Virus msn : services exe

Résolu

Utilisateur anonyme -
jlpjlp Messages postés 52399 Statut Contributeur sécurité - 2 mai 2008 à 10:00

Bonjour,

Ayant contracté un fameux virus sur windows messenger( que fe ta tof sur MSN-lien hxxp://web.isuisse-com/contact), ayant eu recours à la lecture de plusieurs conseils sur les forums et ne pouvant pas me débarrasser de ce virus, je "lance" à mon tour un appel aux conseils. Je vous remercie d'avance si vous avez un moment pour me répondre.
Avast antivirus le détecte à chaque fois que je me connecte à MSN, voici le rapport :

09/03/2008 01:09:00 VAL Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VALocal Settings\Temporary Internet Files\Content.IE5\LAUXBAT1\addz[1].exe\[UPX]" file.
09/03/2008 01:09:01 VAL1376 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL \zfykyz.exe\[UPX]" file.
09/03/2008 01:09:01 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL zfykyz.exe\[UPX]" file.
09/03/2008 01:11:23 VA Sign of "Win32:Agent-RUQ [Trj]" has been found in "C:\WINDOWS\mrofinu1423.exe\[UPX]" file.
09/03/2008 01:12:11 VAL 1376 Sign of "Win32:Agent-JOY [Trj]" has been found in "C:\Documents and Settings\VAL \Application Data\WinTouch\WinTouch.exe\[UPX]" file.
09/03/2008 01:18:00 VAL Sign of "Win32:Agent-JOY [Trj]" has been found in "C:\Documents and Settings\VAL \Application Data\Microsoft\Windows\rayiou.exe\[UPX]" file.
09/03/2008 13:17:02 SYSTEM 1244 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VALLocal Settings\Temporary Internet Files\Content.IE5\NR8R2LCZ\addz[1].exe\[UPX]" file.
09/03/2008 13:17:03 SYSTEM 1244 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL
09/03/2008 13:17:03 SYSTEM 1244 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL \dfafbz.exe\[UPX]" file.
09/03/2008 13:24:49 SYSTEM 1244 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\b138.exe_old" file.
11/03/2008 19:55:19 SYSTEM 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\Local Settings\Temporary Internet Files\Content.IE5\NR8R2LCZ\addz[1].exe\[UPX]" file.
11/03/2008 19:55:25 SYSTEM 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\decsba.exe\[UPX]" file.
11/03/2008 19:55:25 SYSTEM 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\decsba.exe\[UPX]" file.
12/03/2008 22:05:55 VAL1168 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\decsba.exe\[UPX]" file.
13/03/2008 19:14:10 SYSTEM 1296 Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
13/03/2008 19:14:23 SYSTEM 1296 An error has occured while attempting to update. Please check the logs.
13/03/2008 23:52:04 SYSTEM 1296 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL \Local Settings\Temporary Internet Files\Content.IE5\NR8R2LCZ\6736f989[1].exe\[UPX]" file.
13/03/2008 23:52:04 SYSTEM 1296 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\ckaowk.exe\[UPX]" file.
13/03/2008 23:52:04 SYSTEM 1296 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\ckaowk.exe\[UPX]" file.
14/03/2008 21:17:55 VAL 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\Local Settings\Temporary Internet Files\Content.IE5\NR8R2LCZ\6736f989[2].exe\[UPX]" file.
14/03/2008 21:29:02 VAL 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\hcxqto.exe\[UPX]" file.
15/03/2008 14:33:11 VAL 1144 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL \Local Settings\Temporary Internet Files\Content.IE5\NR8R2LCZ\6736f989[1].exe\[UPX]" file.
15/03/2008 15:11:17 VALERIE FARGUES 1144 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\fupcnq.exe\[UPX]" file.
15/03/2008 21:28:14 VAL 1144 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\ckaowk.exe\[UPX]" file.
15/03/2008 23:11:35 VAL 1144 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\Local Settings\Temporary Internet Files\Content.IE5\NR8R2LCZ\6736f989[1].exe\[UPX]" file.
15/03/2008 23:11:36 VAL 1144 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\dlhbaq.exe\[UPX]" file.
15/03/2008 23:11:36 VAL 1144 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\dlhbaq.exe\[UPX]" file.
15/03/2008 23:21:03 VAL 1296 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL Local Settings\Temporary Internet Files\Content.IE5\NR8R2LCZ\6736f989[2].exe\[UPX]" file.
15/03/2008 23:22:12 VAL 1296 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\hirnah.exe\[UPX]" file.
16/03/2008 01:12:10 VAL 1296 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\Local Settings\Temporary Internet Files\Content.IE5\VSL7QWNC\6736f989[1].exe\[UPX]" file.
16/03/2008 01:12:11 VAL 1296 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\khjkwl.exe\[UPX]" file.
16/03/2008 01:12:11 VAL 1296 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\khjkwl.exe\[UPX]" file.
16/03/2008 12:16:01 VAL 1152 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VA\Local Settings\Temporary Internet Files\Content.IE5\VSL7QWNC\6736f989[2].exe\[UPX]" file.
16/03/2008 12:19:02 VAL 1152 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\tksvdg.exe\[UPX]" file.
16/03/2008 22:25:21 VAL 384 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\dfafbz.exe\[UPX]" file.
17/03/2008 22:24:11 VA 3928 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\Local Settings\Temporary Internet Files\Content.IE5\VSL7QWNC\6736f989[1].exe\[UPX]" file.
17/03/2008 23:13:11 VALS 3928 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\zfykyz.exe\[UPX]" file.
17/03/2008 23:28:24 VAL3928 Sign of "Win32:Agent-JOY [Trj]" has been found in "C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP13\A0007123.exe\[UPX]" file.
17/03/2008 23:28:46 VAL3928 Sign of "Win32:Agent-JOY [Trj]" has been found in "C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP13\A0007124.exe\[UPX]" file.
17/03/2008 23:29:09 VAL 3928 Sign of "Win32:Agent-RUQ [Trj]" has been found in "C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP14\A0008136.exe\[UPX]" file.
17/03/2008 23:29:16 VAL 3928 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP14\A0008141.exe" file.
17/03/2008 23:29:22 VAL 3928 Sign of "Win32:Agent-JOY [Trj]" has been found in "C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP14\A0008157.exe\[UPX]" file.
17/03/2008 23:29:40 VA 3928 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP15\A0013174.exe\[UPX]" file.
17/03/2008 23:30:18 VAL3928 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP17\A0016222.exe\[UPX]" file.
17/03/2008 23:31:24 VAL3928 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP19\A0017304.exe\[UPX]" file.
17/03/2008 23:31:47 VAL 3928 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP20\A0019311.exe\[UPX]" file.
17/03/2008 23:58:19 VA 3928 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\dlhbaq.exe\[UPX]" file.
18/03/2008 00:02:01 VA 3928 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\khjkwl.exe\[UPX]" file.
18/03/2008 08:54:58 VAL 1148 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\V\Local Settings\Temporary Internet Files\Content.IE5\VSL7QWNC\6736f989[1].exe\[UPX]" file.
18/03/2008 08:54:58 VAL1148 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\V\wttona.exe\[UPX]" file.
18/03/2008 08:54:58 V 1148 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VA wttona.exe\[UPX]" file.
18/03/2008 10:43:38 Administrateur 1284 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\Local Settings\Temporary Internet Files\Content.IE5\VSL7QWNC\6736f989[1].exe\[UPX]" file.
18/03/2008 11:06:30 Administrateur 1284 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\Vwttona.exe\[UPX]" file.
20/03/2008 18:24:53 SYSTEM 1336 Function setifaceUpdatePackages() has failed. Return code is 0x00000426, dwRes is 000004C8.
20/03/2008 18:25:01 SYSTEM 1336 An error has occured while attempting to update. Please check the logs.
20/03/2008 22:33:35 SYSTEM 1336 Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
20/03/2008 22:33:47 SYSTEM 1336 Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
20/03/2008 22:33:47 SYSTEM 1336 An error has occured while attempting to update. Please check the logs.
21/03/2008 00:18:19 SYSTEM 1164 Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
21/03/2008 00:18:46 SYSTEM 1164 Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
22/03/2008 14:59:13 SYSTEM 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VALERIE
28/03/2008 19:28:56 SYSTEM 1148 Sign of "Win32:Dialer-1300 [Trj]" has been found in "http://79.135.165.107/freehost11/chris0233/lu/xp_0233.exe\[UPX]" file.
29/03/2008 12:45:15 VAL1164 Sign of "Win32:Dialer-1300 [Trj]" has been found in "C:\DOCUME~1\VAL~1\LOCALS~1\Temp\xp_0233.exe\[UPX]" file.
29/03/2008 12:52:46 VAL 1164 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL
03/04/2008 17:27:48 SYSTEM 1140 Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
03/04/2008 17:28:29 SYSTEM 1140 An error has occured while attempting to update. Please check the logs.
03/04/2008 17:29:24 SYSTEM 1140 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VA
\Local Settings\Temporary Internet Files\Content.IE5\VSL7QWNC\wv[1].exe\[UPX]" file.
03/04/2008 17:29:28 SYSTEM 1140 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\V\yvqgff.exe\[UPX]" file.
03/04/2008 17:29:30 SYSTEM 1140 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VA \yvqgff.exe\[UPX]" file.
03/04/2008 17:30:41 SYSTEM 1140 Sign of "Win32:Dialer-1300 [Trj]" has been found in "http://79.135.165.107/freehost11/chris0233/lu/xp_0233.exe\[UPX]" file.
03/04/2008 18:49:24 SYSTEM 1140 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VA \Local Settings\Temporary Internet Files\Content.IE5\IDUETM26\wv[1].exe\[UPX]" file.
Settings\VAL\yiofne.exe\[UPX]" file.
04/04/2008 00:17:42 VAL 1164 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\\yiofne.exe\[UPX]" file.
05/04/2008 10:56:31 SYSTEM 952 Sign of "Win32:Dialer-1300 [Trj]" has been found in "http://79.135.165.107/freehost11/chris0233/lu/xp_0233.exe\[UPX]" file.
05/04/2008 11:13:50 VAL1164 Sign of "Win32:Dialer-1300 [Trj]" has been found in "C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\xp_0233.exe\[UPX]" file.
06/04/2008 15:09:58 SYSTEM 1148 Sign of "Win32:Dialer-1300 [Trj]" has been found in "http://79.135.165.107/freehost11/chris0233/lu/xp_0233.exe\[UPX]" file.
06/04/2008 15:11:24 SYSTEM 1148 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\V \Local Settings\Temporary Internet Files\Content.IE5\VSL7QWNC\wv[1].exe\[UPX]" file.
06/04/2008 15:12:45 SYSTEM 1148 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VALwprkjo.exe\[UPX]" file.
06/04/2008 15:19:14 SYSTEM 1148 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VA\Local Settings\Temporary Internet Files\Content.IE5\VSL7QWNC\wv[1].exe\[UPX]" file.
06/04/2008 15:19:15 SYSTEM 1148 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\lkyzft.exe\[UPX]" file.
06/04/2008 15:19:15 SYSTEM 1148 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\lkyzft.exe\[UPX]" file.
06/04/2008 15:47:05 VAL 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VA\Local Settings\Temporary Internet Files\Content.IE5\J23ZLYW0\wv[1].exe\[UPX]" file.
06/04/2008 15:47:07 VAL 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VALmvfdc.exe\[UPX]" file.
06/04/2008 15:47:07 VAL 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\kmvfdc.exe\[UPX]" file.
06/04/2008 15:48:50 VAL 1156 Sign of "Win32:Dialer-1300 [Trj]" has been found in "http://79.135.165.107/freehost11/chris0233/lu/xp_0233.exe\[UPX]" file.
06/04/2008 16:51:40 VA1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\MSNFix\backup\kmvfdc.exe\[UPX]" file.
06/04/2008 16:52:19 VAL1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\MSNFix\backup\yiofne.exe\[UPX]" file.
06/04/2008 16:52:25 VAL1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\kmvfdc.MSNFix\[UPX]" file.
06/04/2008 16:52:36 VAL 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VALkmvfdc.MSNFix\[UPX]" file.
06/04/2008 16:58:48 VAL1300 Sign of "Win32:Dialer-1300 [Trj]" has been found in "C:\DOCUME~1\VAL~1\LOCALS~1\Temp\xp_0233.exe\[UPX]" file.
06/04/2008 17:02:06 VAL1300 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VALLocal Settings\Temporary Internet Files\Content.IE5\IDUETM26\wv[1].exe\[UPX]" file.
06/04/2008 17:02:25 V 1300 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\DOCUME~1\VAL~1\LOCALS~1\Temp\Rar$EX09.313\vqnwnb.exe\[UPX]" file.
06/04/2008 17:27:40 VAL 1232 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\DOCUME~1\VAL~1\Bureau\Upload_Me\kmvfdc.exe\[UPX]" file.
06/04/2008 17:27:40 VAL 1232 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\DOCUME~1\VAL~1\Bureau\Upload_Me\yiofne.exe\[UPX]" file.
06/04/2008 17:29:58 VAL1232 Sign of "Win32:Dialer-1300 [Trj]" has been found in "http://79.135.165.107/freehost11/chris0233/lu/xp_0233.exe\[UPX]" file.

