt01.sqm
      2007-12-31 18:23 . 2007-12-31 18:23 232 --ah----- C:\sqmdata01.sqm
      2007-12-31 17:52 . 2007-12-31 17:52 244 --ah----- C:\sqmnoopt00.sqm
      2007-12-31 17:52 . 2007-12-31 17:52 232 --ah----- C:\sqmdata00.sqm
      2007-12-26 12:55 . 19,456 C:\WINDOWS\system32\drivers\rmbelszq.dat
      2007-12-26 11:59 . 2001-08-28 13:00 84,992 --a------ C:\WINDOWS\system32\avwa.dll
      2007-12-24 14:02 . 2007-12-24 14:02 319,488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-22 16:54 --------- d-----w C:\Program Files\DivX
      2008-01-18 20:26 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
      2008-01-18 19:33 --------- d-----w C:\Program Files\Google
      2008-01-04 15:17 --------- d-----w C:\Program Files\Wanadoo
      2008-01-04 15:16 90 ----a-w C:\Program Files\Setup.log
      2008-01-03 18:11 --------- d-----w C:\Program Files\Lavasoft
      2008-01-03 17:57 5,720 ----a-w C:\Program Files\aswclnr.log
      2008-01-03 17:45 672,256 ----a-w C:\Program Files\aswclnr.tmp
      2007-12-27 19:37 --------- d-----w C:\Program Files\JPEG Compression
      2007-12-26 10:59 77,369 ----a-w C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
      2007-12-22 14:16 --------- d-----w C:\Program Files\AkvaarioGes
      2007-12-22 14:03 --------- d-----w C:\Program Files\Aquapep2
      2007-12-22 13:56 --------- d-----w C:\Program Files\MSN Messenger
      2007-12-22 13:56 --------- d-----w C:\Program Files\Messenger Plus! Live
      2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
      2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
      2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
      2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
      2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
      2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
      2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
      2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
      2007-12-03 07:55 --------- d-----w C:\Program Files\MSN Pictures Displayer
      2007-11-30 18:43 79,868 ----a-w C:\WINDOWS\system32\adssite-remove.exe
      2007-11-28 17:16 --------- d-----w C:\Program Files\Fichiers communs\SansenDommagement
      2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
      2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
      2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
      2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
      2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
      2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
      2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
      2007-08-17 07:56 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
      2006-11-30 15:34 57,115,310 ----a-w C:\Program Files\openofficeorg3.cab
      2006-11-30 15:34 3,293,189 ----a-w C:\Program Files\openofficeorg4.cab
      2006-11-30 15:25 15,519,277 ----a-w C:\Program Files\openofficeorg2.cab
      2006-11-30 15:22 18,447,022 ----a-w C:\Program Files\openofficeorg1.cab
      2006-11-30 15:17 5,298,688 ----a-w C:\Program Files\openofficeorg21.msi
      2006-11-30 15:17 217 ----a-w C:\Program Files\setup.ini
      2006-11-13 16:31 315,392 ----a-w C:\Program Files\setup.exe
      2006-11-01 20:06 7,022,328 ----a-w C:\Program Files\logicielphotoOrangeFR.exe
      2002-03-11 09:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
      2002-03-11 08:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
      2007-12-24 14:02 319488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61C2BD6D-8C4C-4C6B-BAFE-DAD1FDCA3357}]
      2001-08-28 13:00 84992 --a------ C:\WINDOWS\system32\avwa.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 16:41 68856]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
      "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
      "SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]
      "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 19:17 57393]
      "Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 19:01 49152]
      "nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]
      "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
      "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 19:30 40960]
      "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2005-10-27 11:00 299008]
      "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
      "SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
      "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 19:33 57344]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-09 17:48 155648]
      "OWS Setup CmdLine"="C:\Program Files\Fichiers communs\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" [2004-08-20 00:09 188480]
      "LWBMOUSE"="C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 05:35 429568]
      "iKeyWorks"="C:\PROGRA~1\HotKeys\Ikeymain.exe" [2001-09-12 08:44 49152]
      "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
      "spoolms"="C:\WINDOWS\system32\dllcache\spoolms.exe" [2008-01-22 12:49 25600]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Contr“leur d'‚tat.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-01-15 14:23:08 802816]
      Gestionnaire de services SQL Server.lnk - C:\MSSQL7\Binn\sqlmangr.exe [2007-12-31 20:04:19 110592]
      Logiciel de Synchronisation Orange.lnk - C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe [2007-05-14 12:05:16 684032]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56 65588]
      NkvMon.exe.lnk - C:\Program Files\Nikon\NkView5\NkvMon.exe [2005-09-17 16:03:33 233472]
      Raccourci vers wlancfg.lnk - C:\thomson\wlancfg.exe [2007-08-17 10:40:30 1466368]
      Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46 118784]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

      R0 ttyxpzsj;ttyxpzsj;C:\WINDOWS\system32\drivers\rmbelszq.dat []
      R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
      R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2002-07-01 15:10]
      R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
      S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-02-18 17:54]
      S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
      S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
      S3 p2psvc;Réseau homologue;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
      S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
      S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
      S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 08:42]
      S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 08:42]
      S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 08:42]
      S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 08:42]
      S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 08:42]
      S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys []

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-01-18 17:34:17 C:\WINDOWS\Tasks\Norton Security Scan.job"
      - C:\Program Files\Norton Security Scan\Nss.exe
      "2008-01-23 14:22:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
      - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-23 15:22:14
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      0
  2. cyrilsp37 Messages postés 37 Statut Membre
     
    voici mon rapport combofix
    ymantec W32.Netsky FixTool 1.12.0

    C:\Documents and Settings\Angelique\Local Settings\Application Data\Microsoft\Messenger\an.gelique@hotmail.fr\SharingMetadata\kerzerber@hotmail.com\DFSR\Staging\CS{C32300FE-A7D1-C30A-FFE3-288F3BF906A9}\01\11-{C32300FE-A7D1-C30A-FFE3-288F3BF906A9}-v1-{71D18029-C54B-4D4A-B98E-BCAAA53C4589}-v11-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Angelique\Local Settings\Application Data\Microsoft\Messenger\an.gelique@hotmail.fr\SharingMetadata\mac.fly.38@hotmail.fr\DFSR\Staging\CS{C3B484DF-BB9A-B507-0F90-E1B5D9EE6A96}\01\10-{C3B484DF-BB9A-B507-0F90-E1B5D9EE6A96}-v1-{71D18029-C54B-4D4A-B98E-BCAAA53C4589}-v10-Downloaded.frx (WARNING: not scanned, path to long)

    The scanning procedure was cancelled.

