Virus trat bho

Machuki Messages postés 13 Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
Tout d'abord merci pour tout ce que vous faites ^^
Voila mon probleme:mon pc est infesté par le virus trat bho depuis 1 semaine;le virus ferme le navigateur,l'ouvre quand il en a envie et fait apparaitre des logiciels de nulle part,j'espere que quelqu'un pourra m'aider,merci d'avance :)
Configuration: Windows XP
Internet Explorer 7.0

8 réponses

  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    Télécharge HijackThis ici :

    -> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Post le rapport généré ici stp...

    @+
    0
    1. machuki
       
      Voila le rapport,merci beaucoup de prendre le temps de répondre:

      Scan saved at 17:43, on 2008-04-03
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\sbwltbxa.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\vVX3000.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\PROGRA~1\INCRED~1\bin\IncMail.exe
      C:\PROGRA~1\INCRED~1\bin\IMApp.exe
      C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
      O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
      O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
      O2 - BHO: (no name) - {234FB255-290D-44E8-BAEE-2AA63A0E54EA} - C:\WINDOWS\system32\awtsq.dll (file missing)
      O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
      O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
      O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
      O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
      O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
      O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
      O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
      O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
      O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
      O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
      O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
      O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
      O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
      O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &WinSec Toolbar - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\system32\wscmp.dll (file missing)
      O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
      O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\winlogan.exe
      O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /M "Stylus Photo RX500" /EF "HKCU"
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
      O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{50E17E10-E44A-4928-BB92-2F44BD66DDF0}: NameServer = 194.117.200.10,194.117.200.15
      O17 - HKLM\System\CCS\Services\Tcpip\..\{51B76E79-9739-4BB0-B953-C0A16970114F}: NameServer = 194.117.200.10,194.117.200.15
      O17 - HKLM\System\CCS\Services\Tcpip\..\{DBDB6CDC-2EF1-47A7-B72A-F07538285709}: NameServer = 194.117.200.10,194.117.200.15
      O18 - Protocol: Festoon - (no CLSID) - (no file)
      O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
      O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
      O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
      0
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    de rien ;-)

    peux tu poster le rapport de combofix stp

    Le rapport se trouve ici : C:\Combofix.txt

    @+
    0
    1. machuki
       
      re,
      Alors les seuls documents texte que j'ai pu trouvé dans le dossier combofix sont ceci:
      ComboFix 08-04-02.1 - HP_Propriétaire 2008-04-03 16:30:15.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.51 [GMT 2:00]
      Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
      * Création d'un nouveau point de restauration
      .
      .:\\(0!|0\\0)
      C:\\WINDOWS\\system32\\(0!|0\\0)
      C:\\WINDOWS\\system32\\config\\(0!|0\\0)
      C:\\WINDOWS\\system32\\csrss.exe\\(0!|0\\0)
      C:\\WINDOWS\\system32\\drivers\\(0!|0\\0)
      C:\\WINDOWS\\system32\\hal.dll\\(0!|0\\0)
      C:\\WINDOWS\\system32\\lsass.exe\\(0!|0\\0)
      C:\\WINDOWS\\system32\\ntdll.dll\\(0!|0\\0)
      C:\\WINDOWS\\system32\\services.exe\\(0!|0\\0)
      C:\\WINDOWS\\system32\\smss.exe\\(0!|0\\0)
      C:\\WINDOWS\\system32\\svchost.exe\\(0!|0\\0)
      C:\\WINDOWS\\system32\\userinit.exe\\(0!|0\\0)
      C:\\WINDOWS\\system32\\wbem\\(0!|0\\0)
      C:\\WINDOWS\\system32\\winlogon.exe\\(0!|0\\0)
      C:\\boot.ini\\(0!|0\\0)
      C:\\ntdetect.com\\(0!|0\\0)
      C:\\ntldr\\(0!|0\\0)
      C:\\WINDOWS\\(0!|0\\0)
      C:\\WINDOWS\\explorer.exe\\(0!|0\\0)

      s/\x3b //g
      s/C:\\WINDOWS\\system32\\rundll32\.exe //I
      s/C:\\WINDOWS\\system32\\rundll32 //I
      s/rundll32\.exe //I
      s/rundll32 //I
      s/\x22//g
      s/^ +//
      s/,.*//
      s/<NO NAME>/@/
      s/\t.*\t/\t/
      s/\.exe .*/.exe/I
      s/\.dll .*/.dll/I
      s/\x25ProgramFiles\x25/C:\\Program Files/I
      s/\x25systemroot\x25/C:\\WINDOWS/I

      Je pense pas que ce soit le document que tu me demandes :(
      J'ai surement du faire une mauvaise manipulation lorsque j'ai utilisé combofix dsl :/
      0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    oui c´est pas vraiment ca que j´aurais voulu voir...

    pas grave :

    fais ceci :

    demarrer > executer > tape > combofix /u < repect l´espace, normalement ca devrait supprimé combofix et toutes ces composantes

    puis reprend le ici :

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    post egalement un nouveau rapport hijack this stp

    @+
    0
    1. machuki
       
      re,
      Alors apres avoir suivi a la lettre tes instructions j'ai obtenu ce résultat:
      ComboFix 08-04-03.3 - HP_Propriétaire 2008-04-03 22:05:58.3 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.56 [GMT 2:00]
      Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
      * Création d'un nouveau point de restauration
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\HP_Propriétaire\err.log
      C:\Program Files\seekmo
      C:\Program Files\seekmo\seekmohook.dll
      C:\WINDOWS\180ax.exe
      C:\WINDOWS\2020search.dll
      C:\WINDOWS\2020search2.dll
      C:\WINDOWS\bjam.dll
      C:\WINDOWS\bokja.exe
      C:\WINDOWS\cdsm32.dll
      C:\WINDOWS\default.htm
      C:\WINDOWS\mrofinu1535.exe
      C:\WINDOWS\mrofinu1535.exe.tmp
      C:\WINDOWS\mspphe.dll
      C:\WINDOWS\mssvr.exe
      C:\WINDOWS\saiemod.dll
      C:\WINDOWS\salm.exe
      C:\WINDOWS\stcloader.exe
      C:\WINDOWS\swin32.dll
      C:\WINDOWS\system32\asusdxwc.dll
      C:\WINDOWS\system32\hgggdcd.dll
      C:\WINDOWS\system32\iesearch.dll
      C:\WINDOWS\system32\msixu.dll
      C:\WINDOWS\system32\qstwa.ini
      C:\WINDOWS\system32\qstwa.ini2
      C:\WINDOWS\system32\wer8274.dll
      C:\WINDOWS\system32\wptmlojk.dll
      C:\WINDOWS\system32\xnlrnqfw.dll
      C:\WINDOWS\TEMP\salm.exe
      C:\WINDOWS\updatetc.exe
      C:\WINDOWS\voiceip.dll
      D:\Autorun.inf

