Dialer-instant_acces
sb251
Messages postés
10
Statut
Membre
-
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
Bonjour,
je fais 1sanc avec spyware doctor , et on me decouvre le probleme suivant comme quoi j'ai un dialer.insatnt_acces sur mon ordinateur et un virus trojan small jmh ..alor j'aimerai savoir si quelqu'un pourait a m'en debarraser de tout cela, se serai vraiment gentil pcq j'ai essayer de supprimer mais cela revient tout le temps....
et j'ai audssi mon pare feu bloquer , il est griser en mode desactiver et cela a eu comme consequence d'avoir ses virus....
merci de votre aide d'avance, c vraiment urgent ..
je poste le log avec combofix
ComboFix 08-03-01.3 - HP_Administrateur 2008-03-01 11:21:00.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.435 [GMT 1:00]
Endroit: C:\DOCUME~1\HP_ADM~1\Bureau\combofix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
C:\Documents and Settings\HP_Administrateur\Application Data\MessengerSkinner
C:\Documents and Settings\HP_Administrateur\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\wnvcxgfgi.dat
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\wnvcxgfgi.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\wnvcxgfgi_nav.dat
c:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\wnvcxgfgi_navps.dat
C:\Program Files\messengerskinner
C:\Program Files\messengerskinner\MessengerSkinnerDll.dll
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\vdrziwembj.dat
C:\WINDOWS\system32\vdrziwembj_nav.dat
C:\WINDOWS\system32\vdrziwembj_navps.dat
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))))))))
.
2008-02-29 19:21 . 2008-02-29 19:21 9,296 --a------ C:\WINDOWS\system32\bmhcsr.exe
2008-02-29 19:04 . 2007-08-14 17:02 82,248 --------- C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-29 19:04 . 2007-08-14 17:02 57,672 --------- C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-29 19:04 . 2007-08-14 17:02 40,264 --------- C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-29 19:04 . 2007-08-14 17:02 29,000 --------- C:\WINDOWS\system32\drivers\kcom.sys
2008-02-29 19:03 . 2008-02-29 19:57 <REP> d-------- C:\Program Files\Spyware Doctor
2008-02-29 19:03 . 2008-02-29 19:03 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\PC Tools
2008-02-29 19:03 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-28 23:39 . 2008-02-28 23:39 12,644,785 --a------ C:\upload_moi_NOM-FB9B15D2723.tar.gz
2008-02-28 12:47 . 2008-02-28 22:50 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-02-28 07:40 . 2008-02-28 07:40 244 --ah----- C:\sqmnoopt19.sqm
2008-02-28 07:40 . 2008-02-28 07:40 232 --ah----- C:\sqmdata19.sqm
2008-02-28 01:37 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-28 01:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-28 01:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-28 01:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-28 01:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-28 01:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-28 01:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-28 01:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-28 01:34 . 2008-02-28 01:34 244 --ah----- C:\sqmnoopt18.sqm
2008-02-28 01:34 . 2008-02-28 01:34 232 --ah----- C:\sqmdata18.sqm
2008-02-28 01:30 . 2008-02-28 01:30 244 --ah----- C:\sqmnoopt17.sqm
2008-02-28 01:30 . 2008-02-28 01:30 232 --ah----- C:\sqmdata17.sqm
2008-02-28 01:02 . 2008-02-28 01:02 244 --ah----- C:\sqmnoopt16.sqm
2008-02-28 01:02 . 2008-02-28 01:02 232 --ah----- C:\sqmdata16.sqm
2008-02-27 22:54 . 2008-02-27 22:54 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-27 20:20 . 2008-02-27 20:20 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-02-27 20:17 . 2008-02-27 20:53 <REP> d-------- C:\Program Files\G DATA AntiVirus Trial
2008-02-27 11:34 . 2008-02-27 11:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-27 11:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-27 11:33 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-27 11:33 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-26 21:29 . 2008-02-26 21:29 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-02-26 17:20 . 2008-02-26 20:45 <REP> d-------- C:\Program Files\Windows Live
2008-02-26 17:20 . 2008-02-26 20:44 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-26 17:20 . 2008-02-26 20:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-14 21:53 . 2008-02-14 21:53 360,448 --a------ C:\WINDOWS\system32\bspjdz.exe
2008-02-13 21:29 . 2008-02-13 21:29 299,008 --a------ C:\WINDOWS\system32\ghrpmvzrxu.exe
2008-02-13 20:15 . 2008-02-13 20:15 295,936 --a------ C:\WINDOWS\system32\fekhpp.exe
2008-02-13 07:29 . 2008-02-13 07:29 333,824 --a------ C:\WINDOWS\system32\ywmuqoq.exe
2008-02-11 07:08 . 2008-02-11 07:08 296,960 --a------ C:\WINDOWS\system32\msqlsu.exe
2008-02-10 12:47 . 2008-02-10 12:47 313,344 --a------ C:\WINDOWS\system32\vtzpre.exe
2008-02-09 19:27 . 2008-02-12 19:14 304,128 --a------ C:\WINDOWS\system32\mfulqed.exe
2008-02-09 13:03 . 2008-02-09 13:03 342,016 --a------ C:\WINDOWS\system32\lawehinpt.exe
2008-02-05 23:57 . 2008-02-25 14:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-05 23:57 . 2008-02-05 23:57 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 10:20 --------- d-----w C:\Program Files\Wanadoo
2008-03-01 09:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-29 21:59 7,946 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2008-02-28 00:37 --------- d-----w C:\Program Files\Alwil Software
2008-02-27 19:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 19:45 --------- d-----w C:\Program Files\MSN Messenger
2008-02-25 17:56 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\LimeWire
2008-02-23 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-02-23 00:02 --------- d-----w C:\Program Files\Ulead Systems
2008-02-22 23:56 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-22 23:54 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
2008-02-03 16:00 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\SopCast
2008-01-28 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-28 21:20 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-28 21:20 --------- d-----w C:\Program Files\Bonjour
2008-01-28 21:10 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-01-26 14:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-26 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-26 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-25 12:34 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 12:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-23 05:58 --------- d-----w C:\Program Files\FinePixViewer
2008-01-16 21:57 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-16 20:57 --------- d-----w C:\Program Files\Fichiers communs\PasenDommagement
2008-01-12 19:28 --------- d-----w C:\Program Files\SopCast
2008-01-06 16:26 --------- d-----w C:\Program Files\TVAnts
2008-01-05 11:51 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\gtk-2.0
2008-01-04 22:06 --------- d-----w C:\Program Files\Ubisoft
2008-01-03 18:19 --------- d-----w C:\Program Files\GIMP-2.0
2008-01-02 17:48 --------- d-----w C:\Program Files\Fichiers communs\InterVideo
2007-12-26 12:45 159,744 ----a-w C:\WINDOWS\system32\Netlog24Uninstaller.exe
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-16 19:29 556 ---ha-w C:\os357577.bin
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-06 10:05 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-01-28 13:45 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-01-14 12:15 251 ----a-w C:\Program Files\wt3d.ini
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-11-03 19:01 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 04:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18 49152]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-14 15:02 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-17 17:38 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 22:50 221184]
"RegistryMechanic"="" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02 1063752]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
C:\Documents and Settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-05 15:33:30 344064]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 11:26:07
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-01 11:27:02
ComboFix-quarantined-files.txt 2008-03-01 10:26:59
.