    W32.Netsky has not been found on your computer, but the scan
    was cancelled before it finished. The virus may still be present on the machine.
    0
  3. cyrilsp37 Messages postés 37 Statut Membre
     
    voici le bon rapport combofix

    ComboFix 08-01-23.2 - Angelique 2008-01-23 15:18:52.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.522 [GMT 1:00]
    Endroit: C:\Documents and Settings\Angelique\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\All Users\Application Data\salesmonitor
    C:\Documents and Settings\Angelique\new.txt
    C:\Program Files\webmediaplayer
    C:\Program Files\webmediaplayer\resources\languages.xml
    C:\Program Files\webmediaplayer\resources\webmedias
    C:\Program Files\webmediaplayer\skins\classic.skn
    C:\Program Files\webmediaplayer\WebMediaPlayer.url
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\befcdrupto.dat
    C:\WINDOWS\system32\befcdrupto_nav.dat
    C:\WINDOWS\system32\befcdrupto_navps.dat
    C:\WINDOWS\system32\neksbixfmb.dat
    C:\WINDOWS\system32\neksbixfmb_nav.dat
    C:\WINDOWS\system32\neksbixfmb_navps.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_IPRIP
    -------\Iprip

    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-23 14:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-23 14:25 . 2008-01-23 14:28 <REP> d-------- C:\Program Files\Navilog1
    2008-01-23 12:53 . 2008-01-23 12:53 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-01-23 12:35 . 2008-01-23 12:35 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-23 12:26 . 2008-01-23 12:26 2,648 --a------ C:\WINDOWS\sql70.MIF
    2008-01-22 20:41 . 2008-01-22 20:41 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-01-22 16:48 . 2008-01-23 15:04 25,752 --a------ C:\WINDOWS\DSC01497.zip
    2008-01-22 16:48 . 2008-01-22 12:49 25,600 -r-hsc--- C:\WINDOWS\system32\dllcache\spoolms.exe
    2008-01-18 18:45 . 2008-01-18 18:45 <REP> d---s---- C:\WINDOWS\system32\%SystemDrive%
    2008-01-18 18:45 . 2008-01-18 18:45 <REP> d-------- C:\WINDOWS\Google Toolbar
    2008-01-18 18:33 . 2008-01-18 18:46 <REP> d-------- C:\Program Files\Norton Security Scan
    2008-01-18 18:29 . 2008-01-18 18:29 867,560 --a------ C:\Program Files\Google Updater.exe
    2008-01-12 21:04 . 2008-01-12 21:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-12 21:04 . 2008-01-12 21:04 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-12 09:16 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-01-12 09:16 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-01-12 09:16 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-01-12 09:16 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-01-12 09:16 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-01-12 09:16 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-01-12 09:16 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-01-12 09:16 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-01-12 09:11 . 2008-01-12 09:14 19,004,560 --a------ C:\Program Files\setupfre.exe
    2008-01-09 12:18 . 2008-01-09 12:18 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-01-09 12:18 . 2008-01-09 12:18 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-01-09 12:18 . 2008-01-09 12:18 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-01-09 12:18 . 2008-01-09 12:18 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-01-09 12:18 . 2008-01-09 12:18 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-01-09 12:18 . 2008-01-09 12:18 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-01-09 12:16 . 2008-01-09 12:16 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2008-01-09 12:16 . 2008-01-09 12:16 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2008-01-09 12:16 . 2008-01-09 12:16 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2008-01-09 12:16 . 2008-01-09 12:16 682,496 --a------ C:\WINDOWS\system32\DivX.dll
    2008-01-09 12:16 . 2008-01-09 12:16 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
    2008-01-09 12:16 . 2008-01-09 12:16 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
    2008-01-09 12:16 . 2008-01-09 12:16 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
    2008-01-09 12:16 . 2008-01-09 12:16 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
    2008-01-09 12:15 . 2008-01-09 12:15 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
    2008-01-06 21:25 . 2008-01-06 21:25 <REP> d-------- C:\Program Files\Macrogaming
    2008-01-04 16:16 . 2008-01-04 16:16 <REP> d-------- C:\Program Files\SAGEM
    2008-01-03 21:17 . 2008-01-04 16:17 21 --a------ C:\WINDOWS\kit.ini
    2008-01-03 19:42 . 2008-01-03 19:43 7,020,185 --a------ C:\Program Files\Gestionnaire_internetLB.exe
    2008-01-03 19:13 . 2008-01-03 19:13 535,512 --a------ C:\Program Files\pllangs.exe
    2008-01-03 19:11 . 2008-01-03 19:11 2,855,080 --a------ C:\Program Files\ad-aware-se-personal_ad-aware_se_personal_1.6_anglais_12797.exe
    2008-01-03 18:45 . 2008-01-03 18:45 407,680 --a------ C:\Program Files\aswclnr.exe
    2008-01-03 18:28 . 2008-01-03 18:24 18,164,640 --a------ C:\Program Files\aaw2007.exe
    2008-01-03 18:28 . 2008-01-03 18:23 2,724,328 --a------ C:\Program Files\ccsetup203.exe
    2008-01-01 13:04 . 2008-01-01 13:04 <REP> d-------- C:\Program Files\Browser Mouse
    2007-12-31 20:04 . 1999-01-05 11:57 32,060 --a------ C:\WINDOWS\system32\cliconf.hlp
    2007-12-31 20:03 . 2008-01-23 12:26 <REP> d-------- C:\MSSQL7
    2007-12-31 20:03 . 2008-01-02 18:45 899 --------- C:\WINDOWS\setup~0.iss
    2007-12-31 19:19 . 2007-12-31 19:22 16,840,120 --a------ C:\Program Files\IE7Setup_G_FR.exe
    2007-12-31 18:23 . 2007-12-31 18:23 244 --ah----- C:\sqmnoopt01.sqm
    2007-12-31 18:23 . 2007-12-31 18:23 232 --ah----- C:\sqmdata01.sqm
    2007-12-31 17:52 . 2007-12-31 17:52 244 --ah----- C:\sqmnoopt00.sqm
    2007-12-31 17:52 . 2007-12-31 17:52 232 --ah----- C:\sqmdata00.sqm
    2007-12-26 12:55 . 19,456 C:\WINDOWS\system32\drivers\rmbelszq.dat
    2007-12-26 11:59 . 2001-08-28 13:00 84,992 --a------ C:\WINDOWS\system32\avwa.dll
    2007-12-24 14:02 . 2007-12-24 14:02 319,488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-22 16:54 --------- d-----w C:\Program Files\DivX
    2008-01-18 20:26 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-01-18 19:33 --------- d-----w C:\Program Files\Google
    2008-01-04 15:17 --------- d-----w C:\Program Files\Wanadoo
    2008-01-04 15:16 90 ----a-w C:\Program Files\Setup.log
    2008-01-03 18:11 --------- d-----w C:\Program Files\Lavasoft
    2008-01-03 17:57 5,720 ----a-w C:\Program Files\aswclnr.log
    2008-01-03 17:45 672,256 ----a-w C:\Program Files\aswclnr.tmp
    2007-12-27 19:37 --------- d-----w C:\Program Files\JPEG Compression
    2007-12-26 10:59 77,369 ----a-w C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
    2007-12-22 14:16 --------- d-----w C:\Program Files\AkvaarioGes
    2007-12-22 14:03 --------- d-----w C:\Program Files\Aquapep2
    2007-12-22 13:56 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-22 13:56 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-12-03 07:55 --------- d-----w C:\Program Files\MSN Pictures Displayer
    2007-11-30 18:43 79,868 ----a-w C:\WINDOWS\system32\adssite-remove.exe
    2007-11-28 17:16 --------- d-----w C:\Program Files\Fichiers communs\SansenDommagement
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
    2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
    2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
    2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
    2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2007-08-17 07:56 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2006-11-30 15:34 57,115,310 ----a-w C:\Program Files\openofficeorg3.cab
    2006-11-30 15:34 3,293,189 ----a-w C:\Program Files\openofficeorg4.cab
    2006-11-30 15:25 15,519,277 ----a-w C:\Program Files\openofficeorg2.cab
    2006-11-30 15:22 18,447,022 ----a-w C:\Program Files\openofficeorg1.cab
    2006-11-30 15:17 5,298,688 ----a-w C:\Program Files\openofficeorg21.msi
    2006-11-30 15:17 217 ----a-w C:\Program Files\setup.ini
    2006-11-13 16:31 315,392 ----a-w C:\Program Files\setup.exe
    2006-11-01 20:06 7,022,328 ----a-w C:\Program Files\logicielphotoOrangeFR.exe
    2002-03-11 09:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
    2002-03-11 08:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
    2007-12-24 14:02 319488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61C2BD6D-8C4C-4C6B-BAFE-DAD1FDCA3357}]
    2001-08-28 13:00 84992 --a------ C:\WINDOWS\system32\avwa.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 16:41 68856]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
    "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
    "SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]
    "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 19:17 57393]
    "Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 19:01 49152]
    "nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 19:30 40960]
    "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2005-10-27 11:00 299008]
    "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 19:33 57344]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-09 17:48 155648]
    "OWS Setup CmdLine"="C:\Program Files\Fichiers communs\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" [2004-08-20 00:09 188480]
    "LWBMOUSE"="C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 05:35 429568]
    "iKeyWorks"="C:\PROGRA~1\HotKeys\Ikeymain.exe" [2001-09-12 08:44 49152]
    "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "spoolms"="C:\WINDOWS\system32\dllcache\spoolms.exe" [2008-01-22 12:49 25600]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Contr“leur d'‚tat.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-01-15 14:23:08 802816]
    Gestionnaire de services SQL Server.lnk - C:\MSSQL7\Binn\sqlmangr.exe [2007-12-31 20:04:19 110592]
    Logiciel de Synchronisation Orange.lnk - C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe [2007-05-14 12:05:16 684032]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56 65588]
    NkvMon.exe.lnk - C:\Program Files\Nikon\NkView5\NkvMon.exe [2005-09-17 16:03:33 233472]
    Raccourci vers wlancfg.lnk - C:\thomson\wlancfg.exe [2007-08-17 10:40:30 1466368]
    Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46 118784]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

