Virus sur mon PC

Gillou -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour, j'ai également été infecté.....
Voici mon log fait avec Smitfraudfix
Merci de me donner une réponse

SmitFraudFix v2.301

Rapport fait à 0:34:05,18, 11/03/2008
Executé à partir de C:\Documents and Settings\Moa\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Fichiers communs\EPSON\eEBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Moa

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Moa\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Moa\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6F9259D-484A-428E-AAE5-9E0A968B8B41}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6F9259D-484A-428E-AAE5-9E0A968B8B41}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6F9259D-484A-428E-AAE5-9E0A968B8B41}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
Configuration: Windows XP
Internet Explorer 7.0

15 réponses

  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    Gillou,

    infecté par quoi?

    tu peux supprimer smitfraud,

    Télécharge HijackThis ici :

    -> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    Post le rapport généré ici stp...

    @+
    0
    1. Gillou
       
      Merci d'avance pour ton aide. J'ai fait ce que tu m'a dit et je t'envoie le log Hijackthis
      Au fait, depuis hier j'ai une icone (croix rouge) dans la barre des taches me disant "your computer is infected" Mon fond d'écran est devenu tout bleue voilà mes symptomes....... Je t'envoie le log :



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:40:31, on 11/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16544)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\EPSON\eEBAPI\eEBSVC.exe
      C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
      C:\Program Files\Fichiers communs\EPSON\eEBAPI\SAgent2.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Spyware Terminator\sp_rsser.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
      C:\WINDOWS\system32\braviax.exe
      C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
      C:\PROGRA~1\INCRED~1\bin\ImApp.exe
      C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
      C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
      C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\HIJACKTHIS\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
      O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
      O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
      O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
      O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\eEBAPI\eEBSVC.exe
      O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\eEBAPI\SAgent2.exe
      O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
      O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut gilou, oui je voie, pas cool, le truc...

    fais ceci :

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message ainsi qu´un nouveau rapport hijack this.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    @+
    0
    1. Gillou
       
      J'ai fait ce que tu m'a dit. Le PC n'a pas redemarré à la fin de COMBOFIX mais cependant je n'ai plus la croix rouge dans la barre des tache, et mon PC a retrouvé sa vitesse de travail.


      LOG COMBOFIX

      ComboFix 08-03-10.1 - Moa 2008-03-11 11:03:05.1 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1500 [GMT 1:00]
      Endroit: C:\Documents and Settings\Moa\Bureau\ComboFix.exe

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Program Files\PS TO USB CONVERTOR\CnsMin5.ico
      C:\WINDOWS\system32\braviax.exe
      C:\WINDOWS\system32\winivstr.exe

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-02-11 to 2008-03-11 ))))))))))))))))))))))))))))))))))))
      .

