Dialer-instant_acces

sb251 Messages postés 10 Date d'inscription   Statut Membre -  
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
Bonjour,
je fais 1sanc avec spyware doctor , et on me decouvre le probleme suivant comme quoi j'ai un dialer.insatnt_acces sur mon ordinateur et un virus trojan small jmh ..alor j'aimerai savoir si quelqu'un pourait a m'en debarraser de tout cela, se serai vraiment gentil pcq j'ai essayer de supprimer mais cela revient tout le temps....
et j'ai audssi mon pare feu bloquer , il est griser en mode desactiver et cela a eu comme consequence d'avoir ses virus....

merci de votre aide d'avance, c vraiment urgent ..
je poste le log avec combofix

ComboFix 08-03-01.3 - HP_Administrateur 2008-03-01 11:21:00.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.435 [GMT 1:00]
Endroit: C:\DOCUME~1\HP_ADM~1\Bureau\combofix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
C:\Documents and Settings\HP_Administrateur\Application Data\MessengerSkinner
C:\Documents and Settings\HP_Administrateur\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\wnvcxgfgi.dat
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\wnvcxgfgi.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\wnvcxgfgi_nav.dat
c:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\wnvcxgfgi_navps.dat
C:\Program Files\messengerskinner
C:\Program Files\messengerskinner\MessengerSkinnerDll.dll
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\vdrziwembj.dat
C:\WINDOWS\system32\vdrziwembj_nav.dat
C:\WINDOWS\system32\vdrziwembj_navps.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))))))))
.

