Virus msn : services exe

Résolu
Utilisateur anonyme -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Ayant contracté un fameux virus sur windows messenger( que fe ta tof sur MSN-lien hxxp://web.isuisse-com/contact), ayant eu recours à la lecture de plusieurs conseils sur les forums et ne pouvant pas me débarrasser de ce virus, je "lance" à mon tour un appel aux conseils. Je vous remercie d'avance si vous avez un moment pour me répondre.
Avast antivirus le détecte à chaque fois que je me connecte à MSN, voici le rapport :

09/03/2008 01:09:00 VAL Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VALocal Settings\Temporary Internet Files\Content.IE5\LAUXBAT1\addz[1].exe\[UPX]" file.
09/03/2008 01:09:01 VAL1376 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL \zfykyz.exe\[UPX]" file.
09/03/2008 01:09:01 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL zfykyz.exe\[UPX]" file.
09/03/2008 01:11:23 VA Sign of "Win32:Agent-RUQ [Trj]" has been found in "C:\WINDOWS\mrofinu1423.exe\[UPX]" file.
09/03/2008 01:12:11 VAL 1376 Sign of "Win32:Agent-JOY [Trj]" has been found in "C:\Documents and Settings\VAL \Application Data\WinTouch\WinTouch.exe\[UPX]" file.
09/03/2008 01:18:00 VAL Sign of "Win32:Agent-JOY [Trj]" has been found in "C:\Documents and Settings\VAL \Application Data\Microsoft\Windows\rayiou.exe\[UPX]" file.
09/03/2008 13:17:02 SYSTEM 1244 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VALLocal Settings\Temporary Internet Files\Content.IE5\NR8R2LCZ\addz[1].exe\[UPX]" file.
09/03/2008 13:17:03 SYSTEM 1244 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL
09/03/2008 13:17:03 SYSTEM 1244 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL \dfafbz.exe\[UPX]" file.
09/03/2008 13:24:49 SYSTEM 1244 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\b138.exe_old" file.
11/03/2008 19:55:19 SYSTEM 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\Local Settings\Temporary Internet Files\Content.IE5\NR8R2LCZ\addz[1].exe\[UPX]" file.
11/03/2008 19:55:25 SYSTEM 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\decsba.exe\[UPX]" file.
11/03/2008 19:55:25 SYSTEM 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\decsba.exe\[UPX]" file.
12/03/2008 22:05:55 VAL1168 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\decsba.exe\[UPX]" file.
13/03/2008 19:14:10 SYSTEM 1296 Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
13/03/2008 19:14:23 SYSTEM 1296 An error has occured while attempting to update. Please check the logs.
13/03/2008 23:52:04 SYSTEM 1296 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL \Local Settings\Temporary Internet Files\Content.IE5\NR8R2LCZ\6736f989[1].exe\[UPX]" file.
13/03/2008 23:52:04 SYSTEM 1296 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\ckaowk.exe\[UPX]" file.
13/03/2008 23:52:04 SYSTEM 1296 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\ckaowk.exe\[UPX]" file.
14/03/2008 21:17:55 VAL 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\Local Settings\Temporary Internet Files\Content.IE5\NR8R2LCZ\6736f989[2].exe\[UPX]" file.
14/03/2008 21:29:02 VAL 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\hcxqto.exe\[UPX]" file.
15/03/2008 14:33:11 VAL 1144 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL \Local Settings\Temporary Internet Files\Content.IE5\NR8R2LCZ\6736f989[1].exe\[UPX]" file.
15/03/2008 15:11:17 VALERIE FARGUES 1144 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\fupcnq.exe\[UPX]" file.
15/03/2008 21:28:14 VAL 1144 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\ckaowk.exe\[UPX]" file.
15/03/2008 23:11:35 VAL 1144 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\Local Settings\Temporary Internet Files\Content.IE5\NR8R2LCZ\6736f989[1].exe\[UPX]" file.
15/03/2008 23:11:36 VAL 1144 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\dlhbaq.exe\[UPX]" file.
15/03/2008 23:11:36 VAL 1144 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\dlhbaq.exe\[UPX]" file.
15/03/2008 23:21:03 VAL 1296 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL Local Settings\Temporary Internet Files\Content.IE5\NR8R2LCZ\6736f989[2].exe\[UPX]" file.
15/03/2008 23:22:12 VAL 1296 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\hirnah.exe\[UPX]" file.
16/03/2008 01:12:10 VAL 1296 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\Local Settings\Temporary Internet Files\Content.IE5\VSL7QWNC\6736f989[1].exe\[UPX]" file.
16/03/2008 01:12:11 VAL 1296 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\khjkwl.exe\[UPX]" file.
16/03/2008 01:12:11 VAL 1296 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\khjkwl.exe\[UPX]" file.
16/03/2008 12:16:01 VAL 1152 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VA\Local Settings\Temporary Internet Files\Content.IE5\VSL7QWNC\6736f989[2].exe\[UPX]" file.
16/03/2008 12:19:02 VAL 1152 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\tksvdg.exe\[UPX]" file.
16/03/2008 22:25:21 VAL 384 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\dfafbz.exe\[UPX]" file.
17/03/2008 22:24:11 VA 3928 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\Local Settings\Temporary Internet Files\Content.IE5\VSL7QWNC\6736f989[1].exe\[UPX]" file.
17/03/2008 23:13:11 VALS 3928 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\zfykyz.exe\[UPX]" file.
17/03/2008 23:28:24 VAL3928 Sign of "Win32:Agent-JOY [Trj]" has been found in "C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP13\A0007123.exe\[UPX]" file.
17/03/2008 23:28:46 VAL3928 Sign of "Win32:Agent-JOY [Trj]" has been found in "C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP13\A0007124.exe\[UPX]" file.
17/03/2008 23:29:09 VAL 3928 Sign of "Win32:Agent-RUQ [Trj]" has been found in "C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP14\A0008136.exe\[UPX]" file.
17/03/2008 23:29:16 VAL 3928 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP14\A0008141.exe" file.
17/03/2008 23:29:22 VAL 3928 Sign of "Win32:Agent-JOY [Trj]" has been found in "C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP14\A0008157.exe\[UPX]" file.
17/03/2008 23:29:40 VA 3928 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP15\A0013174.exe\[UPX]" file.
17/03/2008 23:30:18 VAL3928 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP17\A0016222.exe\[UPX]" file.
17/03/2008 23:31:24 VAL3928 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP19\A0017304.exe\[UPX]" file.
17/03/2008 23:31:47 VAL 3928 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP20\A0019311.exe\[UPX]" file.
17/03/2008 23:58:19 VA 3928 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\dlhbaq.exe\[UPX]" file.
18/03/2008 00:02:01 VA 3928 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\khjkwl.exe\[UPX]" file.
18/03/2008 08:54:58 VAL 1148 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\V\Local Settings\Temporary Internet Files\Content.IE5\VSL7QWNC\6736f989[1].exe\[UPX]" file.
18/03/2008 08:54:58 VAL1148 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\V\wttona.exe\[UPX]" file.
18/03/2008 08:54:58 V 1148 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VA wttona.exe\[UPX]" file.
18/03/2008 10:43:38 Administrateur 1284 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\Local Settings\Temporary Internet Files\Content.IE5\VSL7QWNC\6736f989[1].exe\[UPX]" file.
18/03/2008 11:06:30 Administrateur 1284 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\Vwttona.exe\[UPX]" file.
20/03/2008 18:24:53 SYSTEM 1336 Function setifaceUpdatePackages() has failed. Return code is 0x00000426, dwRes is 000004C8.
20/03/2008 18:25:01 SYSTEM 1336 An error has occured while attempting to update. Please check the logs.
20/03/2008 22:33:35 SYSTEM 1336 Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
20/03/2008 22:33:47 SYSTEM 1336 Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
20/03/2008 22:33:47 SYSTEM 1336 An error has occured while attempting to update. Please check the logs.
21/03/2008 00:18:19 SYSTEM 1164 Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
21/03/2008 00:18:46 SYSTEM 1164 Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
22/03/2008 14:59:13 SYSTEM 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VALERIE
28/03/2008 19:28:56 SYSTEM 1148 Sign of "Win32:Dialer-1300 [Trj]" has been found in "http://79.135.165.107/freehost11/chris0233/lu/xp_0233.exe\[UPX]" file.
29/03/2008 12:45:15 VAL1164 Sign of "Win32:Dialer-1300 [Trj]" has been found in "C:\DOCUME~1\VAL~1\LOCALS~1\Temp\xp_0233.exe\[UPX]" file.
29/03/2008 12:52:46 VAL 1164 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL
03/04/2008 17:27:48 SYSTEM 1140 Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
03/04/2008 17:28:29 SYSTEM 1140 An error has occured while attempting to update. Please check the logs.
03/04/2008 17:29:24 SYSTEM 1140 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VA
\Local Settings\Temporary Internet Files\Content.IE5\VSL7QWNC\wv[1].exe\[UPX]" file.
03/04/2008 17:29:28 SYSTEM 1140 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\V\yvqgff.exe\[UPX]" file.
03/04/2008 17:29:30 SYSTEM 1140 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VA \yvqgff.exe\[UPX]" file.
03/04/2008 17:30:41 SYSTEM 1140 Sign of "Win32:Dialer-1300 [Trj]" has been found in "http://79.135.165.107/freehost11/chris0233/lu/xp_0233.exe\[UPX]" file.
03/04/2008 18:49:24 SYSTEM 1140 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VA \Local Settings\Temporary Internet Files\Content.IE5\IDUETM26\wv[1].exe\[UPX]" file.
Settings\VAL\yiofne.exe\[UPX]" file.
04/04/2008 00:17:42 VAL 1164 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\\yiofne.exe\[UPX]" file.
05/04/2008 10:56:31 SYSTEM 952 Sign of "Win32:Dialer-1300 [Trj]" has been found in "http://79.135.165.107/freehost11/chris0233/lu/xp_0233.exe\[UPX]" file.
05/04/2008 11:13:50 VAL1164 Sign of "Win32:Dialer-1300 [Trj]" has been found in "C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\xp_0233.exe\[UPX]" file.
06/04/2008 15:09:58 SYSTEM 1148 Sign of "Win32:Dialer-1300 [Trj]" has been found in "http://79.135.165.107/freehost11/chris0233/lu/xp_0233.exe\[UPX]" file.
06/04/2008 15:11:24 SYSTEM 1148 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\V \Local Settings\Temporary Internet Files\Content.IE5\VSL7QWNC\wv[1].exe\[UPX]" file.
06/04/2008 15:12:45 SYSTEM 1148 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VALwprkjo.exe\[UPX]" file.
06/04/2008 15:19:14 SYSTEM 1148 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VA\Local Settings\Temporary Internet Files\Content.IE5\VSL7QWNC\wv[1].exe\[UPX]" file.
06/04/2008 15:19:15 SYSTEM 1148 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\lkyzft.exe\[UPX]" file.
06/04/2008 15:19:15 SYSTEM 1148 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\WINDOWS\system32\lkyzft.exe\[UPX]" file.
06/04/2008 15:47:05 VAL 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VA\Local Settings\Temporary Internet Files\Content.IE5\J23ZLYW0\wv[1].exe\[UPX]" file.
06/04/2008 15:47:07 VAL 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VALmvfdc.exe\[UPX]" file.
06/04/2008 15:47:07 VAL 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\kmvfdc.exe\[UPX]" file.
06/04/2008 15:48:50 VAL 1156 Sign of "Win32:Dialer-1300 [Trj]" has been found in "http://79.135.165.107/freehost11/chris0233/lu/xp_0233.exe\[UPX]" file.
06/04/2008 16:51:40 VA1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\MSNFix\backup\kmvfdc.exe\[UPX]" file.
06/04/2008 16:52:19 VAL1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\MSNFix\backup\yiofne.exe\[UPX]" file.
06/04/2008 16:52:25 VAL1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VAL\kmvfdc.MSNFix\[UPX]" file.
06/04/2008 16:52:36 VAL 1156 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VALkmvfdc.MSNFix\[UPX]" file.
06/04/2008 16:58:48 VAL1300 Sign of "Win32:Dialer-1300 [Trj]" has been found in "C:\DOCUME~1\VAL~1\LOCALS~1\Temp\xp_0233.exe\[UPX]" file.
06/04/2008 17:02:06 VAL1300 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\Documents and Settings\VALLocal Settings\Temporary Internet Files\Content.IE5\IDUETM26\wv[1].exe\[UPX]" file.
06/04/2008 17:02:25 V 1300 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\DOCUME~1\VAL~1\LOCALS~1\Temp\Rar$EX09.313\vqnwnb.exe\[UPX]" file.
06/04/2008 17:27:40 VAL 1232 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\DOCUME~1\VAL~1\Bureau\Upload_Me\kmvfdc.exe\[UPX]" file.
06/04/2008 17:27:40 VAL 1232 Sign of "Win32:Small-JMH [Trj]" has been found in "C:\DOCUME~1\VAL~1\Bureau\Upload_Me\yiofne.exe\[UPX]" file.
06/04/2008 17:29:58 VAL1232 Sign of "Win32:Dialer-1300 [Trj]" has been found in "http://79.135.165.107/freehost11/chris0233/lu/xp_0233.exe\[UPX]" file.