      2008-03-11 10:39 . 2008-03-11 10:40 <REP> d-------- C:\HIJACKTHIS
      2008-03-11 00:20 . 2008-03-11 00:34 4,100 --a------ C:\WINDOWS\system32\tmp.reg
      2008-03-11 00:12 . 2008-03-11 11:04 223,264 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
      2008-03-11 00:12 . 2008-03-11 00:23 1,916 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
      2008-03-11 00:10 . 2008-03-11 00:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
      2008-03-11 00:10 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
      2008-03-11 00:10 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
      2008-03-11 00:10 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
      2008-03-11 00:10 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
      2008-03-11 00:10 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
      2008-03-11 00:10 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
      2008-03-11 00:10 . 2008-03-11 00:14 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
      2008-03-11 00:09 . 2008-03-11 00:09 <REP> d-------- C:\Program Files\Zone Labs
      2008-03-10 17:53 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-03-10 17:53 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-03-10 17:53 . 2008-03-09 01:15 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-03-10 17:53 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-03-10 17:53 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-03-10 17:53 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-03-10 17:53 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-03-10 17:30 . 2008-03-10 17:30 <REP> d-------- C:\Program Files\Enigma Software Group
      2008-03-10 17:08 . 2008-03-11 00:32 <REP> d-------- C:\Program Files\Spyware Terminator
      2008-03-10 17:08 . 2008-03-10 17:14 <REP> d-------- C:\Documents and Settings\Moa\Application Data\Spyware Terminator
      2008-03-10 17:08 . 2008-03-10 17:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
      2008-03-10 17:08 . 2008-03-10 17:08 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
      2008-03-10 16:18 . 2008-03-10 16:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-03-10 15:39 . 2008-03-10 15:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-03-10 15:39 . 2008-03-10 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-03-10 15:33 . 2008-03-10 15:33 19,529 --a------ C:\Program Files\Fichiers communs\figupubiz.pif
      2008-03-10 15:33 . 2008-03-10 15:33 18,695 --a------ C:\Documents and Settings\Moa\Application Data\uweqaxyn.dll
      2008-03-10 15:33 . 2008-03-10 15:33 18,364 --a------ C:\WINDOWS\system32\soruruv.inf
      2008-03-10 15:33 . 2008-03-10 15:33 18,302 --a------ C:\WINDOWS\deduwene.exe
      2008-03-10 15:33 . 2008-03-10 15:33 17,667 --a------ C:\Documents and Settings\Moa\Application Data\hyjusameg.bat
      2008-03-10 15:33 . 2008-03-10 15:33 17,035 --a------ C:\WINDOWS\system32\saxukifo.com
      2008-03-10 15:33 . 2008-03-10 15:33 15,764 --a------ C:\WINDOWS\system32\yfozahevy._dl
      2008-03-10 15:33 . 2008-03-10 15:33 15,500 --a------ C:\WINDOWS\system32\icyhoqul.exe
      2008-03-10 15:33 . 2008-03-10 15:33 14,987 --a------ C:\WINDOWS\asodi.vbs
      2008-03-10 15:33 . 2008-03-10 15:33 14,617 --a------ C:\WINDOWS\ronidiqaz.dat
      2008-03-10 15:33 . 2008-03-10 15:33 13,045 --a------ C:\Documents and Settings\Moa\Application Data\ipexibed.bin
      2008-03-10 15:33 . 2008-03-10 15:33 12,985 --a------ C:\WINDOWS\nydu.dll
      2008-03-10 15:33 . 2008-03-10 15:33 12,290 --a------ C:\Documents and Settings\All Users\Application Data\uvucyl.dll
      2008-03-10 15:33 . 2008-03-10 15:33 10,894 --a------ C:\WINDOWS\system32\ibalupitaw._sy
      2008-03-10 15:33 . 2008-03-10 15:33 10,378 --a------ C:\WINDOWS\ferycetany.dl
      2008-03-10 15:10 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
      2008-03-10 15:10 . 2008-03-10 15:10 385 --a------ C:\WINDOWS\ODBC.INI
      2008-03-10 15:09 . 2008-03-10 15:10 <REP> d-------- C:\WINDOWS\SHELLNEW
      2008-03-10 15:09 . 2008-03-10 15:09 <REP> d-------- C:\Program Files\Microsoft Works
      2008-03-10 15:08 . 2008-03-10 15:08 <REP> d-------- C:\Program Files\Microsoft.NET
      2008-03-10 01:25 . 2008-03-10 01:25 <REP> d-------- C:\Program Files\FBrowsingAdvisor
      2008-03-10 01:25 . 2008-03-10 01:25 <REP> d-------- C:\Program Files\FBrowserAdvisor
      2008-03-10 01:25 . 2008-03-10 15:30 <REP> d-------- C:\Program Files\ContextProgram
      2008-03-10 01:23 . 2008-03-10 01:25 <REP> d-------- C:\Program Files\MP3 WAV Converter
      2008-03-10 01:23 . 2008-03-10 01:23 2 --a------ C:\WINDOWS\system32\RICHTX.DEP
      2008-03-08 19:42 . 2008-03-08 19:42 <REP> d-------- C:\Program Files\Fichiers communs\Jasc Software Inc
      2008-03-08 19:42 . 2008-03-08 19:42 <REP> d-------- C:\Documents and Settings\Moa\Application Data\Jasc Software Inc
      2008-03-08 19:41 . 2008-03-08 19:42 <REP> d-------- C:\Program Files\Jasc Software Inc
      2008-02-26 23:50 . 2008-02-26 23:50 <REP> d-------- C:\Documents and Settings\Moa\Application Data\CyberLink
      2008-02-26 11:29 . 2005-07-12 14:25 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
      2008-02-26 11:29 . 2006-04-11 15:03 233,472 --------- C:\WINDOWS\system32\DiskIO.dll
      2008-02-26 11:29 . 2006-04-11 15:03 184,320 --------- C:\WINDOWS\system32\RALMain.dll
      2008-02-26 11:29 . 2004-01-02 12:28 126,976 --------- C:\WINDOWS\system32\AVIPrAx.dll
      2008-02-26 11:29 . 2001-12-11 22:21 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
      2008-02-26 11:29 . 2003-04-21 16:11 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
      2008-02-26 11:29 . 2007-03-06 18:53 41,984 --a------ C:\WINDOWS\system32\cacheX.dll
      2008-02-26 11:29 . 2005-12-12 15:57 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
      2008-02-26 11:26 . 2007-01-26 02:04 196,096 --a------ C:\WINDOWS\system32\macd32.dll
      2008-02-26 11:26 . 2007-01-26 02:04 138,752 --a------ C:\WINDOWS\system32\mase32.dll