2008-02-29 19:21 . 2008-02-29 19:21 9,296 --a------ C:\WINDOWS\system32\bmhcsr.exe
2008-02-29 19:04 . 2007-08-14 17:02 82,248 --------- C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-29 19:04 . 2007-08-14 17:02 57,672 --------- C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-29 19:04 . 2007-08-14 17:02 40,264 --------- C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-29 19:04 . 2007-08-14 17:02 29,000 --------- C:\WINDOWS\system32\drivers\kcom.sys
2008-02-29 19:03 . 2008-02-29 19:57 <REP> d-------- C:\Program Files\Spyware Doctor
2008-02-29 19:03 . 2008-02-29 19:03 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\PC Tools
2008-02-29 19:03 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-28 23:39 . 2008-02-28 23:39 12,644,785 --a------ C:\upload_moi_NOM-FB9B15D2723.tar.gz
2008-02-28 12:47 . 2008-02-28 22:50 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-02-28 07:40 . 2008-02-28 07:40 244 --ah----- C:\sqmnoopt19.sqm
2008-02-28 07:40 . 2008-02-28 07:40 232 --ah----- C:\sqmdata19.sqm
2008-02-28 01:37 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-28 01:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-28 01:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-28 01:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-28 01:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-28 01:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-28 01:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-28 01:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-28 01:34 . 2008-02-28 01:34 244 --ah----- C:\sqmnoopt18.sqm
2008-02-28 01:34 . 2008-02-28 01:34 232 --ah----- C:\sqmdata18.sqm
2008-02-28 01:30 . 2008-02-28 01:30 244 --ah----- C:\sqmnoopt17.sqm
2008-02-28 01:30 . 2008-02-28 01:30 232 --ah----- C:\sqmdata17.sqm
2008-02-28 01:02 . 2008-02-28 01:02 244 --ah----- C:\sqmnoopt16.sqm
2008-02-28 01:02 . 2008-02-28 01:02 232 --ah----- C:\sqmdata16.sqm
2008-02-27 22:54 . 2008-02-27 22:54 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-27 20:20 . 2008-02-27 20:20 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-02-27 20:17 . 2008-02-27 20:53 <REP> d-------- C:\Program Files\G DATA AntiVirus Trial
2008-02-27 11:34 . 2008-02-27 11:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-27 11:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-27 11:33 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-27 11:33 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-26 21:29 . 2008-02-26 21:29 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-02-26 17:20 . 2008-02-26 20:45 <REP> d-------- C:\Program Files\Windows Live
2008-02-26 17:20 . 2008-02-26 20:44 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-26 17:20 . 2008-02-26 20:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-14 21:53 . 2008-02-14 21:53 360,448 --a------ C:\WINDOWS\system32\bspjdz.exe
2008-02-13 21:29 . 2008-02-13 21:29 299,008 --a------ C:\WINDOWS\system32\ghrpmvzrxu.exe
2008-02-13 20:15 . 2008-02-13 20:15 295,936 --a------ C:\WINDOWS\system32\fekhpp.exe
2008-02-13 07:29 . 2008-02-13 07:29 333,824 --a------ C:\WINDOWS\system32\ywmuqoq.exe
2008-02-11 07:08 . 2008-02-11 07:08 296,960 --a------ C:\WINDOWS\system32\msqlsu.exe
2008-02-10 12:47 . 2008-02-10 12:47 313,344 --a------ C:\WINDOWS\system32\vtzpre.exe
2008-02-09 19:27 . 2008-02-12 19:14 304,128 --a------ C:\WINDOWS\system32\mfulqed.exe
2008-02-09 13:03 . 2008-02-09 13:03 342,016 --a------ C:\WINDOWS\system32\lawehinpt.exe
2008-02-05 23:57 . 2008-02-25 14:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-05 23:57 . 2008-02-05 23:57 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 10:20 --------- d-----w C:\Program Files\Wanadoo
2008-03-01 09:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-29 21:59 7,946 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2008-02-28 00:37 --------- d-----w C:\Program Files\Alwil Software
2008-02-27 19:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 19:45 --------- d-----w C:\Program Files\MSN Messenger
2008-02-25 17:56 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\LimeWire
2008-02-23 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-02-23 00:02 --------- d-----w C:\Program Files\Ulead Systems
2008-02-22 23:56 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-22 23:54 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
2008-02-03 16:00 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\SopCast
2008-01-28 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-28 21:20 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-28 21:20 --------- d-----w C:\Program Files\Bonjour
2008-01-28 21:10 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-01-26 14:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-26 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-26 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-25 12:34 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 12:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-23 05:58 --------- d-----w C:\Program Files\FinePixViewer
2008-01-16 21:57 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-16 20:57 --------- d-----w C:\Program Files\Fichiers communs\PasenDommagement
2008-01-12 19:28 --------- d-----w C:\Program Files\SopCast
2008-01-06 16:26 --------- d-----w C:\Program Files\TVAnts
2008-01-05 11:51 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\gtk-2.0
2008-01-04 22:06 --------- d-----w C:\Program Files\Ubisoft
2008-01-03 18:19 --------- d-----w C:\Program Files\GIMP-2.0
2008-01-02 17:48 --------- d-----w C:\Program Files\Fichiers communs\InterVideo
2007-12-26 12:45 159,744 ----a-w C:\WINDOWS\system32\Netlog24Uninstaller.exe
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-16 19:29 556 ---ha-w C:\os357577.bin
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-06 10:05 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-01-28 13:45 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-01-14 12:15 251 ----a-w C:\Program Files\wt3d.ini
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-11-03 19:01 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 04:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18 49152]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-14 15:02 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-17 17:38 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 22:50 221184]
"RegistryMechanic"="" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02 1063752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

C:\Documents and Settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-05 15:33:30 344064]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 11:26:07
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-01 11:27:02
ComboFix-quarantined-files.txt 2008-03-01 10:26:59
.
2008-02-27 21:54:33 --- E O F ---
Configuration: Windows XP
Internet Explorer 6.0

18 réponses

  1. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    salut ,

    poste un hijack:

    1) Clique ICI pour télécharger le fichier d'installation d'HijackThis :http://www.infos-du-net.com/telecharger/HijackThis,0301-454.html