Voici le rapport de MSNFIX :
MSNFix 1.700

C:\MSNFix
Fix exécuté le 06/04/2008 - 17:17:44,82 By VA
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\winsyn32.dll

************************ Recherche les dossiers présents

... C:\Program Files\nvcoi\
... C:\Program Files\nvcoi\

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\LOCALS~1
/!\ ... C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313
/!\ ... C:\WINDOWS\winsyn32.dll

************************ Suppression des dossiers

/!\ ... C:\Program Files\nvcoi\
/!\ ... C:\Program Files\nvcoi\

************************ Nettoyage du registre

Les fichiers encore présents seront supprimés au prochain redémarrage

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\winsyn32.dll
.. OK ... C:\WINDOWS\system32\real.txt
.. OK ... C:\WINDOWS\system32\LOCALS~1
/!\ ... C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313

************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\CIT207355-HPCOM-PATCH-v8.exe] A1A9476DD0DC44C5E5B7B2FFF402F9F2
[C:\PF80_08.exe] F465BFFBE22F78595CD5292BCB075062
[C:\QTINSTAL.EXE] E248769A0FA500ED29DDCBCAA43FB739

[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\VALERI~1\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 06042008_17255459.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

Rapport msn cleaner :

- Rapport MSNCleaner 1.5.6 by www.forospyware.com
- Rapport créé: 06/04/2008 on 16:02:55
- Système d'exploitation: Windows XP
- Mode de démarrage: Normal
_________________________________________

Fichiers détectés: 1
Fichiers supprimés: 0
Fichiers non supprimés: 1

C:\Documents and Settings\V\Local Settings\Temp\services.exe <--- Delete on Reboot

Fichier Hosts restauré Merci!

Afficher la suite

A voir également:

Virus msn : services exe
Virus mcafee - Accueil - Piratage
Telecharger msn - Télécharger - Messagerie
Msn messenger - Télécharger - Messagerie
Virus facebook demande d'amis - Accueil - Facebook
Msn explorer - Télécharger - Divers Web & Internet

18 réponses

Réponse 1 / 18

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

de rien
et merci pour le coup de pouce de g!rly

et fais gaffe sur msn !!!!

Utilisateur anonyme

Bonsoir,

Le virus a bien disparu.....Néanmoins, je viens de m'apercevoir en voulant restaurer le système ce soir suite à un petit incident que je n'ai plus de point de restauration accessible. Tout est coché correctement ,C,D et E sont sous surveillance mais aucun point n' apparaît dans le calendrier..Est-ce que cela peut venir d'une des modifications opérées?
Je te remercie . Bonsoir

Utilisateur anonyme

Encore moi,
En fait autre probléme, depuis nos modifications, impossible de recevoir les mises à jour windows. Comment y remédier? Merci.

Réponse 2 / 18

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

slt

analyse ces fichiers sur virus toal et si inféctés tu les vire: https://www.virustotal.com/gui/

C:\CIT207355-HPCOM-PATCH-v8.exe
C:\PF80_08.exe
C:\QTINSTAL.EXE

_________________

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

____________________

scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

______________________

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

Utilisateur anonyme

Merci pour tes conseils. Vu que je n ai jamais eu de virus depuis le temps que je pianote, je pense que je vais mettre quelque temps à essayer toutes ces manipulations.

Utilisateur anonyme

le premier et le troisieme fichiers sont nets et le second est trop lourd (PF80)pour être envoyé. Je continue demain. A plus

Réponse 3 / 18

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

Utilisateur anonyme

[b]SDFix: Version 1.167 /b
Run by VAL on 06/04/2008 at 23:33

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\VALERI~1\Bureau\SDFix

[b]Checking Services /b:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files /b:

Trojan Files Found:

C:\Program Files\JavaCore\JavaCore.MSNFix - Deleted
C:\Program Files\nvcoi\mst.MSNFix - Deleted
C:\WINDOWS\17PHolmes1423.exe - Deleted
C:\Program Files\.autoreg - Deleted
C:\WINDOWS\system32\drivers\etc\BackupHosts.bak - Deleted
C:\WINDOWS\system32\real.txt - Deleted

Folder C:\Program Files\JavaCore - Removed
Folder C:\Program Files\nvcoi - Removed

Removing Temp Files

[b]ADS Check /b:

[b]Final Check /b:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 23:47:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe [1188] 0xFF999020

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 1
Voici le rapport SDFIX

[b]Remaining Services /b:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\coktel\\ADI5\\TTS\\SpeechCube.exe"="C:\\coktel\\ADI5\\TTS\\SpeechCube.exe:*:Enabled:SPeechCube"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"="C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe:*:Enabled:Acrobat Reader 5.0"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft (R) HTML Application host"
"C:\\Documents and Settings\\VAL\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe"="C:\\Documents and Settings\\VAL\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\VAL\\Bureau\\incredimail_install.exe"="C:\\Documents and Settings\\VA\\Bureau\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Documents and Settings\\VAL\\Bureau\\incredimail_install(2).exe"="C:\\Documents and Settings\\VAL\\Bureau\\incredimail_install(2).exe:*:Enabled:IncrediMail Installer"
"C:\\DOCUME~1\\VA~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\VAL~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"="C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe:*:Enabled:Flash Media"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files /b:

File Backups: - C:\DOCUME~1\VALERI~1\Bureau\SDFix\backups\backups.zip

[b]Files with Hidden Attributes /b:

Tue 29 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 11 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

[b]Finished!/b

Réponse 4 / 18

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

parfait sdfix a néttoyé mais colle moi les deux autres rapports

Utilisateur anonyme

Malwarebytes' Anti-Malware 1.10
Version de la base de données: 597

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 105874
Temps écoulé: 1 hour(s), 20 minute(s), 13 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP1\A0001003.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP1\A0001015.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\bdljmrwty_navps.dat (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\system32\hokumn_navps.dat (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\system32\jasjasunoh_navps.dat (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\system32\prgayf_navps.dat (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\system32\bdljmrwty_nav.dat (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\system32\hokumn_nav.dat (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\system32\jasjasunoh_nav.dat (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\system32\prgayf_nav.dat (Adware.EGDAccess) -> No action taken.