2008-02-27 21:54:33 --- E O F ---
je fais 1sanc avec spyware doctor , et on me decouvre le probleme suivant comme quoi j'ai un dialer.insatnt_acces sur mon ordinateur et un virus trojan small jmh ..alor j'aimerai savoir si quelqu'un pourait a m'en debarraser de tout cela, se serai vraiment gentil pcq j'ai essayer de supprimer mais cela revient tout le temps....
et j'ai audssi mon pare feu bloquer , il est griser en mode desactiver et cela a eu comme consequence d'avoir ses virus....
merci de votre aide d'avance, c vraiment urgent ..
je poste le log avec combofix
ComboFix 08-03-01.3 - HP_Administrateur 2008-03-01 11:21:00.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.435 [GMT 1:00]
Endroit: C:\DOCUME~1\HP_ADM~1\Bureau\combofix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
C:\Documents and Settings\HP_Administrateur\Application Data\MessengerSkinner
C:\Documents and Settings\HP_Administrateur\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\wnvcxgfgi.dat
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\wnvcxgfgi.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\wnvcxgfgi_nav.dat
c:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\wnvcxgfgi_navps.dat
C:\Program Files\messengerskinner
C:\Program Files\messengerskinner\MessengerSkinnerDll.dll
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\vdrziwembj.dat
C:\WINDOWS\system32\vdrziwembj_nav.dat
C:\WINDOWS\system32\vdrziwembj_navps.dat
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))))))))
.
2008-02-29 19:21 . 2008-02-29 19:21 9,296 --a------ C:\WINDOWS\system32\bmhcsr.exe
2008-02-29 19:04 . 2007-08-14 17:02 82,248 --------- C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-29 19:04 . 2007-08-14 17:02 57,672 --------- C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-29 19:04 . 2007-08-14 17:02 40,264 --------- C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-29 19:04 . 2007-08-14 17:02 29,000 --------- C:\WINDOWS\system32\drivers\kcom.sys
2008-02-29 19:03 . 2008-02-29 19:57 <REP> d-------- C:\Program Files\Spyware Doctor
2008-02-29 19:03 . 2008-02-29 19:03 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\PC Tools
2008-02-29 19:03 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-28 23:39 . 2008-02-28 23:39 12,644,785 --a------ C:\upload_moi_NOM-FB9B15D2723.tar.gz
2008-02-28 12:47 . 2008-02-28 22:50 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-02-28 07:40 . 2008-02-28 07:40 244 --ah----- C:\sqmnoopt19.sqm
2008-02-28 07:40 . 2008-02-28 07:40 232 --ah----- C:\sqmdata19.sqm
2008-02-28 01:37 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-28 01:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-28 01:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-28 01:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-28 01:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-28 01:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-28 01:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-28 01:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-28 01:34 . 2008-02-28 01:34 244 --ah----- C:\sqmnoopt18.sqm
2008-02-28 01:34 . 2008-02-28 01:34 232 --ah----- C:\sqmdata18.sqm
2008-02-28 01:30 . 2008-02-28 01:30 244 --ah----- C:\sqmnoopt17.sqm
2008-02-28 01:30 . 2008-02-28 01:30 232 --ah----- C:\sqmdata17.sqm
2008-02-28 01:02 . 2008-02-28 01:02 244 --ah----- C:\sqmnoopt16.sqm
2008-02-28 01:02 . 2008-02-28 01:02 232 --ah----- C:\sqmdata16.sqm
2008-02-27 22:54 . 2008-02-27 22:54 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-27 20:20 . 2008-02-27 20:20 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-02-27 20:17 . 2008-02-27 20:53 <REP> d-------- C:\Program Files\G DATA AntiVirus Trial
2008-02-27 11:34 . 2008-02-27 11:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-27 11:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-27 11:33 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-27 11:33 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-26 21:29 . 2008-02-26 21:29 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-02-26 17:20 . 2008-02-26 20:45 <REP> d-------- C:\Program Files\Windows Live
2008-02-26 17:20 . 2008-02-26 20:44 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-26 17:20 . 2008-02-26 20:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-14 21:53 . 2008-02-14 21:53 360,448 --a------ C:\WINDOWS\system32\bspjdz.exe
2008-02-13 21:29 . 2008-02-13 21:29 299,008 --a------ C:\WINDOWS\system32\ghrpmvzrxu.exe
2008-02-13 20:15 . 2008-02-13 20:15 295,936 --a------ C:\WINDOWS\system32\fekhpp.exe
2008-02-13 07:29 . 2008-02-13 07:29 333,824 --a------ C:\WINDOWS\system32\ywmuqoq.exe
2008-02-11 07:08 . 2008-02-11 07:08 296,960 --a------ C:\WINDOWS\system32\msqlsu.exe
2008-02-10 12:47 . 2008-02-10 12:47 313,344 --a------ C:\WINDOWS\system32\vtzpre.exe
2008-02-09 19:27 . 2008-02-12 19:14 304,128 --a------ C:\WINDOWS\system32\mfulqed.exe
2008-02-09 13:03 . 2008-02-09 13:03 342,016 --a------ C:\WINDOWS\system32\lawehinpt.exe
2008-02-05 23:57 . 2008-02-25 14:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-05 23:57 . 2008-02-05 23:57 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 10:20 --------- d-----w C:\Program Files\Wanadoo
2008-03-01 09:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-29 21:59 7,946 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2008-02-28 00:37 --------- d-----w C:\Program Files\Alwil Software
2008-02-27 19:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 19:45 --------- d-----w C:\Program Files\MSN Messenger
2008-02-25 17:56 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\LimeWire
2008-02-23 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-02-23 00:02 --------- d-----w C:\Program Files\Ulead Systems
2008-02-22 23:56 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-22 23:54 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
2008-02-03 16:00 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\SopCast
2008-01-28 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-28 21:20 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-28 21:20 --------- d-----w C:\Program Files\Bonjour
2008-01-28 21:10 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-01-26 14:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-26 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-26 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-25 12:34 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 12:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-23 05:58 --------- d-----w C:\Program Files\FinePixViewer
2008-01-16 21:57 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-16 20:57 --------- d-----w C:\Program Files\Fichiers communs\PasenDommagement
2008-01-12 19:28 --------- d-----w C:\Program Files\SopCast
2008-01-06 16:26 --------- d-----w C:\Program Files\TVAnts
2008-01-05 11:51 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\gtk-2.0
2008-01-04 22:06 --------- d-----w C:\Program Files\Ubisoft
2008-01-03 18:19 --------- d-----w C:\Program Files\GIMP-2.0
2008-01-02 17:48 --------- d-----w C:\Program Files\Fichiers communs\InterVideo
2007-12-26 12:45 159,744 ----a-w C:\WINDOWS\system32\Netlog24Uninstaller.exe
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-16 19:29 556 ---ha-w C:\os357577.bin
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-06 10:05 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-01-28 13:45 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-01-14 12:15 251 ----a-w C:\Program Files\wt3d.ini
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-11-03 19:01 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 04:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18 49152]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-14 15:02 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-17 17:38 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 22:50 221184]
"RegistryMechanic"="" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02 1063752]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
C:\Documents and Settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-05 15:33:30 344064]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 11:26:07
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-01 11:27:02
ComboFix-quarantined-files.txt 2008-03-01 10:26:59
.