    Enregistre HJTInstall.exe sur ton bureau

    Double-clique sur HJTInstall.exe pour lancer le programme

    Par défaut, il s'installera là || C:\Program Files\Trend Micro\HijackThis

    Accepte la license en cliquant sur le bouton "I Accept"

    Choisis l'option "Do a system scan and save a log file"

    Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

    Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

    Colle le rapport que tu viens de copier sur ce forum

    Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
    0
  2. sb251 Messages postés 10 Date d'inscription   Statut Membre
     
    merci de ton aide voilala repport demander

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:06:03, on 01/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis[1].zip\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 3 pour HiJackThis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    0
  3. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    re,combofix a bien travaillé !

    -> Relance HijackThis cliques sur « scanner seulement » ou (« do a scan only »),
    coche les cases devant ces lignes :

    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)

    et ensuite ferme toutes les fenêtres actives autres que HijackThis!, navigateur inclus,
    puis clique "Fix checked"( ou « fixer objet »). Ferme HijackThis!

    ensuite:

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier :c:\windows\system\hpsysdrv.exe

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    met ton explorer a jour :http://www.google.com/aclk?sa=L&ai=BPFaexj7JR47bDKeonQOmmPSrCoey2TrzvfjLBrm3rkvg1AMIABABGAEgtlQ4AVCisYvj_v____8BYPuJ7ILoCcgBAdkDgNiYsh_f1cM&sig=AGiWqtw7PZyxiqyXCY3x7Jw_U2M7bBo4Fw&q=http://www.i-explorer.info/fr/

    je te conseille ANTIVIR plutot que avast:https://www.malekal.com/avira-free-security-antivirus-gratuit/#mozTocId71944
    pourquoi :http://forum.malekal.com/ftopic3528.php

    --Essaye le navigateur Firefox plus sur/sécurisé qu IE

    -Téléchargement: http://www.mozilla-europe.org/fr/products/firefox/
    -Tutorial pour le sécuriser: https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/

    garde explorer pour les mise a jour et les scan en ligne.

    ensuite dis moi ou ca en est avec ton pc ??

    j'oubliais si tu désinstalle avast :https://www.avast.com/fr-fr/uninstall-utility

    0
  4. sb251 Messages postés 10 Date d'inscription   Statut Membre
     
    daccor merci , gv essayer tt ca !
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. sb251 Messages postés 10 Date d'inscription   Statut Membre
     
    donc voila, gfai ce qui a ete demander :

    Fichier hpsysdrv.exe reçu le 2008.02.27 14:46:51 (CET)
    Situation actuelle: terminé

    Résultat: 0/32 (0.00%)
    Formaté Impression des résultats
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.2.27.0 2008.02.27 -
    AntiVir 7.6.0.67 2008.02.27 -
    Authentium 4.93.8 2008.02.27 -
    Avast 4.7.1098.0 2008.02.26 -
    AVG 7.5.0.516 2008.02.27 -
    BitDefender 7.2 2008.02.27 -
    CAT-QuickHeal 9.50 2008.02.26 -
    ClamAV 0.92.1 2008.02.27 -
    DrWeb 4.44.0.09170 2008.02.27 -
    eSafe 7.0.15.0 2008.02.26 -
    eTrust-Vet 31.3.5567 2008.02.27 -
    Ewido 4.0 2008.02.27 -
    FileAdvisor 1 2008.02.27 -
    Fortinet 3.14.0.0 2008.02.27 -
    F-Prot 4.4.2.54 2008.02.26 -
    F-Secure 6.70.13260.0 2008.02.27 -
    Ikarus T3.1.1.20 2008.02.27 -
    Kaspersky 7.0.0.125 2008.02.27 -
    McAfee 5238 2008.02.26 -
    Microsoft 1.3301 2008.02.27 -
    NOD32v2 2905 2008.02.27 -
    Norman 5.80.02 2008.02.26 -
    Panda 9.0.0.4 2008.02.27 -
    Prevx1 V2 2008.02.27 -
    Rising 20.33.22.00 2008.02.27 -
    Sophos 4.27.0 2008.02.27 -
    Sunbelt 3.0.893.0 2008.02.23 -
    Symantec 10 2008.02.27 -
    TheHacker 6.2.9.229 2008.02.25 -
    VBA32 3.12.6.2 2008.02.27 -
    VirusBuster 4.3.26:9 2008.02.26 -
    Webwasher-Gateway 6.6.2 2008.02.27 -
    Information additionnelle
    File size: 52736 bytes
    MD5: 06a1ecb63df139ec639e084d4ab3c9d7
    SHA1: 0a4b7ddf4ddcd7486deca4034aa5b40605574d6e
    PEiD: InstallShield 2000