J'ai fait le scan mais n ai pas détruit les fichiers car j ai loupé une étape et d'autre part, n'étais pas sûre de devoir détruire tout cela. Il me reste à faire hijac et peut-être à détruire ces fameux fichiers (??) Merci

Utilisateur anonyme

Logfile of HijackThis v1.99.1
Scan saved at 13:34:38, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
O4 - HKCU\..\Run: [CopernicSummarizerWatchdog] "C:\Program Files\Copernic Summarizer\CSAgent.exe" /thisismandatory
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSNCleaner] C:\Program Files\MSNCleaner.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZC
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: https://www.sncf.com/fr
O15 - Trusted Zone: http://*.voyages-sncf.com
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)

Voici le dernier rapport. Je n'ai donc rien détruit avant d'avoir ton avis ni sur hijack ni ni sur malware.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 18

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

ok il en reste beaucoup!

relance hijackthis, fais do a system scan only puis selectionne ces lignes et fais fix cheked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe

O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe

O4 - HKCU\..\Run: [MSNCleaner] C:\Program Files\MSNCleaner.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZC

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab

____________

refaire
Malwarebytes' Anti-Malware et virer ce qui est trouvé

________

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

______________

utilise ccleaner sans installer la barre yahoo et nettoie les fichiers temporaires

https://www.malekal.com/tutoriel-ccleaner/
_______________

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
_____________________

recolle un hijackthis

Utilisateur anonyme

File/Folder C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04082008_120039

J'ai suivi à la lettre toutes les instructions-encore merci- : impossible de faire fonctionner Combo-fix même renommé, la fenêtre s'ouvre et se referme immédiatement. Je refais un rapport Hi jack.

Utilisateur anonyme

Logfile of HijackThis v1.99.1
Scan saved at 12:08:50, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CopernicSummarizerWatchdog] "C:\Program Files\Copernic Summarizer\CSAgent.exe" /thisismandatory
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: https://www.sncf.com/fr
O15 - Trusted Zone: [http://]*.voyages-sncf.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)

Quand je fais exécuter et %temp%, le fameux dossier Rar Ex 09 y est toujours et il reste impossible de le supprimer.Passionnant ce virus, il m' apprend à utiliser tant bien que mal un arsenal de logiciels. Merci et à plus.

Réponse 6 / 18

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

refais msnfix et colle le rapport

___________________

lance
Clean Virus MSN

https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/50571.html

___________________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Utilisateur anonyme

ComboFix 08-04-07.5 - VALERIE FARGUES 2008-04-08 19:42:26.1 - NTFSx86
Endroit: C:\Documents and Settings\VALERIE FARGUES\Bureau\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\VALERIE FARGUES\Bureau\CFscript
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pack.epk
C:\WINDOWS\system32\hjygzqoaw_navtmp.dat
C:\WINDOWS\system32\ubximvgxzu_navfx.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))))))))
.

2008-04-08 18:46 . 2008-04-08 19:33 <REP> d-------- C:\Program Files\AxBx
2008-04-07 20:00 . 2008-04-07 20:00 9,296 --a------ C:\WINDOWS\system32\esnvvp.exe
2008-04-07 13:29 . 2008-04-08 12:11 <REP> d-------- C:\Program Files\Hijackthis Version Française
2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\VALERIE FARGUES\Application Data\Malwarebytes
2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 23:28 . 2008-04-06 23:29 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-06 17:23 . 2008-04-06 17:23 9,296 --a------ C:\WINDOWS\system32\npjnbb.exe
2008-04-06 16:02 . 2008-04-06 16:02 76 --a------ C:\WINDOWS\system32\DelReboot
2008-04-06 15:19 . 2008-04-06 15:19 9,296 --a------ C:\WINDOWS\system32\lkyzft.exe
2008-04-05 11:08 . 2008-04-05 11:08 0 --a------ C:\WINDOWS\system32\real.MSNFix
2008-04-04 00:10 . 2008-04-04 00:10 9,296 --a------ C:\WINDOWS\system32\xalqie.exe
2008-04-03 23:45 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-03 23:45 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-25 21:08 . 2008-03-25 21:08 244 --ah----- C:\sqmnoopt19.sqm
2008-03-25 21:08 . 2008-04-08 18:31 244 --ah----- C:\sqmnoopt18.sqm
2008-03-25 21:08 . 2008-04-07 23:51 244 --ah----- C:\sqmnoopt17.sqm
2008-03-25 21:08 . 2008-04-07 20:00 244 --ah----- C:\sqmnoopt16.sqm
2008-03-25 21:08 . 2008-03-25 21:08 232 --ah----- C:\sqmdata19.sqm
2008-03-25 21:08 . 2008-04-08 18:31 232 --ah----- C:\sqmdata18.sqm
2008-03-25 21:08 . 2008-04-07 23:51 232 --ah----- C:\sqmdata17.sqm
2008-03-25 21:08 . 2008-04-07 20:00 232 --ah----- C:\sqmdata16.sqm
2008-03-25 20:27 . 2008-03-27 21:42 <REP> d-------- C:\Program Files\JS World
2008-03-25 20:10 . 2008-03-26 00:36 244 --ah----- C:\sqmnoopt08.sqm
2008-03-25 20:10 . 2008-03-26 00:36 232 --ah----- C:\sqmdata08.sqm
2008-03-24 16:04 . 2008-03-25 19:19 7,680 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-03-23 23:22 . 2008-03-25 23:54 244 --ah----- C:\sqmnoopt07.sqm
2008-03-23 23:22 . 2008-03-25 23:54 232 --ah----- C:\sqmdata07.sqm
2008-03-23 19:28 . 2008-03-23 19:28 <REP> d-------- C:\Program Files\Styliste3
2008-03-23 19:20 . 2008-03-25 20:22 <REP> d-------- C:\Program Files\JS Star
2008-03-16 21:50 . 2008-03-25 23:05 244 --ah----- C:\sqmnoopt06.sqm
2008-03-16 21:50 . 2008-03-25 23:05 232 --ah----- C:\sqmdata06.sqm
2008-03-16 21:12 . 2008-03-25 22:02 244 --ah----- C:\sqmnoopt05.sqm
2008-03-16 21:12 . 2008-03-25 22:02 232 --ah----- C:\sqmdata05.sqm
2008-03-16 02:49 . <REP> C:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web
2008-03-16 02:12 . 2008-03-25 21:35 244 --ah----- C:\sqmnoopt04.sqm
2008-03-16 02:12 . 2008-03-25 21:35 232 --ah----- C:\sqmdata04.sqm
2008-03-16 02:00 . 2006-01-26 21:19 73,728 --a------ C:\WINDOWS\system32\TBD35.tmp
2008-03-16 01:59 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\TBD34.tmp
2008-03-16 01:59 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\TBD32.tmp
2008-03-16 01:59 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\TBD33.tmp
2008-03-16 01:59 . 2006-08-22 17:08 77,824 --a------ C:\WINDOWS\system32\TBD31.tmp
2008-03-16 01:47 . 2008-03-16 01:59 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-16 01:39 . 2008-03-16 01:39 <REP> d-------- C:\Program Files\Softwin
2008-03-16 01:39 . 2008-03-16 01:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-16 01:35 . 2008-03-16 02:01 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-03-14 00:52 . 2008-03-25 21:28 244 --ah----- C:\sqmnoopt03.sqm
2008-03-14 00:52 . 2008-03-25 21:28 232 --ah----- C:\sqmdata03.sqm
2008-03-13 20:05 . 2008-03-25 21:08 244 --ah----- C:\sqmnoopt02.sqm
2008-03-13 20:05 . 2008-03-25 21:08 232 --ah----- C:\sqmdata02.sqm
2008-03-11 20:52 . 2008-03-11 20:50 10,240 --a------ C:\WINDOWS\whsyst32.exe
2008-03-11 20:50 . 2008-04-06 15:47 5,120 --a------ C:\WINDOWS\winsyn32.MSNFix
2008-03-09 12:02 . 2003-06-18 18:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-09 12:02 . 2003-06-18 18:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-09 12:02 . 2003-06-19 10:04 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData
2008-03-09 12:02 . 2003-11-01 16:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-09 12:02 . 2003-11-28 14:03 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-09 12:02 . 2003-06-18 18:19 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-09 12:02 . 2003-11-01 16:47 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-03-09 12:02 . 2003-11-28 13:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-09 12:02 . 2003-06-18 17:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2008-03-09 12:02 . 2003-11-28 14:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CyberLink
2008-03-09 12:02 . 2003-11-25 14:32 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-03-09 00:22 . 2008-03-25 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 00:09 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-09 00:09 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-09 00:09 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-09 00:09 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-09 00:09 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-09 00:09 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-09 00:08 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-08 17:32 . 2008-03-08 17:32 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmpCA571.FOT
2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmpB2371.FOT
2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmp92671.FOT
2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmp5D671.FOT
2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmp47471.FOT
2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmp33771.FOT

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 15:14 --------- d-----w C:\Documents and Settings\VALERIE FARGUES\Application Data\Dossier de téléchargement Share-to-Web
2008-04-01 15:45 --------- d-----w C:\Program Files\Windows Live
2008-03-15 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 15:32 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-08 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-03-05 22:36 --------- d-----w C:\Program Files\Avira
2008-03-04 17:37 359,936 ----a-w C:\WINDOWS\system32\hokumn.exe
2008-02-29 20:18 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-29 20:06 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-29 20:04 --------- d-----w C:\Program Files\MSN Messenger
2008-02-29 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-18 12:16 --------- d-----w C:\Program Files\eMule
2008-02-16 19:36 45,120 -c--a-w C:\Documents and Settings\VALERIE FARGUES\Application Data\GDIPFONTCACHEV1.DAT
2008-01-30 20:35 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-02 15:47 134,109 ----a-w C:\Program Files\Alertes MsnCreative 2.0.plsc
2007-02-03 14:18 3,511,538 ----a-w C:\Program Files\eMule0.47c-Installer.exe
2007-02-02 22:55 53,078,048 ----a-w C:\Program Files\javatm-2-platform-standard-edition_javatm_2_platform_windows_1.5.09_francais_10901.exe
2007-02-02 20:09 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
2005-03-21 20:42 1,256,444 ----a-w C:\Program Files\wrar342fr.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CopernicSummarizerWatchdog"="C:\Program Files\Copernic Summarizer\CSAgent.exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-25 16:16 67128]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"CHotkey"="mHotkey.exe" [2002-07-23 12:09 477184 C:\WINDOWS\mHotkey.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2003-09-26 18:03 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2003-09-26 18:02 53248]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-03 12:23 180269]
"AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 18:57 81408]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 14:08 172032]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56 40960]
"zzzHPSETUP"="F:\Setup.exe" [ ]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 05:19 69632]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-04 12:57:49 110592]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-25 16:16:07 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-01 14:15:20 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.mxmc"= MimicICM.DLL
"msacm.l3radius"= l3codecp.acm
"vidc.xvid"= xvid.dll
"vidc.VP31"= vp31vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\coktel\\ADI5\\TTS\\SpeechCube.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:"eMule : UDP Entrant"