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-03 22:12 . 2008-04-03 22:12 269,334 --a------ C:\WINDOWS\system32\hsrqdor.bmp
      2008-04-03 16:34 . 2008-04-03 16:34 269,334 --a------ C:\WINDOWS\system32\cbelcf.bmp
      2008-04-03 16:14 . 2008-04-03 16:14 269,334 --a------ C:\WINDOWS\system32\ofmhgretobidkj.bmp
      2008-04-03 11:22 . 2008-04-03 11:22 269,334 --a------ C:\WINDOWS\system32\sbalcj.bmp
      2008-04-03 09:23 . 2008-04-03 09:23 269,334 --a------ C:\WINDOWS\system32\dcbmh.bmp
      2008-04-03 08:40 . 2008-04-03 08:40 269,334 --a------ C:\WINDOWS\system32\krmhcrmlkbap.bmp
      2008-04-03 08:37 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
      2008-04-03 08:37 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
      2008-04-03 08:32 . 2008-04-03 08:32 269,334 --a------ C:\WINDOWS\system32\ihsjel.bmp
      2008-04-02 15:44 . 2008-04-02 15:44 269,334 --a------ C:\WINDOWS\system32\dkfqdsripcn.bmp
      2008-04-01 18:03 . 2008-04-01 18:03 269,334 --a------ C:\WINDOWS\system32\onmhcfmd.bmp
      2008-04-01 17:27 . 2008-04-03 16:18 3,262 --a------ C:\WINDOWS\system32\sex5.ico
      2008-04-01 17:27 . 2008-04-03 16:17 3,262 --a------ C:\WINDOWS\system32\sex4.ico
      2008-04-01 17:26 . 2008-04-03 16:16 3,262 --a------ C:\WINDOWS\system32\sex3.ico
      2008-04-01 17:26 . 2008-04-03 15:43 3,262 --a------ C:\WINDOWS\system32\sex2.ico
      2008-04-01 17:25 . 2008-04-03 16:11 3,262 --a------ C:\WINDOWS\system32\sex1.ico
      2008-04-01 10:22 . 2008-04-01 10:22 269,334 --a------ C:\WINDOWS\system32\doreh.bmp
      2008-03-31 21:17 . 2008-03-31 21:17 <REP> d-------- C:\Program Files\zango
      2008-03-31 21:17 . 2008-03-31 21:17 <REP> d-------- C:\Program Files\Sysmnt
      2008-03-31 21:17 . 2008-03-31 21:17 <REP> d-------- C:\Program Files\stc
      2008-03-31 21:17 . 2008-03-31 21:17 <REP> d-------- C:\Program Files\180solutions
      2008-03-31 21:17 . 2008-03-31 21:17 <REP> d-------- C:\Program Files\180searchassistant
      2008-03-31 21:17 . 2008-03-31 21:17 <REP> d-------- C:\Program Files\180search assistant
      2008-03-31 20:38 . 2008-03-31 20:38 90,537 --a------ C:\WINDOWS\system32\sbwltbxa.exe
      2008-03-31 15:38 . 2008-03-31 15:38 269,334 --a------ C:\WINDOWS\system32\onmpgjelkbmlsn.bmp
      2008-03-30 15:48 . 2008-03-30 15:48 269,334 --a------ C:\WINDOWS\system32\nehgfqtcfel.bmp
      2008-03-29 16:07 . 2008-03-29 16:07 269,334 --a------ C:\WINDOWS\system32\srilsretor.bmp
      2008-03-28 15:45 . 2008-03-28 15:45 269,334 --a------ C:\WINDOWS\system32\mlkrihcrmlcn.bmp
      2008-03-27 15:35 . 2008-03-27 15:35 269,334 --a------ C:\WINDOWS\system32\bmdkjedsfel.bmp
      2008-03-26 15:42 . 2008-03-26 15:42 269,334 --a------ C:\WINDOWS\system32\qtgnqt.bmp
      2008-03-25 18:02 . 2008-03-26 18:02 1,590,747 ---hs---- C:\WINDOWS\system32\jxjftgrv.ini
      2008-03-25 17:55 . 2008-03-25 17:55 269,334 --a------ C:\WINDOWS\system32\hcripobapcral.bmp
      2008-03-25 17:34 . 2008-03-25 18:01 1,578,661 ---hs---- C:\WINDOWS\system32\cpomglxo.ini
      2008-03-25 17:33 . 2008-03-25 17:33 269,334 --a------ C:\WINDOWS\system32\fmpkjalkf.bmp
      2008-03-25 17:13 . 2008-03-25 17:13 269,334 --a------ C:\WINDOWS\system32\obitoridonetor.bmp
      2008-03-25 16:36 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
      2008-03-25 16:36 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
      2008-03-25 16:36 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
      2008-03-25 16:36 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
      2008-03-25 16:36 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
      2008-03-25 16:36 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
      2008-03-25 16:36 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
      2008-03-25 16:36 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
      2008-03-25 16:30 . 2008-03-25 16:30 269,334 --a------ C:\WINDOWS\system32\fedsbihobadcn.bmp
      2008-03-25 16:10 . 2008-03-25 16:10 269,334 --a------ C:\WINDOWS\system32\kbqhkjmdkr.bmp
      2008-03-25 05:12 . 2008-03-25 17:34 1,578,481 ---hs---- C:\WINDOWS\system32\umhurfgq.ini
      2008-03-25 05:11 . 2008-03-25 05:11 269,334 --a------ C:\WINDOWS\system32\tgjit.bmp
      2008-03-24 18:22 . 2008-03-24 18:22 269,334 --a------ C:\WINDOWS\system32\nidgbapknmtkj.bmp
      2008-03-24 15:42 . 2008-03-24 15:42 269,334 --a------ C:\WINDOWS\system32\jahof.bmp
      2008-03-24 15:25 . 2008-03-24 16:55 1,549,151 ---hs---- C:\WINDOWS\system32\nukstuep.ini
      2008-03-24 15:23 . 2008-03-24 15:24 1,548,953 ---hs---- C:\WINDOWS\system32\ihhxcxuq.ini
      2008-03-24 15:14 . 2008-03-24 15:14 269,334 --a------ C:\WINDOWS\system32\gnapobqtcn.bmp
      2008-03-24 03:42 . 2004-08-05 12:00 88,064 --a------ C:\WINDOWS\system32\catsrvp.dll
      2008-03-24 03:41 . 2008-03-24 03:41 269,334 --a------ C:\WINDOWS\system32\fqtgjelcnilon.bmp
      2008-03-24 03:15 . 2008-03-24 15:37 <REP> d-------- C:\Program Files\AntiVirusPro
      2008-03-24 03:15 . 2008-03-24 03:15 269,334 --a------ C:\WINDOWS\system32\lcrihof.bmp
      2008-03-24 03:14 . 2008-03-24 03:14 2 --a------ C:\-1872734532
      2008-03-17 17:52 . 2008-03-17 17:52 18,432 --a------ C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
      2008-03-16 18:15 . 2008-04-03 01:56 <REP> d-------- C:\Program Files\Metin2_France