Voici le rapport de MSNFIX :
MSNFix 1.700

C:\MSNFix
Fix exécuté le 06/04/2008 - 17:17:44,82 By VA
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\winsyn32.dll

************************ Recherche les dossiers présents

... C:\Program Files\nvcoi\
... C:\Program Files\nvcoi\

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\LOCALS~1
/!\ ... C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313
/!\ ... C:\WINDOWS\winsyn32.dll

************************ Suppression des dossiers

/!\ ... C:\Program Files\nvcoi\
/!\ ... C:\Program Files\nvcoi\

************************ Nettoyage du registre

Les fichiers encore présents seront supprimés au prochain redémarrage

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\winsyn32.dll
.. OK ... C:\WINDOWS\system32\real.txt
.. OK ... C:\WINDOWS\system32\LOCALS~1
/!\ ... C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313

************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\CIT207355-HPCOM-PATCH-v8.exe] A1A9476DD0DC44C5E5B7B2FFF402F9F2
[C:\PF80_08.exe] F465BFFBE22F78595CD5292BCB075062
[C:\QTINSTAL.EXE] E248769A0FA500ED29DDCBCAA43FB739

[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\VALERI~1\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 06042008_17255459.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

Rapport msn cleaner :

- Rapport MSNCleaner 1.5.6 by www.forospyware.com
- Rapport créé: 06/04/2008 on 16:02:55
- Système d'exploitation: Windows XP
- Mode de démarrage: Normal
_________________________________________

Fichiers détectés: 1
Fichiers supprimés: 0
Fichiers non supprimés: 1

C:\Documents and Settings\V\Local Settings\Temp\services.exe <--- Delete on Reboot

Fichier Hosts restauré Merci!
Configuration: Windows XP
Firefox 2.0.0.13

18 réponses

Résumé de la discussion

Un utilisateur signale la détection répétée d'un virus lié à Windows Messenger lors de connexions MSN et transmet un relevé Avast présentant des signatures Win32:Small-JMH [Trj], Win32:Agent-JOY [Trj] et Dialer-1300 [Trj]. Plusieurs éléments montrent une infection persistante avec des fichiers malveillants répertoriés dans Temp et system32, des exécutions inhabituelles et des échecs répétés de mise à jour nécessitant une intervention approfondie. Le recours à MSNFix et MSNCleaner est évoqué avec suppression de fichiers et nettoyage du registre, tout en indiquant que certains éléments seront supprimés au redémarrage et qu’un avis expérimenté peut être utile.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    de rien
    et merci pour le coup de pouce de g!rly

    et fais gaffe sur msn !!!!
    1
    1. Utilisateur anonyme
       
      Bonsoir,

      Le virus a bien disparu.....Néanmoins, je viens de m'apercevoir en voulant restaurer le système ce soir suite à un petit incident que je n'ai plus de point de restauration accessible. Tout est coché correctement ,C,D et E sont sous surveillance mais aucun point n' apparaît dans le calendrier..Est-ce que cela peut venir d'une des modifications opérées?
      Je te remercie . Bonsoir
      0
    2. Utilisateur anonyme
       
      Encore moi,
      En fait autre probléme, depuis nos modifications, impossible de recevoir les mises à jour windows. Comment y remédier? Merci.
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    analyse ces fichiers sur virus toal et si inféctés tu les vire: https://www.virustotal.com/gui/

    C:\CIT207355-HPCOM-PATCH-v8.exe
    C:\PF80_08.exe
    C:\QTINSTAL.EXE

    _________________

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

    ____________________

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    ______________________

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :
    http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0
    1. Utilisateur anonyme
       
      Merci pour tes conseils. Vu que je n ai jamais eu de virus depuis le temps que je pianote, je pense que je vais mettre quelque temps à essayer toutes ces manipulations.
      0
    2. Utilisateur anonyme
       
      le premier et le troisieme fichiers sont nets et le second est trop lourd (PF80)pour être envoyé. Je continue demain. A plus
      0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok
    0
    1. Utilisateur anonyme
       
      [b]SDFix: Version 1.167 /b
      Run by VAL on 06/04/2008 at 23:33

      Microsoft Windows XP [version 5.1.2600]
      Running From: C:\DOCUME~1\VALERI~1\Bureau\SDFix

      [b]Checking Services /b:


      Restoring Windows Registry Values
      Restoring Windows Default Hosts File

      Rebooting


      [b]Checking Files /b:

      Trojan Files Found:

      C:\Program Files\JavaCore\JavaCore.MSNFix - Deleted
      C:\Program Files\nvcoi\mst.MSNFix - Deleted
      C:\WINDOWS\17PHolmes1423.exe - Deleted
      C:\Program Files\.autoreg - Deleted
      C:\WINDOWS\system32\drivers\etc\BackupHosts.bak - Deleted
      C:\WINDOWS\system32\real.txt - Deleted



      Folder C:\Program Files\JavaCore - Removed
      Folder C:\Program Files\nvcoi - Removed


      Removing Temp Files

      [b]ADS Check /b:



      [b]Final Check /b:

      catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-06 23:47:01
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe [1188] 0xFF999020

      scanning hidden services & system hive ...

      scanning hidden registry entries ...

      scanning hidden files ...


      scan completed successfully
      hidden processes: 1
      hidden services: 0
      hidden files: 1
      Voici le rapport SDFIX

      [b]Remaining Services /b:



      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
      "C:\\coktel\\ADI5\\TTS\\SpeechCube.exe"="C:\\coktel\\ADI5\\TTS\\SpeechCube.exe:*:Enabled:SPeechCube"
      "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
      "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
      "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
      "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
      "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
      "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
      "C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"="C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe:*:Enabled:Acrobat Reader 5.0"
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
      "C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft (R) HTML Application host"
      "C:\\Documents and Settings\\VAL\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe"="C:\\Documents and Settings\\VAL\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
      "C:\\Documents and Settings\\VAL\\Bureau\\incredimail_install.exe"="C:\\Documents and Settings\\VA\\Bureau\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
      "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
      "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
      "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
      "C:\\Documents and Settings\\VAL\\Bureau\\incredimail_install(2).exe"="C:\\Documents and Settings\\VAL\\Bureau\\incredimail_install(2).exe:*:Enabled:IncrediMail Installer"
      "C:\\DOCUME~1\\VA~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\VAL~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
      "C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"="C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe:*:Enabled:Flash Media"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

      [b]Remaining Files /b:


      File Backups: - C:\DOCUME~1\VALERI~1\Bureau\SDFix\backups\backups.zip

      [b]Files with Hidden Attributes /b:

      Tue 29 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
      Wed 11 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

      [b]Finished!/b
      0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    parfait sdfix a néttoyé mais colle moi les deux autres rapports
    0
    1. Utilisateur anonyme
       
      Malwarebytes' Anti-Malware 1.10
      Version de la base de données: 597

      Type de recherche: Examen complet (C:\|D:\|E:\|)
      Eléments examinés: 105874
      Temps écoulé: 1 hour(s), 20 minute(s), 13 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 4
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 10

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> No action taken.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP1\A0001003.exe (Trojan.Downloader) -> No action taken.
      C:\System Volume Information\_restore{C37F5D3C-666F-4249-930C-E8687AFB7482}\RP1\A0001015.exe (Trojan.Downloader) -> No action taken.
      C:\WINDOWS\system32\bdljmrwty_navps.dat (Adware.EGDAccess) -> No action taken.
      C:\WINDOWS\system32\hokumn_navps.dat (Adware.EGDAccess) -> No action taken.
      C:\WINDOWS\system32\jasjasunoh_navps.dat (Adware.EGDAccess) -> No action taken.
      C:\WINDOWS\system32\prgayf_navps.dat (Adware.EGDAccess) -> No action taken.
      C:\WINDOWS\system32\bdljmrwty_nav.dat (Adware.EGDAccess) -> No action taken.
      C:\WINDOWS\system32\hokumn_nav.dat (Adware.EGDAccess) -> No action taken.
      C:\WINDOWS\system32\jasjasunoh_nav.dat (Adware.EGDAccess) -> No action taken.
      C:\WINDOWS\system32\prgayf_nav.dat (Adware.EGDAccess) -> No action taken.



      J'ai fait le scan mais n ai pas détruit les fichiers car j ai loupé une étape et d'autre part, n'étais pas sûre de devoir détruire tout cela. Il me reste à faire hijac et peut-être à détruire ces fameux fichiers (??) Merci
      0
    2. Utilisateur anonyme
       
      Logfile of HijackThis v1.99.1
      Scan saved at 13:34:38, on 07/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      C:\Program Files\Google\Gmail Notifier\gnotify.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\WINDOWS\system32\LVComS.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
      C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
      O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
      O4 - HKCU\..\Run: [CopernicSummarizerWatchdog] "C:\Program Files\Copernic Summarizer\CSAgent.exe" /thisismandatory
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [MSNCleaner] C:\Program Files\MSNCleaner.exe
      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZC
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O15 - Trusted Zone: https://www.sncf.com/fr
      O15 - Trusted Zone: http://*.voyages-sncf.com
      O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
      O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\hpdj.exe (file missing)
      O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)

      Voici le dernier rapport. Je n'ai donc rien détruit avant d'avoir ton avis ni sur hijack ni ni sur malware.
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok il en reste beaucoup!

    relance hijackthis, fais do a system scan only puis selectionne ces lignes et fais fix cheked

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\­services.exe

    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

    O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe

    O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe

    O4 - HKCU\..\Run: [MSNCleaner] C:\Program Files\MSNCleaner.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZC

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab

    ____________

    refaire
    Malwarebytes' Anti-Malware et virer ce qui est trouvé

    ________

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    ______________

    utilise ccleaner sans installer la barre yahoo et nettoie les fichiers temporaires

    https://www.malekal.com/tutoriel-ccleaner/
    _______________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\­services.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\­services.exe
    _____________________

    recolle un hijackthis
    0
    1. Utilisateur anonyme
       
      File/Folder C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\­services.exe not found.

      OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04082008_120039



      J'ai suivi à la lettre toutes les instructions-encore merci- : impossible de faire fonctionner Combo-fix même renommé, la fenêtre s'ouvre et se referme immédiatement. Je refais un rapport Hi jack.
      0
    2. Utilisateur anonyme
       
      Logfile of HijackThis v1.99.1
      Scan saved at 12:08:50, on 08/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\mHotkey.exe
      C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      C:\Program Files\Google\Gmail Notifier\gnotify.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LVComS.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
      O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [CopernicSummarizerWatchdog] "C:\Program Files\Copernic Summarizer\CSAgent.exe" /thisismandatory
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O15 - Trusted Zone: https://www.sncf.com/fr
      O15 - Trusted Zone: [http://]*.voyages-sncf.com
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
      O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\hpdj.exe (file missing)
      O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)



      Quand je fais exécuter et %temp%, le fameux dossier Rar Ex 09 y est toujours et il reste impossible de le supprimer.Passionnant ce virus, il m' apprend à utiliser tant bien que mal un arsenal de logiciels. Merci et à plus.
      0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    refais msnfix et colle le rapport

    ___________________

    lance
    Clean Virus MSN

    https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/50571.html

    ___________________

    telecharge combofix:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\­services.exe

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe:

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
    1. Utilisateur anonyme
       
      ComboFix 08-04-07.5 - VALERIE FARGUES 2008-04-08 19:42:26.1 - NTFSx86
      Endroit: C:\Documents and Settings\VALERIE FARGUES\Bureau\Combo-Fix.exe
      Command switches used :: C:\Documents and Settings\VALERIE FARGUES\Bureau\CFscript
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\pack.epk
      C:\WINDOWS\system32\hjygzqoaw_navtmp.dat
      C:\WINDOWS\system32\ubximvgxzu_navfx.dat

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-08 18:46 . 2008-04-08 19:33 <REP> d-------- C:\Program Files\AxBx
      2008-04-07 20:00 . 2008-04-07 20:00 9,296 --a------ C:\WINDOWS\system32\esnvvp.exe
      2008-04-07 13:29 . 2008-04-08 12:11 <REP> d-------- C:\Program Files\Hijackthis Version Française
      2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\VALERIE FARGUES\Application Data\Malwarebytes
      2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-04-06 23:28 . 2008-04-06 23:29 <REP> d-------- C:\WINDOWS\ERUNT
      2008-04-06 17:23 . 2008-04-06 17:23 9,296 --a------ C:\WINDOWS\system32\npjnbb.exe
      2008-04-06 16:02 . 2008-04-06 16:02 76 --a------ C:\WINDOWS\system32\DelReboot
      2008-04-06 15:19 . 2008-04-06 15:19 9,296 --a------ C:\WINDOWS\system32\lkyzft.exe
      2008-04-05 11:08 . 2008-04-05 11:08 0 --a------ C:\WINDOWS\system32\real.MSNFix
      2008-04-04 00:10 . 2008-04-04 00:10 9,296 --a------ C:\WINDOWS\system32\xalqie.exe
      2008-04-03 23:45 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
      2008-04-03 23:45 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
      2008-03-25 21:08 . 2008-03-25 21:08 244 --ah----- C:\sqmnoopt19.sqm
      2008-03-25 21:08 . 2008-04-08 18:31 244 --ah----- C:\sqmnoopt18.sqm
      2008-03-25 21:08 . 2008-04-07 23:51 244 --ah----- C:\sqmnoopt17.sqm
      2008-03-25 21:08 . 2008-04-07 20:00 244 --ah----- C:\sqmnoopt16.sqm
      2008-03-25 21:08 . 2008-03-25 21:08 232 --ah----- C:\sqmdata19.sqm
      2008-03-25 21:08 . 2008-04-08 18:31 232 --ah----- C:\sqmdata18.sqm
      2008-03-25 21:08 . 2008-04-07 23:51 232 --ah----- C:\sqmdata17.sqm
      2008-03-25 21:08 . 2008-04-07 20:00 232 --ah----- C:\sqmdata16.sqm
      2008-03-25 20:27 . 2008-03-27 21:42 <REP> d-------- C:\Program Files\JS World
      2008-03-25 20:10 . 2008-03-26 00:36 244 --ah----- C:\sqmnoopt08.sqm
      2008-03-25 20:10 . 2008-03-26 00:36 232 --ah----- C:\sqmdata08.sqm
      2008-03-24 16:04 . 2008-03-25 19:19 7,680 --ahs---- C:\WINDOWS\system32\Thumbs.db
      2008-03-23 23:22 . 2008-03-25 23:54 244 --ah----- C:\sqmnoopt07.sqm
      2008-03-23 23:22 . 2008-03-25 23:54 232 --ah----- C:\sqmdata07.sqm
      2008-03-23 19:28 . 2008-03-23 19:28 <REP> d-------- C:\Program Files\Styliste3
      2008-03-23 19:20 . 2008-03-25 20:22 <REP> d-------- C:\Program Files\JS Star
      2008-03-16 21:50 . 2008-03-25 23:05 244 --ah----- C:\sqmnoopt06.sqm
      2008-03-16 21:50 . 2008-03-25 23:05 232 --ah----- C:\sqmdata06.sqm
      2008-03-16 21:12 . 2008-03-25 22:02 244 --ah----- C:\sqmnoopt05.sqm
      2008-03-16 21:12 . 2008-03-25 22:02 232 --ah----- C:\sqmdata05.sqm
      2008-03-16 02:49 . <REP> C:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web
      2008-03-16 02:12 . 2008-03-25 21:35 244 --ah----- C:\sqmnoopt04.sqm
      2008-03-16 02:12 . 2008-03-25 21:35 232 --ah----- C:\sqmdata04.sqm
      2008-03-16 02:00 . 2006-01-26 21:19 73,728 --a------ C:\WINDOWS\system32\TBD35.tmp
      2008-03-16 01:59 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\TBD34.tmp
      2008-03-16 01:59 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\TBD32.tmp
      2008-03-16 01:59 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\TBD33.tmp
      2008-03-16 01:59 . 2006-08-22 17:08 77,824 --a------ C:\WINDOWS\system32\TBD31.tmp
      2008-03-16 01:47 . 2008-03-16 01:59 81,984 --a------ C:\WINDOWS\system32\bdod.bin
      2008-03-16 01:39 . 2008-03-16 01:39 <REP> d-------- C:\Program Files\Softwin
      2008-03-16 01:39 . 2008-03-16 01:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
      2008-03-16 01:35 . 2008-03-16 02:01 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
      2008-03-14 00:52 . 2008-03-25 21:28 244 --ah----- C:\sqmnoopt03.sqm
      2008-03-14 00:52 . 2008-03-25 21:28 232 --ah----- C:\sqmdata03.sqm
      2008-03-13 20:05 . 2008-03-25 21:08 244 --ah----- C:\sqmnoopt02.sqm
      2008-03-13 20:05 . 2008-03-25 21:08 232 --ah----- C:\sqmdata02.sqm
      2008-03-11 20:52 . 2008-03-11 20:50 10,240 --a------ C:\WINDOWS\whsyst32.exe
      2008-03-11 20:50 . 2008-04-06 15:47 5,120 --a------ C:\WINDOWS\winsyn32.MSNFix
      2008-03-09 12:02 . 2003-06-18 18:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
      2008-03-09 12:02 . 2003-06-18 18:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
      2008-03-09 12:02 . 2003-06-19 10:04 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData
      2008-03-09 12:02 . 2003-11-01 16:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
      2008-03-09 12:02 . 2003-11-28 14:03 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
      2008-03-09 12:02 . 2003-06-18 18:19 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
      2008-03-09 12:02 . 2003-11-01 16:47 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
      2008-03-09 12:02 . 2003-11-28 13:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
      2008-03-09 12:02 . 2003-06-18 17:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
      2008-03-09 12:02 . 2003-11-28 14:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CyberLink
      2008-03-09 12:02 . 2003-11-25 14:32 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead
      2008-03-09 00:22 . 2008-03-25 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-03-09 00:09 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
      2008-03-09 00:09 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
      2008-03-09 00:09 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
      2008-03-09 00:09 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
      2008-03-09 00:09 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
      2008-03-09 00:09 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
      2008-03-09 00:08 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
      2008-03-08 17:32 . 2008-03-08 17:32 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
      2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmpCA571.FOT
      2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmpB2371.FOT
      2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmp92671.FOT
      2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmp5D671.FOT
      2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmp47471.FOT
      2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmp33771.FOT

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-06 15:14 --------- d-----w C:\Documents and Settings\VALERIE FARGUES\Application Data\Dossier de téléchargement Share-to-Web
      2008-04-01 15:45 --------- d-----w C:\Program Files\Windows Live
      2008-03-15 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-03-08 15:32 --------- d-----w C:\Program Files\Hewlett-Packard
      2008-03-08 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
      2008-03-05 22:36 --------- d-----w C:\Program Files\Avira
      2008-03-04 17:37 359,936 ----a-w C:\WINDOWS\system32\hokumn.exe
      2008-02-29 20:18 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
      2008-02-29 20:06 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-02-29 20:04 --------- d-----w C:\Program Files\MSN Messenger
      2008-02-29 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-02-18 12:16 --------- d-----w C:\Program Files\eMule
      2008-02-16 19:36 45,120 -c--a-w C:\Documents and Settings\VALERIE FARGUES\Application Data\GDIPFONTCACHEV1.DAT
      2008-01-30 20:35 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
      2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
      2007-12-02 15:47 134,109 ----a-w C:\Program Files\Alertes MsnCreative 2.0.plsc
      2007-02-03 14:18 3,511,538 ----a-w C:\Program Files\eMule0.47c-Installer.exe
      2007-02-02 22:55 53,078,048 ----a-w C:\Program Files\javatm-2-platform-standard-edition_javatm_2_platform_windows_1.5.09_francais_10901.exe
      2007-02-02 20:09 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
      2005-03-21 20:42 1,256,444 ----a-w C:\Program Files\wrar342fr.exe
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CopernicSummarizerWatchdog"="C:\Program Files\Copernic Summarizer\CSAgent.exe" [ ]
      "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-25 16:16 67128]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
      "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
      "CHotkey"="mHotkey.exe" [2002-07-23 12:09 477184 C:\WINDOWS\mHotkey.exe]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
      "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2003-09-26 18:03 155648]
      "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2003-09-26 18:02 53248]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-03 12:23 180269]
      "AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 18:57 81408]
      "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
      "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
      "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40 49152]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 14:08 172032]
      "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56 40960]
      "zzzHPSETUP"="F:\Setup.exe" [ ]
      "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 05:19 69632]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
      "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-04 12:57:49 110592]
      Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-25 16:16:07 67128]
      Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-01 14:15:20 692224]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= l3codecp.acm
      "vidc.mxmc"= MimicICM.DLL
      "msacm.l3radius"= l3codecp.acm
      "vidc.xvid"= xvid.dll
      "vidc.VP31"= vp31vfw.dll
      "vidc.DIV3"= DivXc32.dll
      "vidc.DIV4"= DivXc32f.dll
      "msacm.divxa32"= DivXa32.acm

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
      @=""

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\coktel\\ADI5\\TTS\\SpeechCube.exe"=
      "C:\\WINDOWS\\system32\\rtcshare.exe"=
      "C:\\Program Files\\NetMeeting\\conf.exe"=
      "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
      "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
      "C:\\WINDOWS\\system32\\mshta.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "4662:TCP"= 4662:TCP:emule
      "4672:UDP"= 4672:UDP:"eMule : UDP Entrant"

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 19:41]
      R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 08:58]
      S2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe []
      S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe []
      S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe []
      S3 MBAMCatchMe;MBAMCatchMe;C:\Documents and Settings\VALERIE FARGUES\Bureau\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 19:54]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14f71571-a0e2-11dc-83a5-000c7687d3fe}]
      \Shell\Auto\command - cmd /C launch.bat
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2007-12-14 17:54:25 C:\WINDOWS\Tasks\Norton Security Scan.job"
      - C:\Program Files\Norton Security Scan\Nss.exe
      "2008-04-08 17:16:17 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
      - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
      .
      **************************************************************************

      catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-08 19:48:27
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      ? [1300]

      Balayage caché autostart entries ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      AliceSAV = C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-08 19:54:09
      ComboFix-quarantined-files.txt 2008-04-08 17:53:43
      Pre-Run: 4,674,564,096 octets libres
      Post-Run: 4,652,863,488 octets libres
      .
      2008-04-06 13:55:10 --- E O F ---
      0
    2. Utilisateur anonyme
       
      Logfile of HijackThis v1.99.1
      Scan saved at 20:14:10, on 08/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\mHotkey.exe
      C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      C:\Program Files\Google\Gmail Notifier\gnotify.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\WINDOWS\system32\LVComS.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
      O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
      O4 - HKCU\..\Run: [CopernicSummarizerWatchdog] "C:\Program Files\Copernic Summarizer\CSAgent.exe" /thisismandatory
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O15 - Trusted Zone: https://www.sncf.com/fr
      O15 - Trusted Zone: http://*.voyages-sncf.com
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
      O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\hpdj.exe (file missing)
      O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
      0
  8. Utilisateur anonyme
     
    MSNFix 1.701

    C:\Documents and Settings\VALERIE FARGUES\Bureau\MSNFix
    Fix exécuté le 08/04/2008 - 18:25:54,18 By VALERIE FARGUES
    mode normal

    ************************ Recherche les fichiers présents

    ... C:\WINDOWS\winsyn32.dll

    ************************ Recherche les dossiers présents

    Aucun dossier trouvé

    ************************ Suppression des fichiers

    .. OK ... C:\WINDOWS\system32\LOCALS~1
    /!\ ... C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313
    /!\ ... C:\WINDOWS\winsyn32.dll