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 19:41]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 08:58]
S2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe []
S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe []
S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe []
S3 MBAMCatchMe;MBAMCatchMe;C:\Documents and Settings\VALERIE FARGUES\Bureau\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 19:54]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14f71571-a0e2-11dc-83a5-000c7687d3fe}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-14 17:54:25 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-08 17:16:17 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 19:48:27
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

? [1300]

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AliceSAV = C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-08 19:54:09
ComboFix-quarantined-files.txt 2008-04-08 17:53:43
Pre-Run: 4,674,564,096 octets libres
Post-Run: 4,652,863,488 octets libres
.
2008-04-06 13:55:10 --- E O F ---

Utilisateur anonyme

Logfile of HijackThis v1.99.1
Scan saved at 20:14:10, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
O4 - HKCU\..\Run: [CopernicSummarizerWatchdog] "C:\Program Files\Copernic Summarizer\CSAgent.exe" /thisismandatory
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: https://www.sncf.com/fr
O15 - Trusted Zone: http://*.voyages-sncf.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)

Réponse 7 / 18

Utilisateur anonyme

MSNFix 1.701

C:\Documents and Settings\VALERIE FARGUES\Bureau\MSNFix
Fix exécuté le 08/04/2008 - 18:25:54,18 By VALERIE FARGUES
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\winsyn32.dll

************************ Recherche les dossiers présents

Aucun dossier trouvé

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\LOCALS~1
/!\ ... C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313
/!\ ... C:\WINDOWS\winsyn32.dll

************************ Nettoyage du registre

Les fichiers encore présents seront supprimés au prochain redémarrage

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\winsyn32.dll
.. OK ... C:\WINDOWS\system32\real.txt
.. OK ... C:\WINDOWS\system32\LOCALS~1
/!\ ... C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313

************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\CIT207355-HPCOM-PATCH-v8.exe] A1A9476DD0DC44C5E5B7B2FFF402F9F2
[C:\PF80_08.exe] F465BFFBE22F78595CD5292BCB075062
[C:\QTINSTAL.EXE] E248769A0FA500ED29DDCBCAA43FB739

[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\VALERI~1\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 08042008_18345043.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe [1616] 0xFFACF380

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 1

read file error: C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313, Accès refusé.
read file error: C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313, Accès refusé.
read file error: C:\WINDOWS\system32\LOCALS~1, Le fichier spécifié est introuvable.
read file error: C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313, Accès refusé.

Réponse 8 / 18

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

refais msnfix et colle le rapport

__________________

Télécharger OAD (Outil d'Aide au Diagnostic) < http://sosvirus.changelog.fr/OAD.exe >
→ Enregistre-le sur ton bureau
→ Lancer 'OAD.exe' en faisant un double clique sur le fichier
→ Saisir la valeur recherchée -> ' Rar$EX09.313 ' ( fait un copier/coller )
→ Type de recherche : sélectionner l'option 6 puis valide [entrée]
→ OAD va maintenant rechercher le fichier.
→ Laisse-le travailler jusqu'à ce qu'il en ait terminé.
→ Suivant la taille des disques durs, cette recherche peut prendre plusieurs minutes.

------------- Patienter. --------------

→ Le rapport de recherche s'affichera automatiquement dès qu'il en aura terminé.
→ Faire un copier/coller de ce rapport dans ton prochain post.

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note: Certains Antivirus peuvent émettre une alerte lors du téléchargement / utilisation > ignore

Utilisateur anonyme

MSNFix 1.701

C:\Documents and Settings\VAL\Bureau\MSNFix
Fix exécuté le 08/04/2008 - 22:25:09,37 By VAL
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

Aucun dossier trouvé

************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\CIT207355-HPCOM-PATCH-v8.exe] A1A9476DD0DC44C5E5B7B2FFF402F9F2
[C:\PF80_08.exe] F465BFFBE22F78595CD5292BCB075062
[C:\QTINSTAL.EXE] E248769A0FA500ED29DDCBCAA43FB739

[color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\VALERI~1\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

- 08/04/2008 ---- 22:54:07,56

----------------------------------
§§§§§§ [Rar$EX09.313] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flash Media"="C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"="C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe:*:Enabled:Flash Media"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"="C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe:*:Enabled:Flash Media"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"="C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe:*:Enabled:Flash Media"

[HKEY_USERS\S-1-5-21-1983427867-2997751923-2791220935-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"="services"

*******************
[Fichier]
*******************

c:\Documents and Settings\VAL\Local Settings\Temp\Rar$EX09.313

*********************
[Même date]
*********************

[R‚pertoire ] --- REP ---> C:\Program Files\Files

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

Réponse 9 / 18

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

________________

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[HKEY_USERS\S-1-5-21-1983427867-2997751923-2791220935-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"Flash Media"="-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Utilisateur anonyme

ComboFix 08-04-07.5 - VAL 2008-04-08 23:46:41.2 - NTFSx86
Endroit: C:\Documents and Settings\VAL\Bureau\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\VAL\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))))))))
.

2008-04-08 18:46 . 2008-04-08 19:33 <REP> d-------- C:\Program Files\AxBx
2008-04-07 20:00 . 2008-04-07 20:00 9,296 --a------ C:\WINDOWS\system32\esnvvp.exe
2008-04-07 13:29 . 2008-04-08 20:13 <REP> d-------- C:\Program Files\Hijackthis Version Française
2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\VAL\Application Data\Malwarebytes
2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 23:28 . 2008-04-06 23:29 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-06 17:23 . 2008-04-06 17:23 9,296 --a------ C:\WINDOWS\system32\npjnbb.exe
2008-04-06 16:02 . 2008-04-06 16:02 76 --a------ C:\WINDOWS\system32\DelReboot
2008-04-06 15:19 . 2008-04-06 15:19 9,296 --a------ C:\WINDOWS\system32\lkyzft.exe
2008-04-05 11:08 . 2008-04-05 11:08 0 --a------ C:\WINDOWS\system32\real.MSNFix
2008-04-04 00:10 . 2008-04-04 00:10 9,296 --a------ C:\WINDOWS\system32\xalqie.exe
2008-04-03 23:45 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-03 23:45 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-25 21:08 . 2008-03-25 21:08 244 --ah----- C:\sqmnoopt19.sqm
2008-03-25 21:08 . 2008-04-08 18:31 244 --ah----- C:\sqmnoopt18.sqm
2008-03-25 21:08 . 2008-04-07 23:51 244 --ah----- C:\sqmnoopt17.sqm
2008-03-25 21:08 . 2008-04-07 20:00 244 --ah----- C:\sqmnoopt16.sqm
2008-03-25 21:08 . 2008-03-25 21:08 232 --ah----- C:\sqmdata19.sqm
2008-03-25 21:08 . 2008-04-08 18:31 232 --ah----- C:\sqmdata18.sqm
2008-03-25 21:08 . 2008-04-07 23:51 232 --ah----- C:\sqmdata17.sqm
2008-03-25 21:08 . 2008-04-07 20:00 232 --ah----- C:\sqmdata16.sqm
2008-03-25 20:27 . 2008-03-27 21:42 <REP> d-------- C:\Program Files\JS World
2008-03-25 20:10 . 2008-03-26 00:36 244 --ah----- C:\sqmnoopt08.sqm
2008-03-25 20:10 . 2008-03-26 00:36 232 --ah----- C:\sqmdata08.sqm
2008-03-24 16:04 . 2008-03-25 19:19 7,680 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-03-23 23:22 . 2008-03-25 23:54 244 --ah----- C:\sqmnoopt07.sqm
2008-03-23 23:22 . 2008-03-25 23:54 232 --ah----- C:\sqmdata07.sqm
2008-03-23 19:28 . 2008-03-23 19:28 <REP> d-------- C:\Program Files\Styliste3
2008-03-23 19:20 . 2008-03-25 20:22 <REP> d-------- C:\Program Files\JS Star
2008-03-16 21:50 . 2008-03-25 23:05 244 --ah----- C:\sqmnoopt06.sqm
2008-03-16 21:50 . 2008-03-25 23:05 232 --ah----- C:\sqmdata06.sqm
2008-03-16 21:12 . 2008-03-25 22:02 244 --ah----- C:\sqmnoopt05.sqm
2008-03-16 21:12 . 2008-03-25 22:02 232 --ah----- C:\sqmdata05.sqm
2008-03-16 02:49 . <REP> C:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web
2008-03-16 02:12 . 2008-03-25 21:35 244 --ah----- C:\sqmnoopt04.sqm
2008-03-16 02:12 . 2008-03-25 21:35 232 --ah----- C:\sqmdata04.sqm
2008-03-16 02:00 . 2006-01-26 21:19 73,728 --a------ C:\WINDOWS\system32\TBD35.tmp
2008-03-16 01:59 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\TBD34.tmp
2008-03-16 01:59 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\TBD32.tmp
2008-03-16 01:59 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\TBD33.tmp
2008-03-16 01:59 . 2006-08-22 17:08 77,824 --a------ C:\WINDOWS\system32\TBD31.tmp
2008-03-16 01:47 . 2008-03-16 01:59 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-16 01:39 . 2008-03-16 01:39 <REP> d-------- C:\Program Files\Softwin
2008-03-16 01:39 . 2008-03-16 01:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-16 01:35 . 2008-03-16 02:01 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-03-14 00:52 . 2008-03-25 21:28 244 --ah----- C:\sqmnoopt03.sqm
2008-03-14 00:52 . 2008-03-25 21:28 232 --ah----- C:\sqmdata03.sqm
2008-03-13 20:05 . 2008-03-25 21:08 244 --ah----- C:\sqmnoopt02.sqm
2008-03-13 20:05 . 2008-03-25 21:08 232 --ah----- C:\sqmdata02.sqm
2008-03-11 20:52 . 2008-03-11 20:50 10,240 --a------ C:\WINDOWS\whsyst32.exe
2008-03-11 20:50 . 2008-04-06 15:47 5,120 --a------ C:\WINDOWS\winsyn32.MSNFix
2008-03-09 12:02 . 2003-06-18 18:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-09 12:02 . 2003-06-18 18:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-09 12:02 . 2003-06-19 10:04 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData
2008-03-09 12:02 . 2003-11-01 16:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-09 12:02 . 2003-11-28 14:03 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-09 12:02 . 2003-06-18 18:19 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-09 12:02 . 2003-11-01 16:47 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-03-09 12:02 . 2003-11-28 13:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-09 12:02 . 2003-06-18 17:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2008-03-09 12:02 . 2003-11-28 14:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CyberLink
2008-03-09 12:02 . 2003-11-25 14:32 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-03-09 00:22 . 2008-03-25 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 00:09 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-09 00:09 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-09 00:09 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-09 00:09 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-09 00:09 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-09 00:09 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-09 00:08 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-08 17:32 . 2008-03-08 17:32 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmpCA571.FOT
2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmpB2371.FOT
2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmp92671.FOT
2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmp5D671.FOT
2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmp47471.FOT
2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmp33771.FOT