2008-02-27 21:54:33 --- E O F ---
A voir également:
- Dialer-instant_acces
- Interface dialer ✓ - Forum Réseau
- Windows dialer - Télécharger - Divers Bureautique
- F5 hidden dialer window ✓ - Forum Virus
- Anti dialer - Télécharger - Antivirus & Antimalwares
- Express Dial Telephone Dialer - Télécharger - Téléphonie & Visio
18 réponses
salut ,
poste un hijack:
1) Clique ICI pour télécharger le fichier d'installation d'HijackThis :http://www.infos-du-net.com/telecharger/HijackThis,0301-454.html
Enregistre HJTInstall.exe sur ton bureau
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là || C:\Program Files\Trend Micro\HijackThis
Accepte la license en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
poste un hijack:
1) Clique ICI pour télécharger le fichier d'installation d'HijackThis :http://www.infos-du-net.com/telecharger/HijackThis,0301-454.html
Enregistre HJTInstall.exe sur ton bureau
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là || C:\Program Files\Trend Micro\HijackThis
Accepte la license en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
merci de ton aide voilala repport demander
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:03, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis[1].zip\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 3 pour HiJackThis[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:03, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis[1].zip\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 3 pour HiJackThis[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
re,combofix a bien travaillé !
-> Relance HijackThis cliques sur « scanner seulement » ou (« do a scan only »),
coche les cases devant ces lignes :
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
et ensuite ferme toutes les fenêtres actives autres que HijackThis!, navigateur inclus,
puis clique "Fix checked"( ou « fixer objet »). Ferme HijackThis!
ensuite:
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier :c:\windows\system\hpsysdrv.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
met ton explorer a jour :http://www.google.com/aclk?sa=L&ai=BPFaexj7JR47bDKeonQOmmPSrCoey2TrzvfjLBrm3rkvg1AMIABABGAEgtlQ4AVCisYvj_v____8BYPuJ7ILoCcgBAdkDgNiYsh_f1cM&sig=AGiWqtw7PZyxiqyXCY3x7Jw_U2M7bBo4Fw&q=http://www.i-explorer.info/fr/
je te conseille ANTIVIR plutot que avast:https://www.malekal.com/avira-free-security-antivirus-gratuit/#mozTocId71944
pourquoi :http://forum.malekal.com/ftopic3528.php
--Essaye le navigateur Firefox plus sur/sécurisé qu IE
-Téléchargement: http://www.mozilla-europe.org/fr/products/firefox/
-Tutorial pour le sécuriser: https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/
garde explorer pour les mise a jour et les scan en ligne.
ensuite dis moi ou ca en est avec ton pc ??
j'oubliais si tu désinstalle avast :https://www.avast.com/fr-fr/uninstall-utility
-> Relance HijackThis cliques sur « scanner seulement » ou (« do a scan only »),
coche les cases devant ces lignes :
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
et ensuite ferme toutes les fenêtres actives autres que HijackThis!, navigateur inclus,
puis clique "Fix checked"( ou « fixer objet »). Ferme HijackThis!
ensuite:
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier :c:\windows\system\hpsysdrv.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
met ton explorer a jour :http://www.google.com/aclk?sa=L&ai=BPFaexj7JR47bDKeonQOmmPSrCoey2TrzvfjLBrm3rkvg1AMIABABGAEgtlQ4AVCisYvj_v____8BYPuJ7ILoCcgBAdkDgNiYsh_f1cM&sig=AGiWqtw7PZyxiqyXCY3x7Jw_U2M7bBo4Fw&q=http://www.i-explorer.info/fr/
je te conseille ANTIVIR plutot que avast:https://www.malekal.com/avira-free-security-antivirus-gratuit/#mozTocId71944
pourquoi :http://forum.malekal.com/ftopic3528.php
--Essaye le navigateur Firefox plus sur/sécurisé qu IE
-Téléchargement: http://www.mozilla-europe.org/fr/products/firefox/
-Tutorial pour le sécuriser: https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/
garde explorer pour les mise a jour et les scan en ligne.
ensuite dis moi ou ca en est avec ton pc ??
j'oubliais si tu désinstalle avast :https://www.avast.com/fr-fr/uninstall-utility
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
donc voila, gfai ce qui a ete demander :
Fichier hpsysdrv.exe reçu le 2008.02.27 14:46:51 (CET)
Situation actuelle: terminé
Résultat: 0/32 (0.00%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.27.0 2008.02.27 -
AntiVir 7.6.0.67 2008.02.27 -
Authentium 4.93.8 2008.02.27 -
Avast 4.7.1098.0 2008.02.26 -
AVG 7.5.0.516 2008.02.27 -
BitDefender 7.2 2008.02.27 -
CAT-QuickHeal 9.50 2008.02.26 -
ClamAV 0.92.1 2008.02.27 -
DrWeb 4.44.0.09170 2008.02.27 -
eSafe 7.0.15.0 2008.02.26 -
eTrust-Vet 31.3.5567 2008.02.27 -
Ewido 4.0 2008.02.27 -
FileAdvisor 1 2008.02.27 -
Fortinet 3.14.0.0 2008.02.27 -
F-Prot 4.4.2.54 2008.02.26 -
F-Secure 6.70.13260.0 2008.02.27 -
Ikarus T3.1.1.20 2008.02.27 -
Kaspersky 7.0.0.125 2008.02.27 -
McAfee 5238 2008.02.26 -
Microsoft 1.3301 2008.02.27 -
NOD32v2 2905 2008.02.27 -
Norman 5.80.02 2008.02.26 -
Panda 9.0.0.4 2008.02.27 -
Prevx1 V2 2008.02.27 -
Rising 20.33.22.00 2008.02.27 -
Sophos 4.27.0 2008.02.27 -
Sunbelt 3.0.893.0 2008.02.23 -
Symantec 10 2008.02.27 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.02.26 -
Webwasher-Gateway 6.6.2 2008.02.27 -
Information additionnelle
File size: 52736 bytes
MD5: 06a1ecb63df139ec639e084d4ab3c9d7
SHA1: 0a4b7ddf4ddcd7486deca4034aa5b40605574d6e
PEiD: InstallShield 2000
maintenant gvais faire des scans avec spyware doctor et avats (avt de le changer) et get redis ca...