    ************************ Nettoyage du registre

    Les fichiers encore présents seront supprimés au prochain redémarrage

    ************************ Suppression des fichiers

    .. OK ... C:\WINDOWS\winsyn32.dll
    .. OK ... C:\WINDOWS\system32\real.txt
    .. OK ... C:\WINDOWS\system32\LOCALS~1
    /!\ ... C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313

    ************************ Fichiers suspects

    /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

    [C:\CIT207355-HPCOM-PATCH-v8.exe] A1A9476DD0DC44C5E5B7B2FFF402F9F2
    [C:\PF80_08.exe] F465BFFBE22F78595CD5292BCB075062
    [C:\QTINSTAL.EXE] E248769A0FA500ED29DDCBCAA43FB739

    [color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\VALERI~1\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr

    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 08042008_18345043.zip

    ************************ HKLM\...\Winlogon\Userinit

    Userinit = C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe

    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: https://www.ionos.fr/
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe [1616] 0xFFACF380

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710

    scanning hidden files ...

    scan completed successfully
    hidden processes: 1
    hidden services: 0
    hidden files: 1

    read file error: C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313, Accès refusé.
    read file error: C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313, Accès refusé.
    read file error: C:\WINDOWS\system32\LOCALS~1, Le fichier spécifié est introuvable.
    read file error: C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313, Accès refusé.
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    refais msnfix et colle le rapport

    __________________

    Télécharger OAD (Outil d'Aide au Diagnostic) < http://sosvirus.changelog.fr/OAD.exe >
    → Enregistre-le sur ton bureau
    → Lancer 'OAD.exe' en faisant un double clique sur le fichier
    → Saisir la valeur recherchée -> ' Rar$EX09.313 ' ( fait un copier/coller )
    → Type de recherche : sélectionner l'option 6 puis valide [entrée]
    → OAD va maintenant rechercher le fichier.
    → Laisse-le travailler jusqu'à ce qu'il en ait terminé.
    → Suivant la taille des disques durs, cette recherche peut prendre plusieurs minutes.

    ------------- Patienter. --------------

    → Le rapport de recherche s'affichera automatiquement dès qu'il en aura terminé.
    → Faire un copier/coller de ce rapport dans ton prochain post.

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note: Certains Antivirus peuvent émettre une alerte lors du téléchargement / utilisation > ignore
    0
    1. Utilisateur anonyme
       
      MSNFix 1.701

      C:\Documents and Settings\VAL\Bureau\MSNFix
      Fix exécuté le 08/04/2008 - 22:25:09,37 By VAL
      mode normal

      ************************ Recherche les fichiers présents

      Aucun Fichier trouvé

      ************************ Recherche les dossiers présents

      Aucun dossier trouvé


      ************************ Fichiers suspects

      /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

      [C:\CIT207355-HPCOM-PATCH-v8.exe] A1A9476DD0DC44C5E5B7B2FFF402F9F2
      [C:\PF80_08.exe] F465BFFBE22F78595CD5292BCB075062
      [C:\QTINSTAL.EXE] E248769A0FA500ED29DDCBCAA43FB739

      [color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\VALERI~1\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr



      ************************ HKLM\...\Winlogon\Userinit

      Userinit = C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe


      ------------------------------------------------------------------------
      Auteur : !aur3n7 Contact: https://www.ionos.fr/
      ------------------------------------------------------------------------

      - 08/04/2008 ---- 22:54:07,56

      ----------------------------------
      §§§§§§ [Rar$EX09.313] §§§§§§
      ----------------------------------
      [X] Registre

      -------------- [ ] rapide
      -- Fichier --- [ ] disque systeme
      ------------- [X] complete


      ********************
      [Registre]
      ********************


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Flash Media"="C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"="C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe:*:Enabled:Flash Media"

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"="C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe:*:Enabled:Flash Media"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"="C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe:*:Enabled:Flash Media"

      [HKEY_USERS\S-1-5-21-1983427867-2997751923-2791220935-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]
      "C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"="services"

      *******************
      [Fichier]
      *******************

      c:\Documents and Settings\VAL\Local Settings\Temp\Rar$EX09.313


      *********************
      [Même date]
      *********************

      [R‚pertoire ] --- REP ---> C:\Program Files\Files



      Outil Aide Diagnostic By !aur3n7 Version 1.1
      ----------------------------------
      §§§§§ Fin Rapport §§§§§
      ----------------------------------


      0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour fusionner:

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    ________________

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\\DOCUME~1\\VALERI~1\\LOC­ALS~1\\Temp\\Rar$EX09.313\\services.exe

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\S­tandardProfile\AuthorizedApplications\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\S­tandardProfile\AuthorizedApplications\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPoli­cy\StandardProfile\AuthorizedApplications\List]
    [HKEY_USERS\S-1-5-21-1983427867-2997751923-2791220935-1006\Software\Microsoft\Windows\Shel­lNoRoam\MUICache]
    "Flash Media"="-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
    1. Utilisateur anonyme
       
      ComboFix 08-04-07.5 - VAL 2008-04-08 23:46:41.2 - NTFSx86
      Endroit: C:\Documents and Settings\VAL\Bureau\Combo-Fix.exe
      Command switches used :: C:\Documents and Settings\VAL\Bureau\CFscript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      C:\\DOCUME~1\\VALERI~1\\LOC­ALS~1\\Temp\\Rar$EX09.313\\services.exe
      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-08 18:46 . 2008-04-08 19:33 <REP> d-------- C:\Program Files\AxBx
      2008-04-07 20:00 . 2008-04-07 20:00 9,296 --a------ C:\WINDOWS\system32\esnvvp.exe
      2008-04-07 13:29 . 2008-04-08 20:13 <REP> d-------- C:\Program Files\Hijackthis Version Française
      2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\VAL\Application Data\Malwarebytes
      2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-04-06 23:28 . 2008-04-06 23:29 <REP> d-------- C:\WINDOWS\ERUNT
      2008-04-06 17:23 . 2008-04-06 17:23 9,296 --a------ C:\WINDOWS\system32\npjnbb.exe
      2008-04-06 16:02 . 2008-04-06 16:02 76 --a------ C:\WINDOWS\system32\DelReboot
      2008-04-06 15:19 . 2008-04-06 15:19 9,296 --a------ C:\WINDOWS\system32\lkyzft.exe
      2008-04-05 11:08 . 2008-04-05 11:08 0 --a------ C:\WINDOWS\system32\real.MSNFix
      2008-04-04 00:10 . 2008-04-04 00:10 9,296 --a------ C:\WINDOWS\system32\xalqie.exe
      2008-04-03 23:45 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
      2008-04-03 23:45 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
      2008-03-25 21:08 . 2008-03-25 21:08 244 --ah----- C:\sqmnoopt19.sqm
      2008-03-25 21:08 . 2008-04-08 18:31 244 --ah----- C:\sqmnoopt18.sqm
      2008-03-25 21:08 . 2008-04-07 23:51 244 --ah----- C:\sqmnoopt17.sqm
      2008-03-25 21:08 . 2008-04-07 20:00 244 --ah----- C:\sqmnoopt16.sqm
      2008-03-25 21:08 . 2008-03-25 21:08 232 --ah----- C:\sqmdata19.sqm
      2008-03-25 21:08 . 2008-04-08 18:31 232 --ah----- C:\sqmdata18.sqm
      2008-03-25 21:08 . 2008-04-07 23:51 232 --ah----- C:\sqmdata17.sqm
      2008-03-25 21:08 . 2008-04-07 20:00 232 --ah----- C:\sqmdata16.sqm
      2008-03-25 20:27 . 2008-03-27 21:42 <REP> d-------- C:\Program Files\JS World
      2008-03-25 20:10 . 2008-03-26 00:36 244 --ah----- C:\sqmnoopt08.sqm
      2008-03-25 20:10 . 2008-03-26 00:36 232 --ah----- C:\sqmdata08.sqm
      2008-03-24 16:04 . 2008-03-25 19:19 7,680 --ahs---- C:\WINDOWS\system32\Thumbs.db
      2008-03-23 23:22 . 2008-03-25 23:54 244 --ah----- C:\sqmnoopt07.sqm
      2008-03-23 23:22 . 2008-03-25 23:54 232 --ah----- C:\sqmdata07.sqm
      2008-03-23 19:28 . 2008-03-23 19:28 <REP> d-------- C:\Program Files\Styliste3
      2008-03-23 19:20 . 2008-03-25 20:22 <REP> d-------- C:\Program Files\JS Star
      2008-03-16 21:50 . 2008-03-25 23:05 244 --ah----- C:\sqmnoopt06.sqm
      2008-03-16 21:50 . 2008-03-25 23:05 232 --ah----- C:\sqmdata06.sqm
      2008-03-16 21:12 . 2008-03-25 22:02 244 --ah----- C:\sqmnoopt05.sqm
      2008-03-16 21:12 . 2008-03-25 22:02 232 --ah----- C:\sqmdata05.sqm
      2008-03-16 02:49 . <REP> C:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web
      2008-03-16 02:12 . 2008-03-25 21:35 244 --ah----- C:\sqmnoopt04.sqm
      2008-03-16 02:12 . 2008-03-25 21:35 232 --ah----- C:\sqmdata04.sqm
      2008-03-16 02:00 . 2006-01-26 21:19 73,728 --a------ C:\WINDOWS\system32\TBD35.tmp
      2008-03-16 01:59 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\TBD34.tmp
      2008-03-16 01:59 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\TBD32.tmp
      2008-03-16 01:59 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\TBD33.tmp
      2008-03-16 01:59 . 2006-08-22 17:08 77,824 --a------ C:\WINDOWS\system32\TBD31.tmp
      2008-03-16 01:47 . 2008-03-16 01:59 81,984 --a------ C:\WINDOWS\system32\bdod.bin
      2008-03-16 01:39 . 2008-03-16 01:39 <REP> d-------- C:\Program Files\Softwin
      2008-03-16 01:39 . 2008-03-16 01:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
      2008-03-16 01:35 . 2008-03-16 02:01 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
      2008-03-14 00:52 . 2008-03-25 21:28 244 --ah----- C:\sqmnoopt03.sqm
      2008-03-14 00:52 . 2008-03-25 21:28 232 --ah----- C:\sqmdata03.sqm
      2008-03-13 20:05 . 2008-03-25 21:08 244 --ah----- C:\sqmnoopt02.sqm
      2008-03-13 20:05 . 2008-03-25 21:08 232 --ah----- C:\sqmdata02.sqm
      2008-03-11 20:52 . 2008-03-11 20:50 10,240 --a------ C:\WINDOWS\whsyst32.exe
      2008-03-11 20:50 . 2008-04-06 15:47 5,120 --a------ C:\WINDOWS\winsyn32.MSNFix
      2008-03-09 12:02 . 2003-06-18 18:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
      2008-03-09 12:02 . 2003-06-18 18:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
      2008-03-09 12:02 . 2003-06-19 10:04 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData
      2008-03-09 12:02 . 2003-11-01 16:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
      2008-03-09 12:02 . 2003-11-28 14:03 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
      2008-03-09 12:02 . 2003-06-18 18:19 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
      2008-03-09 12:02 . 2003-11-01 16:47 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
      2008-03-09 12:02 . 2003-11-28 13:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
      2008-03-09 12:02 . 2003-06-18 17:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
      2008-03-09 12:02 . 2003-11-28 14:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CyberLink
      2008-03-09 12:02 . 2003-11-25 14:32 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead
      2008-03-09 00:22 . 2008-03-25 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-03-09 00:09 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
      2008-03-09 00:09 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
      2008-03-09 00:09 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
      2008-03-09 00:09 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
      2008-03-09 00:09 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
      2008-03-09 00:09 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
      2008-03-09 00:08 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
      2008-03-08 17:32 . 2008-03-08 17:32 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
      2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmpCA571.FOT
      2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmpB2371.FOT
      2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmp92671.FOT
      2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmp5D671.FOT
      2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmp47471.FOT
      2008-03-08 17:24 . 2008-03-08 17:24 1,409 --a------ C:\WINDOWS\system32\tmp33771.FOT

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-06 15:14 --------- d-----w C:\Documents and Settings\VAL\Application Data\Dossier de téléchargement Share-to-Web
      2008-04-01 15:45 --------- d-----w C:\Program Files\Windows Live
      2008-03-15 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-03-08 15:32 --------- d-----w C:\Program Files\Hewlett-Packard
      2008-03-08 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
      2008-03-05 22:36 --------- d-----w C:\Program Files\Avira
      2008-02-29 20:18 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
      2008-02-29 20:06 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-02-29 20:04 --------- d-----w C:\Program Files\MSN Messenger
      2008-02-29 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-02-18 12:16 --------- d-----w C:\Program Files\eMule
      2008-02-16 19:36 45,120 -c--a-w C:\Documents and Settings\VAL\Application Data\GDIPFONTCACHEV1.DAT
      2007-12-02 15:47 134,109 ----a-w C:\Program Files\Alertes MsnCreative 2.0.plsc
      2007-02-03 14:18 3,511,538 ----a-w C:\Program Files\eMule0.47c-Installer.exe
      2007-02-02 22:55 53,078,048 ----a-w C:\Program Files\javatm-2-platform-standard-edition_javatm_2_platform_windows_1.5.09_francais_10901.exe
      2007-02-02 20:09 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
      2005-03-21 20:42 1,256,444 ----a-w C:\Program Files\wrar342fr.exe
      .