      2008-02-26 11:26 . 2007-01-26 02:04 136,192 --a------ C:\WINDOWS\system32\mamc32.dll
      2008-02-26 11:26 . 2007-01-26 02:04 57,856 --a------ C:\WINDOWS\system32\masd32.dll
      2008-02-26 11:26 . 2007-01-26 02:04 27,648 --a------ C:\WINDOWS\system32\ma32.dll
      2008-02-26 11:08 . 2006-11-15 11:29 1,712,128 --a------ C:\WINDOWS\system32\GDIPLUS.DLL
      2008-02-11 14:39 . 2008-02-11 14:39 <REP> d-------- C:\Program Files\Xilisoft
      2008-02-11 12:21 . 2008-02-11 12:21 <REP> d-------- C:\Documents and Settings\Moa\Application Data\Sony Corporation
      2008-02-11 12:17 . 2008-02-11 12:17 <REP> d-------- C:\Drivers
      2008-02-11 12:17 . 2006-10-30 13:46 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
      2008-02-11 12:17 . 2006-10-30 13:46 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
      2008-02-11 12:17 . 2006-10-30 13:46 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
      2008-02-11 12:17 . 2006-10-30 13:46 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
      2008-02-11 12:17 . 2006-10-30 13:46 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
      2008-02-11 12:17 . 2006-10-30 13:46 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
      2008-02-11 12:14 . 2008-02-11 12:14 <REP> d-------- C:\Program Files\Sony
      2008-02-11 12:14 . 2008-02-11 12:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-11 10:04 --------- d-----w C:\Program Files\PS TO USB CONVERTOR
      2008-03-10 23:31 1,328,640 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
      2008-03-10 23:00 --------- d-----w C:\Documents and Settings\Moa\Application Data\LimeWire
      2008-03-10 15:15 --------- d-----w C:\Program Files\eMule
      2008-03-10 14:33 16,054 ----a-w C:\Program Files\Fichiers communs\ijereb.lib
      2008-03-10 14:33 13,399 ----a-w C:\Program Files\Fichiers communs\dugezycecy.db
      2008-03-10 14:33 12,122 ----a-w C:\Program Files\Fichiers communs\rije.inf
      2008-03-10 14:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2008-03-10 00:47 --------- d-----w C:\Program Files\LimeWire
      2008-02-26 10:28 --------- d-----w C:\Program Files\Pinnacle
      2008-02-26 10:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-02-12 22:23 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2008-02-11 10:03 --------- d-----w C:\Program Files\VirtualDJ
      2008-02-10 21:53 --------- d-----w C:\Program Files\EPSON
      2008-02-10 21:51 --------- d-----w C:\Program Files\Fichiers communs\Python
      2008-02-10 21:48 --------- d-----w C:\Program Files\Fichiers communs\EPSON
      2008-02-10 21:42 --------- d-----w C:\Program Files\Lavalys
      2008-02-10 21:34 --------- d-----w C:\Documents and Settings\Moa\Application Data\EPSON
      2008-02-07 19:16 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-02-07 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-02-07 19:11 --------- d-----w C:\Documents and Settings\Moa\Application Data\MSN6
      2008-02-06 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
      2008-02-05 14:44 --------- d-----w C:\Program Files\VID_0E8F&PID_0003
      2008-02-02 16:04 --------- d-----w C:\Program Files\Hercules
      2008-02-02 16:04 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
      2008-02-02 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
      2008-02-02 15:02 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
      2008-02-02 15:02 --------- d--h--r C:\Documents and Settings\Moa\Application Data\SecuROM
      2008-02-02 14:56 --------- d-----w C:\Program Files\KONAMI
      2008-02-01 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
      2008-02-01 10:44 --------- d-----w C:\Documents and Settings\Moa\Application Data\Sports Interactive
      2008-02-01 10:43 --------- d--h--w C:\Program Files\Zero G Registry
      2008-02-01 10:42 --------- d-----w C:\Program Files\Sports Interactive
      2008-01-30 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
      2008-01-30 22:07 --------- d-----w C:\Program Files\Fichiers communs\Logitech
      2008-01-30 22:07 --------- d-----w C:\Program Files\Fichiers communs\Logishrd
      2008-01-30 22:07 --------- d-----w C:\Documents and Settings\Moa\Application Data\InstallShield
      2008-01-30 14:13 --------- d-----w C:\Documents and Settings\Moa\Application Data\uTorrent
      2007-12-13 18:27 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
      2005-07-14 19:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
      2005-06-26 22:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
      2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
      "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 11:02 208946]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 11:51 202024]
      "LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41 145496]
      "braviax"="C:\WINDOWS\system32\braviax.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 10:44 16120832 C:\WINDOWS\RTHDCPL.EXE]
      "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-02-13 20:05 7557120]
      "nwiz"="nwiz.exe" [2006-02-13 20:05 1519616 C:\WINDOWS\system32\nwiz.exe]
      "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-02-13 20:05 86016]
      "AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 16:57 81408]
      "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]
      "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 16:38 221184]
      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
      "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 16:54 127022]
      "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
      "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 08:25 1828136]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
      "HerculesCamService"="C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe" [2007-01-17 19:07 102400]
      "EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
      "braviax"="C:\WINDOWS\system32\braviax.exe" [ ]
      "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-10 17:08 2957824]
      "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360]