    maintenant gvais faire des scans avec spyware doctor et avats (avt de le changer) et get redis ca...

    en tt cas merci bcp de ton aide!! jespere que cela va marcher
    0
  7. sb251 Messages postés 10 Date d'inscription   Statut Membre
     
    docn j'ai saneer avec les deuc , dc ce que tuma dis de faire est partie mais bien!
    mais j'ai un autre probleme qui venu a la place:
    c'st un evirus trojan pws.tanspy :s

    pourrai tu m'aider pour celui ci par hasard? sinon, merci kan meme de ton aide ;)
    0
  8. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    re,

    Télécharge ce fichier sur le bureau :

    http://downloads.malwareremoval.com/Nel/FixP.zip

    Extrait et double clique sur Fix_Protocol_zones_ranges.reg.

    Accepte lorsqu'il te demande de fusionner avec le registre.

    reposte un nouveau rapport hiajckthis stp
    0
  9. sb251
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:39:15, on 01/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    0
  10. Utilisateur anonyme
     
    je dois m'absenter par la force des chose mai de ttes facon je reviendrai ce coir , ou cela en ai ...merci bcp
    0
  11. sb251 Messages postés 10 Date d'inscription   Statut Membre
     
    jfk president serai tu la encor pour 'maider? merci davance
    0
  12. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    j'attend le rapport ....
    0
  13. sb251 Messages postés 10 Date d'inscription   Statut Membre
     
    voici le nouveau rapport en question ak hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:54:32, on 02/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    0
  14. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    re, tu n'as pas mis ton explorer a jour comme je te l'ai dit post 3 !

    adobe reader n'est pas a jour non plus :http://www.google.com/...

    E - Scan online avec BitDefender

    Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X;

    la barre anti-popup du SP2 (en haut) va se mettre à clignoter,
    clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
    Une fois qu'il a terminé colle le rapport ici stp
    https://www.bitdefender.com/toolbox/
    Copie/Colle le rapport
    http://www.malekal.com/tutorial_BitDefender_AntiSpyware.php
    https://kerio.probb.fr/
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    0
  15. sb251 Messages postés 10 Date d'inscription   Statut Membre
     
    RE j'ai donc mis mon navigateur à jour, cad internet explorer 7 et adobe reader à jour.

    par faute de temps, je n'ai pas pu faire de scan en ligne sur bitdefender donc je fais un scan via cambofix
    et demain je ferai le scan via le site cite..

    voici le rapport combofix:

    ComboFix 08-03-01.3 - HP_Administrateur 2008-03-02 22:51:55.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.410 [GMT 1:00]
    Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\combofix.exe
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-02 21:58 . 2008-03-02 21:58 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2008-03-02 21:55 . 2008-03-02 21:58 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
    2008-03-02 19:00 . 2008-03-02 22:12 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-03-02 18:32 . 2008-03-02 18:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    2008-03-02 18:21 . 2008-03-02 18:21 <REP> d-------- C:\Program Files\Windows Live Favorites
    2008-03-02 18:20 . 2008-03-02 18:33 <REP> d-------- C:\Program Files\Windows Live Toolbar
    2008-03-02 18:11 . 2008-03-02 18:11 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-02-29 19:21 . 2008-02-29 19:21 9,296 --a------ C:\WINDOWS\system32\bmhcsr.exe
    2008-02-29 19:04 . 2007-08-14 17:02 82,248 --------- C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-02-29 19:04 . 2007-08-14 17:02 57,672 --------- C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-02-29 19:04 . 2007-08-14 17:02 40,264 --------- C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-02-29 19:04 . 2007-08-14 17:02 29,000 --------- C:\WINDOWS\system32\drivers\kcom.sys
    2008-02-29 19:03 . 2008-02-29 19:57 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-02-29 19:03 . 2008-02-29 19:03 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\PC Tools
    2008-02-29 19:03 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2008-02-28 23:39 . 2008-02-28 23:39 12,644,785 --a------ C:\upload_moi_NOM-FB9B15D2723.tar.gz
    2008-02-28 12:47 . 2008-02-28 22:50 <REP> d-------- C:\WINDOWS\system32\NtmsData
    2008-02-28 07:40 . 2008-02-28 07:40 244 --ah----- C:\sqmnoopt19.sqm
    2008-02-28 07:40 . 2008-02-28 07:40 232 --ah----- C:\sqmdata19.sqm
    2008-02-28 01:37 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-02-28 01:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-02-28 01:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-02-28 01:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-02-28 01:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-02-28 01:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-02-28 01:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-02-28 01:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-02-28 01:34 . 2008-02-28 01:34 244 --ah----- C:\sqmnoopt18.sqm
    2008-02-28 01:34 . 2008-02-28 01:34 232 --ah----- C:\sqmdata18.sqm
    2008-02-28 01:30 . 2008-02-28 01:30 244 --ah----- C:\sqmnoopt17.sqm
    2008-02-28 01:30 . 2008-02-28 01:30 232 --ah----- C:\sqmdata17.sqm
    2008-02-28 01:02 . 2008-02-28 01:02 244 --ah----- C:\sqmnoopt16.sqm
    2008-02-28 01:02 . 2008-02-28 01:02 232 --ah----- C:\sqmdata16.sqm
    2008-02-27 22:54 . 2008-02-27 22:54 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-02-27 20:20 . 2008-02-27 20:20 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
    2008-02-27 20:17 . 2008-02-27 20:53 <REP> d-------- C:\Program Files\G DATA AntiVirus Trial
    2008-02-27 11:34 . 2008-02-27 11:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-02-27 11:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-02-27 11:33 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-02-27 11:33 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-02-26 21:29 . 2008-02-26 21:29 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-02-26 17:20 . 2008-02-26 20:45 <REP> d-------- C:\Program Files\Windows Live
    2008-02-26 17:20 . 2008-03-02 18:20 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-02-26 17:20 . 2008-03-02 18:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-14 21:53 . 2008-02-14 21:53 360,448 --a------ C:\WINDOWS\system32\bspjdz.exe
    2008-02-13 21:29 . 2008-02-13 21:29 299,008 --a------ C:\WINDOWS\system32\ghrpmvzrxu.exe
    2008-02-13 20:15 . 2008-02-13 20:15 295,936 --a------ C:\WINDOWS\system32\fekhpp.exe
    2008-02-13 07:29 . 2008-02-13 07:29 333,824 --a------ C:\WINDOWS\system32\ywmuqoq.exe
    2008-02-11 07:08 . 2008-02-11 07:08 296,960 --a------ C:\WINDOWS\system32\msqlsu.exe
    2008-02-10 12:47 . 2008-02-10 12:47 313,344 --a------ C:\WINDOWS\system32\vtzpre.exe
    2008-02-09 19:27 . 2008-02-12 19:14 304,128 --a------ C:\WINDOWS\system32\mfulqed.exe
    2008-02-09 13:03 . 2008-02-09 13:03 342,016 --a------ C:\WINDOWS\system32\lawehinpt.exe
    2008-02-05 23:57 . 2008-03-02 18:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-02-05 23:57 . 2008-02-05 23:57 1,409 --a------ C:\WINDOWS\QTFont.for