      ((((((((((((((((((((((((((((( snapshot@2008-04-08_19.52.59,37 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2008-04-08 18:37:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4a4.dat
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CopernicSummarizerWatchdog"="C:\Program Files\Copernic Summarizer\CSAgent.exe" [ ]
      "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-25 16:16 67128]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
      "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
      "CHotkey"="mHotkey.exe" [2002-07-23 12:09 477184 C:\WINDOWS\mHotkey.exe]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
      "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2003-09-26 18:03 155648]
      "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2003-09-26 18:02 53248]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-03 12:23 180269]
      "AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 18:57 81408]
      "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
      "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
      "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40 49152]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 14:08 172032]
      "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56 40960]
      "zzzHPSETUP"="F:\Setup.exe" [ ]
      "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 05:19 69632]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
      "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-04 12:57:49 110592]
      Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-25 16:16:07 67128]
      Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-01 14:15:20 692224]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= l3codecp.acm
      "vidc.mxmc"= MimicICM.DLL
      "msacm.l3radius"= l3codecp.acm
      "vidc.xvid"= xvid.dll
      "vidc.VP31"= vp31vfw.dll
      "vidc.DIV3"= DivXc32.dll
      "vidc.DIV4"= DivXc32f.dll
      "msacm.divxa32"= DivXa32.acm

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
      @=""

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\coktel\\ADI5\\TTS\\SpeechCube.exe"=
      "C:\\WINDOWS\\system32\\rtcshare.exe"=
      "C:\\Program Files\\NetMeeting\\conf.exe"=
      "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
      "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
      "C:\\WINDOWS\\system32\\mshta.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "4662:TCP"= 4662:TCP:emule
      "4672:UDP"= 4672:UDP:"eMule : UDP Entrant"

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 19:41]
      R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 08:58]
      S2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe []
      S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe []
      S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe []
      S3 MBAMCatchMe;MBAMCatchMe;C:\Documents and Settings\VAL\Bureau\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 19:54]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14f71571-a0e2-11dc-83a5-000c7687d3fe}]
      \Shell\Auto\command - cmd /C launch.bat
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2007-12-14 17:54:25 C:\WINDOWS\Tasks\Norton Security Scan.job"
      - C:\Program Files\Norton Security Scan\Nss.exe
      "2008-04-08 21:16:05 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
      - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
      .
      **************************************************************************

      catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-08 23:52:45
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      ? [1312]

      Balayage caché autostart entries ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      AliceSAV = C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-08 23:57:05
      ComboFix-quarantined-files.txt 2008-04-08 21:56:44
      ComboFix2.txt 2008-04-08 17:54:10
      Pre-Run: 4,589,264,896 octets libres
      Post-Run: 4,583,796,736 octets libres
      .
      2008-04-06 13:55:10 --- E O F ---

      Logfile of HijackThis v1.99.1
      Scan saved at 00:04:12, on 09/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\mHotkey.exe
      C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      C:\Program Files\Google\Gmail Notifier\gnotify.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\WINDOWS\system32\LVComS.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
      O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [CopernicSummarizerWatchdog] "C:\Program Files\Copernic Summarizer\CSAgent.exe" /thisismandatory
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O15 - Trusted Zone: https://www.sncf.com/fr
      O15 - Trusted Zone: http://*.voyages-sncf.com
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
      O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\hpdj.exe (file missing)
      O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
      0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\\DOCUME~1\\VALERI~1\\LOC­ALS~1\\Temp\\Rar$EX09.313\\services.exe
    C:\Documents and Settings\V\Local Settings\Temp\services.exe
    C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313
    C:\WINDOWS\system32\LOCALS~1

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\S­­tandardProfile\AuthorizedApplications\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\S­­tandardProfile\AuthorizedApplications\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPoli­­cy\StandardProfile\AuthorizedApplications\List]
    [HKEY_USERS\S-1-5-21-1983427867-2997751923-2791220935-1006\Software\Microsoft\Windows\Shel­­lNoRoam\MUICache]
    "Flash Media"="-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
    1. Utilisateur anonyme
       
      ComboFix 08-04-07.5 - VAL 2008-04-09 12:51:13.3 - NTFSx86
      Endroit: C:\Documents and Settings\VAL\Bureau\Combo-Fix.exe
      Command switches used :: C:\Documents anARGUESd Settings\VAL\Bureau\CFscript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      C:\\DOCUME~1\\VALERI~1\\LOC­ALS~1\\Temp\\Rar$EX09.313\\services.exe
      C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313
      C:\Documents and Settings\VAL\Local Settings\Temp\services.exe
      C:\WINDOWS\system32\LOCALS~1
      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-09 11:14 . 2008-04-09 11:14 <REP> d-------- C:\WINDOWS\LastGood
      2008-04-09 00:52 . 2008-04-09 00:52 <REP> d-------- C:\Documents and Settings\VAL\Application Data\vlc
      2008-04-09 00:48 . 2008-04-09 00:48 <REP> d-------- C:\Program Files\VideoLAN
      2008-04-08 18:46 . 2008-04-08 19:33 <REP> d-------- C:\Program Files\AxBx
      2008-04-07 20:00 . 2008-04-07 20:00 9,296 --a------ C:\WINDOWS\system32\esnvvp.exe
      2008-04-07 13:29 . 2008-04-09 00:03 <REP> d-------- C:\Program Files\Hijackthis Version Française
      2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\VAL\Application Data\Malwarebytes
      2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-04-06 23:28 . 2008-04-06 23:29 <REP> d-------- C:\WINDOWS\ERUNT
      2008-04-06 17:23 . 2008-04-06 17:23 9,296 --a------ C:\WINDOWS\system32\npjnbb.exe
      2008-04-06 16:02 . 2008-04-06 16:02 76 --a------ C:\WINDOWS\system32\DelReboot
      2008-04-06 15:19 . 2008-04-06 15:19 9,296 --a------ C:\WINDOWS\system32\lkyzft.exe
      2008-04-05 11:08 . 2008-04-05 11:08 0 --a------ C:\WINDOWS\system32\real.MSNFix
      2008-04-04 00:10 . 2008-04-04 00:10 9,296 --a------ C:\WINDOWS\system32\xalqie.exe
      2008-04-03 23:45 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
      2008-04-03 23:45 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
      2008-03-25 21:08 . 2008-04-09 01:02 244 --ah----- C:\sqmnoopt19.sqm
      2008-03-25 21:08 . 2008-04-08 18:31 244 --ah----- C:\sqmnoopt18.sqm
      2008-03-25 21:08 . 2008-04-07 23:51 244 --ah----- C:\sqmnoopt17.sqm
      2008-03-25 21:08 . 2008-04-07 20:00 244 --ah----- C:\sqmnoopt16.sqm
      2008-03-25 21:08 . 2008-04-09 01:02 232 --ah----- C:\sqmdata19.sqm
      2008-03-25 21:08 . 2008-04-08 18:31 232 --ah----- C:\sqmdata18.sqm
      2008-03-25 21:08 . 2008-04-07 23:51 232 --ah----- C:\sqmdata17.sqm
      2008-03-25 21:08 . 2008-04-07 20:00 232 --ah----- C:\sqmdata16.sqm
      2008-03-25 20:27 . 2008-03-27 21:42 <REP> d-------- C:\Program Files\JS World
      2008-03-25 20:10 . 2008-03-26 00:36 244 --ah----- C:\sqmnoopt08.sqm
      2008-03-25 20:10 . 2008-03-26 00:36 232 --ah----- C:\sqmdata08.sqm
      2008-03-24 16:04 . 2008-03-25 19:19 7,680 --ahs---- C:\WINDOWS\system32\Thumbs.db
      2008-03-23 23:22 . 2008-03-25 23:54 244 --ah----- C:\sqmnoopt07.sqm
      2008-03-23 23:22 . 2008-03-25 23:54 232 --ah----- C:\sqmdata07.sqm
      2008-03-23 19:28 . 2008-03-23 19:28 <REP> d-------- C:\Program Files\Styliste3
      2008-03-23 19:20 . 2008-03-25 20:22 <REP> d-------- C:\Program Files\JS Star
      2008-03-16 21:50 . 2008-03-25 23:05 244 --ah----- C:\sqmnoopt06.sqm
      2008-03-16 21:50 . 2008-03-25 23:05 232 --ah----- C:\sqmdata06.sqm
      2008-03-16 21:12 . 2008-03-25 22:02 244 --ah----- C:\sqmnoopt05.sqm
      2008-03-16 21:12 . 2008-03-25 22:02 232 --ah----- C:\sqmdata05.sqm
      2008-03-16 02:49 . <REP> C:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web
      2008-03-16 02:12 . 2008-03-25 21:35 244 --ah----- C:\sqmnoopt04.sqm
      2008-03-16 02:12 . 2008-03-25 21:35 232 --ah----- C:\sqmdata04.sqm
      2008-03-16 02:00 . 2006-01-26 21:19 73,728 --a------ C:\WINDOWS\system32\TBD35.tmp
      2008-03-16 01:59 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\TBD34.tmp
      2008-03-16 01:59 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\TBD32.tmp
      2008-03-16 01:59 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\TBD33.tmp
      2008-03-16 01:59 . 2006-08-22 17:08 77,824 --a------ C:\WINDOWS\system32\TBD31.tmp
      2008-03-16 01:47 . 2008-03-16 01:59 81,984 --a------ C:\WINDOWS\system32\bdod.bin
      2008-03-16 01:39 . 2008-03-16 01:39 <REP> d-------- C:\Program Files\Softwin
      2008-03-16 01:39 . 2008-03-16 01:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
      2008-03-16 01:35 . 2008-03-16 02:01 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
      2008-03-14 00:52 . 2008-03-25 21:28 244 --ah----- C:\sqmnoopt03.sqm
      2008-03-14 00:52 . 2008-03-25 21:28 232 --ah----- C:\sqmdata03.sqm
      2008-03-13 20:05 . 2008-03-25 21:08 244 --ah----- C:\sqmnoopt02.sqm
      2008-03-13 20:05 . 2008-03-25 21:08 232 --ah----- C:\sqmdata02.sqm
      2008-03-11 20:52 . 2008-03-11 20:50 10,240 --a------ C:\WINDOWS\whsyst32.exe
      2008-03-11 20:50 . 2008-04-06 15:47 5,120 --a------ C:\WINDOWS\winsyn32.MSNFix
      2008-03-09 12:02 . 2003-06-18 18:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
      2008-03-09 12:02 . 2003-06-18 18:19 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
      2008-03-09 12:02 . 2003-06-19 10:04 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData
      2008-03-09 12:02 . 2003-11-01 16:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
      2008-03-09 12:02 . 2003-11-28 14:03 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
      2008-03-09 12:02 . 2003-06-18 18:19 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
      2008-03-09 12:02 . 2003-11-01 16:47 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
      2008-03-09 12:02 . 2003-11-28 13:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
      2008-03-09 12:02 . 2003-06-18 17:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
      2008-03-09 12:02 . 2003-11-28 14:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CyberLink
      2008-03-09 12:02 . 2003-11-25 14:32 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead
      2008-03-09 00:22 . 2008-03-25 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-03-09 00:09 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
      2008-03-09 00:09 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
      2008-03-09 00:09 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
      2008-03-09 00:09 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
      2008-03-09 00:09 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
      2008-03-09 00:09 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
      2008-03-09 00:08 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-06 15:14 --------- d-----w C:\Documents and Settings\VAL\Application Data\Dossier de téléchargement Share-to-Web
      2008-04-01 15:45 --------- d-----w C:\Program Files\Windows Live
      2008-03-15 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-03-08 15:32 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
      2008-03-08 15:32 --------- d-----w C:\Program Files\Hewlett-Packard
      2008-03-08 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
      2008-03-05 22:36 --------- d-----w C:\Program Files\Avira
      2008-03-04 17:37 359,936 ----a-w C:\WINDOWS\system32\hokumn.exe
      2008-02-29 20:18 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
      2008-02-29 20:06 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-02-29 20:04 --------- d-----w C:\Program Files\MSN Messenger
      2008-02-29 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-02-18 12:16 --------- d-----w C:\Program Files\eMule
      2008-02-16 19:36 45,120 -c--a-w C:\Documents and Settings\VAL\Application Data\GDIPFONTCACHEV1.DAT
      2008-01-30 20:35 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
      2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
      2007-12-02 15:47 134,109 ----a-w C:\Program Files\Alertes MsnCreative 2.0.plsc
      2007-02-03 14:18 3,511,538 ----a-w C:\Program Files\eMule0.47c-Installer.exe
      2007-02-02 22:55 53,078,048 ----a-w C:\Program Files\javatm-2-platform-standard-edition_javatm_2_platform_windows_1.5.09_francais_10901.exe
      2007-02-02 20:09 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
      2005-03-21 20:42 1,256,444 ----a-w C:\Program Files\wrar342fr.exe
      .