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-25 16:05 --------- d-----w C:\Program Files\TF1Vision
      2008-03-25 16:05 --------- d-----w C:\Program Files\Navilog1
      2008-03-24 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2005-02-20 13:59 12 -csha-w C:\WINDOWS\system\ta.sys
      2005-01-14 09:55 56 -csh--r C:\WINDOWS\system32\AB3F6EA37B.sys
      2007-02-03 07:49 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{234FB255-290D-44E8-BAEE-2AA63A0E54EA}]
      C:\WINDOWS\system32\awtsq.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "EPSON Stylus Photo RX500"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.exe" [2003-09-12 05:00 99840]
      "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20 20058152]
      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 09:20 401491]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 21:08 68856]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
      "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-18 18:05 282624]
      "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 01:54 269104]
      "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-30 01:55 707376]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-21 21:08 185896]
      "BluetoothAuthorizationAgent"="C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe" [2008-03-17 17:52 18432]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
      --a------ 2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
      --a------ 2003-04-04 03:21 50176 C:\WINDOWS\ALCXMNTR.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
      --a--c--- 2003-12-10 19:00 177664 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
      --a------ 2008-03-29 19:37 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Change Ecran]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbwkxe]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX500]
      --a------ 2003-09-12 05:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
      --a------ 2004-02-24 09:20 401491 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
      --a------ 2004-06-07 19:43 659456 C:\WINDOWS\system32\hphmon06.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
      --a------ 2004-06-07 19:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
      --a------ 1998-05-07 17:04 52736 c:\windows\system\hpsysdrv.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
      --a------ 2005-05-25 13:07 188459 C:\Program Files\IncrediMail\bin\IncMail.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      --a--c--- 2004-05-11 01:48 286720 C:\Program Files\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
      --a------ 2003-02-11 21:02 61440 C:\HP\KBD\KBD.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
      C:\WINDOWS\system32\dumprep 0 -k

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
      --a--c--- 2003-06-18 13:00 204800 C:\Program Files\Microsoft Money\System\mnyexpr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
      --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
      --a------ 2002-10-16 17:57 81920 C:\WINDOWS\system32\ps2.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2006-11-18 18:05 282624 C:\Program Files\QuickTime\qttask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
      --a------ 2004-04-14 21:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
      --a------ 2004-05-20 10:47 249856 C:\WINDOWS\system32\keyhook.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
      --a------ 2006-10-13 18:20 20058152 C:\Program Files\Skype\Phone\Skype.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
      --a------ 2004-02-24 09:20 401491 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
      --a------ 2006-01-07 02:36 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a------ 2006-10-12 04:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]


      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "UPS"=3 (0x3)
      "SCardSvr"=3 (0x3)
      "Fax"=3 (0x3)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
      "C:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
      "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
      "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
      "C:\\Program Files\\Azureus\\Azureus.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
      "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
      "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
      "C:\\Program Files\\Metin2_France\\metin2.bin"=
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "18575:TCP"= 18575:TCP:emule
      "11012:UDP"= 11012:UDP:emule

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R1 yeyqase;yeyqase;C:\WINDOWS\system32\ras\yeyqase.mis [2008-03-24 03:14]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-30 01:54]
      R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2004-10-08 21:04]
      S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-03 22:12:06
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yeyqase]
      "ImagePath"="\??\C:\WINDOWS\system32\ras\yeyqase.mis"
      .
      --------------------- DLLs a charg‚ sous des processus courants ---------------------

      PROCESS: C:\WINDOWS\system32\winlogon.exe
      -> C:\WINDOWS\system32\Ati2evxx.dll

      PROCESS: C:\WINDOWS\explorer.exe
      -> C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Windows Media Player\WMPNetwk.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-03 22:17:44 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-04-03 20:17:39
      Pre-Run: 39,268,249,600 octets libres
      Post-Run: 39,183,233,024 octets libres
      .
      2008-03-13 02:04:44 --- E O F ---
      Voila pour le rapport monstrueux de combofix,merci d'avance.
      0
  4. g!rly Messages postés 18462 Statut Contributeur 407
     
    ah oui quand meme o_Ö
    post un nouveau rapport hijack this stp
    @+
    0
    1. machuki
       