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 15:14 --------- d-----w C:\Documents and Settings\VAL\Application Data\Dossier de téléchargement Share-to-Web
2008-04-01 15:45 --------- d-----w C:\Program Files\Windows Live
2008-03-15 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 15:32 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-08 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-03-05 22:36 --------- d-----w C:\Program Files\Avira
2008-02-29 20:18 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-29 20:06 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-29 20:04 --------- d-----w C:\Program Files\MSN Messenger
2008-02-29 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-18 12:16 --------- d-----w C:\Program Files\eMule
2008-02-16 19:36 45,120 -c--a-w C:\Documents and Settings\VAL\Application Data\GDIPFONTCACHEV1.DAT
2007-12-02 15:47 134,109 ----a-w C:\Program Files\Alertes MsnCreative 2.0.plsc
2007-02-03 14:18 3,511,538 ----a-w C:\Program Files\eMule0.47c-Installer.exe
2007-02-02 22:55 53,078,048 ----a-w C:\Program Files\javatm-2-platform-standard-edition_javatm_2_platform_windows_1.5.09_francais_10901.exe
2007-02-02 20:09 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
2005-03-21 20:42 1,256,444 ----a-w C:\Program Files\wrar342fr.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-08_19.52.59,37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-08 18:37:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4a4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CopernicSummarizerWatchdog"="C:\Program Files\Copernic Summarizer\CSAgent.exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-25 16:16 67128]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"CHotkey"="mHotkey.exe" [2002-07-23 12:09 477184 C:\WINDOWS\mHotkey.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2003-09-26 18:03 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2003-09-26 18:02 53248]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-03 12:23 180269]
"AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 18:57 81408]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 14:08 172032]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56 40960]
"zzzHPSETUP"="F:\Setup.exe" [ ]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 05:19 69632]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-04 12:57:49 110592]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-25 16:16:07 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-01 14:15:20 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.mxmc"= MimicICM.DLL
"msacm.l3radius"= l3codecp.acm
"vidc.xvid"= xvid.dll
"vidc.VP31"= vp31vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\coktel\\ADI5\\TTS\\SpeechCube.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:"eMule : UDP Entrant"

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 19:41]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 08:58]
S2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe []
S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe []
S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe []
S3 MBAMCatchMe;MBAMCatchMe;C:\Documents and Settings\VAL\Bureau\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 19:54]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14f71571-a0e2-11dc-83a5-000c7687d3fe}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-14 17:54:25 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-08 21:16:05 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 23:52:45
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

? [1312]

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AliceSAV = C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-08 23:57:05
ComboFix-quarantined-files.txt 2008-04-08 21:56:44
ComboFix2.txt 2008-04-08 17:54:10
Pre-Run: 4,589,264,896 octets libres
Post-Run: 4,583,796,736 octets libres
.
2008-04-06 13:55:10 --- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 00:04:12, on 09/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CopernicSummarizerWatchdog] "C:\Program Files\Copernic Summarizer\CSAgent.exe" /thisismandatory
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: https://www.sncf.com/fr
O15 - Trusted Zone: http://*.voyages-sncf.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)

Réponse 10 / 18

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe
C:\Documents and Settings\V\Local Settings\Temp\services.exe
C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313
C:\WINDOWS\system32\LOCALS~1

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[HKEY_USERS\S-1-5-21-1983427867-2997751923-2791220935-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"Flash Media"="-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Utilisateur anonyme

ComboFix 08-04-07.5 - VAL 2008-04-09 12:51:13.3 - NTFSx86
Endroit: C:\Documents and Settings\VAL\Bureau\Combo-Fix.exe
Command switches used :: C:\Documents anARGUESd Settings\VAL\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe
C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313
C:\Documents and Settings\VAL\Local Settings\Temp\services.exe
C:\WINDOWS\system32\LOCALS~1
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
.