    R0 ttyxpzsj;ttyxpzsj;C:\WINDOWS\system32\drivers\rmbelszq.dat []
    R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
    R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2002-07-01 15:10]
    R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-02-18 17:54]
    S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
    S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
    S3 p2psvc;Réseau homologue;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
    S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
    S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 08:42]
    S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 08:42]
    S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 08:42]
    S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 08:42]
    S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 08:42]
    S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-18 17:34:17 C:\WINDOWS\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    "2008-01-23 14:22:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-23 15:22:14
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    merci de m'aider et me dire la suite a suivre
    0
  4. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    repost un nouveau rapport hijack this stp

    a la suite de cette reponse

    @+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. cyrilsp37 Messages postés 37 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:00, on 2008-01-23
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\System32\svchost.exe
    C:\MSSQL7\binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\MSSQL7\binn\sqlagent.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    C:\PROGRA~1\HotKeys\Ikeymain.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\dllcache\spoolms.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\MSSQL7\Binn\sqlmangr.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\thomson\wlancfg.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
    O2 - BHO: (no name) - {61C2BD6D-8C4C-4C6B-BAFE-DAD1FDCA3357} - C:\WINDOWS\system32\avwa.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OWS Setup CmdLine] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" /r /pkg "Office 2000 Server Extensions" /q
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HotKeys\Ikeymain.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [spoolms] C:\WINDOWS\system32\dllcache\spoolms.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: Gestionnaire de services SQL Server.lnk = C:\MSSQL7\Binn\sqlmangr.exe
    O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
    O4 - Global Startup: Raccourci vers wlancfg.lnk = C:\thomson\wlancfg.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.n9ws.com/webscanner/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cyrilsp37france.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1200137595375
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cyrilsp37.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Office Server Extensions Notification Service (OWSTimer) - Unknown owner - C:\Program Files\Microsoft Office\Office\OWSTIMER.EXE
    0
  7. cyrilsp37 Messages postés 37 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:00, on 2008-01-23
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\System32\svchost.exe
    C:\MSSQL7\binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\MSSQL7\binn\sqlagent.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    C:\PROGRA~1\HotKeys\Ikeymain.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\dllcache\spoolms.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\MSSQL7\Binn\sqlmangr.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\thomson\wlancfg.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
    O2 - BHO: (no name) - {61C2BD6D-8C4C-4C6B-BAFE-DAD1FDCA3357} - C:\WINDOWS\system32\avwa.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OWS Setup CmdLine] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" /r /pkg "Office 2000 Server Extensions" /q
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HotKeys\Ikeymain.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [spoolms] C:\WINDOWS\system32\dllcache\spoolms.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: Gestionnaire de services SQL Server.lnk = C:\MSSQL7\Binn\sqlmangr.exe
    O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
    O4 - Global Startup: Raccourci vers wlancfg.lnk = C:\thomson\wlancfg.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.n9ws.com/webscanner/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cyrilsp37france.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1200137595375
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cyrilsp37.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Office Server Extensions Notification Service (OWSTimer) - Unknown owner - C:\Program Files\Microsoft Office\Office\OWSTIMER.EXE
    0
  8. cyrilsp37 Messages postés 37 Statut Membre
     
    voici le nouveau test HijackThis et merci de me donner la conduite a tenir car tjrs la le virus
    0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\adssite_sidebar.dll
    C:\WINDOWS\system32\avwa.dll
    C:\WINDOWS\system32\drivers\rmbelszq.dat
    C:\WINDOWS\system32\dllcache\spoolms.exe
    C:\WINDOWS\Tasks\Norton Security Scan.job
    C:\Program Files\Norton Security Scan\Nss.exe
    C:\WINDOWS\Tasks\Symantec NetDetect.job
    C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

    Folder::
    C:\Program Files\Macrogaming\SweetIM
    C:\Program Files\Fichiers communs\BOONTY Shared