      Salut ^^
      Voila le rapport hijackthis qui je trouve deja plus lisible par rapport a celui de combo lol:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:18:59, on 04/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\vVX3000.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
      C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: (no name) - {234FB255-290D-44E8-BAEE-2AA63A0E54EA} - C:\WINDOWS\system32\awtsq.dll (file missing)
      O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
      O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
      O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
      O4 - HKCU\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /M "Stylus Photo RX500" /EF "HKCU"
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
      O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{50E17E10-E44A-4928-BB92-2F44BD66DDF0}: NameServer = 194.117.200.10,194.117.200.15
      O17 - HKLM\System\CCS\Services\Tcpip\..\{51B76E79-9739-4BB0-B953-C0A16970114F}: NameServer = 194.117.200.10,194.117.200.15
      O17 - HKLM\System\CCS\Services\Tcpip\..\{DBDB6CDC-2EF1-47A7-B72A-F07538285709}: NameServer = 194.117.200.10,194.117.200.15
      O18 - Protocol: Festoon - (no CLSID) - (no file)
      O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
      O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
      O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut machucki,

    la suite :

    Copie le texte ci-dessous :

    File::
    C:\-1872734532
    C:\WINDOWS\system32\catsrvp.dll
    C:\WINDOWS\system32\nukstuep.ini
    C:\WINDOWS\system32\ihhxcxuq.ini
    C:\WINDOWS\system32\umhurfgq.ini
    C:\WINDOWS\system32\cpomglxo.ini
    C:\WINDOWS\system32\jxjftgrv.ini
    C:\WINDOWS\system32\sbwltbxa.exe
    C:\WINDOWS\system32\sex5.ico
    C:\WINDOWS\system32\sex4.ico
    C:\WINDOWS\system32\sex3.ico
    C:\WINDOWS\system32\sex2.ico
    C:\WINDOWS\system32\sex1.ico
    C:\WINDOWS\system32\ras\yeyqase.mis

    Folder::
    C:\Program Files\AntiVirusPro
    C:\Program Files\180solutions
    C:\Program Files\180searchassistant
    C:\Program Files\180search assistant
    C:\Program Files\zango
    C:\Program Files\Sysmnt
    C:\Program Files\stc

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{234FB255-290D-44E8-BAEE-2AA63A0E54EA}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbwkxe]

    Driver::
    yeyqase

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
    1. machuki
       
      Re,
      Merci beaucoup pour commencé car le pc va beaucoup mieux grace a ton aide =)
      Ensuite voila le rapport combofix:
      ComboFix 08-04-03.3 - HP_Propriétaire 2008-04-04 19:58:02.4 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.37 [GMT 2:00]Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
      Command switches used :: C:\Documents and Settings\HP_Propri‚taire\Bureau\CFScript.txt..txt
      * Création d'un nouveau point de restauration
      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-04 16:10 . 2008-04-04 16:10 269,334 --a------ C:\WINDOWS\system32\dgfipcfmhgjep.bmp
      2008-04-04 04:21 . 2008-04-04 04:21 269,334 --a------ C:\WINDOWS\system32\ahcjil.bmp
      2008-04-03 22:12 . 2008-04-03 22:12 269,334 --a------ C:\WINDOWS\system32\hsrqdor.bmp
      2008-04-03 16:34 . 2008-04-03 16:34 269,334 --a------ C:\WINDOWS\system32\cbelcf.bmp
      2008-04-03 16:14 . 2008-04-03 16:14 269,334 --a------ C:\WINDOWS\system32\ofmhgretobidkj.bmp
      2008-04-03 11:22 . 2008-04-03 11:22 269,334 --a------ C:\WINDOWS\system32\sbalcj.bmp
      2008-04-03 09:23 . 2008-04-03 09:23 269,334 --a------ C:\WINDOWS\system32\dcbmh.bmp
      2008-04-03 08:40 . 2008-04-03 08:40 269,334 --a------ C:\WINDOWS\system32\krmhcrmlkbap.bmp
      2008-04-03 08:37 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
      2008-04-03 08:37 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
      2008-04-03 08:32 . 2008-04-03 08:32 269,334 --a------ C:\WINDOWS\system32\ihsjel.bmp
      2008-04-02 15:44 . 2008-04-02 15:44 269,334 --a------ C:\WINDOWS\system32\dkfqdsripcn.bmp
      2008-04-01 18:03 . 2008-04-01 18:03 269,334 --a------ C:\WINDOWS\system32\onmhcfmd.bmp
      2008-04-01 17:27 . 2008-04-03 16:18 3,262 --a------ C:\WINDOWS\system32\sex5.ico
      2008-04-01 17:27 . 2008-04-03 16:17 3,262 --a------ C:\WINDOWS\system32\sex4.ico
      2008-04-01 17:26 . 2008-04-03 16:16 3,262 --a------ C:\WINDOWS\system32\sex3.ico
      2008-04-01 17:26 . 2008-04-03 15:43 3,262 --a------ C:\WINDOWS\system32\sex2.ico
      2008-04-01 17:25 . 2008-04-03 16:11 3,262 --a------ C:\WINDOWS\system32\sex1.ico
      2008-04-01 10:22 . 2008-04-01 10:22 269,334 --a------ C:\WINDOWS\system32\doreh.bmp
      2008-03-31 21:17 . 2008-03-31 21:17 <REP> d-------- C:\Program Files\zango
      2008-03-31 21:17 . 2008-03-31 21:17 <REP> d-------- C:\Program Files\Sysmnt
      2008-03-31 21:17 . 2008-03-31 21:17 <REP> d-------- C:\Program Files\stc
      2008-03-31 21:17 . 2008-03-31 21:17 <REP> d-------- C:\Program Files\180solutions
      2008-03-31 21:17 . 2008-03-31 21:17 <REP> d-------- C:\Program Files\180searchassistant
      2008-03-31 21:17 . 2008-03-31 21:17 <REP> d-------- C:\Program Files\180search assistant
      2008-03-31 20:38 . 2008-03-31 20:38 90,537 --a------ C:\WINDOWS\system32\sbwltbxa.exe
      2008-03-31 15:38 . 2008-03-31 15:38 269,334 --a------ C:\WINDOWS\system32\onmpgjelkbmlsn.bmp
      2008-03-30 15:48 . 2008-03-30 15:48 269,334 --a------ C:\WINDOWS\system32\nehgfqtcfel.bmp
      2008-03-29 16:07 . 2008-03-29 16:07 269,334 --a------ C:\WINDOWS\system32\srilsretor.bmp
      2008-03-28 15:45 . 2008-03-28 15:45 269,334 --a------ C:\WINDOWS\system32\mlkrihcrmlcn.bmp
      2008-03-27 15:35 . 2008-03-27 15:35 269,334 --a------ C:\WINDOWS\system32\bmdkjedsfel.bmp
      2008-03-26 15:42 . 2008-03-26 15:42 269,334 --a------ C:\WINDOWS\system32\qtgnqt.bmp
      2008-03-25 18:02 . 2008-03-26 18:02 1,590,747 ---hs---- C:\WINDOWS\system32\jxjftgrv.ini
      2008-03-25 17:55 . 2008-03-25 17:55 269,334 --a------ C:\WINDOWS\system32\hcripobapcral.bmp
      2008-03-25 17:34 . 2008-03-25 18:01 1,578,661 ---hs---- C:\WINDOWS\system32\cpomglxo.ini
      2008-03-25 17:33 . 2008-03-25 17:33 269,334 --a------ C:\WINDOWS\system32\fmpkjalkf.bmp
      2008-03-25 17:13 . 2008-03-25 17:13 269,334 --a------ C:\WINDOWS\system32\obitoridonetor.bmp
      2008-03-25 16:36 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
      2008-03-25 16:36 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
      2008-03-25 16:36 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
      2008-03-25 16:36 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
      2008-03-25 16:36 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
      2008-03-25 16:36 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
      2008-03-25 16:36 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
      2008-03-25 16:36 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
      2008-03-25 16:30 . 2008-03-25 16:30 269,334 --a------ C:\WINDOWS\system32\fedsbihobadcn.bmp
      2008-03-25 16:10 . 2008-03-25 16:10 269,334 --a------ C:\WINDOWS\system32\kbqhkjmdkr.bmp
      2008-03-25 05:12 . 2008-03-25 17:34 1,578,481 ---hs---- C:\WINDOWS\system32\umhurfgq.ini
      2008-03-25 05:11 . 2008-03-25 05:11 269,334 --a------ C:\WINDOWS\system32\tgjit.bmp
      2008-03-24 18:22 . 2008-03-24 18:22 269,334 --a------ C:\WINDOWS\system32\nidgbapknmtkj.bmp
      2008-03-24 15:42 . 2008-03-24 15:42 269,334 --a------ C:\WINDOWS\system32\jahof.bmp
      2008-03-24 15:25 . 2008-03-24 16:55 1,549,151 ---hs---- C:\WINDOWS\system32\nukstuep.ini
      2008-03-24 15:23 . 2008-03-24 15:24 1,548,953 ---hs---- C:\WINDOWS\system32\ihhxcxuq.ini
      2008-03-24 15:14 . 2008-03-24 15:14 269,334 --a------ C:\WINDOWS\system32\gnapobqtcn.bmp
      2008-03-24 03:42 . 2004-08-05 12:00 88,064 --a------ C:\WINDOWS\system32\catsrvp.dll
      2008-03-24 03:41 . 2008-03-24 03:41 269,334 --a------ C:\WINDOWS\system32\fqtgjelcnilon.bmp
      2008-03-24 03:16 . 2008-03-24 03:16 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Anti-Virus-Pro.com
      2008-03-24 03:15 . 2008-03-24 15:37 <REP> d-------- C:\Program Files\AntiVirusPro
      2008-03-24 03:15 . 2008-03-24 03:15 269,334 --a------ C:\WINDOWS\system32\lcrihof.bmp
      2008-03-24 03:14 . 2008-03-24 03:14 2 --a------ C:\-1872734532
      2008-03-17 17:52 . 2008-03-17 17:52 18,432 --a------ C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
      2008-03-16 18:15 . 2008-04-03 01:56 <REP> d-------- C:\Program Files\Metin2_France