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-02 21:54 --------- d-----w C:\Program Files\Wanadoo
    2008-03-02 20:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-02 16:03 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-29 21:59 7,946 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
    2008-02-28 00:37 --------- d-----w C:\Program Files\Alwil Software
    2008-02-27 19:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-26 19:45 --------- d-----w C:\Program Files\MSN Messenger
    2008-02-25 17:56 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\LimeWire
    2008-02-23 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-02-23 00:02 --------- d-----w C:\Program Files\Ulead Systems
    2008-02-22 23:56 --------- d-----w C:\Program Files\OpenOffice.org 2.3
    2008-02-22 23:54 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
    2008-02-03 16:00 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\SopCast
    2008-01-28 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-01-28 21:20 --------- d-----w C:\Program Files\Bonjour
    2008-01-28 21:10 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
    2008-01-26 14:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-01-26 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-26 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-25 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-25 12:34 --------- d-----w C:\Program Files\Lavasoft
    2008-01-25 12:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-23 05:58 --------- d-----w C:\Program Files\FinePixViewer
    2008-01-16 21:57 --------- d-----w C:\Program Files\MessengerPlus! 3
    2008-01-16 20:57 --------- d-----w C:\Program Files\Fichiers communs\PasenDommagement
    2008-01-12 19:28 --------- d-----w C:\Program Files\SopCast
    2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    2008-01-06 16:26 --------- d-----w C:\Program Files\TVAnts
    2008-01-05 11:51 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\gtk-2.0
    2008-01-04 22:06 --------- d-----w C:\Program Files\Ubisoft
    2008-01-03 18:19 --------- d-----w C:\Program Files\GIMP-2.0
    2008-01-02 17:48 --------- d-----w C:\Program Files\Fichiers communs\InterVideo
    2007-12-26 12:45 159,744 ----a-w C:\WINDOWS\system32\Netlog24Uninstaller.exe
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
    2007-12-16 19:29 556 ---ha-w C:\os357577.bin
    2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-07 00:47 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-12-07 00:47 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-12-07 00:47 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-12-07 00:47 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
    2007-12-07 00:47 1,024,512 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
    2007-01-28 13:45 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2007-01-14 12:15 251 ----a-w C:\Program Files\wt3d.ini
    2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2006-11-03 19:01 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512]
    "ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-14 04:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:15 77312 C:\WINDOWS\arpwrmsg.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]
    "nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]
    "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05 90112]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18 49152]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-14 15:02 180269]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-17 17:38 155648]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 22:50 221184]
    "RegistryMechanic"="" []
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02 1063752]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

    C:\Documents and Settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-05 15:33:30 344064]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]
    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

    *Newly Created Service* - BDFDLL
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-02 21:12:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-02 22:57:26
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwClose

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-02 22:58:36
    ComboFix-quarantined-files.txt 2008-03-02 21:58:32
    ComboFix2.txt 2008-03-01 10:27:03
    .
    2008-02-27 21:54:33 --- E O F ---

    merci d avance de votre aide
    0
  16. sb251 Messages postés 10 Date d'inscription   Statut Membre
     
    RE j'ai donc mis mon navigateur à jour, cad internet explorer 7 et adobe reader à jour.

    par faute de temps, je n'ai pas pu faire de scan en ligne sur bitdefender donc je fais un scan via cambofix
    et demain je ferai le scan via le site cite..

    voici le rapport combofix:

    ComboFix 08-03-01.3 - HP_Administrateur 2008-03-02 22:51:55.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.410 [GMT 1:00]
    Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\combofix.exe
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-02 21:58 . 2008-03-02 21:58 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2008-03-02 21:55 . 2008-03-02 21:58 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
    2008-03-02 19:00 . 2008-03-02 22:12 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-03-02 18:32 . 2008-03-02 18:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    2008-03-02 18:21 . 2008-03-02 18:21 <REP> d-------- C:\Program Files\Windows Live Favorites
    2008-03-02 18:20 . 2008-03-02 18:33 <REP> d-------- C:\Program Files\Windows Live Toolbar
    2008-03-02 18:11 . 2008-03-02 18:11 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-02-29 19:21 . 2008-02-29 19:21 9,296 --a------ C:\WINDOWS\system32\bmhcsr.exe
    2008-02-29 19:04 . 2007-08-14 17:02 82,248 --------- C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-02-29 19:04 . 2007-08-14 17:02 57,672 --------- C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-02-29 19:04 . 2007-08-14 17:02 40,264 --------- C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-02-29 19:04 . 2007-08-14 17:02 29,000 --------- C:\WINDOWS\system32\drivers\kcom.sys
    2008-02-29 19:03 . 2008-02-29 19:57 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-02-29 19:03 . 2008-02-29 19:03 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\PC Tools
    2008-02-29 19:03 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2008-02-28 23:39 . 2008-02-28 23:39 12,644,785 --a------ C:\upload_moi_NOM-FB9B15D2723.tar.gz
    2008-02-28 12:47 . 2008-02-28 22:50 <REP> d-------- C:\WINDOWS\system32\NtmsData
    2008-02-28 07:40 . 2008-02-28 07:40 244 --ah----- C:\sqmnoopt19.sqm
    2008-02-28 07:40 . 2008-02-28 07:40 232 --ah----- C:\sqmdata19.sqm
    2008-02-28 01:37 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-02-28 01:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-02-28 01:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-02-28 01:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-02-28 01:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-02-28 01:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-02-28 01:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-02-28 01:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-02-28 01:34 . 2008-02-28 01:34 244 --ah----- C:\sqmnoopt18.sqm
    2008-02-28 01:34 . 2008-02-28 01:34 232 --ah----- C:\sqmdata18.sqm
    2008-02-28 01:30 . 2008-02-28 01:30 244 --ah----- C:\sqmnoopt17.sqm
    2008-02-28 01:30 . 2008-02-28 01:30 232 --ah----- C:\sqmdata17.sqm
    2008-02-28 01:02 . 2008-02-28 01:02 244 --ah----- C:\sqmnoopt16.sqm
    2008-02-28 01:02 . 2008-02-28 01:02 232 --ah----- C:\sqmdata16.sqm
    2008-02-27 22:54 . 2008-02-27 22:54 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-02-27 20:20 . 2008-02-27 20:20 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
    2008-02-27 20:17 . 2008-02-27 20:53 <REP> d-------- C:\Program Files\G DATA AntiVirus Trial
    2008-02-27 11:34 . 2008-02-27 11:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-02-27 11:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-02-27 11:33 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-02-27 11:33 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-02-26 21:29 . 2008-02-26 21:29 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-02-26 17:20 . 2008-02-26 20:45 <REP> d-------- C:\Program Files\Windows Live
    2008-02-26 17:20 . 2008-03-02 18:20 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-02-26 17:20 . 2008-03-02 18:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-14 21:53 . 2008-02-14 21:53 360,448 --a------ C:\WINDOWS\system32\bspjdz.exe
    2008-02-13 21:29 . 2008-02-13 21:29 299,008 --a------ C:\WINDOWS\system32\ghrpmvzrxu.exe
    2008-02-13 20:15 . 2008-02-13 20:15 295,936 --a------ C:\WINDOWS\system32\fekhpp.exe
    2008-02-13 07:29 . 2008-02-13 07:29 333,824 --a------ C:\WINDOWS\system32\ywmuqoq.exe
    2008-02-11 07:08 . 2008-02-11 07:08 296,960 --a------ C:\WINDOWS\system32\msqlsu.exe
    2008-02-10 12:47 . 2008-02-10 12:47 313,344 --a------ C:\WINDOWS\system32\vtzpre.exe
    2008-02-09 19:27 . 2008-02-12 19:14 304,128 --a------ C:\WINDOWS\system32\mfulqed.exe
    2008-02-09 13:03 . 2008-02-09 13:03 342,016 --a------ C:\WINDOWS\system32\lawehinpt.exe
    2008-02-05 23:57 . 2008-03-02 18:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-02-05 23:57 . 2008-02-05 23:57 1,409 --a------ C:\WINDOWS\QTFont.for