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61C2BD6D-8C4C-4C6B-BAFE-DAD1FDCA3357}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SweetIM"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SweetIM"=-
    "spoolms"=-

    Driver::
    ttyxpzsj

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt2 accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
  10. g!rly Messages postés 18462 Statut Contributeur 407
     
    up
    0
  11. cyrilsp37 Messages postés 37 Statut Membre
     
    nouveaux combofix

    ComboFix 08-01-23.2 - Angelique 2008-01-23 17:23:24.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.514 [GMT 1:00]
    Endroit: C:\Documents and Settings\Angelique\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Angelique\Mes documents\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE
    C:\Program Files\Norton Security Scan\Nss.exe
    C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    C:\WINDOWS\system32\adssite_sidebar.dll
    C:\WINDOWS\system32\avwa.dll
    C:\WINDOWS\system32\dllcache\spoolms.exe
    C:\WINDOWS\system32\drivers\rmbelszq.dat
    C:\WINDOWS\Tasks\Norton Security Scan.job
    C:\WINDOWS\Tasks\Symantec NetDetect.job
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    C:\Program Files\Macrogaming\SweetIM
    C:\Program Files\Macrogaming\SweetIM\conf\adapter.xml
    C:\Program Files\Macrogaming\SweetIM\conf\autoupdate.xml
    C:\Program Files\Macrogaming\SweetIM\conf\logger.xml
    C:\Program Files\Macrogaming\SweetIM\conf\messages.xml
    C:\Program Files\Macrogaming\SweetIM\conf\sweetim.xml
    C:\Program Files\Macrogaming\SweetIM\conf\sweetimapp.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\an.gelique@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\an.gelique@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\cyrilsp37@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\cyrilsp37@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\va.l.erie@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\va.l.erie@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002015B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050007.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
    C:\Program Files\Macrogaming\SweetIM\default.xml
    C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll
    C:\Program Files\Macrogaming\SweetIM\mgAIMAuto.dll
    C:\Program Files\Macrogaming\SweetIM\mgAIMMessengerAdapter.dll
    C:\Program Files\Macrogaming\SweetIM\mgArchive.dll
    C:\Program Files\Macrogaming\SweetIM\mgcommon.dll
    C:\Program Files\Macrogaming\SweetIM\mgcommunication.dll
    C:\Program Files\Macrogaming\SweetIM\mgconfig.dll
    C:\Program Files\Macrogaming\SweetIM\mgFlashPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mghooking.dll
    C:\Program Files\Macrogaming\SweetIM\mgIEPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mglogger.dll
    C:\Program Files\Macrogaming\SweetIM\mgMediaPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mgMsnAuto.dll
    C:\Program Files\Macrogaming\SweetIM\mgMsnMessengerAdapter.dll
    C:\Program Files\Macrogaming\SweetIM\mgSweetIM.dll
    C:\Program Files\Macrogaming\SweetIM\mgUpdateSupport.dll
    C:\Program Files\Macrogaming\SweetIM\mgxml_wrapper.dll
    C:\Program Files\Macrogaming\SweetIM\mgYahooAuto.dll
    C:\Program Files\Macrogaming\SweetIM\mgYahooMessengerAdapter.dll
    C:\Program Files\Macrogaming\SweetIM\msvcp71.dll
    C:\Program Files\Macrogaming\SweetIM\msvcr71.dll
    C:\Program Files\Macrogaming\SweetIM\resources\images\AudibleButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\DisplayPicturesButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\EmoticonButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\NudgeButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\SoundFxButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\WinksButton.png
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Norton Security Scan\Nss.exe
    C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    C:\WINDOWS\system32\adssite_sidebar.dll
    C:\WINDOWS\system32\avwa.dll
    C:\WINDOWS\system32\dllcache\spoolms.exe
    C:\WINDOWS\system32\drivers\rmbelszq.dat
    C:\WINDOWS\Tasks\Norton Security Scan.job
    C:\WINDOWS\Tasks\Symantec NetDetect.job
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\All Users\Application Data\salesmonitor
    C:\Documents and Settings\Angelique\new.txt
    C:\Program Files\webmediaplayer
    C:\Program Files\webmediaplayer\resources\languages.xml
    C:\Program Files\webmediaplayer\resources\webmedias
    C:\Program Files\webmediaplayer\skins\classic.skn
    C:\Program Files\webmediaplayer\WebMediaPlayer.url
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\befcdrupto.dat
    C:\WINDOWS\system32\befcdrupto_nav.dat
    C:\WINDOWS\system32\befcdrupto_navps.dat
    C:\WINDOWS\system32\neksbixfmb.dat
    C:\WINDOWS\system32\neksbixfmb_nav.dat
    C:\WINDOWS\system32\neksbixfmb_navps.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_IPRIP
    -------\Iprip