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-04 17:11 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Skype
      2008-03-25 16:05 --------- d-----w C:\Program Files\TF1Vision
      2008-03-25 16:05 --------- d-----w C:\Program Files\Navilog1
      2008-03-24 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-02-26 00:42 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\AdobeUM
      2008-02-24 14:24 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\DivX
      2008-01-26 12:20 2,008 -c--a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
      2005-02-20 13:59 12 -csha-w C:\WINDOWS\system\ta.sys
      2005-01-14 09:55 56 -csh--r C:\WINDOWS\system32\AB3F6EA37B.sys
      2007-02-03 07:49 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
      .

      ((((((((((((((((((((((((((((( snapshot@2008-04-03_22.17.20.48 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2008-04-04 02:19:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5f4.dat
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{234FB255-290D-44E8-BAEE-2AA63A0E54EA}]
      C:\WINDOWS\system32\awtsq.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "EPSON Stylus Photo RX500"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.exe" [2003-09-12 05:00 99840]
      "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20 20058152]
      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 09:20 401491]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 21:08 68856]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
      "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-18 18:05 282624]
      "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 01:54 269104]
      "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-30 01:55 707376]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-21 21:08 185896]
      "BluetoothAuthorizationAgent"="C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe" [2008-03-17 17:52 18432]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
      --a------ 2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
      --a------ 2003-04-04 03:21 50176 C:\WINDOWS\ALCXMNTR.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
      --a--c--- 2003-12-10 19:00 177664 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
      --a------ 2008-03-29 19:37 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Change Ecran]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbwkxe]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX500]
      --a------ 2003-09-12 05:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
      --a------ 2004-02-24 09:20 401491 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
      --a------ 2004-06-07 19:43 659456 C:\WINDOWS\system32\hphmon06.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
      --a------ 2004-06-07 19:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
      --a------ 1998-05-07 17:04 52736 c:\windows\system\hpsysdrv.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
      --a------ 2005-05-25 13:07 188459 C:\Program Files\IncrediMail\bin\IncMail.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      --a--c--- 2004-05-11 01:48 286720 C:\Program Files\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
      --a------ 2003-02-11 21:02 61440 C:\HP\KBD\KBD.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
      C:\WINDOWS\system32\dumprep 0 -k