      ((((((((((((((((((((((((((((( snapshot@2008-04-08_19.52.59,37 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-04-08 16:30:48 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
      + 2008-04-08 23:02:08 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
      - 2008-04-08 16:30:48 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
      + 2008-04-08 23:02:08 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
      - 2008-04-08 16:30:48 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
      + 2008-04-08 23:02:08 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
      + 2008-04-09 09:09:43 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_488.dat
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CopernicSummarizerWatchdog"="C:\Program Files\Copernic Summarizer\CSAgent.exe" [ ]
      "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-25 16:16 67128]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
      "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
      "CHotkey"="mHotkey.exe" [2002-07-23 12:09 477184 C:\WINDOWS\mHotkey.exe]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
      "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2003-09-26 18:03 155648]
      "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2003-09-26 18:02 53248]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-03 12:23 180269]
      "AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 18:57 81408]
      "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
      "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
      "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40 49152]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 14:08 172032]
      "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56 40960]
      "zzzHPSETUP"="F:\Setup.exe" [ ]
      "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 05:19 69632]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
      "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-04 12:57:49 110592]
      Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-25 16:16:07 67128]
      Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-01 14:15:20 692224]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= l3codecp.acm
      "vidc.mxmc"= MimicICM.DLL
      "msacm.l3radius"= l3codecp.acm
      "vidc.xvid"= xvid.dll
      "vidc.VP31"= vp31vfw.dll
      "vidc.DIV3"= DivXc32.dll
      "vidc.DIV4"= DivXc32f.dll
      "msacm.divxa32"= DivXa32.acm

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
      @=""

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\coktel\\ADI5\\TTS\\SpeechCube.exe"=
      "C:\\WINDOWS\\system32\\rtcshare.exe"=
      "C:\\Program Files\\NetMeeting\\conf.exe"=
      "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
      "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
      "C:\\WINDOWS\\system32\\mshta.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "4662:TCP"= 4662:TCP:emule
      "4672:UDP"= 4672:UDP:"eMule : UDP Entrant"

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 19:41]
      R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 08:58]
      S2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe []
      S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe []
      S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe []
      S3 MBAMCatchMe;MBAMCatchMe;C:\Documents and Settings\VALERIE FARGUES\Bureau\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 19:54]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14f71571-a0e2-11dc-83a5-000c7687d3fe}]
      \Shell\Auto\command - cmd /C launch.bat
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2007-12-14 17:54:25 C:\WINDOWS\Tasks\Norton Security Scan.job"
      - C:\Program Files\Norton Security Scan\Nss.exe
      "2008-04-09 10:16:03 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
      - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
      .
      **************************************************************************

      catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-09 12:57:16
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      ? [1476]

      Balayage caché autostart entries ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      AliceSAV = C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-09 13:01:55
      ComboFix-quarantined-files.txt 2008-04-09 11:01:36
      ComboFix2.txt 2008-04-08 21:57:07
      ComboFix3.txt 2008-04-08 17:54:10
      Pre-Run: 4,459,085,824 octets libres
      Post-Run: 4,452,687,872 octets libres
      .
      2008-04-06 13:55:10 --- E O F ---

      Logfile of HijackThis v1.99.1
      Scan saved at 13:10:01, on 09/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\mHotkey.exe
      C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      C:\Program Files\Google\Gmail Notifier\gnotify.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\WINDOWS\system32\LVComS.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC08.EXE
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW08.EXE
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW08.EXE
      C:\WINDOWS\explorer.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
      O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [CopernicSummarizerWatchdog] "C:\Program Files\Copernic Summarizer\CSAgent.exe" /thisismandatory
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O15 - Trusted Zone: https://www.sncf.com/fr
      O15 - Trusted Zone: http://*.voyages-sncf.com
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
      O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\hpdj.exe (file missing)
      O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
      0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    fix cette ligne avec hijakchits

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\­services.exe

    ___________

    encore des problèmes?
    recolle un hijackhtis
    0
    1. Utilisateur anonyme
       
      Bonjour,

      Ai suivi la dernière instruction. Apparemment, avast ne détecte plus le fameux win 32 quand l'ordi démarre et quand il se connecte automatiquement...Il est toujours impossible de supprimer C.....Temp\Rar Ex09 mais c'est peut-être normal.
      Je suis en train de faire un scan avec avast pour voir ...Je te tiens au courant. Merci pour ce parcours initiatique..
      0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :
    C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\­­services.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    0
    1. Utilisateur anonyme
       
      File/Folder C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\­­services.exe not found.

      OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04102008_131200
      0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\\DOCUME~1\\VALERI~1\\LOC­ALS~1\\Temp\\Rar$EX09.313\\services.exe
    C:\Documents and Settings\V\Local Settings\Temp\services.exe
    C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313
    C:\WINDOWS\system32\LOCALS~1

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\S­­­tandardProfile\AuthorizedApplications\List]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\S­­­tandardProfile\AuthorizedApplications\List]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPoli­­­cy\StandardProfile\AuthorizedApplications\List]
    [HKEY_USERS\S-1-5-21-1983427867-2997751923-2791220935-1006\Software\Microsoft\Windows\Shel­­­lNoRoam\MUICache]
    "Flash Media"="-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    fais le message 25
    0
    1. Utilisateur anonyme
       
      ComboFix 08-04-07.5 - VAL2008-04-10 13:19:38.4 - NTFSx86
      Endroit: C:\Documents and Settings\VAL\Bureau\Combo-Fix.exe
      Command switches used :: C:\Documents and Settings\VAL\Bureau\CFscript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      C:\\DOCUME~1\\VALERI~1\\LOC­ALS~1\\Temp\\Rar$EX09.313\\services.exe
      C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313
      C:\Documents and Settings\VAL\Local Settings\Temp\services.exe
      C:\WINDOWS\system32\LOCALS~1
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\_000005_.tmp.dll

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-10 13:12 . 2008-04-10 13:12 <REP> d-------- C:\_OTMoveIt
      2008-04-10 11:39 . 2008-04-10 11:39 <REP> d-------- C:\WINDOWS\LastGood
      2008-04-09 13:19 . 2008-04-09 13:24 1,355 --a------ C:\WINDOWS\imsins.BAK
      2008-04-09 00:52 . 2008-04-09 00:52 <REP> d-------- C:\Documents and Settings\VAL\Application Data\vlc
      2008-04-09 00:48 . 2008-04-09 00:48 <REP> d-------- C:\Program Files\VideoLAN
      2008-04-08 18:46 . 2008-04-08 19:33 <REP> d-------- C:\Program Files\AxBx
      2008-04-07 20:00 . 2008-04-07 20:00 9,296 --a------ C:\WINDOWS\system32\esnvvp.exe
      2008-04-07 13:29 . 2008-04-09 14:06 <REP> d-------- C:\Program Files\Hijackthis Version Française
      2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\VALApplication Data\Malwarebytes
      2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-04-06 23:28 . 2008-04-06 23:29 <REP> d-------- C:\WINDOWS\ERUNT
      2008-04-06 17:23 . 2008-04-06 17:23 9,296 --a------ C:\WINDOWS\system32\npjnbb.exe
      2008-04-06 16:02 . 2008-04-06 16:02 76 --a------ C:\WINDOWS\system32\DelReboot
      2008-04-06 15:19 . 2008-04-06 15:19 9,296 --a------ C:\WINDOWS\system32\lkyzft.exe
      2008-04-05 11:08 . 2008-04-05 11:08 0 --a------ C:\WINDOWS\system32\real.MSNFix
      2008-04-04 00:10 . 2008-04-04 00:10 9,296 --a------ C:\WINDOWS\system32\xalqie.exe
      2008-04-03 23:45 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
      2008-04-03 23:45 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
      2008-03-25 21:08 . 2008-04-09 01:02 244 --ah----- C:\sqmnoopt19.sqm
      2008-03-25 21:08 . 2008-04-08 18:31 244 --ah----- C:\sqmnoopt18.sqm
      2008-03-25 21:08 . 2008-04-07 23:51 244 --ah----- C:\sqmnoopt17.sqm
      2008-03-25 21:08 . 2008-04-07 20:00 244 --ah----- C:\sqmnoopt16.sqm
      2008-03-25 21:08 . 2008-04-09 01:02 232 --ah----- C:\sqmdata19.sqm
      2008-03-25 21:08 . 2008-04-08 18:31 232 --ah----- C:\sqmdata18.sqm
      2008-03-25 21:08 . 2008-04-07 23:51 232 --ah----- C:\sqmdata17.sqm
      2008-03-25 21:08 . 2008-04-07 20:00 232 --ah----- C:\sqmdata16.sqm
      2008-03-25 20:27 . 2008-03-27 21:42 <REP> d-------- C:\Program Files\JS World
      2008-03-25 20:10 . 2008-03-26 00:36 244 --ah----- C:\sqmnoopt08.sqm
      2008-03-25 20:10 . 2008-03-26 00:36 232 --ah----- C:\sqmdata08.sqm
      2008-03-24 16:04 . 2008-03-25 19:19 7,680 --ahs---- C:\WINDOWS\system32\Thumbs.db
      2008-03-23 23:22 . 2008-03-25 23:54 244 --ah----- C:\sqmnoopt07.sqm
      2008-03-23 23:22 . 2008-03-25 23:54 232 --ah----- C:\sqmdata07.sqm
      2008-03-23 19:28 . 2008-03-23 19:28 <REP> d-------- C:\Program Files\Styliste3
      2008-03-23 19:20 . 2008-03-25 20:22 <REP> d-------- C:\Program Files\JS Star
      2008-03-16 21:50 . 2008-03-25 23:05 244 --ah----- C:\sqmnoopt06.sqm
      2008-03-16 21:50 . 2008-03-25 23:05 232 --ah----- C:\sqmdata06.sqm
      2008-03-16 21:12 . 2008-03-25 22:02 244 --ah----- C:\sqmnoopt05.sqm
      2008-03-16 21:12 . 2008-03-25 22:02 232 --ah----- C:\sqmdata05.sqm
      2008-03-16 02:49 . <REP> C:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web
      2008-03-16 02:12 . 2008-03-25 21:35 244 --ah----- C:\sqmnoopt04.sqm
      2008-03-16 02:12 . 2008-03-25 21:35 232 --ah----- C:\sqmdata04.sqm
      2008-03-16 02:00 . 2006-01-26 21:19 73,728 --a------ C:\WINDOWS\system32\TBD35.tmp
      2008-03-16 01:59 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\TBD34.tmp
      2008-03-16 01:59 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\TBD32.tmp
      2008-03-16 01:59 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\TBD33.tmp
      2008-03-16 01:59 . 2006-08-22 17:08 77,824 --a------ C:\WINDOWS\system32\TBD31.tmp
      2008-03-16 01:47 . 2008-03-16 01:59 81,984 --a------ C:\WINDOWS\system32\bdod.bin
      2008-03-16 01:39 . 2008-03-16 01:39 <REP> d-------- C:\Program Files\Softwin
      2008-03-16 01:39 . 2008-03-16 01:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
      2008-03-16 01:35 . 2008-03-16 02:01 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
      2008-03-14 00:52 . 2008-03-25 21:28 244 --ah----- C:\sqmnoopt03.sqm
      2008-03-14 00:52 . 2008-03-25 21:28 232 --ah----- C:\sqmdata03.sqm
      2008-03-13 20:05 . 2008-03-25 21:08 244 --ah----- C:\sqmnoopt02.sqm
      2008-03-13 20:05 . 2008-03-25 21:08 232 --ah----- C:\sqmdata02.sqm
      2008-03-11 20:52 . 2008-03-11 20:50 10,240 --a------ C:\WINDOWS\whsyst32.exe
      2008-03-11 20:50 . 2008-04-06 15:47 5,120 --a------ C:\WINDOWS\winsyn32.MSNFix