2008-04-09 11:14 . 2008-04-09 11:14 <REP> d-------- C:\WINDOWS\LastGood
2008-04-09 00:52 . 2008-04-09 00:52 <REP> d-------- C:\Documents and Settings\VAL\Application Data\vlc
2008-04-09 00:48 . 2008-04-09 00:48 <REP> d-------- C:\Program Files\VideoLAN
2008-04-08 18:46 . 2008-04-08 19:33 <REP> d-------- C:\Program Files\AxBx
2008-04-07 20:00 . 2008-04-07 20:00 9,296 --a------ C:\WINDOWS\system32\esnvvp.exe
2008-04-07 13:29 . 2008-04-09 00:03 <REP> d-------- C:\Program Files\Hijackthis Version Française
2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\VAL\Application Data\Malwarebytes
2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 23:28 . 2008-04-06 23:29 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-06 17:23 . 2008-04-06 17:23 9,296 --a------ C:\WINDOWS\system32\npjnbb.exe
2008-04-06 16:02 . 2008-04-06 16:02 76 --a------ C:\WINDOWS\system32\DelReboot
2008-04-06 15:19 . 2008-04-06 15:19 9,296 --a------ C:\WINDOWS\system32\lkyzft.exe
2008-04-05 11:08 . 2008-04-05 11:08 0 --a------ C:\WINDOWS\system32\real.MSNFix
2008-04-04 00:10 . 2008-04-04 00:10 9,296 --a------ C:\WINDOWS\system32\xalqie.exe
2008-04-03 23:45 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-03 23:45 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-25 21:08 . 2008-04-09 01:02 244 --ah----- C:\sqmnoopt19.sqm
2008-03-25 21:08 . 2008-04-08 18:31 244 --ah----- C:\sqmnoopt18.sqm
2008-03-25 21:08 . 2008-04-07 23:51 244 --ah----- C:\sqmnoopt17.sqm
2008-03-25 21:08 . 2008-04-07 20:00 244 --ah----- C:\sqmnoopt16.sqm
2008-03-25 21:08 . 2008-04-09 01:02 232 --ah----- C:\sqmdata19.sqm
2008-03-25 21:08 . 2008-04-08 18:31 232 --ah----- C:\sqmdata18.sqm
2008-03-25 21:08 . 2008-04-07 23:51 232 --ah----- C:\sqmdata17.sqm
2008-03-25 21:08 . 2008-04-07 20:00 232 --ah----- C:\sqmdata16.sqm
2008-03-25 20:27 . 2008-03-27 21:42 <REP> d-------- C:\Program Files\JS World
2008-03-25 20:10 . 2008-03-26 00:36 244 --ah----- C:\sqmnoopt08.sqm
2008-03-25 20:10 . 2008-03-26 00:36 232 --ah----- C:\sqmdata08.sqm
2008-03-24 16:04 . 2008-03-25 19:19 7,680 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-03-23 23:22 . 2008-03-25 23:54 244 --ah----- C:\sqmnoopt07.sqm
2008-03-23 23:22 . 2008-03-25 23:54 232 --ah----- C:\sqmdata07.sqm
2008-03-23 19:28 . 2008-03-23 19:28 <REP> d-------- C:\Program Files\Styliste3
2008-03-23 19:20 . 2008-03-25 20:22 <REP> d-------- C:\Program Files\JS Star
2008-03-16 21:50 . 2008-03-25 23:05 244 --ah----- C:\sqmnoopt06.sqm
2008-03-16 21:50 . 2008-03-25 23:05 232 --ah----- C:\sqmdata06.sqm
2008-03-16 21:12 . 2008-03-25 22:02 244 --ah----- C:\sqmnoopt05.sqm
2008-03-16 21:12 . 2008-03-25 22:02 232 --ah----- C:\sqmdata05.sqm
2008-03-16 02:49 . <REP> C:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web
2008-03-16 02:12 . 2008-03-25 21:35 244 --ah----- C:\sqmnoopt04.sqm
2008-03-16 02:12 . 2008-03-25 21:35 232 --ah----- C:\sqmdata04.sqm
2008-03-16 02:00 . 2006-01-26 21:19 73,728 --a------ C:\WINDOWS\system32\TBD35.tmp
2008-03-16 01:59 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\TBD34.tmp
2008-03-16 01:59 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\TBD32.tmp
2008-03-16 01:59 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\TBD33.tmp
2008-03-16 01:59 . 2006-08-22 17:08 77,824 --a------ C:\WINDOWS\system32\TBD31.tmp
2008-03-16 01:47 . 2008-03-16 01:59 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-16 01:39 . 2008-03-16 01:39 <REP> d-------- C:\Program Files\Softwin
2008-03-16 01:39 . 2008-03-16 01:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-16 01:35 . 2008-03-16 02:01 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-03-14 00:52 . 2008-03-25 21:28 244 --ah----- C:\sqmnoopt03.sqm
2008-03-14 00:52 . 2008-03-25 21:28 232 --ah----- C:\sqmdata03.sqm
2008-03-13 20:05 . 2008-03-25 21:08 244 --ah----- C:\sqmnoopt02.sqm
2008-03-13 20:05 . 2008-03-25 21:08 232 --ah----- C:\sqmdata02.sqm
2008-03-11 20:52 . 2008-03-11 20:50 10,240 --a------ C:\WINDOWS\whsyst32.exe
2008-03-11 20:50 . 2008-04-06 15:47 5,120 --a------ C:\WINDOWS\winsyn32.MSNFix
2008-03-09 12:02 . 2003-06-18 18:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-09 12:02 . 2003-06-18 18:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-09 12:02 . 2003-06-19 10:04 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData
2008-03-09 12:02 . 2003-11-01 16:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-09 12:02 . 2003-11-28 14:03 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-09 12:02 . 2003-06-18 18:19 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-09 12:02 . 2003-11-01 16:47 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-03-09 12:02 . 2003-11-28 13:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-09 12:02 . 2003-06-18 17:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2008-03-09 12:02 . 2003-11-28 14:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CyberLink
2008-03-09 12:02 . 2003-11-25 14:32 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-03-09 00:22 . 2008-03-25 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 00:09 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-09 00:09 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-09 00:09 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-09 00:09 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-09 00:09 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-09 00:09 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-09 00:08 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 15:14 --------- d-----w C:\Documents and Settings\VAL\Application Data\Dossier de téléchargement Share-to-Web
2008-04-01 15:45 --------- d-----w C:\Program Files\Windows Live
2008-03-15 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 15:32 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-03-08 15:32 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-08 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-03-05 22:36 --------- d-----w C:\Program Files\Avira
2008-03-04 17:37 359,936 ----a-w C:\WINDOWS\system32\hokumn.exe
2008-02-29 20:18 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-29 20:06 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-29 20:04 --------- d-----w C:\Program Files\MSN Messenger
2008-02-29 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-18 12:16 --------- d-----w C:\Program Files\eMule
2008-02-16 19:36 45,120 -c--a-w C:\Documents and Settings\VAL\Application Data\GDIPFONTCACHEV1.DAT
2008-01-30 20:35 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-02 15:47 134,109 ----a-w C:\Program Files\Alertes MsnCreative 2.0.plsc
2007-02-03 14:18 3,511,538 ----a-w C:\Program Files\eMule0.47c-Installer.exe
2007-02-02 22:55 53,078,048 ----a-w C:\Program Files\javatm-2-platform-standard-edition_javatm_2_platform_windows_1.5.09_francais_10901.exe
2007-02-02 20:09 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
2005-03-21 20:42 1,256,444 ----a-w C:\Program Files\wrar342fr.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-08_19.52.59,37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-08 16:30:48 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-08 23:02:08 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-08 16:30:48 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-04-08 23:02:08 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-04-08 16:30:48 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-08 23:02:08 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-09 09:09:43 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_488.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CopernicSummarizerWatchdog"="C:\Program Files\Copernic Summarizer\CSAgent.exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-25 16:16 67128]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"CHotkey"="mHotkey.exe" [2002-07-23 12:09 477184 C:\WINDOWS\mHotkey.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2003-09-26 18:03 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2003-09-26 18:02 53248]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-03 12:23 180269]
"AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 18:57 81408]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 14:08 172032]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56 40960]
"zzzHPSETUP"="F:\Setup.exe" [ ]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 05:19 69632]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-04 12:57:49 110592]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-25 16:16:07 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-01 14:15:20 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.mxmc"= MimicICM.DLL
"msacm.l3radius"= l3codecp.acm
"vidc.xvid"= xvid.dll
"vidc.VP31"= vp31vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\coktel\\ADI5\\TTS\\SpeechCube.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:"eMule : UDP Entrant"

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 19:41]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 08:58]
S2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe []
S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe []
S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe []
S3 MBAMCatchMe;MBAMCatchMe;C:\Documents and Settings\VALERIE FARGUES\Bureau\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 19:54]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14f71571-a0e2-11dc-83a5-000c7687d3fe}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-14 17:54:25 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-09 10:16:03 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 12:57:16
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

? [1476]

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AliceSAV = C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-09 13:01:55
ComboFix-quarantined-files.txt 2008-04-09 11:01:36
ComboFix2.txt 2008-04-08 21:57:07
ComboFix3.txt 2008-04-08 17:54:10
Pre-Run: 4,459,085,824 octets libres
Post-Run: 4,452,687,872 octets libres
.
2008-04-06 13:55:10 --- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 13:10:01, on 09/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC08.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW08.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW08.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CopernicSummarizerWatchdog] "C:\Program Files\Copernic Summarizer\CSAgent.exe" /thisismandatory
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: https://www.sncf.com/fr
O15 - Trusted Zone: http://*.voyages-sncf.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)

Réponse 11 / 18

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

fix cette ligne avec hijakchits

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe

___________

encore des problèmes?
recolle un hijackhtis

Utilisateur anonyme

Bonjour,

Ai suivi la dernière instruction. Apparemment, avast ne détecte plus le fameux win 32 quand l'ordi démarre et quand il se connecte automatiquement...Il est toujours impossible de supprimer C.....Temp\Rar Ex09 mais c'est peut-être normal.
Je suis en train de faire un scan avec avast pour voir ...Je te tiens au courant. Merci pour ce parcours initiatique..

Réponse 12 / 18

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :
C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

Utilisateur anonyme

File/Folder C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04102008_131200

Réponse 13 / 18

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe
C:\Documents and Settings\V\Local Settings\Temp\services.exe
C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313
C:\WINDOWS\system32\LOCALS~1

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[HKEY_USERS\S-1-5-21-1983427867-2997751923-2791220935-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"Flash Media"="-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Réponse 14 / 18

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

fais le message 25

Utilisateur anonyme

ComboFix 08-04-07.5 - VAL2008-04-10 13:19:38.4 - NTFSx86
Endroit: C:\Documents and Settings\VAL\Bureau\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\VAL\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe
C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313
C:\Documents and Settings\VAL\Local Settings\Temp\services.exe
C:\WINDOWS\system32\LOCALS~1
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000005_.tmp.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
.