en tt cas merci bcp de ton aide!! jespere que cela va marcher
Fichier hpsysdrv.exe reçu le 2008.02.27 14:46:51 (CET)
Situation actuelle: terminé
Résultat: 0/32 (0.00%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.27.0 2008.02.27 -
AntiVir 7.6.0.67 2008.02.27 -
Authentium 4.93.8 2008.02.27 -
Avast 4.7.1098.0 2008.02.26 -
AVG 7.5.0.516 2008.02.27 -
BitDefender 7.2 2008.02.27 -
CAT-QuickHeal 9.50 2008.02.26 -
ClamAV 0.92.1 2008.02.27 -
DrWeb 4.44.0.09170 2008.02.27 -
eSafe 7.0.15.0 2008.02.26 -
eTrust-Vet 31.3.5567 2008.02.27 -
Ewido 4.0 2008.02.27 -
FileAdvisor 1 2008.02.27 -
Fortinet 3.14.0.0 2008.02.27 -
F-Prot 4.4.2.54 2008.02.26 -
F-Secure 6.70.13260.0 2008.02.27 -
Ikarus T3.1.1.20 2008.02.27 -
Kaspersky 7.0.0.125 2008.02.27 -
McAfee 5238 2008.02.26 -
Microsoft 1.3301 2008.02.27 -
NOD32v2 2905 2008.02.27 -
Norman 5.80.02 2008.02.26 -
Panda 9.0.0.4 2008.02.27 -
Prevx1 V2 2008.02.27 -
Rising 20.33.22.00 2008.02.27 -
Sophos 4.27.0 2008.02.27 -
Sunbelt 3.0.893.0 2008.02.23 -
Symantec 10 2008.02.27 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.02.26 -
Webwasher-Gateway 6.6.2 2008.02.27 -
Information additionnelle
File size: 52736 bytes
MD5: 06a1ecb63df139ec639e084d4ab3c9d7
SHA1: 0a4b7ddf4ddcd7486deca4034aa5b40605574d6e
PEiD: InstallShield 2000
maintenant gvais faire des scans avec spyware doctor et avats (avt de le changer) et get redis ca...
en tt cas merci bcp de ton aide!! jespere que cela va marcher
docn j'ai saneer avec les deuc , dc ce que tuma dis de faire est partie mais bien!
mais j'ai un autre probleme qui venu a la place:
c'st un evirus trojan pws.tanspy :s
pourrai tu m'aider pour celui ci par hasard? sinon, merci kan meme de ton aide ;)
mais j'ai un autre probleme qui venu a la place:
c'st un evirus trojan pws.tanspy :s
pourrai tu m'aider pour celui ci par hasard? sinon, merci kan meme de ton aide ;)
re,
Télécharge ce fichier sur le bureau :
http://downloads.malwareremoval.com/Nel/FixP.zip
Extrait et double clique sur Fix_Protocol_zones_ranges.reg.
Accepte lorsqu'il te demande de fusionner avec le registre.
reposte un nouveau rapport hiajckthis stp
Télécharge ce fichier sur le bureau :
http://downloads.malwareremoval.com/Nel/FixP.zip
Extrait et double clique sur Fix_Protocol_zones_ranges.reg.
Accepte lorsqu'il te demande de fusionner avec le registre.
reposte un nouveau rapport hiajckthis stp
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:15, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
Scan saved at 13:39:15, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
je dois m'absenter par la force des chose mai de ttes facon je reviendrai ce coir , ou cela en ai ...merci bcp
voici le nouveau rapport en question ak hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:32, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:32, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
re, tu n'as pas mis ton explorer a jour comme je te l'ai dit post 3 !
adobe reader n'est pas a jour non plus :http://www.google.com/...
E - Scan online avec BitDefender
Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X;
la barre anti-popup du SP2 (en haut) va se mettre à clignoter,
clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
Copie/Colle le rapport
http://www.malekal.com/tutorial_BitDefender_AntiSpyware.php
https://kerio.probb.fr/
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
adobe reader n'est pas a jour non plus :http://www.google.com/...
E - Scan online avec BitDefender
Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X;
la barre anti-popup du SP2 (en haut) va se mettre à clignoter,
clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
Copie/Colle le rapport
http://www.malekal.com/tutorial_BitDefender_AntiSpyware.php
https://kerio.probb.fr/
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
RE j'ai donc mis mon navigateur à jour, cad internet explorer 7 et adobe reader à jour.
par faute de temps, je n'ai pas pu faire de scan en ligne sur bitdefender donc je fais un scan via cambofix
et demain je ferai le scan via le site cite..
voici le rapport combofix:
ComboFix 08-03-01.3 - HP_Administrateur 2008-03-02 22:51:55.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.410 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\combofix.exe
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.