      C:\Documents and Settings\Moa\Menu D‚marrer\Programmes\D‚marrage\
      Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-11 12:14:47 344064]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-30 23:07:33 784912]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
      c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001
      "UpdatesDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\uTorrent\\uTorrent.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
      "C:\\Program Files\\Hercules\\Hercules DualPix HD Webcam\\Station2.exe"=
      "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
      "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
      "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
      "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "28258:TCP"= 28258:TCP:emule TCP
      "22909:UDP"= 22909:UDP:emule udp

      R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-10 17:08]
      R3 APL531;Hercules Dualpix HD Webcam;C:\WINDOWS\system32\Drivers\HDvid.sys [2006-12-08 14:02]
      R3 camfilt;camfilt;C:\WINDOWS\system32\Drivers\camfilt.sys [2006-11-16 16:01]
      R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-11 11:04:46
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      AliceSAV = C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-03-11 11:05:16
      ComboFix-quarantined-files.txt 2008-03-11 10:05:14
      .
      2007-12-08 18:04:43 --- E O F ---






      LOG HIJACKTHIS


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:08:24, on 11/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16544)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\EPSON\eEBAPI\eEBSVC.exe
      C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
      C:\Program Files\Fichiers communs\EPSON\eEBAPI\SAgent2.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Spyware Terminator\sp_rsser.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
      C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
      C:\PROGRA~1\INCRED~1\bin\ImApp.exe
      C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
      C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
      C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\HIJACKTHIS\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
      O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
      O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
      O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
      O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\eEBAPI\eEBSVC.exe
      O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\eEBAPI\SAgent2.exe
      O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
      O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok tres bien,

    ce n´est pas encore terminé, mais je dois m´absenté pour le moment...

    @+
    0
  4. Gillou
     
    Merci déjà de m'avoir aidé même ci se n'est pas encore terminé. Je suis heureux en tout cas car je n'ai plus de message d'erreur et mon pc tourne a plein régime.

    Lorsque tu reviendra, peut tu me répondre a cette question : Es ce que ma protection est suffisante ?
    ANTIVIRUS : AVAST (Version gratuite)
    FIREWALL : ZONE ALARM (Version gratuite)
    ANTYWARE : SPYWARE TERMINTOR

    Ensuite une fois par semaine environ, j'utilie :
    JV 16 (Nettoyeur de registre)
    CCLEANER

    Merci encore pour toute ton aide
    Gillou
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    Gillou,

    pour ta protection :

    ANTIVIRUS : AVAST (Version gratuite) >

    antivir vs avast :

    -> http://forum.malekal.com/ftopic3528.php

    alors je te conseille de le desinstaller et d´installer antivir a la place

    Telecharge et instales l'antivirus Antivir Personal Edition Classic :

    ->https://www.malekal.com/avira-free-security-antivirus-gratuit/

    https://www.avira.com/en/prime

    http://mickael.barroux.free.fr/securite/antivir.php
    http://speedweb1.free.fr/frames2.php?page=tuto5
    <- tutoriel configuration du scanner...

    une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
    puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
    coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
    puis sur la droite coche les case suivantes :
    scan boot sectors of selected drives
    scan master boot sectors
    scan memory
    search foe rootkit before scan
    decoche :
    ignore off line files
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    FIREWALL : ZONE ALARM (Version gratuite) >

    pas mal mais y a mieux :

    par feu : kerio

    http://www.malekal.com/kerio_firewall.php#mozTocId721480

    https://www.vulgarisation-informatique.com/kerio.php

    https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall

    Comodo 3 pro :

    http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

    Online armor :

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

    tuto : https://forum.pcastuces.com/sujet.asp?f=25&s=35606

    apres c´est une histoire de configuration

    ANTYWARE : SPYWARE TERMINTOR > ok

    un bonus :

    spywareblaster :

    http://www.brightfort.com/spywareblaster.html

    c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

    tuto : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/question-spywareblaser-sujet_174747_1.htm

    puis pour en revenir a l´infection

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\braviax.exe
    C:\WINDOWS\system32\SpOrder.dll
    C:\WINDOWS\deduwene.exe
    C:\Documents and Settings\Moa\Application Data\uweqaxyn.dll
    C:\Program Files\Fichiers communs\figupubiz.pif
    C:\Documents and Settings\Moa\Application Data\hyjusameg.bat
    C:\WINDOWS\system32\saxukifo.com
    C:\WINDOWS\system32\yfozahevy._dl
    C:\WINDOWS\system32\icyhoqul.exe
    C:\WINDOWS\asodi.vbs
    C:\WINDOWS\ronidiqaz.dat
    C:\Documents and Settings\All Users\Application Data\uvucyl.dll
    C:\WINDOWS\system32\ibalupitaw._sy
    C:\WINDOWS\ferycetany.dl