2008-04-10 13:12 . 2008-04-10 13:12 <REP> d-------- C:\_OTMoveIt
2008-04-10 11:39 . 2008-04-10 11:39 <REP> d-------- C:\WINDOWS\LastGood
2008-04-09 13:19 . 2008-04-09 13:24 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-09 00:52 . 2008-04-09 00:52 <REP> d-------- C:\Documents and Settings\VAL\Application Data\vlc
2008-04-09 00:48 . 2008-04-09 00:48 <REP> d-------- C:\Program Files\VideoLAN
2008-04-08 18:46 . 2008-04-08 19:33 <REP> d-------- C:\Program Files\AxBx
2008-04-07 20:00 . 2008-04-07 20:00 9,296 --a------ C:\WINDOWS\system32\esnvvp.exe
2008-04-07 13:29 . 2008-04-09 14:06 <REP> d-------- C:\Program Files\Hijackthis Version Française
2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\VALApplication Data\Malwarebytes
2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 23:28 . 2008-04-06 23:29 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-06 17:23 . 2008-04-06 17:23 9,296 --a------ C:\WINDOWS\system32\npjnbb.exe
2008-04-06 16:02 . 2008-04-06 16:02 76 --a------ C:\WINDOWS\system32\DelReboot
2008-04-06 15:19 . 2008-04-06 15:19 9,296 --a------ C:\WINDOWS\system32\lkyzft.exe
2008-04-05 11:08 . 2008-04-05 11:08 0 --a------ C:\WINDOWS\system32\real.MSNFix
2008-04-04 00:10 . 2008-04-04 00:10 9,296 --a------ C:\WINDOWS\system32\xalqie.exe
2008-04-03 23:45 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-03 23:45 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-25 21:08 . 2008-04-09 01:02 244 --ah----- C:\sqmnoopt19.sqm
2008-03-25 21:08 . 2008-04-08 18:31 244 --ah----- C:\sqmnoopt18.sqm
2008-03-25 21:08 . 2008-04-07 23:51 244 --ah----- C:\sqmnoopt17.sqm
2008-03-25 21:08 . 2008-04-07 20:00 244 --ah----- C:\sqmnoopt16.sqm
2008-03-25 21:08 . 2008-04-09 01:02 232 --ah----- C:\sqmdata19.sqm
2008-03-25 21:08 . 2008-04-08 18:31 232 --ah----- C:\sqmdata18.sqm
2008-03-25 21:08 . 2008-04-07 23:51 232 --ah----- C:\sqmdata17.sqm
2008-03-25 21:08 . 2008-04-07 20:00 232 --ah----- C:\sqmdata16.sqm
2008-03-25 20:27 . 2008-03-27 21:42 <REP> d-------- C:\Program Files\JS World
2008-03-25 20:10 . 2008-03-26 00:36 244 --ah----- C:\sqmnoopt08.sqm
2008-03-25 20:10 . 2008-03-26 00:36 232 --ah----- C:\sqmdata08.sqm
2008-03-24 16:04 . 2008-03-25 19:19 7,680 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-03-23 23:22 . 2008-03-25 23:54 244 --ah----- C:\sqmnoopt07.sqm
2008-03-23 23:22 . 2008-03-25 23:54 232 --ah----- C:\sqmdata07.sqm
2008-03-23 19:28 . 2008-03-23 19:28 <REP> d-------- C:\Program Files\Styliste3
2008-03-23 19:20 . 2008-03-25 20:22 <REP> d-------- C:\Program Files\JS Star
2008-03-16 21:50 . 2008-03-25 23:05 244 --ah----- C:\sqmnoopt06.sqm
2008-03-16 21:50 . 2008-03-25 23:05 232 --ah----- C:\sqmdata06.sqm
2008-03-16 21:12 . 2008-03-25 22:02 244 --ah----- C:\sqmnoopt05.sqm
2008-03-16 21:12 . 2008-03-25 22:02 232 --ah----- C:\sqmdata05.sqm
2008-03-16 02:49 . <REP> C:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web
2008-03-16 02:12 . 2008-03-25 21:35 244 --ah----- C:\sqmnoopt04.sqm
2008-03-16 02:12 . 2008-03-25 21:35 232 --ah----- C:\sqmdata04.sqm
2008-03-16 02:00 . 2006-01-26 21:19 73,728 --a------ C:\WINDOWS\system32\TBD35.tmp
2008-03-16 01:59 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\TBD34.tmp
2008-03-16 01:59 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\TBD32.tmp
2008-03-16 01:59 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\TBD33.tmp
2008-03-16 01:59 . 2006-08-22 17:08 77,824 --a------ C:\WINDOWS\system32\TBD31.tmp
2008-03-16 01:47 . 2008-03-16 01:59 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-16 01:39 . 2008-03-16 01:39 <REP> d-------- C:\Program Files\Softwin
2008-03-16 01:39 . 2008-03-16 01:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-16 01:35 . 2008-03-16 02:01 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-03-14 00:52 . 2008-03-25 21:28 244 --ah----- C:\sqmnoopt03.sqm
2008-03-14 00:52 . 2008-03-25 21:28 232 --ah----- C:\sqmdata03.sqm
2008-03-13 20:05 . 2008-03-25 21:08 244 --ah----- C:\sqmnoopt02.sqm
2008-03-13 20:05 . 2008-03-25 21:08 232 --ah----- C:\sqmdata02.sqm
2008-03-11 20:52 . 2008-03-11 20:50 10,240 --a------ C:\WINDOWS\whsyst32.exe
2008-03-11 20:50 . 2008-04-06 15:47 5,120 --a------ C:\WINDOWS\winsyn32.MSNFix

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 15:14 --------- d-----w C:\Documents and Settings\VAL\Application Data\Dossier de téléchargement Share-to-Web
2008-04-01 15:45 --------- d-----w C:\Program Files\Windows Live
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-25 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-15 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 15:32 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-03-08 15:32 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-08 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-03-05 22:36 --------- d-----w C:\Program Files\Avira
2008-03-04 17:37 359,936 ----a-w C:\WINDOWS\system32\hokumn.exe
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\SET38.tmp
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\SET54.tmp
2008-02-29 20:18 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-29 20:06 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-29 20:04 --------- d-----w C:\Program Files\MSN Messenger
2008-02-29 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\SET2B.tmp
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\SET4D.tmp
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\SET24.tmp
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\SET48.tmp
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\SET25.tmp
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\SET49.tmp
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-18 12:16 --------- d-----w C:\Program Files\eMule
2008-02-16 19:36 45,120 -c--a-w C:\Documents and Settings\VAL\Application Data\GDIPFONTCACHEV1.DAT
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-01-30 20:35 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-02 15:47 134,109 ----a-w C:\Program Files\Alertes MsnCreative 2.0.plsc
2007-02-03 14:18 3,511,538 ----a-w C:\Program Files\eMule0.47c-Installer.exe
2007-02-02 22:55 53,078,048 ----a-w C:\Program Files\javatm-2-platform-standard-edition_javatm_2_platform_windows_1.5.09_francais_10901.exe
2007-02-02 20:09 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
2005-03-21 20:42 1,256,444 ----a-w C:\Program Files\wrar342fr.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-08_19.52.59,37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:08:32 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:02:31 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:08:32 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:08:32 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:08:32 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:08:33 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:03:16 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:08:33 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:08:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:08:34 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:08:34 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:08:34 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:08:34 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2008-04-08 16:30:48 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-09 13:38:08 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-08 16:30:48 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-04-09 13:38:08 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-04-08 16:30:48 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-09 13:38:08 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-07 02:08:32 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 12:58:06 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-12-19 22:53:23 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:08:32 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 02:08:32 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-12-07 02:08:32 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 12:58:06 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-12-07 02:08:32 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-12-07 02:08:32 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-12-07 02:08:32 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 12:58:07 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-12-07 02:08:32 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-07 02:08:33 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 12:58:08 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-12-07 02:08:33 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-12-07 02:08:33 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 12:58:08 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-12-07 02:08:33 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-12-07 02:08:33 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 12:58:08 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-12-07 02:08:33 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 12:58:08 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-12-07 02:08:34 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-12-07 02:08:34 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 02:08:34 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-12-07 02:08:34 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 12:58:10 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-01-11 05:36:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-12-07 02:08:34 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 12:58:10 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-07 02:08:34 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 12:58:11 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 12:58:11 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-12-19 22:53:23 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 02:08:32 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 02:08:32 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-02-09 20:08:58 189,000 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-09 11:43:46 189,000 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-06 11:02:31 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:56:41 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-12-07 02:08:32 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-12-07 02:08:32 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-12-07 02:08:32 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-12-07 02:08:33 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-12-07 02:08:33 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-03-05 16:30:54 19,148,408 -c--a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 -c--a-w C:\WINDOWS\system32\MRT.exe
- 2007-12-07 02:08:34 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-12-07 02:08:34 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 02:08:34 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-12-07 02:08:34 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-01-11 05:36:55 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-12-07 02:08:34 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-10 09:36:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_484.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CopernicSummarizerWatchdog"="C:\Program Files\Copernic Summarizer\CSAgent.exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-25 16:16 67128]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"CHotkey"="mHotkey.exe" [2002-07-23 12:09 477184 C:\WINDOWS\mHotkey.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2003-09-26 18:03 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2003-09-26 18:02 53248]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-03 12:23 180269]
"AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 18:57 81408]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 14:08 172032]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56 40960]
"zzzHPSETUP"="F:\Setup.exe" [ ]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 05:19 69632]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-04 12:57:49 110592]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-25 16:16:07 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-01 14:15:20 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.mxmc"= MimicICM.DLL
"msacm.l3radius"= l3codecp.acm
"vidc.xvid"= xvid.dll
"vidc.VP31"= vp31vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\coktel\\ADI5\\TTS\\SpeechCube.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:"eMule : UDP Entrant"

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 19:41]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 08:58]
S2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe []
S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe []
S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe []
S3 MBAMCatchMe;MBAMCatchMe;C:\Documents and Settings\VALERIE FARGUES\Bureau\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 19:54]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14f71571-a0e2-11dc-83a5-000c7687d3fe}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-14 17:54:25 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-10 11:16:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 13:26:24
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

? [3604]

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AliceSAV = C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-10 13:28:52
ComboFix-quarantined-files.txt 2008-04-10 11:28:27
ComboFix2.txt 2008-04-09 11:01:56
ComboFix3.txt 2008-04-08 21:57:07
ComboFix4.txt 2008-04-08 17:54:10
Pre-Run: 4,226,359,296 octets libres
Post-Run: 4,217,176,064 octets libres
.
2008-04-09 12:03:31 --- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 13:49:06, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
O4 - HKCU\..\Run: [CopernicSummarizerWatchdog] "C:\Program Files\Copernic Summarizer\CSAgent.exe" /thisismandatory
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: https://www.sncf.com/fr
O15 - Trusted Zone: http://*.voyages-sncf.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)

Réponse 15 / 18

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Folder::
C:\Program Files\AxBx
C:\WINDOWS\system32\DelReboot
C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313

File::
C:\WINDOWS\system32\xalqie.exe
C:\WINDOWS\system32\lkyzft.exe
C:\WINDOWS\system32\npjnbb.exe
C:\WINDOWS\system32\esnvvp.exe
C:\WINDOWS\whsyst32.exe
C:\WINDOWS\system32\hokumn.exe
C:\WINDOWS\system32\SET38.tmp
C:\WINDOWS\system32\SET54.tmp
C:\WINDOWS\system32\SET48.tmp
C:\WINDOWS\system32\SET25.tmp
C:\WINDOWS\system32\SET49.tmp
C:\WINDOWS\system32\SET2B.tmp
C:\WINDOWS\system32\SET4D.tmp
C:\WINDOWS\system32\SET24.tmp

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flash Media"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

merci g!rly!