2008-03-02 21:58 . 2008-03-02 21:58 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-02 21:55 . 2008-03-02 21:58 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-03-02 19:00 . 2008-03-02 22:12 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-02 18:32 . 2008-03-02 18:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-02 18:21 . 2008-03-02 18:21 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-03-02 18:20 . 2008-03-02 18:33 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-03-02 18:11 . 2008-03-02 18:11 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-29 19:21 . 2008-02-29 19:21 9,296 --a------ C:\WINDOWS\system32\bmhcsr.exe
2008-02-29 19:04 . 2007-08-14 17:02 82,248 --------- C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-29 19:04 . 2007-08-14 17:02 57,672 --------- C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-29 19:04 . 2007-08-14 17:02 40,264 --------- C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-29 19:04 . 2007-08-14 17:02 29,000 --------- C:\WINDOWS\system32\drivers\kcom.sys
2008-02-29 19:03 . 2008-02-29 19:57 <REP> d-------- C:\Program Files\Spyware Doctor
2008-02-29 19:03 . 2008-02-29 19:03 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\PC Tools
2008-02-29 19:03 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-28 23:39 . 2008-02-28 23:39 12,644,785 --a------ C:\upload_moi_NOM-FB9B15D2723.tar.gz
2008-02-28 12:47 . 2008-02-28 22:50 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-02-28 07:40 . 2008-02-28 07:40 244 --ah----- C:\sqmnoopt19.sqm
2008-02-28 07:40 . 2008-02-28 07:40 232 --ah----- C:\sqmdata19.sqm
2008-02-28 01:37 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-28 01:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-28 01:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-28 01:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-28 01:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-28 01:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-28 01:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-28 01:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-28 01:34 . 2008-02-28 01:34 244 --ah----- C:\sqmnoopt18.sqm
2008-02-28 01:34 . 2008-02-28 01:34 232 --ah----- C:\sqmdata18.sqm
2008-02-28 01:30 . 2008-02-28 01:30 244 --ah----- C:\sqmnoopt17.sqm
2008-02-28 01:30 . 2008-02-28 01:30 232 --ah----- C:\sqmdata17.sqm
2008-02-28 01:02 . 2008-02-28 01:02 244 --ah----- C:\sqmnoopt16.sqm
2008-02-28 01:02 . 2008-02-28 01:02 232 --ah----- C:\sqmdata16.sqm
2008-02-27 22:54 . 2008-02-27 22:54 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-27 20:20 . 2008-02-27 20:20 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-02-27 20:17 . 2008-02-27 20:53 <REP> d-------- C:\Program Files\G DATA AntiVirus Trial
2008-02-27 11:34 . 2008-02-27 11:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-27 11:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-27 11:33 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-27 11:33 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-26 21:29 . 2008-02-26 21:29 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-02-26 17:20 . 2008-02-26 20:45 <REP> d-------- C:\Program Files\Windows Live
2008-02-26 17:20 . 2008-03-02 18:20 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-26 17:20 . 2008-03-02 18:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-14 21:53 . 2008-02-14 21:53 360,448 --a------ C:\WINDOWS\system32\bspjdz.exe
2008-02-13 21:29 . 2008-02-13 21:29 299,008 --a------ C:\WINDOWS\system32\ghrpmvzrxu.exe
2008-02-13 20:15 . 2008-02-13 20:15 295,936 --a------ C:\WINDOWS\system32\fekhpp.exe
2008-02-13 07:29 . 2008-02-13 07:29 333,824 --a------ C:\WINDOWS\system32\ywmuqoq.exe
2008-02-11 07:08 . 2008-02-11 07:08 296,960 --a------ C:\WINDOWS\system32\msqlsu.exe
2008-02-10 12:47 . 2008-02-10 12:47 313,344 --a------ C:\WINDOWS\system32\vtzpre.exe
2008-02-09 19:27 . 2008-02-12 19:14 304,128 --a------ C:\WINDOWS\system32\mfulqed.exe
2008-02-09 13:03 . 2008-02-09 13:03 342,016 --a------ C:\WINDOWS\system32\lawehinpt.exe
2008-02-05 23:57 . 2008-03-02 18:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-05 23:57 . 2008-02-05 23:57 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 21:54 --------- d-----w C:\Program Files\Wanadoo
2008-03-02 20:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 16:03 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-29 21:59 7,946 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2008-02-28 00:37 --------- d-----w C:\Program Files\Alwil Software
2008-02-27 19:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 19:45 --------- d-----w C:\Program Files\MSN Messenger
2008-02-25 17:56 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\LimeWire
2008-02-23 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-02-23 00:02 --------- d-----w C:\Program Files\Ulead Systems
2008-02-22 23:56 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-22 23:54 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
2008-02-03 16:00 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\SopCast
2008-01-28 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-28 21:20 --------- d-----w C:\Program Files\Bonjour
2008-01-28 21:10 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-01-26 14:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-26 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-26 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-25 12:34 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 12:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-23 05:58 --------- d-----w C:\Program Files\FinePixViewer
2008-01-16 21:57 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-16 20:57 --------- d-----w C:\Program Files\Fichiers communs\PasenDommagement
2008-01-12 19:28 --------- d-----w C:\Program Files\SopCast
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-06 16:26 --------- d-----w C:\Program Files\TVAnts
2008-01-05 11:51 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\gtk-2.0
2008-01-04 22:06 --------- d-----w C:\Program Files\Ubisoft
2008-01-03 18:19 --------- d-----w C:\Program Files\GIMP-2.0
2008-01-02 17:48 --------- d-----w C:\Program Files\Fichiers communs\InterVideo
2007-12-26 12:45 159,744 ----a-w C:\WINDOWS\system32\Netlog24Uninstaller.exe
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-16 19:29 556 ---ha-w C:\os357577.bin
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 00:47 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-12-07 00:47 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-12-07 00:47 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-12-07 00:47 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-12-07 00:47 1,024,512 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-01-28 13:45 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-01-14 12:15 251 ----a-w C:\Program Files\wt3d.ini
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-11-03 19:01 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 04:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18 49152]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-14 15:02 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-17 17:38 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 22:50 221184]
"RegistryMechanic"="" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02 1063752]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
C:\Documents and Settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-05 15:33:30 344064]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
*Newly Created Service* - BDFDLL
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-02 21:12:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 22:57:26
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-02 22:58:36
ComboFix-quarantined-files.txt 2008-03-02 21:58:32
ComboFix2.txt 2008-03-01 10:27:03
.
2008-02-27 21:54:33 --- E O F ---
merci d avance de votre aide
par faute de temps, je n'ai pas pu faire de scan en ligne sur bitdefender donc je fais un scan via cambofix
et demain je ferai le scan via le site cite..
voici le rapport combofix:
ComboFix 08-03-01.3 - HP_Administrateur 2008-03-02 22:51:55.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.410 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\combofix.exe
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.