    Folder::
    C:\Program Files\FBrowserAdvisor
    C:\Program Files\ContextProgram

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "braviax"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "braviax"=-

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
  7. Gillou
     
    J'ai fait les manip, et mon PC n'a pas redemarré.
    Voilà les log

    LOG COMBOFIX

    ComboFix 08-03-10.1 - Moa 2008-03-11 23:12:54.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1394 [GMT 1:00]
    Endroit: C:\Documents and Settings\Moa\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Moa\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\Documents and Settings\All Users\Application Data\uvucyl.dll
    C:\Documents and Settings\Moa\Application Data\hyjusameg.bat
    C:\Documents and Settings\Moa\Application Data\uweqaxyn.dll
    C:\Program Files\Fichiers communs\figupubiz.pif
    C:\WINDOWS\asodi.vbs
    C:\WINDOWS\deduwene.exe
    C:\WINDOWS\ferycetany.dl
    C:\WINDOWS\ronidiqaz.dat
    C:\WINDOWS\system32\braviax.exe
    C:\WINDOWS\system32\ibalupitaw._sy
    C:\WINDOWS\system32\icyhoqul.exe
    C:\WINDOWS\system32\saxukifo.com
    C:\WINDOWS\system32\SpOrder.dll
    C:\WINDOWS\system32\yfozahevy._dl
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\uvucyl.dll
    C:\Documents and Settings\Moa\Application Data\hyjusameg.bat
    C:\Documents and Settings\Moa\Application Data\uweqaxyn.dll
    C:\Program Files\ContextProgram
    C:\Program Files\ContextProgram\ContextProgram-2.dll
    C:\Program Files\ContextProgram\ContextProgram.dat
    C:\Program Files\ContextProgram\pcre3.dll
    C:\Program Files\ContextProgram\uninstall.exe
    C:\Program Files\FBrowserAdvisor
    C:\Program Files\Fichiers communs\figupubiz.pif
    C:\WINDOWS\asodi.vbs
    C:\WINDOWS\deduwene.exe
    C:\WINDOWS\ferycetany.dl
    C:\WINDOWS\ronidiqaz.dat
    C:\WINDOWS\system32\ibalupitaw._sy
    C:\WINDOWS\system32\icyhoqul.exe
    C:\WINDOWS\system32\saxukifo.com
    C:\WINDOWS\system32\SpOrder.dll
    C:\WINDOWS\system32\yfozahevy._dl