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-02 21:54 --------- d-----w C:\Program Files\Wanadoo
    2008-03-02 20:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-02 16:03 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-29 21:59 7,946 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
    2008-02-28 00:37 --------- d-----w C:\Program Files\Alwil Software
    2008-02-27 19:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-26 19:45 --------- d-----w C:\Program Files\MSN Messenger
    2008-02-25 17:56 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\LimeWire
    2008-02-23 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-02-23 00:02 --------- d-----w C:\Program Files\Ulead Systems
    2008-02-22 23:56 --------- d-----w C:\Program Files\OpenOffice.org 2.3
    2008-02-22 23:54 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
    2008-02-03 16:00 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\SopCast
    2008-01-28 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-01-28 21:20 --------- d-----w C:\Program Files\Bonjour
    2008-01-28 21:10 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
    2008-01-26 14:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-01-26 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-26 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-25 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-25 12:34 --------- d-----w C:\Program Files\Lavasoft
    2008-01-25 12:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-23 05:58 --------- d-----w C:\Program Files\FinePixViewer
    2008-01-16 21:57 --------- d-----w C:\Program Files\MessengerPlus! 3
    2008-01-16 20:57 --------- d-----w C:\Program Files\Fichiers communs\PasenDommagement
    2008-01-12 19:28 --------- d-----w C:\Program Files\SopCast
    2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    2008-01-06 16:26 --------- d-----w C:\Program Files\TVAnts
    2008-01-05 11:51 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\gtk-2.0
    2008-01-04 22:06 --------- d-----w C:\Program Files\Ubisoft
    2008-01-03 18:19 --------- d-----w C:\Program Files\GIMP-2.0
    2008-01-02 17:48 --------- d-----w C:\Program Files\Fichiers communs\InterVideo
    2007-12-26 12:45 159,744 ----a-w C:\WINDOWS\system32\Netlog24Uninstaller.exe
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
    2007-12-16 19:29 556 ---ha-w C:\os357577.bin
    2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-07 00:47 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-12-07 00:47 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-12-07 00:47 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-12-07 00:47 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
    2007-12-07 00:47 1,024,512 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
    2007-01-28 13:45 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2007-01-14 12:15 251 ----a-w C:\Program Files\wt3d.ini
    2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2006-11-03 19:01 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512]
    "ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-14 04:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:15 77312 C:\WINDOWS\arpwrmsg.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]
    "nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]
    "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05 90112]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 10:18 49152]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-14 15:02 180269]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-17 17:38 155648]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 22:50 221184]
    "RegistryMechanic"="" []
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02 1063752]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

    C:\Documents and Settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-07-05 15:33:30 344064]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 10:40:44 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]
    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

    *Newly Created Service* - BDFDLL
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-02 21:12:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-02 22:57:26
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwClose

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-02 22:58:36
    ComboFix-quarantined-files.txt 2008-03-02 21:58:32
    ComboFix2.txt 2008-03-01 10:27:03
    .
    2008-02-27 21:54:33 --- E O F ---

    merci d avance de votre aide
    0
  17. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    salut combofix a déja supprimé les fichiers infectés !! fait le scan en ligne comme je te l'ai dit et poste moi le rapport .
    0
  18. sb251 Messages postés 10 Date d'inscription   Statut Membre
     
    merci de tn aide , jpourais sacnner en ligne seulement mercredi matin faute des mes cours au lycee...
    0
  19. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    OK amuse toi bien en cours -;;)))

    j'attendrai le rapport de bit-defender...
    0