    -------\LEGACY_TTYXPZSJ
    -------\ttyxpzsj

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-23 14:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-23 14:25 . 2008-01-23 14:28 <REP> d-------- C:\Program Files\Navilog1
    2008-01-23 12:53 . 2008-01-23 12:53 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-01-23 12:35 . 2008-01-23 12:35 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-23 12:26 . 2008-01-23 12:26 2,648 --a------ C:\WINDOWS\sql70.MIF
    2008-01-22 20:41 . 2008-01-22 20:41 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-01-22 16:48 . 2008-01-23 17:08 25,752 --a------ C:\WINDOWS\DSC01497.zip
    2008-01-18 18:45 . 2008-01-18 18:45 <REP> d---s---- C:\WINDOWS\system32\%SystemDrive%
    2008-01-18 18:45 . 2008-01-18 18:45 <REP> d-------- C:\WINDOWS\Google Toolbar
    2008-01-18 18:33 . 2008-01-23 17:31 <REP> d-------- C:\Program Files\Norton Security Scan
    2008-01-18 18:29 . 2008-01-18 18:29 867,560 --a------ C:\Program Files\Google Updater.exe
    2008-01-12 21:04 . 2008-01-12 21:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-12 21:04 . 2008-01-12 21:04 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-12 09:16 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-01-12 09:16 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-01-12 09:16 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-01-12 09:16 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-01-12 09:16 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-01-12 09:16 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-01-12 09:16 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-01-12 09:16 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-01-12 09:11 . 2008-01-12 09:14 19,004,560 --a------ C:\Program Files\setupfre.exe
    2008-01-09 12:18 . 2008-01-09 12:18 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-01-09 12:18 . 2008-01-09 12:18 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-01-09 12:18 . 2008-01-09 12:18 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-01-09 12:18 . 2008-01-09 12:18 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-01-09 12:18 . 2008-01-09 12:18 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-01-09 12:18 . 2008-01-09 12:18 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-01-09 12:16 . 2008-01-09 12:16 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2008-01-09 12:16 . 2008-01-09 12:16 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2008-01-09 12:16 . 2008-01-09 12:16 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2008-01-09 12:16 . 2008-01-09 12:16 682,496 --a------ C:\WINDOWS\system32\DivX.dll
    2008-01-09 12:16 . 2008-01-09 12:16 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
    2008-01-09 12:16 . 2008-01-09 12:16 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
    2008-01-09 12:16 . 2008-01-09 12:16 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
    2008-01-09 12:16 . 2008-01-09 12:16 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
    2008-01-09 12:15 . 2008-01-09 12:15 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
    2008-01-06 21:25 . 2008-01-23 17:31 <REP> d-------- C:\Program Files\Macrogaming
    2008-01-04 16:16 . 2008-01-04 16:16 <REP> d-------- C:\Program Files\SAGEM
    2008-01-03 21:17 . 2008-01-04 16:17 21 --a------ C:\WINDOWS\kit.ini
    2008-01-03 19:42 . 2008-01-03 19:43 7,020,185 --a------ C:\Program Files\Gestionnaire_internetLB.exe
    2008-01-03 19:13 . 2008-01-03 19:13 535,512 --a------ C:\Program Files\pllangs.exe
    2008-01-03 19:11 . 2008-01-03 19:11 2,855,080 --a------ C:\Program Files\ad-aware-se-personal_ad-aware_se_personal_1.6_anglais_12797.exe
    2008-01-03 18:45 . 2008-01-03 18:45 407,680 --a------ C:\Program Files\aswclnr.exe
    2008-01-03 18:28 . 2008-01-03 18:24 18,164,640 --a------ C:\Program Files\aaw2007.exe
    2008-01-03 18:28 . 2008-01-03 18:23 2,724,328 --a------ C:\Program Files\ccsetup203.exe
    2008-01-01 13:04 . 2008-01-01 13:04 <REP> d-------- C:\Program Files\Browser Mouse
    2007-12-31 20:04 . 1999-01-05 11:57 32,060 --a------ C:\WINDOWS\system32\cliconf.hlp
    2007-12-31 20:03 . 2008-01-23 12:26 <REP> d-------- C:\MSSQL7
    2007-12-31 20:03 . 2008-01-02 18:45 899 --------- C:\WINDOWS\setup~0.iss
    2007-12-31 19:19 . 2007-12-31 19:22 16,840,120 --a------ C:\Program Files\IE7Setup_G_FR.exe
    2007-12-31 18:23 . 2007-12-31 18:23 244 --ah----- C:\sqmnoopt01.sqm
    2007-12-31 18:23 . 2007-12-31 18:23 232 --ah----- C:\sqmdata01.sqm
    2007-12-31 17:52 . 2007-12-31 17:52 244 --ah----- C:\sqmnoopt00.sqm
    2007-12-31 17:52 . 2007-12-31 17:52 232 --ah----- C:\sqmdata00.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-22 16:54 --------- d-----w C:\Program Files\DivX
    2008-01-18 20:26 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-01-18 19:33 --------- d-----w C:\Program Files\Google
    2008-01-04 15:17 --------- d-----w C:\Program Files\Wanadoo
    2008-01-04 15:16 90 ----a-w C:\Program Files\Setup.log
    2008-01-03 18:11 --------- d-----w C:\Program Files\Lavasoft
    2008-01-03 17:57 5,720 ----a-w C:\Program Files\aswclnr.log
    2008-01-03 17:45 672,256 ----a-w C:\Program Files\aswclnr.tmp
    2007-12-27 19:37 --------- d-----w C:\Program Files\JPEG Compression
    2007-12-22 14:16 --------- d-----w C:\Program Files\AkvaarioGes
    2007-12-22 14:03 --------- d-----w C:\Program Files\Aquapep2
    2007-12-22 13:56 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-22 13:56 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-03 07:55 --------- d-----w C:\Program Files\MSN Pictures Displayer
    2007-11-28 17:16 --------- d-----w C:\Program Files\Fichiers communs\SansenDommagement
    2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2007-08-17 07:56 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2006-11-30 15:34 57,115,310 ----a-w C:\Program Files\openofficeorg3.cab
    2006-11-30 15:34 3,293,189 ----a-w C:\Program Files\openofficeorg4.cab
    2006-11-30 15:25 15,519,277 ----a-w C:\Program Files\openofficeorg2.cab
    2006-11-30 15:22 18,447,022 ----a-w C:\Program Files\openofficeorg1.cab
    2006-11-30 15:17 5,298,688 ----a-w C:\Program Files\openofficeorg21.msi
    2006-11-30 15:17 217 ----a-w C:\Program Files\setup.ini
    2006-11-13 16:31 315,392 ----a-w C:\Program Files\setup.exe
    2006-11-01 20:06 7,022,328 ----a-w C:\Program Files\logicielphotoOrangeFR.exe
    2002-03-11 09:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
    2002-03-11 08:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-23_15.10.56.95 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-23 13:54:44 266,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-23 16:23:13 266,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-23 13:54:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-23 16:23:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-23 13:54:44 266,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-23 16:23:13 266,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-23 13:54:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-23 16:23:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-23 13:54:45 6,164,480 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-23 16:23:14 6,189,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-23 13:54:45 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-23 16:23:14 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-23 16:36:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4a8.dat
    + 2008-01-23 16:36:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7d8.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 16:41 68856]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
    "SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]
    "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 19:17 57393]
    "Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 19:01 49152]
    "nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 19:30 40960]
    "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2005-10-27 11:00 299008]
    "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-09 17:48 155648]
    "OWS Setup CmdLine"="C:\Program Files\Fichiers communs\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" [2004-08-20 00:09 188480]
    "LWBMOUSE"="C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 05:35 429568]
    "iKeyWorks"="C:\PROGRA~1\HotKeys\Ikeymain.exe" [2001-09-12 08:44 49152]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

    C:\Documents and Settings\Angelique\Menu D‚marrer\Programmes\D‚marrage\
    MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-05-27 18:28:12 4571136]
    OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48 393216]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