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-11 to 2008-03-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-11 10:39 . 2008-03-11 11:08 <REP> d-------- C:\HIJACKTHIS
    2008-03-11 00:20 . 2008-03-11 00:34 4,100 --a------ C:\WINDOWS\system32\tmp.reg
    2008-03-11 00:12 . 2008-03-11 23:14 577,568 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-03-11 00:12 . 2008-03-11 00:23 1,916 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-03-11 00:10 . 2008-03-11 00:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-03-11 00:10 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
    2008-03-11 00:10 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
    2008-03-11 00:10 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
    2008-03-11 00:10 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
    2008-03-11 00:10 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2008-03-11 00:10 . 2008-03-11 00:14 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-03-11 00:09 . 2008-03-11 00:09 <REP> d-------- C:\Program Files\Zone Labs
    2008-03-10 17:53 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-03-10 17:53 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-03-10 17:53 . 2008-03-09 01:15 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-03-10 17:53 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-03-10 17:53 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-03-10 17:53 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-10 17:53 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-10 17:30 . 2008-03-10 17:30 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-03-10 17:08 . 2008-03-11 00:32 <REP> d-------- C:\Program Files\Spyware Terminator
    2008-03-10 17:08 . 2008-03-10 17:14 <REP> d-------- C:\Documents and Settings\Moa\Application Data\Spyware Terminator
    2008-03-10 17:08 . 2008-03-10 17:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-03-10 17:08 . 2008-03-10 17:08 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-03-10 16:18 . 2008-03-10 16:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-10 15:39 . 2008-03-10 15:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-03-10 15:39 . 2008-03-10 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-10 15:33 . 2008-03-10 15:33 18,364 --a------ C:\WINDOWS\system32\soruruv.inf
    2008-03-10 15:33 . 2008-03-10 15:33 13,045 --a------ C:\Documents and Settings\Moa\Application Data\ipexibed.bin
    2008-03-10 15:33 . 2008-03-10 15:33 12,985 --a------ C:\WINDOWS\nydu.dll
    2008-03-10 15:10 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
    2008-03-10 15:10 . 2008-03-10 15:10 385 --a------ C:\WINDOWS\ODBC.INI
    2008-03-10 15:09 . 2008-03-10 15:10 <REP> d-------- C:\WINDOWS\SHELLNEW
    2008-03-10 15:09 . 2008-03-10 15:09 <REP> d-------- C:\Program Files\Microsoft Works
    2008-03-10 15:08 . 2008-03-10 15:08 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-03-10 01:25 . 2008-03-10 01:25 <REP> d-------- C:\Program Files\FBrowsingAdvisor
    2008-03-10 01:23 . 2008-03-10 01:25 <REP> d-------- C:\Program Files\MP3 WAV Converter
    2008-03-10 01:23 . 2008-03-10 01:23 2 --a------ C:\WINDOWS\system32\RICHTX.DEP
    2008-03-08 19:42 . 2008-03-08 19:42 <REP> d-------- C:\Program Files\Fichiers communs\Jasc Software Inc
    2008-03-08 19:42 . 2008-03-08 19:42 <REP> d-------- C:\Documents and Settings\Moa\Application Data\Jasc Software Inc
    2008-03-08 19:41 . 2008-03-08 19:42 <REP> d-------- C:\Program Files\Jasc Software Inc
    2008-02-26 23:50 . 2008-02-26 23:50 <REP> d-------- C:\Documents and Settings\Moa\Application Data\CyberLink
    2008-02-26 11:29 . 2005-07-12 14:25 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
    2008-02-26 11:29 . 2006-04-11 15:03 233,472 --------- C:\WINDOWS\system32\DiskIO.dll
    2008-02-26 11:29 . 2006-04-11 15:03 184,320 --------- C:\WINDOWS\system32\RALMain.dll
    2008-02-26 11:29 . 2004-01-02 12:28 126,976 --------- C:\WINDOWS\system32\AVIPrAx.dll
    2008-02-26 11:29 . 2001-12-11 22:21 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
    2008-02-26 11:29 . 2003-04-21 16:11 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
    2008-02-26 11:29 . 2007-03-06 18:53 41,984 --a------ C:\WINDOWS\system32\cacheX.dll
    2008-02-26 11:29 . 2005-12-12 15:57 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
    2008-02-26 11:26 . 2007-01-26 02:04 196,096 --a------ C:\WINDOWS\system32\macd32.dll
    2008-02-26 11:26 . 2007-01-26 02:04 138,752 --a------ C:\WINDOWS\system32\mase32.dll
    2008-02-26 11:26 . 2007-01-26 02:04 136,192 --a------ C:\WINDOWS\system32\mamc32.dll
    2008-02-26 11:26 . 2007-01-26 02:04 57,856 --a------ C:\WINDOWS\system32\masd32.dll
    2008-02-26 11:26 . 2007-01-26 02:04 27,648 --a------ C:\WINDOWS\system32\ma32.dll
    2008-02-26 11:08 . 2006-11-15 11:29 1,712,128 --a------ C:\WINDOWS\system32\GDIPLUS.DLL
    2008-02-11 14:39 . 2008-02-11 14:39 <REP> d-------- C:\Program Files\Xilisoft
    2008-02-11 12:21 . 2008-02-11 12:21 <REP> d-------- C:\Documents and Settings\Moa\Application Data\Sony Corporation
    2008-02-11 12:17 . 2008-02-11 12:17 <REP> d-------- C:\Drivers
    2008-02-11 12:17 . 2006-10-30 13:46 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
    2008-02-11 12:17 . 2006-10-30 13:46 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
    2008-02-11 12:17 . 2006-10-30 13:46 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
    2008-02-11 12:17 . 2006-10-30 13:46 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
    2008-02-11 12:17 . 2006-10-30 13:46 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
    2008-02-11 12:17 . 2006-10-30 13:46 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
    2008-02-11 12:14 . 2008-02-11 12:14 <REP> d-------- C:\Program Files\Sony
    2008-02-11 12:14 . 2008-02-11 12:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-11 10:04 --------- d-----w C:\Program Files\PS TO USB CONVERTOR
    2008-03-10 23:31 1,328,640 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-03-10 23:00 --------- d-----w C:\Documents and Settings\Moa\Application Data\LimeWire
    2008-03-10 15:15 --------- d-----w C:\Program Files\eMule
    2008-03-10 14:33 16,054 ----a-w C:\Program Files\Fichiers communs\ijereb.lib
    2008-03-10 14:33 13,399 ----a-w C:\Program Files\Fichiers communs\dugezycecy.db
    2008-03-10 14:33 12,122 ----a-w C:\Program Files\Fichiers communs\rije.inf
    2008-03-10 14:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-10 00:47 --------- d-----w C:\Program Files\LimeWire
    2008-02-26 10:28 --------- d-----w C:\Program Files\Pinnacle
    2008-02-26 10:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-12 22:23 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-11 10:03 --------- d-----w C:\Program Files\VirtualDJ
    2008-02-10 21:53 --------- d-----w C:\Program Files\EPSON
    2008-02-10 21:51 --------- d-----w C:\Program Files\Fichiers communs\Python
    2008-02-10 21:48 --------- d-----w C:\Program Files\Fichiers communs\EPSON
    2008-02-10 21:42 --------- d-----w C:\Program Files\Lavalys
    2008-02-10 21:34 --------- d-----w C:\Documents and Settings\Moa\Application Data\EPSON
    2008-02-07 19:16 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-02-07 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-07 19:11 --------- d-----w C:\Documents and Settings\Moa\Application Data\MSN6
    2008-02-06 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
    2008-02-05 14:44 --------- d-----w C:\Program Files\VID_0E8F&PID_0003
    2008-02-02 16:04 --------- d-----w C:\Program Files\Hercules
    2008-02-02 16:04 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-02-02 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-02-02 15:02 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-02-02 15:02 --------- d--h--r C:\Documents and Settings\Moa\Application Data\SecuROM
    2008-02-02 14:56 --------- d-----w C:\Program Files\KONAMI
    2008-02-01 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
    2008-02-01 10:44 --------- d-----w C:\Documents and Settings\Moa\Application Data\Sports Interactive
    2008-02-01 10:43 --------- d--h--w C:\Program Files\Zero G Registry
    2008-02-01 10:42 --------- d-----w C:\Program Files\Sports Interactive
    2008-01-30 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
    2008-01-30 22:07 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2008-01-30 22:07 --------- d-----w C:\Program Files\Fichiers communs\Logishrd
    2008-01-30 22:07 --------- d-----w C:\Documents and Settings\Moa\Application Data\InstallShield
    2008-01-30 14:13 --------- d-----w C:\Documents and Settings\Moa\Application Data\uTorrent
    2007-12-13 18:27 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    2005-07-14 19:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 22:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 11:02 208946]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 11:51 202024]
    "LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41 145496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 10:44 16120832 C:\WINDOWS\RTHDCPL.EXE]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-02-13 20:05 7557120]
    "nwiz"="nwiz.exe" [2006-02-13 20:05 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-02-13 20:05 86016]
    "AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 16:57 81408]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]
    "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 16:38 221184]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 16:54 127022]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 08:25 1828136]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "HerculesCamService"="C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe" [2007-01-17 19:07 102400]
    "EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-10 17:08 2957824]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360]