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-06 15:14 --------- d-----w C:\Documents and Settings\VAL\Application Data\Dossier de téléchargement Share-to-Web
      2008-04-01 15:45 --------- d-----w C:\Program Files\Windows Live
      2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
      2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
      2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
      2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
      2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
      2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
      2008-03-25 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
      2008-03-15 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-03-08 15:32 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
      2008-03-08 15:32 --------- d-----w C:\Program Files\Hewlett-Packard
      2008-03-08 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
      2008-03-05 22:36 --------- d-----w C:\Program Files\Avira
      2008-03-04 17:37 359,936 ----a-w C:\WINDOWS\system32\hokumn.exe
      2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\SET38.tmp
      2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
      2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\SET54.tmp
      2008-02-29 20:18 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
      2008-02-29 20:06 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-02-29 20:04 --------- d-----w C:\Program Files\MSN Messenger
      2008-02-29 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
      2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
      2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
      2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\SET2B.tmp
      2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\SET4D.tmp
      2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
      2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\SET24.tmp
      2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\SET48.tmp
      2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
      2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\SET25.tmp
      2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\SET49.tmp
      2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
      2008-02-18 12:16 --------- d-----w C:\Program Files\eMule
      2008-02-16 19:36 45,120 -c--a-w C:\Documents and Settings\VAL\Application Data\GDIPFONTCACHEV1.DAT
      2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
      2008-01-30 20:35 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
      2007-12-02 15:47 134,109 ----a-w C:\Program Files\Alertes MsnCreative 2.0.plsc
      2007-02-03 14:18 3,511,538 ----a-w C:\Program Files\eMule0.47c-Installer.exe
      2007-02-02 22:55 53,078,048 ----a-w C:\Program Files\javatm-2-platform-standard-edition_javatm_2_platform_windows_1.5.09_francais_10901.exe
      2007-02-02 20:09 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
      2005-03-21 20:42 1,256,444 ----a-w C:\Program Files\wrar342fr.exe
      .

      ((((((((((((((((((((((((((((( snapshot@2008-04-08_19.52.59,37 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
      + 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
      + 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
      + 2007-12-07 02:08:32 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
      + 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
      + 2007-12-06 11:02:31 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
      + 2007-12-07 02:08:32 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
      + 2007-12-07 02:08:32 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
      + 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
      + 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
      + 2007-12-07 02:08:32 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
      + 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
      + 2007-12-07 02:08:33 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
      + 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
      + 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
      + 2007-12-06 11:03:16 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
      + 2007-12-07 02:08:33 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
      + 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
      + 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
      + 2007-12-08 05:08:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
      + 2007-12-07 02:08:34 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
      + 2007-12-07 02:08:34 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
      + 2007-12-07 02:08:34 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
      + 2007-12-07 02:08:34 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
      + 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
      + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
      + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
      + 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
      + 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
      + 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
      + 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
      - 2008-04-08 16:30:48 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
      + 2008-04-09 13:38:08 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
      - 2008-04-08 16:30:48 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
      + 2008-04-09 13:38:08 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
      - 2008-04-08 16:30:48 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
      + 2008-04-09 13:38:08 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
      - 2007-12-07 02:08:32 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
      + 2008-03-01 12:58:06 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
      - 2007-12-19 22:53:23 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
      + 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
      - 2007-12-07 02:08:32 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
      + 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
      - 2007-12-07 02:08:32 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
      + 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
      - 2007-12-07 02:08:32 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
      + 2008-03-01 12:58:06 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
      - 2007-12-07 02:08:32 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
      + 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
      - 2007-12-07 02:08:32 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
      + 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
      - 2007-12-07 02:08:32 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
      + 2008-03-01 12:58:07 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
      - 2007-12-07 02:08:32 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
      + 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
      - 2007-12-07 02:08:33 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
      + 2008-03-01 12:58:08 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
      - 2007-12-07 02:08:33 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
      + 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
      - 2007-12-07 02:08:33 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
      + 2008-03-01 12:58:08 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
      - 2007-12-07 02:08:33 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
      + 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
      - 2007-12-07 02:08:33 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
      + 2008-03-01 12:58:08 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
      - 2007-12-07 02:08:33 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
      + 2008-03-01 12:58:08 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
      - 2007-12-07 02:08:34 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
      + 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
      - 2007-12-07 02:08:34 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
      + 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
      - 2007-12-07 02:08:34 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
      + 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
      - 2007-12-07 02:08:34 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
      + 2008-03-01 12:58:10 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
      - 2008-01-11 05:36:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
      + 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
      - 2007-12-07 02:08:34 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
      + 2008-03-01 12:58:10 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
      - 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
      + 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
      - 2007-12-07 02:08:34 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
      + 2008-03-01 12:58:11 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
      - 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
      + 2008-03-01 12:58:11 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
      - 2007-12-19 22:53:23 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
      + 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
      - 2007-12-07 02:08:32 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
      + 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
      - 2007-12-07 02:08:32 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
      + 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
      - 2008-02-09 20:08:58 189,000 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
      + 2008-04-09 11:43:46 189,000 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
      - 2007-12-06 11:02:31 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
      + 2008-02-29 08:56:41 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
      - 2007-12-07 02:08:32 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
      + 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
      - 2007-12-07 02:08:32 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
      + 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
      - 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
      + 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
      - 2007-12-07 02:08:32 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
      + 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
      - 2007-12-07 02:08:33 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
      + 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
      - 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
      + 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
      - 2007-12-07 02:08:33 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
      + 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
      - 2008-03-05 16:30:54 19,148,408 -c--a-w C:\WINDOWS\system32\MRT.exe
      + 2008-04-06 05:56:20 19,836,024 -c--a-w C:\WINDOWS\system32\MRT.exe
      - 2007-12-07 02:08:34 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
      + 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
      - 2007-12-07 02:08:34 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
      + 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
      - 2007-12-07 02:08:34 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
      + 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
      - 2007-12-07 02:08:34 102,912 ----a-w C:\WINDOWS\system32\occache.dll
      + 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\system32\occache.dll
      - 2008-01-11 05:36:55 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
      + 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
      - 2007-12-07 02:08:34 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
      + 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
      + 2008-04-10 09:36:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_484.dat
      .
      -- Snapshot reset to current date --
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CopernicSummarizerWatchdog"="C:\Program Files\Copernic Summarizer\CSAgent.exe" [ ]
      "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-25 16:16 67128]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
      "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
      "CHotkey"="mHotkey.exe" [2002-07-23 12:09 477184 C:\WINDOWS\mHotkey.exe]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
      "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2003-09-26 18:03 155648]
      "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2003-09-26 18:02 53248]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-03 12:23 180269]
      "AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 18:57 81408]
      "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
      "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
      "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40 49152]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 14:08 172032]
      "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56 40960]
      "zzzHPSETUP"="F:\Setup.exe" [ ]
      "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 05:19 69632]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
      "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-04 12:57:49 110592]
      Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-25 16:16:07 67128]
      Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-01 14:15:20 692224]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= l3codecp.acm
      "vidc.mxmc"= MimicICM.DLL
      "msacm.l3radius"= l3codecp.acm
      "vidc.xvid"= xvid.dll
      "vidc.VP31"= vp31vfw.dll
      "vidc.DIV3"= DivXc32.dll
      "vidc.DIV4"= DivXc32f.dll
      "msacm.divxa32"= DivXa32.acm

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
      @=""

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\coktel\\ADI5\\TTS\\SpeechCube.exe"=
      "C:\\WINDOWS\\system32\\rtcshare.exe"=
      "C:\\Program Files\\NetMeeting\\conf.exe"=
      "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
      "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
      "C:\\WINDOWS\\system32\\mshta.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\DOCUME~1\\VALERI~1\\LOCALS~1\\Temp\\Rar$EX09.313\\services.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "4662:TCP"= 4662:TCP:emule
      "4672:UDP"= 4672:UDP:"eMule : UDP Entrant"

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 19:41]
      R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 08:58]
      S2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe []
      S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe []
      S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe []
      S3 MBAMCatchMe;MBAMCatchMe;C:\Documents and Settings\VALERIE FARGUES\Bureau\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 19:54]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14f71571-a0e2-11dc-83a5-000c7687d3fe}]
      \Shell\Auto\command - cmd /C launch.bat
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2007-12-14 17:54:25 C:\WINDOWS\Tasks\Norton Security Scan.job"
      - C:\Program Files\Norton Security Scan\Nss.exe
      "2008-04-10 11:16:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
      - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
      .
      **************************************************************************

      catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-10 13:26:24
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      ? [3604]

      Balayage caché autostart entries ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      AliceSAV = C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-10 13:28:52
      ComboFix-quarantined-files.txt 2008-04-10 11:28:27
      ComboFix2.txt 2008-04-09 11:01:56
      ComboFix3.txt 2008-04-08 21:57:07
      ComboFix4.txt 2008-04-08 17:54:10
      Pre-Run: 4,226,359,296 octets libres
      Post-Run: 4,217,176,064 octets libres
      .
      2008-04-09 12:03:31 --- E O F ---




      Logfile of HijackThis v1.99.1
      Scan saved at 13:49:06, on 10/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\mHotkey.exe
      C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      C:\Program Files\Google\Gmail Notifier\gnotify.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\WINDOWS\system32\LVComS.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
      O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
      O4 - HKCU\..\Run: [CopernicSummarizerWatchdog] "C:\Program Files\Copernic Summarizer\CSAgent.exe" /thisismandatory
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O15 - Trusted Zone: https://www.sncf.com/fr
      O15 - Trusted Zone: http://*.voyages-sncf.com
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
      O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\hpdj.exe (file missing)
      O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
      0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Folder::
    C:\Program Files\AxBx
    C:\WINDOWS\system32\DelReboot
    C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313

    File::
    C:\WINDOWS\system32\xalqie.exe
    C:\WINDOWS\system32\lkyzft.exe
    C:\WINDOWS\system32\npjnbb.exe
    C:\WINDOWS\system32\esnvvp.exe
    C:\WINDOWS\whsyst32.exe
    C:\WINDOWS\system32\hokumn.exe
    C:\WINDOWS\system32\SET38.tmp
    C:\WINDOWS\system32\SET54.tmp
    C:\WINDOWS\system32\SET48.tmp
    C:\WINDOWS\system32\SET25.tmp
    C:\WINDOWS\system32\SET49.tmp
    C:\WINDOWS\system32\SET2B.tmp
    C:\WINDOWS\system32\SET4D.tmp
    C:\WINDOWS\system32\SET24.tmp

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\WINDOWS\system32\userinit.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Flash Media"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    merci g!rly!
    0
    1. Utilisateur anonyme
       