    R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
    R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2002-07-01 15:10]
    R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []
    S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
    S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
    S3 p2psvc;Réseau homologue;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
    S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
    S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 08:42]
    S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 08:42]
    S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 08:42]
    S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 08:42]
    S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 08:42]
    S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-23 17:39:53
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    0
  12. cyrilsp37 Messages postés 37 Statut Membre
     
    nouveaux combofix

    ComboFix 08-01-23.2 - Angelique 2008-01-23 17:23:24.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.514 [GMT 1:00]
    Endroit: C:\Documents and Settings\Angelique\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Angelique\Mes documents\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE
    C:\Program Files\Norton Security Scan\Nss.exe
    C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    C:\WINDOWS\system32\adssite_sidebar.dll
    C:\WINDOWS\system32\avwa.dll
    C:\WINDOWS\system32\dllcache\spoolms.exe
    C:\WINDOWS\system32\drivers\rmbelszq.dat
    C:\WINDOWS\Tasks\Norton Security Scan.job
    C:\WINDOWS\Tasks\Symantec NetDetect.job
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    C:\Program Files\Macrogaming\SweetIM
    C:\Program Files\Macrogaming\SweetIM\conf\adapter.xml
    C:\Program Files\Macrogaming\SweetIM\conf\autoupdate.xml
    C:\Program Files\Macrogaming\SweetIM\conf\logger.xml
    C:\Program Files\Macrogaming\SweetIM\conf\messages.xml
    C:\Program Files\Macrogaming\SweetIM\conf\sweetim.xml
    C:\Program Files\Macrogaming\SweetIM\conf\sweetimapp.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\an.gelique@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\an.gelique@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\cyrilsp37@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\cyrilsp37@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\va.l.erie@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\va.l.erie@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002015B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050007.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
    C:\Program Files\Macrogaming\SweetIM\default.xml
    C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll
    C:\Program Files\Macrogaming\SweetIM\mgAIMAuto.dll
    C:\Program Files\Macrogaming\SweetIM\mgAIMMessengerAdapter.dll
    C:\Program Files\Macrogaming\SweetIM\mgArchive.dll
    C:\Program Files\Macrogaming\SweetIM\mgcommon.dll
    C:\Program Files\Macrogaming\SweetIM\mgcommunication.dll
    C:\Program Files\Macrogaming\SweetIM\mgconfig.dll
    C:\Program Files\Macrogaming\SweetIM\mgFlashPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mghooking.dll
    C:\Program Files\Macrogaming\SweetIM\mgIEPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mglogger.dll
    C:\Program Files\Macrogaming\SweetIM\mgMediaPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mgMsnAuto.dll
    C:\Program Files\Macrogaming\SweetIM\mgMsnMessengerAdapter.dll
    C:\Program Files\Macrogaming\SweetIM\mgSweetIM.dll
    C:\Program Files\Macrogaming\SweetIM\mgUpdateSupport.dll
    C:\Program Files\Macrogaming\SweetIM\mgxml_wrapper.dll
    C:\Program Files\Macrogaming\SweetIM\mgYahooAuto.dll
    C:\Program Files\Macrogaming\SweetIM\mgYahooMessengerAdapter.dll
    C:\Program Files\Macrogaming\SweetIM\msvcp71.dll
    C:\Program Files\Macrogaming\SweetIM\msvcr71.dll
    C:\Program Files\Macrogaming\SweetIM\resources\images\AudibleButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\DisplayPicturesButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\EmoticonButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\NudgeButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\SoundFxButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\WinksButton.png
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Norton Security Scan\Nss.exe
    C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    C:\WINDOWS\system32\adssite_sidebar.dll
    C:\WINDOWS\system32\avwa.dll
    C:\WINDOWS\system32\dllcache\spoolms.exe
    C:\WINDOWS\system32\drivers\rmbelszq.dat
    C:\WINDOWS\Tasks\Norton Security Scan.job
    C:\WINDOWS\Tasks\Symantec NetDetect.job
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\All Users\Application Data\salesmonitor
    C:\Documents and Settings\Angelique\new.txt
    C:\Program Files\webmediaplayer
    C:\Program Files\webmediaplayer\resources\languages.xml
    C:\Program Files\webmediaplayer\resources\webmedias
    C:\Program Files\webmediaplayer\skins\classic.skn
    C:\Program Files\webmediaplayer\WebMediaPlayer.url
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\befcdrupto.dat
    C:\WINDOWS\system32\befcdrupto_nav.dat
    C:\WINDOWS\system32\befcdrupto_navps.dat
    C:\WINDOWS\system32\neksbixfmb.dat
    C:\WINDOWS\system32\neksbixfmb_nav.dat
    C:\WINDOWS\system32\neksbixfmb_navps.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_IPRIP
    -------\Iprip