    C:\Documents and Settings\Moa\Menu D‚marrer\Programmes\D‚marrage\
    Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-11 12:14:47 344064]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-30 23:07:33 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\Program Files\\Hercules\\Hercules DualPix HD Webcam\\Station2.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "28258:TCP"= 28258:TCP:emule TCP
    "22909:UDP"= 22909:UDP:emule udp

    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-10 17:08]
    R3 APL531;Hercules Dualpix HD Webcam;C:\WINDOWS\system32\Drivers\HDvid.sys [2006-12-08 14:02]
    R3 camfilt;camfilt;C:\WINDOWS\system32\Drivers\camfilt.sys [2006-11-16 16:01]
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-11 23:14:52
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    AliceSAV = C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-11 23:15:32
    ComboFix-quarantined-files.txt 2008-03-11 22:15:30
    ComboFix2.txt 2008-03-11 10:05:16
    .
    2007-12-08 18:04:43 --- E O F ---

    LOG HIJACKTHIS

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:16:15, on 11/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\EPSON\eEBAPI\eEBSVC.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Fichiers communs\EPSON\eEBAPI\SAgent2.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\PROGRA~1\INCRED~1\bin\ImApp.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\explorer.exe
    C:\HIJACKTHIS\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\eEBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\eEBAPI\SAgent2.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    excuse, d´avoir ete si longue a repondre, mais j´avais du pain sur la planche....

    c´est mieux ;-)

    maintenant :

    regarde ceci concernant avast :

    antivir vs avast :

    -> http://forum.malekal.com/ftopic3528.php

    alors je te conseille de le desinstaller et d´installer antivir a la place

    Telecharge et instales l'antivirus Antivir Personal Edition Classic :

    ->https://www.malekal.com/avira-free-security-antivirus-gratuit/

    https://www.avira.com/en/prime

    http://mickael.barroux.free.fr/securite/antivir.php
    http://speedweb1.free.fr/frames2.php?page=tuto5
    <- tutoriel configuration du scanner...

    une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
    puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
    coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
    puis sur la droite coche les case suivantes :
    scan boot sectors of selected drives
    scan master boot sectors
    scan memory
    search foe rootkit before scan
    decoche :
    ignore off line files
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

    @+
    0
  9. Gillou
     
    J'ai désinstallé AVAST et j'ai mis antivir à la place.
    L'analyse est en cours mais je pense que cela va prendre du temps

    Tu dois me prendre pour un enquiquineur mais j'aimerai savoir de quel malaise souffrait ma machine. Depuis la manipulation avec combofix, elle tourne beaucoup mieux et je n'ai plus de message "your computer is infected". De ce fait, dans la mesure ou je n'ai fait que suivre tes conseils à la lettre sans comprendre grand chose, j'aimerai connaître ce qu'avait ma machine.........;