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
      --a--c--- 2003-06-18 13:00 204800 C:\Program Files\Microsoft Money\System\mnyexpr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
      --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
      --a------ 2002-10-16 17:57 81920 C:\WINDOWS\system32\ps2.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2006-11-18 18:05 282624 C:\Program Files\QuickTime\qttask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
      --a------ 2004-04-14 21:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
      --a------ 2004-05-20 10:47 249856 C:\WINDOWS\system32\keyhook.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
      --a------ 2006-10-13 18:20 20058152 C:\Program Files\Skype\Phone\Skype.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
      --a------ 2004-02-24 09:20 401491 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
      --a------ 2006-01-07 02:36 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a------ 2006-10-12 04:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]


      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "UPS"=3 (0x3)
      "SCardSvr"=3 (0x3)
      "Fax"=3 (0x3)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
      "C:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
      "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
      "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
      "C:\\Program Files\\Azureus\\Azureus.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
      "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
      "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
      "C:\\Program Files\\Metin2_France\\metin2.bin"=
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "18575:TCP"= 18575:TCP:emule
      "11012:UDP"= 11012:UDP:emule

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R1 yeyqase;yeyqase;C:\WINDOWS\system32\ras\yeyqase.mis [2008-03-24 03:14]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-30 01:54]
      R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2004-10-08 21:04]
      S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-04 20:02:45
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\yeyqase]
      "ImagePath"="\??\C:\WINDOWS\system32\ras\yeyqase.mis"
      .
      --------------------- DLLs a chargé sous des processus courants ---------------------

      PROCESS: C:\WINDOWS\system32\winlogon.exe
      -> C:\WINDOWS\system32\Ati2evxx.dll

      PROCESS: C:\WINDOWS\explorer.exe
      -> C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
      .
      Temps d'accomplissement: 2008-04-04 20:06:07
      ComboFix-quarantined-files.txt 2008-04-04 18:06:02
      ComboFix2.txt 2008-04-03 20:17:45
      Pre-Run: 38,994,780,160 octets libres
      Post-Run: 38,984,884,224 octets libres
      .
      2008-03-13 02:04:44 --- E O F ---

      Et voila le rapport hijackthis:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:14:48, on 04/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\vVX3000.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
      C:\PROGRA~1\INCRED~1\bin\IMApp.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: (no name) - {234FB255-290D-44E8-BAEE-2AA63A0E54EA} - C:\WINDOWS\system32\awtsq.dll (file missing)
      O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
      O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
      O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
      O4 - HKCU\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /M "Stylus Photo RX500" /EF "HKCU"
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
      O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{50E17E10-E44A-4928-BB92-2F44BD66DDF0}: NameServer = 194.117.200.10,194.117.200.15
      O17 - HKLM\System\CCS\Services\Tcpip\..\{51B76E79-9739-4BB0-B953-C0A16970114F}: NameServer = 194.117.200.10,194.117.200.15
      O17 - HKLM\System\CCS\Services\Tcpip\..\{DBDB6CDC-2EF1-47A7-B72A-F07538285709}: NameServer = 194.117.200.10,194.117.200.15
      O18 - Protocol: Festoon - (no CLSID) - (no file)
      O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
      O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
      O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
      0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    de rien ;-) mais la ca ne l´a pas fait...

    recommence :

    telechrage le fichier ici :

    https://www.cjoint.com/?eeuFXExTbB

    tu le decompresse sur le bureau pour en extraire le fichier : cfscript.txt

    puis

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
  8. machuki
     
    Re,
    Voila le rapport combofix,j'espere que ca sera bon meme si j'ai un doute(pour info je n'ai pa eu a appuyé sur 1 et validez puisque combofix s'est lancé tout seul en autoscan):