    -------\LEGACY_TTYXPZSJ
    -------\ttyxpzsj

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-23 14:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-23 14:25 . 2008-01-23 14:28 <REP> d-------- C:\Program Files\Navilog1
    2008-01-23 12:53 . 2008-01-23 12:53 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-01-23 12:35 . 2008-01-23 12:35 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-23 12:26 . 2008-01-23 12:26 2,648 --a------ C:\WINDOWS\sql70.MIF
    2008-01-22 20:41 . 2008-01-22 20:41 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-01-22 16:48 . 2008-01-23 17:08 25,752 --a------ C:\WINDOWS\DSC01497.zip
    2008-01-18 18:45 . 2008-01-18 18:45 <REP> d---s---- C:\WINDOWS\system32\%SystemDrive%
    2008-01-18 18:45 . 2008-01-18 18:45 <REP> d-------- C:\WINDOWS\Google Toolbar
    2008-01-18 18:33 . 2008-01-23 17:31 <REP> d-------- C:\Program Files\Norton Security Scan
    2008-01-18 18:29 . 2008-01-18 18:29 867,560 --a------ C:\Program Files\Google Updater.exe
    2008-01-12 21:04 . 2008-01-12 21:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-12 21:04 . 2008-01-12 21:04 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-12 09:16 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-01-12 09:16 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-01-12 09:16 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-01-12 09:16 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-01-12 09:16 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-01-12 09:16 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-01-12 09:16 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-01-12 09:16 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-01-12 09:11 . 2008-01-12 09:14 19,004,560 --a------ C:\Program Files\setupfre.exe
    2008-01-09 12:18 . 2008-01-09 12:18 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-01-09 12:18 . 2008-01-09 12:18 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-01-09 12:18 . 2008-01-09 12:18 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-01-09 12:18 . 2008-01-09 12:18 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-01-09 12:18 . 2008-01-09 12:18 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-01-09 12:18 . 2008-01-09 12:18 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-01-09 12:16 . 2008-01-09 12:16 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2008-01-09 12:16 . 2008-01-09 12:16 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2008-01-09 12:16 . 2008-01-09 12:16 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2008-01-09 12:16 . 2008-01-09 12:16 682,496 --a------ C:\WINDOWS\system32\DivX.dll
    2008-01-09 12:16 . 2008-01-09 12:16 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
    2008-01-09 12:16 . 2008-01-09 12:16 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
    2008-01-09 12:16 . 2008-01-09 12:16 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
    2008-01-09 12:16 . 2008-01-09 12:16 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
    2008-01-09 12:15 . 2008-01-09 12:15 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
    2008-01-06 21:25 . 2008-01-23 17:31 <REP> d-------- C:\Program Files\Macrogaming
    2008-01-04 16:16 . 2008-01-04 16:16 <REP> d-------- C:\Program Files\SAGEM
    2008-01-03 21:17 . 2008-01-04 16:17 21 --a------ C:\WINDOWS\kit.ini
    2008-01-03 19:42 . 2008-01-03 19:43 7,020,185 --a------ C:\Program Files\Gestionnaire_internetLB.exe
    2008-01-03 19:13 . 2008-01-03 19:13 535,512 --a------ C:\Program Files\pllangs.exe
    2008-01-03 19:11 . 2008-01-03 19:11 2,855,080 --a------ C:\Program Files\ad-aware-se-personal_ad-aware_se_personal_1.6_anglais_12797.exe
    2008-01-03 18:45 . 2008-01-03 18:45 407,680 --a------ C:\Program Files\aswclnr.exe
    2008-01-03 18:28 . 2008-01-03 18:24 18,164,640 --a------ C:\Program Files\aaw2007.exe
    2008-01-03 18:28 . 2008-01-03 18:23 2,724,328 --a------ C:\Program Files\ccsetup203.exe
    2008-01-01 13:04 . 2008-01-01 13:04 <REP> d-------- C:\Program Files\Browser Mouse
    2007-12-31 20:04 . 1999-01-05 11:57 32,060 --a------ C:\WINDOWS\system32\cliconf.hlp
    2007-12-31 20:03 . 2008-01-23 12:26 <REP> d-------- C:\MSSQL7
    2007-12-31 20:03 . 2008-01-02 18:45 899 --------- C:\WINDOWS\setup~0.iss
    2007-12-31 19:19 . 2007-12-31 19:22 16,840,120 --a------ C:\Program Files\IE7Setup_G_FR.exe
    2007-12-31 18:23 . 2007-12-31 18:23 244 --ah----- C:\sqmnoopt01.sqm
    2007-12-31 18:23 . 2007-12-31 18:23 232 --ah----- C:\sqmdata01.sqm
    2007-12-31 17:52 . 2007-12-31 17:52 244 --ah----- C:\sqmnoopt00.sqm
    2007-12-31 17:52 . 2007-12-31 17:52 232 --ah----- C:\sqmdata00.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-22 16:54 --------- d-----w C:\Program Files\DivX
    2008-01-18 20:26 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-01-18 19:33 --------- d-----w C:\Program Files\Google
    2008-01-04 15:17 --------- d-----w C:\Program Files\Wanadoo
    2008-01-04 15:16 90 ----a-w C:\Program Files\Setup.log
    2008-01-03 18:11 --------- d-----w C:\Program Files\Lavasoft
    2008-01-03 17:57 5,720 ----a-w C:\Program Files\aswclnr.log
    2008-01-03 17:45 672,256 ----a-w C:\Program Files\aswclnr.tmp
    2007-12-27 19:37 --------- d-----w C:\Program Files\JPEG Compression
    2007-12-22 14:16 --------- d-----w C:\Program Files\AkvaarioGes
    2007-12-22 14:03 --------- d-----w C:\Program Files\Aquapep2
    2007-12-22 13:56 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-22 13:56 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-03 07:55 --------- d-----w C:\Program Files\MSN Pictures Displayer
    2007-11-28 17:16 --------- d-----w C:\Program Files\Fichiers communs\SansenDommagement
    2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2007-08-17 07:56 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2006-11-30 15:34 57,115,310 ----a-w C:\Program Files\openofficeorg3.cab
    2006-11-30 15:34 3,293,189 ----a-w C:\Program Files\openofficeorg4.cab
    2006-11-30 15:25 15,519,277 ----a-w C:\Program Files\openofficeorg2.cab
    2006-11-30 15:22 18,447,022 ----a-w C:\Program Files\openofficeorg1.cab
    2006-11-30 15:17 5,298,688 ----a-w C:\Program Files\openofficeorg21.msi
    2006-11-30 15:17 217 ----a-w C:\Program Files\setup.ini
    2006-11-13 16:31 315,392 ----a-w C:\Program Files\setup.exe
    2006-11-01 20:06 7,022,328 ----a-w C:\Program Files\logicielphotoOrangeFR.exe
    2002-03-11 09:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
    2002-03-11 08:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-23_15.10.56.95 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-23 13:54:44 266,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-23 16:23:13 266,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-23 13:54:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-23 16:23:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-23 13:54:44 266,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-23 16:23:13 266,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-23 13:54:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-23 16:23:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-23 13:54:45 6,164,480 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-23 16:23:14 6,189,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-23 13:54:45 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-23 16:23:14 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-23 16:36:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4a8.dat
    + 2008-01-23 16:36:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7d8.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 16:41 68856]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
    "SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]
    "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 19:17 57393]
    "Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 19:01 49152]
    "nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 19:30 40960]
    "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2005-10-27 11:00 299008]
    "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-09 17:48 155648]
    "OWS Setup CmdLine"="C:\Program Files\Fichiers communs\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" [2004-08-20 00:09 188480]
    "LWBMOUSE"="C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 05:35 429568]
    "iKeyWorks"="C:\PROGRA~1\HotKeys\Ikeymain.exe" [2001-09-12 08:44 49152]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

    C:\Documents and Settings\Angelique\Menu D‚marrer\Programmes\D‚marrage\
    MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-05-27 18:28:12 4571136]
    OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48 393216]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

    R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
    R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2002-07-01 15:10]
    R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []
    S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
    S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
    S3 p2psvc;Réseau homologue;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
    S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
    S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 08:42]
    S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 08:42]
    S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 08:42]
    S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 08:42]
    S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 08:42]
    S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-23 17:39:53
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    0
  13. cyrilsp37 Messages postés 37 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:48, on 2008-01-23
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\System32\svchost.exe
    C:\MSSQL7\binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\MSSQL7\binn\sqlagent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    C:\PROGRA~1\HotKeys\Ikeymain.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\MSSQL7\Binn\sqlmangr.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\thomson\wlancfg.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OWS Setup CmdLine] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" /r /pkg "Office 2000 Server Extensions" /q
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HotKeys\Ikeymain.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: Gestionnaire de services SQL Server.lnk = C:\MSSQL7\Binn\sqlmangr.exe
    O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
    O4 - Global Startup: Raccourci vers wlancfg.lnk = C:\thomson\wlancfg.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.n9ws.com/webscanner/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cyrilsp37france.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1200137595375
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cyrilsp37.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Office Server Extensions Notification Service (OWSTimer) - Unknown owner - C:\Program Files\Microsoft Office\Office\OWSTIMER.EXE
    0
  14. cyrilsp37 Messages postés 37 Statut Membre
     
    voici les deux rapport a suivre
    0
  15. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    fais ceci :

    a l´aide de hijack this coche et fix les lignes suivantes :
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)

    comment fixer :

    Tutoriel d´utilisation (video) :

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    puis

    « Démarrer » > « Executer » > taper cmd >

    sc delete "Boonty Games" ==> [Enter]

    note : respect les espaces entre delete et les ""

    regarde ceci concernant avast :

    antivir vs avast :

    -> http://forum.malekal.com/ftopic3528.php

    alors je te conseille de le desinstaller et d´installer antivir a la place

    Telecharge et instal l'antivirus Antivir Personal Edition Classic :