      ComboFix 08-04-07.5 - VAL2008-04-10 19:29:38.5 - NTFSx86
      Endroit: C:\Documents and Settings\VAL\Bureau\Combo-Fix.exe
      Command switches used :: C:\Documents and Settings\VAL\Bureau\CFscript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      C:\WINDOWS\system32\esnvvp.exe
      C:\WINDOWS\system32\hokumn.exe
      C:\WINDOWS\system32\lkyzft.exe
      C:\WINDOWS\system32\npjnbb.exe
      C:\WINDOWS\system32\SET24.tmp
      C:\WINDOWS\system32\SET25.tmp
      C:\WINDOWS\system32\SET2B.tmp
      C:\WINDOWS\system32\SET38.tmp
      C:\WINDOWS\system32\SET48.tmp
      C:\WINDOWS\system32\SET49.tmp
      C:\WINDOWS\system32\SET4D.tmp
      C:\WINDOWS\system32\SET54.tmp
      C:\WINDOWS\system32\xalqie.exe
      C:\WINDOWS\whsyst32.exe
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313
      C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\Rar$EX09.313\services.exe
      C:\Program Files\AxBx
      C:\WINDOWS\system32\DelReboot\
      C:\WINDOWS\system32\esnvvp.exe
      C:\WINDOWS\system32\hokumn.exe
      C:\WINDOWS\system32\lkyzft.exe
      C:\WINDOWS\system32\npjnbb.exe
      C:\WINDOWS\system32\SET24.tmp
      C:\WINDOWS\system32\SET25.tmp
      C:\WINDOWS\system32\SET2B.tmp
      C:\WINDOWS\system32\SET38.tmp
      C:\WINDOWS\system32\SET48.tmp
      C:\WINDOWS\system32\SET49.tmp
      C:\WINDOWS\system32\SET4D.tmp
      C:\WINDOWS\system32\SET54.tmp
      C:\WINDOWS\system32\xalqie.exe
      C:\WINDOWS\whsyst32.exe

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-10 13:12 . 2008-04-10 13:12 <REP> d-------- C:\_OTMoveIt
      2008-04-09 13:19 . 2008-04-09 13:24 1,355 --a------ C:\WINDOWS\imsins.BAK
      2008-04-09 00:52 . 2008-04-09 00:52 <REP> d-------- C:\Documents and Settings\VALERIE FARGUES\Application Data\vlc
      2008-04-09 00:48 . 2008-04-09 00:48 <REP> d-------- C:\Program Files\VideoLAN
      2008-04-07 13:29 . 2008-04-10 13:49 <REP> d-------- C:\Program Files\Hijackthis Version Française
      2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\VAL\Application Data\Malwarebytes
      2008-04-07 00:15 . 2008-04-07 00:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-04-06 23:28 . 2008-04-06 23:29 <REP> d-------- C:\WINDOWS\ERUNT
      2008-04-06 16:02 . 2008-04-06 16:02 76 --a------ C:\WINDOWS\system32\DelReboot
      2008-04-05 11:08 . 2008-04-05 11:08 0 --a------ C:\WINDOWS\system32\real.MSNFix
      2008-04-03 23:45 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
      2008-04-03 23:45 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
      2008-03-25 21:08 . 2008-04-09 01:02 244 --ah----- C:\sqmnoopt19.sqm
      2008-03-25 21:08 . 2008-04-08 18:31 244 --ah----- C:\sqmnoopt18.sqm
      2008-03-25 21:08 . 2008-04-07 23:51 244 --ah----- C:\sqmnoopt17.sqm
      2008-03-25 21:08 . 2008-04-07 20:00 244 --ah----- C:\sqmnoopt16.sqm
      2008-03-25 21:08 . 2008-04-09 01:02 232 --ah----- C:\sqmdata19.sqm
      2008-03-25 21:08 . 2008-04-08 18:31 232 --ah----- C:\sqmdata18.sqm
      2008-03-25 21:08 . 2008-04-07 23:51 232 --ah----- C:\sqmdata17.sqm
      2008-03-25 21:08 . 2008-04-07 20:00 232 --ah----- C:\sqmdata16.sqm
      2008-03-25 20:27 . 2008-03-27 21:42 <REP> d-------- C:\Program Files\JS World
      2008-03-25 20:10 . 2008-03-26 00:36 244 --ah----- C:\sqmnoopt08.sqm
      2008-03-25 20:10 . 2008-03-26 00:36 232 --ah----- C:\sqmdata08.sqm
      2008-03-24 16:04 . 2008-03-25 19:19 7,680 --ahs---- C:\WINDOWS\system32\Thumbs.db
      2008-03-23 23:22 . 2008-03-25 23:54 244 --ah----- C:\sqmnoopt07.sqm
      2008-03-23 23:22 . 2008-03-25 23:54 232 --ah----- C:\sqmdata07.sqm
      2008-03-23 19:28 . 2008-03-23 19:28 <REP> d-------- C:\Program Files\Styliste3
      2008-03-23 19:20 . 2008-03-25 20:22 <REP> d-------- C:\Program Files\JS Star
      2008-03-16 21:50 . 2008-03-25 23:05 244 --ah----- C:\sqmnoopt06.sqm
      2008-03-16 21:50 . 2008-03-25 23:05 232 --ah----- C:\sqmdata06.sqm
      2008-03-16 21:12 . 2008-03-25 22:02 244 --ah----- C:\sqmnoopt05.sqm
      2008-03-16 21:12 . 2008-03-25 22:02 232 --ah----- C:\sqmdata05.sqm
      2008-03-16 02:49 . <REP> C:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web
      2008-03-16 02:12 . 2008-03-25 21:35 244 --ah----- C:\sqmnoopt04.sqm
      2008-03-16 02:12 . 2008-03-25 21:35 232 --ah----- C:\sqmdata04.sqm
      2008-03-16 02:00 . 2006-01-26 21:19 73,728 --a------ C:\WINDOWS\system32\TBD35.tmp
      2008-03-16 01:59 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\TBD34.tmp
      2008-03-16 01:59 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\TBD32.tmp
      2008-03-16 01:59 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\TBD33.tmp
      2008-03-16 01:59 . 2006-08-22 17:08 77,824 --a------ C:\WINDOWS\system32\TBD31.tmp
      2008-03-16 01:47 . 2008-03-16 01:59 81,984 --a------ C:\WINDOWS\system32\bdod.bin
      2008-03-16 01:39 . 2008-03-16 01:39 <REP> d-------- C:\Program Files\Softwin
      2008-03-16 01:39 . 2008-03-16 01:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
      2008-03-16 01:35 . 2008-03-16 02:01 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
      2008-03-14 00:52 . 2008-03-25 21:28 244 --ah----- C:\sqmnoopt03.sqm
      2008-03-14 00:52 . 2008-03-25 21:28 232 --ah----- C:\sqmdata03.sqm
      2008-03-13 20:05 . 2008-03-25 21:08 244 --ah----- C:\sqmnoopt02.sqm
      2008-03-13 20:05 . 2008-03-25 21:08 232 --ah----- C:\sqmdata02.sqm
      2008-03-11 20:50 . 2008-04-06 15:47 5,120 --a------ C:\WINDOWS\winsyn32.MSNFix

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-06 15:14 --------- d-----w C:\Documents and Settings\VAL\Application Data\Dossier de téléchargement Share-to-Web
      2008-04-01 15:45 --------- d-----w C:\Program Files\Windows Live
      2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
      2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
      2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
      2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
      2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
      2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
      2008-03-25 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
      2008-03-15 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-03-08 15:32 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
      2008-03-08 15:32 --------- d-----w C:\Program Files\Hewlett-Packard
      2008-03-08 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
      2008-03-05 22:36 --------- d-----w C:\Program Files\Avira
      2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
      2008-02-29 20:18 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
      2008-02-29 20:06 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-02-29 20:04 --------- d-----w C:\Program Files\MSN Messenger
      2008-02-29 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
      2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
      2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
      2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
      2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
      2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
      2008-02-18 12:16 --------- d-----w C:\Program Files\eMule
      2008-02-16 19:36 45,120 -c--a-w C:\Documents and Settings\VAL\Application Data\GDIPFONTCACHEV1.DAT
      2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
      2008-01-30 20:35 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
      2007-12-02 15:47 134,109 ----a-w C:\Program Files\Alertes MsnCreative 2.0.plsc
      2007-02-03 14:18 3,511,538 ----a-w C:\Program Files\eMule0.47c-Installer.exe
      2007-02-02 22:55 53,078,048 ----a-w C:\Program Files\javatm-2-platform-standard-edition_javatm_2_platform_windows_1.5.09_francais_10901.exe
      2007-02-02 20:09 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
      2005-03-21 20:42 1,256,444 ----a-w C:\Program Files\wrar342fr.exe
      .

      ((((((((((((((((((((((((((((( snapshot_2008-04-10_13.27.59,59 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2008-04-10 14:57:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_468.dat
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CopernicSummarizerWatchdog"="C:\Program Files\Copernic Summarizer\CSAgent.exe" [ ]
      "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-25 16:16 67128]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
      "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
      "CHotkey"="mHotkey.exe" [2002-07-23 12:09 477184 C:\WINDOWS\mHotkey.exe]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
      "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2003-09-26 18:03 155648]
      "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2003-09-26 18:02 53248]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-03 12:23 180269]
      "AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 18:57 81408]
      "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
      "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
      "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40 49152]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 14:08 172032]
      "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56 40960]
      "zzzHPSETUP"="F:\Setup.exe" [ ]
      "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 05:19 69632]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
      "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-04 12:57:49 110592]
      Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-25 16:16:07 67128]
      Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-01 14:15:20 692224]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= l3codecp.acm
      "vidc.mxmc"= MimicICM.DLL
      "msacm.l3radius"= l3codecp.acm
      "vidc.xvid"= xvid.dll
      "vidc.VP31"= vp31vfw.dll
      "vidc.DIV3"= DivXc32.dll
      "vidc.DIV4"= DivXc32f.dll
      "msacm.divxa32"= DivXa32.acm

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
      @=""

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\coktel\\ADI5\\TTS\\SpeechCube.exe"=
      "C:\\WINDOWS\\system32\\rtcshare.exe"=
      "C:\\Program Files\\NetMeeting\\conf.exe"=
      "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
      "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
      "C:\\WINDOWS\\system32\\mshta.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "4662:TCP"= 4662:TCP:emule
      "4672:UDP"= 4672:UDP:"eMule : UDP Entrant"

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 19:41]
      R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 08:58]
      S2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe []
      S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe []
      S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe []
      S3 MBAMCatchMe;MBAMCatchMe;C:\Documents and Settings\VAL\Bureau\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 19:54]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14f71571-a0e2-11dc-83a5-000c7687d3fe}]
      \Shell\Auto\command - cmd /C launch.bat
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2007-12-14 17:54:25 C:\WINDOWS\Tasks\Norton Security Scan.job"
      - C:\Program Files\Norton Security Scan\Nss.exe
      "2008-04-10 17:17:29 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
      - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
      .
      **************************************************************************

      catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-10 19:41:15
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      AliceSAV = C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-10 19:45:20
      ComboFix-quarantined-files.txt 2008-04-10 17:45:04
      ComboFix2.txt 2008-04-10 11:28:53
      ComboFix3.txt 2008-04-09 11:01:56
      ComboFix4.txt 2008-04-08 21:57:07
      ComboFix5.txt 2008-04-08 17:54:10
      Pre-Run: 4,118,851,584 octets libres
      Post-Run: 4,111,290,368 octets libres
      .
      2008-04-09 12:03:31 --- E O F ---


      Logfile of HijackThis v1.99.1
      Scan saved at 20:00:16, on 10/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      C:\Program Files\Google\Gmail Notifier\gnotify.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\WINDOWS\system32\LVComS.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
      O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [CopernicSummarizerWatchdog] "C:\Program Files\Copernic Summarizer\CSAgent.exe" /thisismandatory
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O15 - Trusted Zone: https://www.sncf.com/fr
      O15 - Trusted Zone: http://*.voyages-sncf.com
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
      O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\VALERI~1\LOCALS~1\Temp\hpdj.exe (file missing)
      O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
      0
  17. Utilisateur anonyme
     
    Je crois qu'il a enfin disparu : pour le moment, je ne le vois plus dans les fichiers temporaires.....Il faut voir!!!!!
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    oui c'est bon

    merci g!rly!
    0
    1. Utilisateur anonyme
       
      Apparemment, tout baigne à présent. Je te remercie pour ce parcours initiatique. La patience est pertinente.
      0