2008-03-02 21:58 . 2008-03-02 21:58 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-02 21:55 . 2008-03-02 21:58 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-03-02 19:00 . 2008-03-02 22:12 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-02 18:32 . 2008-03-02 18:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-02 18:21 . 2008-03-02 18:21 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-03-02 18:20 . 2008-03-02 18:33 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-03-02 18:11 . 2008-03-02 18:11 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-29 19:21 . 2008-02-29 19:21 9,296 --a------ C:\WINDOWS\system32\bmhcsr.exe
2008-02-29 19:04 . 2007-08-14 17:02 82,248 --------- C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-29 19:04 . 2007-08-14 17:02 57,672 --------- C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-29 19:04 . 2007-08-14 17:02 40,264 --------- C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-29 19:04 . 2007-08-14 17:02 29,000 --------- C:\WINDOWS\system32\drivers\kcom.sys
2008-02-29 19:03 . 2008-02-29 19:57 <REP> d-------- C:\Program Files\Spyware Doctor
2008-02-29 19:03 . 2008-02-29 19:03 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\PC Tools
2008-02-29 19:03 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-28 23:39 . 2008-02-28 23:39 12,644,785 --a------ C:\upload_moi_NOM-FB9B15D2723.tar.gz
2008-02-28 12:47 . 2008-02-28 22:50 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-02-28 07:40 . 2008-02-28 07:40 244 --ah----- C:\sqmnoopt19.sqm
2008-02-28 07:40 . 2008-02-28 07:40 232 --ah----- C:\sqmdata19.sqm
2008-02-28 01:37 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-28 01:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-28 01:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-28 01:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-28 01:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-28 01:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-28 01:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-28 01:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-28 01:34 . 2008-02-28 01:34 244 --ah----- C:\sqmnoopt18.sqm
2008-02-28 01:34 . 2008-02-28 01:34 232 --ah----- C:\sqmdata18.sqm
2008-02-28 01:30 . 2008-02-28 01:30 244 --ah----- C:\sqmnoopt17.sqm
2008-02-28 01:30 . 2008-02-28 01:30 232 --ah----- C:\sqmdata17.sqm
2008-02-28 01:02 . 2008-02-28 01:02 244 --ah----- C:\sqmnoopt16.sqm
2008-02-28 01:02 . 2008-02-28 01:02 232 --ah----- C:\sqmdata16.sqm
2008-02-27 22:54 . 2008-02-27 22:54 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-27 20:20 . 2008-02-27 20:20 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-02-27 20:17 . 2008-02-27 20:53 <REP> d-------- C:\Program Files\G DATA AntiVirus Trial
2008-02-27 11:34 . 2008-02-27 11:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-27 11:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-27 11:33 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-27 11:33 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-26 21:29 . 2008-02-26 21:29 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-02-26 17:20 . 2008-02-26 20:45 <REP> d-------- C:\Program Files\Windows Live
2008-02-26 17:20 . 2008-03-02 18:20 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-26 17:20 . 2008-03-02 18:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-14 21:53 . 2008-02-14 21:53 360,448 --a------ C:\WINDOWS\system32\bspjdz.exe
2008-02-13 21:29 . 2008-02-13 21:29 299,008 --a------ C:\WINDOWS\system32\ghrpmvzrxu.exe
2008-02-13 20:15 . 2008-02-13 20:15 295,936 --a------ C:\WINDOWS\system32\fekhpp.exe
2008-02-13 07:29 . 2008-02-13 07:29 333,824 --a------ C:\WINDOWS\system32\ywmuqoq.exe
2008-02-11 07:08 . 2008-02-11 07:08 296,960 --a------ C:\WINDOWS\system32\msqlsu.exe
2008-02-10 12:47 . 2008-02-10 12:47 313,344 --a------ C:\WINDOWS\system32\vtzpre.exe
2008-02-09 19:27 . 2008-02-12 19:14 304,128 --a------ C:\WINDOWS\system32\mfulqed.exe
2008-02-09 13:03 . 2008-02-09 13:03 342,016 --a------ C:\WINDOWS\system32\lawehinpt.exe
2008-02-05 23:57 . 2008-03-02 18:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-05 23:57 . 2008-02-05 23:57 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 21:54 --------- d-----w C:\Program Files\Wanadoo
2008-03-02 20:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 16:03 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-29 21:59 7,946 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2008-02-28 00:37 --------- d-----w C:\Program Files\Alwil Software
2008-02-27 19:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 19:45 --------- d-----w C:\Program Files\MSN Messenger
2008-02-25 17:56 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\LimeWire
2008-02-23 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-02-23 00:02 --------- d-----w C:\Program Files\Ulead Systems
2008-02-22 23:56 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-22 23:54 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
2008-02-03 16:00 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\SopCast
2008-01-28 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-28 21:20 --------- d-----w C:\Program Files\Bonjour
2008-01-28 21:10 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-01-26 14:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-26 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-26 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-25 12:34 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 12:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-23 05:58 --------- d-----w C:\Program Files\FinePixViewer
2008-01-16 21:57 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-16 20:57 --------- d-----w C:\Program Files\Fichiers communs\PasenDommagement
2008-01-12 19:28 --------- d-----w C:\Program Files\SopCast
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-06 16:26 --------- d-----w C:\Program Files\TVAnts
2008-01-05 11:51 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\gtk-2.0
2008-01-04 22:06 --------- d-----w C:\Program Files\Ubisoft
2008-01-03 18:19 --------- d-----w C:\Program Files\GIMP-2.0
2008-01-02 17:48 --------- d-----w C:\Program Files\Fichiers communs\InterVideo
2007-12-26 12:45 159,744 ----a-w C:\WINDOWS\system32\Netlog24Uninstaller.exe
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-16 19:29 556 ---ha-w C:\os357577.bin
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 00:47 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-12-07 00:47 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-12-07 00:47 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-12-07 00:47 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-12-07 00:47 1,024,512 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-01-28 13:45 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-01-14 12:15 251 ----a-w C:\Program Files\wt3d.ini
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-11-03 19:01 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 04:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18 49152]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-14 15:02 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-17 17:38 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 22:50 221184]
"RegistryMechanic"="" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02 1063752]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
C:\Documents and Settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-05 15:33:30 344064]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
*Newly Created Service* - BDFDLL
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-02 21:12:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 22:57:26
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-02 22:58:36
ComboFix-quarantined-files.txt 2008-03-02 21:58:32
ComboFix2.txt 2008-03-01 10:27:03
.
2008-02-27 21:54:33 --- E O F ---
merci d avance de votre aide
RE j'ai donc mis mon navigateur à jour, cad internet explorer 7 et adobe reader à jour.
par faute de temps, je n'ai pas pu faire de scan en ligne sur bitdefender donc je fais un scan via cambofix
et demain je ferai le scan via le site cite..
voici le rapport combofix:
ComboFix 08-03-01.3 - HP_Administrateur 2008-03-02 22:51:55.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.410 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\combofix.exe
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.