    Je t'envoi le rapport dès que le scan est fini.....
    Merci d'avance pour ta réponse
    0
  10. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    ok pour antivir ;-)

    ton infection pricipale : C:\WINDOWS\system32\braviax.exe

    un genre de tojan qui a ouvert la porte a d´autre saloperies (trojan) ...
    0
  11. Gillou
     
    L'analyse suit toujours sont court ......
    A peut près 40 % effectué

    J'ai 2 warnings pour l'instant
    J'ai également 2 détections

    Last détection : PHISH/FraudTool.Reanimator.A
    0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    oui post le rapport a la fin on verra
    0
  13. Gillou
     
    C'a y est c'est fini, voilà le rapport :

    AntiVir PersonalEdition Classic
    Report file date: mercredi 12 mars 2008 00:37

    Scanning for 1142609 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: PCFIXE

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 23:29:55
    ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 23:29:55
    ANTIVIR3.VDF : 7.0.3.17 79360 Bytes 11/03/2008 23:29:55
    AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 11/03/2008 23:29:56
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 11/03/2008 23:29:56
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high

    Start of the scan: mercredi 12 mars 2008 00:37

    Starting search for hidden objects.
    '55213' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
    Scan process 'ImApp.exe' - '1' Module(s) have been scanned
    Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
    Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned
    Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
    Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
    Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'zlclient.exe' - '0' Module(s) have been scanned
    Scan process 'SpywareTerminatorShield.Exe' - '1' Module(s) have been scanned
    Scan process 'E_S10IC2.EXE' - '1' Module(s) have been scanned
    Scan process 'CamService.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'LVComS.exe' - '1' Module(s) have been scanned
    Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
    Scan process 'AliceAgent.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned
    Scan process 'NBService.exe' - '1' Module(s) have been scanned
    Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
    Scan process 'MDM.EXE' - '1' Module(s) have been scanned
    Scan process 'SAgent2.exe' - '1' Module(s) have been scanned
    Scan process 'DkService.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'eEBSvc.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'vsmon.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    47 processes with 47 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [NOTE] No virus was found!
    Master boot sector HD1
    [NOTE] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '36' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\QooBox\Quarantine\C\WINDOWS\system32\braviax.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '483820f8.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\winivstr.exe.vir
    [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Reanimator.A
    [INFO] The file was moved to '484520f5.qua'!
    Begin scan in 'D:\' <Disque local>
    D:\Fichiers téléchargés\Nettoyage\Kerio.Personal.Firewall.v4.3.268.Incl-Crack.rar
    [0] Archive type: RAR
    --> Crack\patch.exe
    [DETECTION] Is the Trojan horse TR/Keygen.Q.11
    [INFO] The file was moved to '48492677.qua'!

    End of the scan: mercredi 12 mars 2008 01:53
    Used time: 1:16:15 min

    The scan has been done completely.

    6728 Scanning directories
    390379 Files were scanned
    3 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    3 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    390376 Files not concerned
    2732 Archives were scanned
    2 Warnings
    3 Notes
    55213 Objects were scanned with rootkit scan
    0 Hidden objects were found
    0
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    gillou,

    les fichiers trouvés sont contenau dans la quarantaine de combofix, pour le troisieme c´est un crack que tu as telechargé pour kerio

    si tu veux plutot kerio a la place de zone alarm tu peux installer la version 4.2.2.911, c´est celle que j´ai elle est gratuite apres la periode d´essaie, seul quelqes fonction disparaissent mais on peut les recuperer en surfant avec firefox et e nutilisant les modules anti pub ect...

    ou sinon tu en as des tres bien aussi en gratuit egalement

    par feu : kerio

    http://sd-1.archive-host.com/membres/up/1366464061/kerio-kpf-422-911-win.rar

    tuto : https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall

    Comodo 3 pro :

    http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

    Online armor :

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

    tuto : https://forum.pcastuces.com/sujet.asp?f=25&s=35606

    bonus : je te le conseil !

    spywareblaster :

    http://www.brightfort.com/spywareblaster.html

    c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

    tuto : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/question-spywareblaser-sujet_174747_1.htm

    repost un dernier hijack this

    ps je regarderais ca demain, je vais me coucher

    bonne nuit ;-)

    @+
    0
  15. Gillou
     
    Un dernier Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:17:06, on 12/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\EPSON\eEBAPI\eEBSVC.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Fichiers communs\EPSON\eEBAPI\SAgent2.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\INCRED~1\bin\ImApp.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\IncrediMail\bin\IncMail.exe
    C:\HIJACKTHIS\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\eEBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\eEBAPI\SAgent2.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  16. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut gillou,

    quelques trucs pour finir :

    regarde ce tutorial pour mettre ta console java a jour :

    https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

    et

    pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

    http://www.mozilla-europe.org/fr/

    pour les plugins :

    https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org

    je te conseil ad block plus

    y en a d´autres egalement au choix...

    @+
    0