Utilisateur anonyme

ComboFix 08-04-07.5 - VAL2008-04-10 19:29:38.5 - NTFSx86
Endroit: C:\Documents and Settings\VAL\Bureau\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\VAL\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\esnvvp.exe
C:\WINDOWS\system32\hokumn.exe
C:\WINDOWS\system32\lkyzft.exe
C:\WINDOWS\system32\npjnbb.exe
C:\WINDOWS\system32\SET24.tmp
C:\WINDOWS\system32\SET25.tmp
C:\WINDOWS\system32\SET2B.tmp
C:\WINDOWS\system32\SET38.tmp
C:\WINDOWS\system32\SET48.tmp
C:\WINDOWS\system32\SET49.tmp
C:\WINDOWS\system32\SET4D.tmp
C:\WINDOWS\system32\SET54.tmp
C:\WINDOWS\system32\xalqie.exe
C:\WINDOWS\whsyst32.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313
C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
C:\Program Files\AxBx
C:\WINDOWS\system32\DelReboot\
C:\WINDOWS\system32\esnvvp.exe
C:\WINDOWS\system32\hokumn.exe
C:\WINDOWS\system32\lkyzft.exe
C:\WINDOWS\system32\npjnbb.exe
C:\WINDOWS\system32\SET24.tmp
C:\WINDOWS\system32\SET25.tmp
C:\WINDOWS\system32\SET2B.tmp
C:\WINDOWS\system32\SET38.tmp
C:\WINDOWS\system32\SET48.tmp
C:\WINDOWS\system32\SET49.tmp
C:\WINDOWS\system32\SET4D.tmp
C:\WINDOWS\system32\SET54.tmp
C:\WINDOWS\system32\xalqie.exe
C:\WINDOWS\whsyst32.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
.

2008-04-10 13:12 . 2008-04-10 13:12 <REP> d-------- C:\_OTMoveIt
2008-04-09 13:19 . 2008-04-09 13:24 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-09 00:52 . 2008-04-09 00:52 <REP> d-------- C:\Documents and Settings\VALERIE FARGUES\Application Data\vlc
2008-04-09 00:48 . 2008-04-09 00:48 <REP> d-------- C:\Program Files\VideoLAN
2008-04-07 13:29 . 2008-04-10 13:49 <REP> d-------- C:\Program Files\Hijackthis Version Française
2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\VAL\Application Data\Malwarebytes
2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 23:28 . 2008-04-06 23:29 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-06 16:02 . 2008-04-06 16:02 76 --a------ C:\WINDOWS\system32\DelReboot
2008-04-05 11:08 . 2008-04-05 11:08 0 --a------ C:\WINDOWS\system32\real.MSNFix
2008-04-03 23:45 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-03 23:45 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-25 21:08 . 2008-04-09 01:02 244 --ah----- C:\sqmnoopt19.sqm
2008-03-25 21:08 . 2008-04-08 18:31 244 --ah----- C:\sqmnoopt18.sqm
2008-03-25 21:08 . 2008-04-07 23:51 244 --ah----- C:\sqmnoopt17.sqm
2008-03-25 21:08 . 2008-04-07 20:00 244 --ah----- C:\sqmnoopt16.sqm
2008-03-25 21:08 . 2008-04-09 01:02 232 --ah----- C:\sqmdata19.sqm
2008-03-25 21:08 . 2008-04-08 18:31 232 --ah----- C:\sqmdata18.sqm
2008-03-25 21:08 . 2008-04-07 23:51 232 --ah----- C:\sqmdata17.sqm
2008-03-25 21:08 . 2008-04-07 20:00 232 --ah----- C:\sqmdata16.sqm
2008-03-25 20:27 . 2008-03-27 21:42 <REP> d-------- C:\Program Files\JS World
2008-03-25 20:10 . 2008-03-26 00:36 244 --ah----- C:\sqmnoopt08.sqm
2008-03-25 20:10 . 2008-03-26 00:36 232 --ah----- C:\sqmdata08.sqm
2008-03-24 16:04 . 2008-03-25 19:19 7,680 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-03-23 23:22 . 2008-03-25 23:54 244 --ah----- C:\sqmnoopt07.sqm
2008-03-23 23:22 . 2008-03-25 23:54 232 --ah----- C:\sqmdata07.sqm
2008-03-23 19:28 . 2008-03-23 19:28 <REP> d-------- C:\Program Files\Styliste3
2008-03-23 19:20 . 2008-03-25 20:22 <REP> d-------- C:\Program Files\JS Star
2008-03-16 21:50 . 2008-03-25 23:05 244 --ah----- C:\sqmnoopt06.sqm
2008-03-16 21:50 . 2008-03-25 23:05 232 --ah----- C:\sqmdata06.sqm
2008-03-16 21:12 . 2008-03-25 22:02 244 --ah----- C:\sqmnoopt05.sqm
2008-03-16 21:12 . 2008-03-25 22:02 232 --ah----- C:\sqmdata05.sqm
2008-03-16 02:49 . <REP> C:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web
2008-03-16 02:12 . 2008-03-25 21:35 244 --ah----- C:\sqmnoopt04.sqm
2008-03-16 02:12 . 2008-03-25 21:35 232 --ah----- C:\sqmdata04.sqm
2008-03-16 02:00 . 2006-01-26 21:19 73,728 --a------ C:\WINDOWS\system32\TBD35.tmp
2008-03-16 01:59 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\TBD34.tmp
2008-03-16 01:59 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\TBD32.tmp
2008-03-16 01:59 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\TBD33.tmp
2008-03-16 01:59 . 2006-08-22 17:08 77,824 --a------ C:\WINDOWS\system32\TBD31.tmp
2008-03-16 01:47 . 2008-03-16 01:59 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-16 01:39 . 2008-03-16 01:39 <REP> d-------- C:\Program Files\Softwin
2008-03-16 01:39 . 2008-03-16 01:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-16 01:35 . 2008-03-16 02:01 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-03-14 00:52 . 2008-03-25 21:28 244 --ah----- C:\sqmnoopt03.sqm
2008-03-14 00:52 . 2008-03-25 21:28 232 --ah----- C:\sqmdata03.sqm
2008-03-13 20:05 . 2008-03-25 21:08 244 --ah----- C:\sqmnoopt02.sqm
2008-03-13 20:05 . 2008-03-25 21:08 232 --ah----- C:\sqmdata02.sqm
2008-03-11 20:50 . 2008-04-06 15:47 5,120 --a------ C:\WINDOWS\winsyn32.MSNFix

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 15:14 --------- d-----w C:\Documents and Settings\VAL\Application Data\Dossier de téléchargement Share-to-Web
2008-04-01 15:45 --------- d-----w C:\Program Files\Windows Live
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-25 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-15 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 15:32 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-03-08 15:32 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-08 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-03-05 22:36 --------- d-----w C:\Program Files\Avira
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 20:18 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-29 20:06 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-29 20:04 --------- d-----w C:\Program Files\MSN Messenger
2008-02-29 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-18 12:16 --------- d-----w C:\Program Files\eMule
2008-02-16 19:36 45,120 -c--a-w C:\Documents and Settings\VAL\Application Data\GDIPFONTCACHEV1.DAT
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-01-30 20:35 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-02 15:47 134,109 ----a-w C:\Program Files\Alertes MsnCreative 2.0.plsc
2007-02-03 14:18 3,511,538 ----a-w C:\Program Files\eMule0.47c-Installer.exe
2007-02-02 22:55 53,078,048 ----a-w C:\Program Files\javatm-2-platform-standard-edition_javatm_2_platform_windows_1.5.09_francais_10901.exe
2007-02-02 20:09 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
2005-03-21 20:42 1,256,444 ----a-w C:\Program Files\wrar342fr.exe
.

((((((((((((((((((((((((((((( snapshot_2008-04-10_13.27.59,59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-10 14:57:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_468.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CopernicSummarizerWatchdog"="C:\Program Files\Copernic Summarizer\CSAgent.exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-25 16:16 67128]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"CHotkey"="mHotkey.exe" [2002-07-23 12:09 477184 C:\WINDOWS\mHotkey.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2003-09-26 18:03 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2003-09-26 18:02 53248]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-03 12:23 180269]
"AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 18:57 81408]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 14:08 172032]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56 40960]
"zzzHPSETUP"="F:\Setup.exe" [ ]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 05:19 69632]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-04 12:57:49 110592]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-25 16:16:07 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-01 14:15:20 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.mxmc"= MimicICM.DLL
"msacm.l3radius"= l3codecp.acm
"vidc.xvid"= xvid.dll
"vidc.VP31"= vp31vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\coktel\\ADI5\\TTS\\SpeechCube.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:"eMule : UDP Entrant"

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 19:41]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 08:58]
S2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe []
S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe []
S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe []
S3 MBAMCatchMe;MBAMCatchMe;C:\Documents and Settings\VAL\Bureau\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 19:54]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14f71571-a0e2-11dc-83a5-000c7687d3fe}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-14 17:54:25 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-10 17:17:29 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 19:41:15
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AliceSAV = C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-10 19:45:20
ComboFix-quarantined-files.txt 2008-04-10 17:45:04
ComboFix2.txt 2008-04-10 11:28:53
ComboFix3.txt 2008-04-09 11:01:56
ComboFix4.txt 2008-04-08 21:57:07
ComboFix5.txt 2008-04-08 17:54:10
Pre-Run: 4,118,851,584 octets libres
Post-Run: 4,111,290,368 octets libres
.
2008-04-09 12:03:31 --- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 20:00:16, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CopernicSummarizerWatchdog] "C:\Program Files\Copernic Summarizer\CSAgent.exe" /thisismandatory
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: https://www.sncf.com/fr
O15 - Trusted Zone: http://*.voyages-sncf.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)

Réponse 16 / 18

Utilisateur anonyme

Je crois qu'il a enfin disparu : pour le moment, je ne le vois plus dans les fichiers temporaires.....Il faut voir!!!!!

Réponse 17 / 18

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

oui c'est bon

merci g!rly!

Utilisateur anonyme

Apparemment, tout baigne à présent. Je te remercie pour ce parcours initiatique. La patience est pertinente.

Réponse 18 / 18

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

slt cela vient du virus msn qui a laissé des traces

___________

essaye de reparer avec zeb restore
http://telechargement.zebulon.fr/zeb-restore.html

____________

ou reparer windows
https://www.pcastuces.com/pratique/windows/xp/default.htm

Discussions similaires

Softonic,est-ce un virus ?

symboles et écritures pour nick msn

Désinstaller Softonic

Virus msn : services exe

18 réponses

Votre réponse

Discussions similaires

Newsletters