2008-03-02 21:58 . 2008-03-02 21:58 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-02 21:55 . 2008-03-02 21:58 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-03-02 19:00 . 2008-03-02 22:12 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-02 18:32 . 2008-03-02 18:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-02 18:21 . 2008-03-02 18:21 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-03-02 18:20 . 2008-03-02 18:33 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-03-02 18:11 . 2008-03-02 18:11 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-29 19:21 . 2008-02-29 19:21 9,296 --a------ C:\WINDOWS\system32\bmhcsr.exe
2008-02-29 19:04 . 2007-08-14 17:02 82,248 --------- C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-29 19:04 . 2007-08-14 17:02 57,672 --------- C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-29 19:04 . 2007-08-14 17:02 40,264 --------- C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-29 19:04 . 2007-08-14 17:02 29,000 --------- C:\WINDOWS\system32\drivers\kcom.sys
2008-02-29 19:03 . 2008-02-29 19:57 <REP> d-------- C:\Program Files\Spyware Doctor
2008-02-29 19:03 . 2008-02-29 19:03 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\PC Tools
2008-02-29 19:03 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-28 23:39 . 2008-02-28 23:39 12,644,785 --a------ C:\upload_moi_NOM-FB9B15D2723.tar.gz
2008-02-28 12:47 . 2008-02-28 22:50 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-02-28 07:40 . 2008-02-28 07:40 244 --ah----- C:\sqmnoopt19.sqm
2008-02-28 07:40 . 2008-02-28 07:40 232 --ah----- C:\sqmdata19.sqm
2008-02-28 01:37 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-28 01:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-28 01:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-28 01:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-28 01:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-28 01:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-28 01:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-28 01:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-28 01:34 . 2008-02-28 01:34 244 --ah----- C:\sqmnoopt18.sqm
2008-02-28 01:34 . 2008-02-28 01:34 232 --ah----- C:\sqmdata18.sqm
2008-02-28 01:30 . 2008-02-28 01:30 244 --ah----- C:\sqmnoopt17.sqm
2008-02-28 01:30 . 2008-02-28 01:30 232 --ah----- C:\sqmdata17.sqm
2008-02-28 01:02 . 2008-02-28 01:02 244 --ah----- C:\sqmnoopt16.sqm
2008-02-28 01:02 . 2008-02-28 01:02 232 --ah----- C:\sqmdata16.sqm
2008-02-27 22:54 . 2008-02-27 22:54 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-27 20:20 . 2008-02-27 20:20 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-02-27 20:17 . 2008-02-27 20:53 <REP> d-------- C:\Program Files\G DATA AntiVirus Trial
2008-02-27 11:34 . 2008-02-27 11:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-27 11:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-27 11:33 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-27 11:33 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-26 21:29 . 2008-02-26 21:29 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-02-26 17:20 . 2008-02-26 20:45 <REP> d-------- C:\Program Files\Windows Live
2008-02-26 17:20 . 2008-03-02 18:20 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-26 17:20 . 2008-03-02 18:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-14 21:53 . 2008-02-14 21:53 360,448 --a------ C:\WINDOWS\system32\bspjdz.exe
2008-02-13 21:29 . 2008-02-13 21:29 299,008 --a------ C:\WINDOWS\system32\ghrpmvzrxu.exe
2008-02-13 20:15 . 2008-02-13 20:15 295,936 --a------ C:\WINDOWS\system32\fekhpp.exe
2008-02-13 07:29 . 2008-02-13 07:29 333,824 --a------ C:\WINDOWS\system32\ywmuqoq.exe
2008-02-11 07:08 . 2008-02-11 07:08 296,960 --a------ C:\WINDOWS\system32\msqlsu.exe
2008-02-10 12:47 . 2008-02-10 12:47 313,344 --a------ C:\WINDOWS\system32\vtzpre.exe
2008-02-09 19:27 . 2008-02-12 19:14 304,128 --a------ C:\WINDOWS\system32\mfulqed.exe
2008-02-09 13:03 . 2008-02-09 13:03 342,016 --a------ C:\WINDOWS\system32\lawehinpt.exe
2008-02-05 23:57 . 2008-03-02 18:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-05 23:57 . 2008-02-05 23:57 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 21:54 --------- d-----w C:\Program Files\Wanadoo
2008-03-02 20:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 16:03 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-29 21:59 7,946 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2008-02-28 00:37 --------- d-----w C:\Program Files\Alwil Software
2008-02-27 19:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 19:45 --------- d-----w C:\Program Files\MSN Messenger
2008-02-25 17:56 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\LimeWire
2008-02-23 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-02-23 00:02 --------- d-----w C:\Program Files\Ulead Systems
2008-02-22 23:56 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-22 23:54 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
2008-02-03 16:00 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\SopCast
2008-01-28 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-28 21:20 --------- d-----w C:\Program Files\Bonjour
2008-01-28 21:10 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-01-26 14:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-26 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-26 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-25 12:34 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 12:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-23 05:58 --------- d-----w C:\Program Files\FinePixViewer
2008-01-16 21:57 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-16 20:57 --------- d-----w C:\Program Files\Fichiers communs\PasenDommagement
2008-01-12 19:28 --------- d-----w C:\Program Files\SopCast
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-06 16:26 --------- d-----w C:\Program Files\TVAnts
2008-01-05 11:51 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\gtk-2.0
2008-01-04 22:06 --------- d-----w C:\Program Files\Ubisoft
2008-01-03 18:19 --------- d-----w C:\Program Files\GIMP-2.0
2008-01-02 17:48 --------- d-----w C:\Program Files\Fichiers communs\InterVideo
2007-12-26 12:45 159,744 ----a-w C:\WINDOWS\system32\Netlog24Uninstaller.exe
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-16 19:29 556 ---ha-w C:\os357577.bin
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 00:47 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-12-07 00:47 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-12-07 00:47 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-12-07 00:47 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-12-07 00:47 1,024,512 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-01-28 13:45 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-01-14 12:15 251 ----a-w C:\Program Files\wt3d.ini
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-11-03 19:01 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 04:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18 49152]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-14 15:02 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-17 17:38 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 22:50 221184]
"RegistryMechanic"="" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02 1063752]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
C:\Documents and Settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-05 15:33:30 344064]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
*Newly Created Service* - BDFDLL
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-02 21:12:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 22:57:26
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-02 22:58:36
ComboFix-quarantined-files.txt 2008-03-02 21:58:32
ComboFix2.txt 2008-03-01 10:27:03
.
2008-02-27 21:54:33 --- E O F ---
merci d avance de votre aide
par faute de temps, je n'ai pas pu faire de scan en ligne sur bitdefender donc je fais un scan via cambofix
et demain je ferai le scan via le site cite..
voici le rapport combofix:
ComboFix 08-03-01.3 - HP_Administrateur 2008-03-02 22:51:55.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.410 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\combofix.exe
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.