    ->https://www.malekal.com/avira-free-security-antivirus-gratuit/

    https://www.avira.com/en/prime

    http://mickael.barroux.free.fr/securite/antivir.php <- tutoriel configuration du scanner...

    une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
    puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    instales un par feu :

    par feu : kerio

    http://www.malekal.com/kerio_firewall.php#mozTocId721480

    https://www.vulgarisation-informatique.com/kerio.php

    https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall

    ou zone alarm plus facil a configurer mais moins performant

    http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html

    ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

    et instale la derniere :

    https://get2.adobe.com/reader/otherversions/

    ou foxit plus léger :

    https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

    j´aimerais qu´une fois antivir installé tu fasse un scan complet de ton pc et post le rapport ici stp

    @+
    0
  16. cyrilsp37 Messages postés 37 Statut Membre
     
    voici le resultat de antivir , merci pour les infos et tiens moi au courant si je doit faire autre chose

    AntiVir PersonalEdition Classic
    Report file date: 2008-01-23 19:05

    Scanning for 1065753 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: CYRIL-P7UL4O5R7

    Version information:
    BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 18:01:17
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 18:01:18
    ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 2008-01-15 18:01:18
    ANTIVIR3.VDF : 7.0.2.36 347648 Bytes 2008-01-23 18:01:18
    AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 2008-01-23 18:01:20
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-01-23 18:01:20
    AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: 2008-01-23 19:05

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'epmworker.exe' - '1' Module(s) have been scanned
    Scan process 'Generic.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
    Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
    Scan process 'sqlagent.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
    Scan process 'soffice.bin' - '1' Module(s) have been scanned
    Scan process 'fxssvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'snmp.exe' - '1' Module(s) have been scanned
    Scan process 'BrMfcMon.exe' - '1' Module(s) have been scanned
    Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
    Scan process 'soffice.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned
    Scan process 'wlancfg.exe' - '1' Module(s) have been scanned
    Scan process 'NkvMon.exe' - '1' Module(s) have been scanned
    Scan process 'sqlmangr.exe' - '1' Module(s) have been scanned
    Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
    Scan process 'BrMfcWnd.exe' - '1' Module(s) have been scanned
    Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
    Scan process 'Ikeymain.exe' - '1' Module(s) have been scanned
    Scan process 'LwbWheel.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
    Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
    Scan process 'soundman.exe' - '1' Module(s) have been scanned
    Scan process 'brctrcen.exe' - '1' Module(s) have been scanned
    Scan process 'opware32.exe' - '1' Module(s) have been scanned
    Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'brss01a.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'brsvc01a.exe' - '1' Module(s) have been scanned
    Scan process 'ashServ.exe' - '1' Module(s) have been scanned
    Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    63 processes with 63 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '47' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Angelique\Local Settings\Temp\retubrqwUL4O5R7.dll
    [DETECTION] Is the Trojan horse TR/Inject.MF
    [INFO] The file was moved to '480b82b7.qua'!
    C:\QooBox\Quarantine\catchme2008-01-23_173908.93.zip
    [0] Archive type: ZIP
    --> avwa.dll
    [DETECTION] Is the Trojan horse TR/BHO.agz.14
    --> rmbelszq.dat
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '480b8d19.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\avwa.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '480e8d36.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\dllcache\spoolms.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '48068d33.qua'!
    C:\System Volume Information\_restore{64EF597E-50FF-45A4-BF5F-C3F07C793FA6}\RP191\A0073721.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47c78e76.qua'!
    C:\System Volume Information\_restore{64EF597E-50FF-45A4-BF5F-C3F07C793FA6}\RP191\A0073731.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '47c78e80.qua'!
    C:\WINDOWS\DSC01497.zip
    [0] Archive type: ZIP
    --> img091307-www.photoshop.com
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '47da8eb1.qua'!

    End of the scan: 2008-01-23 20:12
    Used time: 1:07:28 min

    The scan has been done completely.

    6488 Scanning directories
    314915 Files were scanned
    8 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    7 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    314907 Files not concerned
    2394 Archives were scanned
    1 Warnings
    0 Notes
    0
  17. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut cyrilsp37,

    peux tu reposter un hijack this stp

    @+
    0
  18. cyrilsp37
     
    salut , voici le rapport que tu desire , a priori le virus est parti.@+

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:23, on 2008-01-24
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    C:\PROGRA~1\HotKeys\Ikeymain.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\MSSQL7\Binn\sqlmangr.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\thomson\wlancfg.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\MSSQL7\binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\System32\svchost.exe
    C:\MSSQL7\binn\sqlagent.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Office Server Extensions Notification Service (OWSTimer) - Unknown owner - C:\Program Files\Microsoft Office\Office\OWSTIMER.EXE
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    0
  19. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    desinstal avast et repost un nouveau hijack this car celui que tu m´as posté est loin d´etre complet...

    @´+
    0
  20. cyrilsp37
     
    merci , a toi, et voici un nouveaux rapport apres la desintalation de avast , le virus a l'air d'etre parti il ne c pas raficher depuis jeudi.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:38, on 2008-01-28
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\MSSQL7\binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\MSSQL7\binn\sqlagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    C:\PROGRA~1\HotKeys\Ikeymain.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\MSSQL7\Binn\sqlmangr.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\thomson\wlancfg.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OWS Setup CmdLine] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" /r /pkg "Office 2000 Server Extensions" /q
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HotKeys\Ikeymain.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: Gestionnaire de services SQL Server.lnk = C:\MSSQL7\Binn\sqlmangr.exe
    O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
    O4 - Global Startup: Raccourci vers wlancfg.lnk = C:\thomson\wlancfg.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.n9ws.com/webscanner/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cyrilsp37france.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1200137595375
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cyrilsp37.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Office Server Extensions Notification Service (OWSTimer) - Unknown owner - C:\Program Files\Microsoft Office\Office\OWSTIMER.EXE
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    0
  21. cyrilsp37
     
    merci , a toi, et voici un nouveaux rapport apres la desintalation de avast , le virus a l'air d'etre parti il ne c pas raficher depuis jeudi.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:38, on 2008-01-28
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\MSSQL7\binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\MSSQL7\binn\sqlagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    C:\PROGRA~1\HotKeys\Ikeymain.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\MSSQL7\Binn\sqlmangr.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\thomson\wlancfg.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OWS Setup CmdLine] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" /r /pkg "Office 2000 Server Extensions" /q
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HotKeys\Ikeymain.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: Gestionnaire de services SQL Server.lnk = C:\MSSQL7\Binn\sqlmangr.exe
    O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
    O4 - Global Startup: Raccourci vers wlancfg.lnk = C:\thomson\wlancfg.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.n9ws.com/webscanner/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cyrilsp37france.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1200137595375
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cyrilsp37.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Office Server Extensions Notification Service (OWSTimer) - Unknown owner - C:\Program Files\Microsoft Office\Office\OWSTIMER.EXE
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    0
  • 1
  • 2