    ComboFix 08-04-03.3 - HP_Propriétaire 2008-04-04 20:49:04.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.64 [GMT 2:00]
    Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\HP_Propri‚taire\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-04 16:10 . 2008-04-04 16:10 269,334 --a------ C:\WINDOWS\system32\dgfipcfmhgjep.bmp
    2008-04-04 04:21 . 2008-04-04 04:21 269,334 --a------ C:\WINDOWS\system32\ahcjil.bmp
    2008-04-03 22:12 . 2008-04-03 22:12 269,334 --a------ C:\WINDOWS\system32\hsrqdor.bmp
    2008-04-03 16:34 . 2008-04-03 16:34 269,334 --a------ C:\WINDOWS\system32\cbelcf.bmp
    2008-04-03 16:14 . 2008-04-03 16:14 269,334 --a------ C:\WINDOWS\system32\ofmhgretobidkj.bmp
    2008-04-03 11:22 . 2008-04-03 11:22 269,334 --a------ C:\WINDOWS\system32\sbalcj.bmp
    2008-04-03 09:23 . 2008-04-03 09:23 269,334 --a------ C:\WINDOWS\system32\dcbmh.bmp
    2008-04-03 08:40 . 2008-04-03 08:40 269,334 --a------ C:\WINDOWS\system32\krmhcrmlkbap.bmp
    2008-04-03 08:37 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
    2008-04-03 08:37 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2008-04-03 08:32 . 2008-04-03 08:32 269,334 --a------ C:\WINDOWS\system32\ihsjel.bmp
    2008-04-02 15:44 . 2008-04-02 15:44 269,334 --a------ C:\WINDOWS\system32\dkfqdsripcn.bmp
    2008-04-01 18:03 . 2008-04-01 18:03 269,334 --a------ C:\WINDOWS\system32\onmhcfmd.bmp
    2008-04-01 17:27 . 2008-04-03 16:18 3,262 --a------ C:\WINDOWS\system32\sex5.ico
    2008-04-01 17:27 . 2008-04-03 16:17 3,262 --a------ C:\WINDOWS\system32\sex4.ico
    2008-04-01 17:26 . 2008-04-03 16:16 3,262 --a------ C:\WINDOWS\system32\sex3.ico
    2008-04-01 17:26 . 2008-04-03 15:43 3,262 --a------ C:\WINDOWS\system32\sex2.ico
    2008-04-01 17:25 . 2008-04-03 16:11 3,262 --a------ C:\WINDOWS\system32\sex1.ico
    2008-04-01 10:22 . 2008-04-01 10:22 269,334 --a------ C:\WINDOWS\system32\doreh.bmp
    2008-03-31 21:17 . 2008-03-31 21:17 <REP> d-------- C:\Program Files\zango
    2008-03-31 21:17 . 2008-03-31 21:17 <REP> d-------- C:\Program Files\Sysmnt
    2008-03-31 21:17 . 2008-03-31 21:17 <REP> d-------- C:\Program Files\stc
    2008-03-31 21:17 . 2008-03-31 21:17 <REP> d-------- C:\Program Files\180solutions
    2008-03-31 21:17 . 2008-03-31 21:17 <REP> d-------- C:\Program Files\180searchassistant
    2008-03-31 21:17 . 2008-03-31 21:17 <REP> d-------- C:\Program Files\180search assistant
    2008-03-31 20:38 . 2008-03-31 20:38 90,537 --a------ C:\WINDOWS\system32\sbwltbxa.exe
    2008-03-31 15:38 . 2008-03-31 15:38 269,334 --a------ C:\WINDOWS\system32\onmpgjelkbmlsn.bmp
    2008-03-30 15:48 . 2008-03-30 15:48 269,334 --a------ C:\WINDOWS\system32\nehgfqtcfel.bmp
    2008-03-29 16:07 . 2008-03-29 16:07 269,334 --a------ C:\WINDOWS\system32\srilsretor.bmp
    2008-03-28 15:45 . 2008-03-28 15:45 269,334 --a------ C:\WINDOWS\system32\mlkrihcrmlcn.bmp
    2008-03-27 15:35 . 2008-03-27 15:35 269,334 --a------ C:\WINDOWS\system32\bmdkjedsfel.bmp
    2008-03-26 15:42 . 2008-03-26 15:42 269,334 --a------ C:\WINDOWS\system32\qtgnqt.bmp
    2008-03-25 18:02 . 2008-03-26 18:02 1,590,747 ---hs---- C:\WINDOWS\system32\jxjftgrv.ini
    2008-03-25 17:55 . 2008-03-25 17:55 269,334 --a------ C:\WINDOWS\system32\hcripobapcral.bmp
    2008-03-25 17:34 . 2008-03-25 18:01 1,578,661 ---hs---- C:\WINDOWS\system32\cpomglxo.ini
    2008-03-25 17:33 . 2008-03-25 17:33 269,334 --a------ C:\WINDOWS\system32\fmpkjalkf.bmp
    2008-03-25 17:13 . 2008-03-25 17:13 269,334 --a------ C:\WINDOWS\system32\obitoridonetor.bmp
    2008-03-25 16:36 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-03-25 16:36 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-03-25 16:36 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-03-25 16:36 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-03-25 16:36 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-03-25 16:36 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-03-25 16:36 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-03-25 16:36 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-03-25 16:30 . 2008-03-25 16:30 269,334 --a------ C:\WINDOWS\system32\fedsbihobadcn.bmp
    2008-03-25 16:10 . 2008-03-25 16:10 269,334 --a------ C:\WINDOWS\system32\kbqhkjmdkr.bmp
    2008-03-25 05:12 . 2008-03-25 17:34 1,578,481 ---hs---- C:\WINDOWS\system32\umhurfgq.ini
    2008-03-25 05:11 . 2008-03-25 05:11 269,334 --a------ C:\WINDOWS\system32\tgjit.bmp
    2008-03-24 18:22 . 2008-03-24 18:22 269,334 --a------ C:\WINDOWS\system32\nidgbapknmtkj.bmp
    2008-03-24 15:42 . 2008-03-24 15:42 269,334 --a------ C:\WINDOWS\system32\jahof.bmp
    2008-03-24 15:25 . 2008-03-24 16:55 1,549,151 ---hs---- C:\WINDOWS\system32\nukstuep.ini
    2008-03-24 15:23 . 2008-03-24 15:24 1,548,953 ---hs---- C:\WINDOWS\system32\ihhxcxuq.ini
    2008-03-24 15:14 . 2008-03-24 15:14 269,334 --a------ C:\WINDOWS\system32\gnapobqtcn.bmp
    2008-03-24 03:42 . 2004-08-05 12:00 88,064 --a------ C:\WINDOWS\system32\catsrvp.dll
    2008-03-24 03:41 . 2008-03-24 03:41 269,334 --a------ C:\WINDOWS\system32\fqtgjelcnilon.bmp
    2008-03-24 03:16 . 2008-03-24 03:16 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Anti-Virus-Pro.com
    2008-03-24 03:15 . 2008-03-24 15:37 <REP> d-------- C:\Program Files\AntiVirusPro
    2008-03-24 03:15 . 2008-03-24 03:15 269,334 --a------ C:\WINDOWS\system32\lcrihof.bmp
    2008-03-24 03:14 . 2008-03-24 03:14 2 --a------ C:\-1872734532
    2008-03-17 17:52 . 2008-03-17 17:52 18,432 --a------ C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
    2008-03-16 18:15 . 2008-04-03 01:56 <REP> d-------- C:\Program Files\Metin2_France