2008-03-02 21:58 . 2008-03-02 21:58 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-02 21:55 . 2008-03-02 21:58 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-03-02 19:00 . 2008-03-02 22:12 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-02 18:32 . 2008-03-02 18:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-02 18:21 . 2008-03-02 18:21 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-03-02 18:20 . 2008-03-02 18:33 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-03-02 18:11 . 2008-03-02 18:11 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-29 19:21 . 2008-02-29 19:21 9,296 --a------ C:\WINDOWS\system32\bmhcsr.exe
2008-02-29 19:04 . 2007-08-14 17:02 82,248 --------- C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-29 19:04 . 2007-08-14 17:02 57,672 --------- C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-29 19:04 . 2007-08-14 17:02 40,264 --------- C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-29 19:04 . 2007-08-14 17:02 29,000 --------- C:\WINDOWS\system32\drivers\kcom.sys
2008-02-29 19:03 . 2008-02-29 19:57 <REP> d-------- C:\Program Files\Spyware Doctor
2008-02-29 19:03 . 2008-02-29 19:03 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\PC Tools
2008-02-29 19:03 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-28 23:39 . 2008-02-28 23:39 12,644,785 --a------ C:\upload_moi_NOM-FB9B15D2723.tar.gz
2008-02-28 12:47 . 2008-02-28 22:50 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-02-28 07:40 . 2008-02-28 07:40 244 --ah----- C:\sqmnoopt19.sqm
2008-02-28 07:40 . 2008-02-28 07:40 232 --ah----- C:\sqmdata19.sqm
2008-02-28 01:37 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-28 01:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-28 01:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-28 01:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-28 01:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-28 01:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-28 01:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-28 01:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-28 01:34 . 2008-02-28 01:34 244 --ah----- C:\sqmnoopt18.sqm
2008-02-28 01:34 . 2008-02-28 01:34 232 --ah----- C:\sqmdata18.sqm
2008-02-28 01:30 . 2008-02-28 01:30 244 --ah----- C:\sqmnoopt17.sqm
2008-02-28 01:30 . 2008-02-28 01:30 232 --ah----- C:\sqmdata17.sqm
2008-02-28 01:02 . 2008-02-28 01:02 244 --ah----- C:\sqmnoopt16.sqm
2008-02-28 01:02 . 2008-02-28 01:02 232 --ah----- C:\sqmdata16.sqm
2008-02-27 22:54 . 2008-02-27 22:54 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-27 20:20 . 2008-02-27 20:20 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-02-27 20:17 . 2008-02-27 20:53 <REP> d-------- C:\Program Files\G DATA AntiVirus Trial
2008-02-27 11:34 . 2008-02-27 11:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-27 11:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-27 11:33 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-27 11:33 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-26 21:29 . 2008-02-26 21:29 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-02-26 17:20 . 2008-02-26 20:45 <REP> d-------- C:\Program Files\Windows Live
2008-02-26 17:20 . 2008-03-02 18:20 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-26 17:20 . 2008-03-02 18:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-14 21:53 . 2008-02-14 21:53 360,448 --a------ C:\WINDOWS\system32\bspjdz.exe
2008-02-13 21:29 . 2008-02-13 21:29 299,008 --a------ C:\WINDOWS\system32\ghrpmvzrxu.exe
2008-02-13 20:15 . 2008-02-13 20:15 295,936 --a------ C:\WINDOWS\system32\fekhpp.exe
2008-02-13 07:29 . 2008-02-13 07:29 333,824 --a------ C:\WINDOWS\system32\ywmuqoq.exe
2008-02-11 07:08 . 2008-02-11 07:08 296,960 --a------ C:\WINDOWS\system32\msqlsu.exe
2008-02-10 12:47 . 2008-02-10 12:47 313,344 --a------ C:\WINDOWS\system32\vtzpre.exe
2008-02-09 19:27 . 2008-02-12 19:14 304,128 --a------ C:\WINDOWS\system32\mfulqed.exe
2008-02-09 13:03 . 2008-02-09 13:03 342,016 --a------ C:\WINDOWS\system32\lawehinpt.exe
2008-02-05 23:57 . 2008-03-02 18:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-05 23:57 . 2008-02-05 23:57 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 21:54 --------- d-----w C:\Program Files\Wanadoo
2008-03-02 20:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 16:03 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-29 21:59 7,946 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2008-02-28 00:37 --------- d-----w C:\Program Files\Alwil Software
2008-02-27 19:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 19:45 --------- d-----w C:\Program Files\MSN Messenger
2008-02-25 17:56 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\LimeWire
2008-02-23 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-02-23 00:02 --------- d-----w C:\Program Files\Ulead Systems
2008-02-22 23:56 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-22 23:54 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
2008-02-03 16:00 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\SopCast
2008-01-28 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-28 21:20 --------- d-----w C:\Program Files\Bonjour
2008-01-28 21:10 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-01-26 14:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-26 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-26 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-25 12:34 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 12:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-23 05:58 --------- d-----w C:\Program Files\FinePixViewer
2008-01-16 21:57 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-16 20:57 --------- d-----w C:\Program Files\Fichiers communs\PasenDommagement
2008-01-12 19:28 --------- d-----w C:\Program Files\SopCast
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-06 16:26 --------- d-----w C:\Program Files\TVAnts
2008-01-05 11:51 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\gtk-2.0
2008-01-04 22:06 --------- d-----w C:\Program Files\Ubisoft
2008-01-03 18:19 --------- d-----w C:\Program Files\GIMP-2.0
2008-01-02 17:48 --------- d-----w C:\Program Files\Fichiers communs\InterVideo
2007-12-26 12:45 159,744 ----a-w C:\WINDOWS\system32\Netlog24Uninstaller.exe
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-16 19:29 556 ---ha-w C:\os357577.bin
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 00:47 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-12-07 00:47 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-12-07 00:47 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-12-07 00:47 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-12-07 00:47 1,024,512 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-01-28 13:45 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-01-14 12:15 251 ----a-w C:\Program Files\wt3d.ini
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-11-03 19:01 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 04:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18 49152]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-14 15:02 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-17 17:38 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 22:50 221184]
"RegistryMechanic"="" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02 1063752]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
C:\Documents and Settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-05 15:33:30 344064]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
*Newly Created Service* - BDFDLL
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-02 21:12:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 22:57:26
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-02 22:58:36
ComboFix-quarantined-files.txt 2008-03-02 21:58:32
ComboFix2.txt 2008-03-01 10:27:03
.
2008-02-27 21:54:33 --- E O F ---
merci d avance de votre aide
salut combofix a déja supprimé les fichiers infectés !! fait le scan en ligne comme je te l'ai dit et poste moi le rapport .