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-04 18:11 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Skype
    2008-03-25 16:05 --------- d-----w C:\Program Files\TF1Vision
    2008-03-25 16:05 --------- d-----w C:\Program Files\Navilog1
    2008-03-24 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-26 00:42 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\AdobeUM
    2008-02-24 14:24 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\DivX
    2008-01-26 12:20 2,008 -c--a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
    2005-02-20 13:59 12 -csha-w C:\WINDOWS\system\ta.sys
    2005-01-14 09:55 56 -csh--r C:\WINDOWS\system32\AB3F6EA37B.sys
    2007-02-03 07:49 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-03_22.17.20.48 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-04-04 02:19:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5f4.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{234FB255-290D-44E8-BAEE-2AA63A0E54EA}]
    C:\WINDOWS\system32\awtsq.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EPSON Stylus Photo RX500"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.exe" [2003-09-12 05:00 99840]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20 20058152]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 09:20 401491]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 21:08 68856]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-18 18:05 282624]
    "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 01:54 269104]
    "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-30 01:55 707376]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-21 21:08 185896]
    "BluetoothAuthorizationAgent"="C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe" [2008-03-17 17:52 18432]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    --a------ 2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    --a------ 2003-04-04 03:21 50176 C:\WINDOWS\ALCXMNTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    --a--c--- 2003-12-10 19:00 177664 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    --a------ 2008-03-29 19:37 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Change Ecran]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbwkxe]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX500]
    --a------ 2003-09-12 05:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    --a------ 2004-02-24 09:20 401491 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
    --a------ 2004-06-07 19:43 659456 C:\WINDOWS\system32\hphmon06.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
    --a------ 2004-06-07 19:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    --a------ 1998-05-07 17:04 52736 c:\windows\system\hpsysdrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
    --a------ 2005-05-25 13:07 188459 C:\Program Files\IncrediMail\bin\IncMail.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a--c--- 2004-05-11 01:48 286720 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    --a------ 2003-02-11 21:02 61440 C:\HP\KBD\KBD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
    --a--c--- 2003-06-18 13:00 204800 C:\Program Files\Microsoft Money\System\mnyexpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
    --a------ 2002-10-16 17:57 81920 C:\WINDOWS\system32\ps2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-11-18 18:05 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    --a------ 2004-04-14 21:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
    --a------ 2004-05-20 10:47 249856 C:\WINDOWS\system32\keyhook.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    --a------ 2006-10-13 18:20 20058152 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
    --a------ 2004-02-24 09:20 401491 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
    --a------ 2006-01-07 02:36 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2006-10-12 04:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "UPS"=3 (0x3)
    "SCardSvr"=3 (0x3)
    "Fax"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
    "C:\\Program Files\\Metin2_France\\metin2.bin"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "18575:TCP"= 18575:TCP:emule
    "11012:UDP"= 11012:UDP:emule

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R1 yeyqase;yeyqase;C:\WINDOWS\system32\ras\yeyqase.mis [2008-03-24 03:14]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-30 01:54]
    R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2004-10-08 21:04]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-04 20:52:17
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\yeyqase]
    "ImagePath"="\??\C:\WINDOWS\system32\ras\yeyqase.mis"
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\Ati2evxx.dll

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
    .
    Temps d'accomplissement: 2008-04-04 20:54:35
    ComboFix-quarantined-files.txt 2008-04-04 18:54:31
    ComboFix2.txt 2008-04-04 18:06:08
    ComboFix3.txt 2008-04-03 20:17:45
    Pre-Run: 39,563,423,744 octets libres
    Post-Run: 39,553,634,304 octets libres
    .
    2008-03-13 02:04:44 --- E O F ---

    Rapport hijack this:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:59:53, on 04/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {234FB255-290D-44E8-BAEE-2AA63A0E54EA} - C:\WINDOWS\system32\awtsq.dll (file missing)
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
    O4 - HKCU\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /M "Stylus Photo RX500" /EF "HKCU"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{50E17E10-E44A-4928-BB92-2F44BD66DDF0}: NameServer = 194.117.200.10,194.117.200.15
    O17 - HKLM\System\CCS\Services\Tcpip\..\{51B76E79-9739-4BB0-B953-C0A16970114F}: NameServer = 194.117.200.10,194.117.200.15
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DBDB6CDC-2EF1-47A7-B72A-F07538285709}: NameServer = 194.117.200.10,194.117.200.15
    O18 - Protocol: Festoon - (no CLSID) - (no file)
    O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    toujours pas ;-(

    fais ceci :

    * Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

    n´y touche pas

    telecharge autoruns :

    https://www.clubic.com/telecharger-fiche15501-microsoft-autoruns.html

    dezip le dans un dossier sur ton bureau

    redemarre en mode sans echec:

    Comment redémarrer en mode sans echec?

    Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
    Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
    Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
    Ps : si F8 ne marche pas utilise la touche F5.

    Note : en mode sans echec tu n´auras plus acces au net alors imprime ou copie les instructions ci dessous dans un fichier texte que tu pourras consulter a souhait
    une fois en mode sans echec.

    Fix.reg

    Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(x)) :

    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{234FB255-290D-44E8-BAEE-2AA63A0E54EA}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbwkxe]

    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin.
    Puis click sur "fichier"/"enregistrer sous" :
    dans : sur le bureau
    Nom du fichier : fix.reg
    Type de fichier : "tous les fichiers"
    clique sur "enregistrer"

    ca doit ressembler a ca une fois enrregistré :

    http://img520.imageshack.us/img520/4251/screenshot005ps2.png

    quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
    Si c'est bien le cas, clique sur "oui"

    * Double-clique sur OTMoveIt.exe pour lancer le programme,
    * Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

    C:\-1872734532
    C:\WINDOWS\system32\catsrvp.dll
    C:\WINDOWS\system32\nukstuep.ini
    C:\WINDOWS\system32\ihhxcxuq.ini
    C:\WINDOWS\system32\umhurfgq.ini
    C:\WINDOWS\system32\cpomglxo.ini
    C:\WINDOWS\system32\jxjftgrv.ini
    C:\WINDOWS\system32\sbwltbxa.exe
    C:\WINDOWS\system32\sex5.ico
    C:\WINDOWS\system32\sex4.ico
    C:\WINDOWS\system32\sex3.ico
    C:\WINDOWS\system32\sex2.ico
    C:\WINDOWS\system32\sex1.ico
    C:\WINDOWS\system32\ras\yeyqase.mis
    C:\Program Files\AntiVirusPro
    C:\Program Files\180solutions
    C:\Program Files\180searchassistant
    C:\Program Files\180search assistant
    C:\Program Files\zango
    C:\Program Files\Sysmnt
    C:\Program Files\stc

    * Clique sur MoveIt! pour lancer la suppression,
    * Le résultat appraraîtra dans le cadre Results.
    * Clique sur Exit pour fermer le programme.
    * Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles

    ouvre autoruns en clickant sur autoruns.exe et click sur l´onglet services :

    cherche :

    yeyqase

    clcik droit dessus > delete.

    Redemarre normalement et post le rapport de ot_move it ici stp ainsi qu´un nouveau rapport hijack this.

    @+
    0