Trojan abebot depuis qq jours

choubi -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
cela fait qq jours que j'essaye de me débarrassé de ce spyware ou trojan mais je n'y arrive pas et toutes les 20 min une fenetre s'ouvre!si quelqu'un peut m'aider je l'en remercie d'avance
Configuration: Windows Vista
Firefox 2.0.0.13

19 réponses

  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut post un rapport hijack this stp

    Télécharge HijackThis ici :

    -> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Post le rapport généré ici stp...

    @+
    0
    1. choubi
       
      une fois que jlai télécharger qu'est ce qu'il faut faire?parce que c'est en anglais....
      0
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
    0
    1. choubi
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:32:02, on 08/04/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16609)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Picasa2\PicasaMediaDetector.exe
      C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Windows\ehome\ehtray.exe
      C:\Users\Mick\AppData\Local\ekluurhyy.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
      C:\ProgramData\shetajgv\olytqbyx.exe
      C:\ProgramData\hibsncso\exarqrkn.exe
      C:\Program Files\FinePixViewerS\QuickDCF2.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\rundll32.exe
      C:\Windows\system32\rundll32.exe
      C:\Windows\system32\rundll32.exe
      C:\Windows\system32\rundll32.exe
      C:\Windows\system32\rundll32.exe
      C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Windows\explorer.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O1 - Hosts: ::1 localhost
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
      O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
      O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
      O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [ekluurhyy] c:\users\mick\appdata\local\ekluurhyy.exe ekluurhyy
      O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Mick\AppData\Local\Temp\jkkKdeeD.dll,#1
      O4 - HKCU\..\Run: [sjyzssya] C:\ProgramData\sjyzssya\wtwtqxeh.exe
      O4 - HKCU\..\Run: [m9jL1Wm2mD] C:\ProgramData\shetajgv\olytqbyx.exe
      O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Mick\AppData\Local\Temp\jkkHAsQJ.dll,c
      O4 - HKCU\..\Run: [hibsncso] C:\ProgramData\hibsncso\exarqrkn.exe
      O4 - HKCU\..\Run: [keaogjes] C:\ProgramData\keaogjes\hcrkdyxg.exe
      O4 - HKCU\..\Run: [cc96feff] rundll32.exe "C:\Users\Mick\AppData\Local\Temp\obrmrotc.dll",b
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
      O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
      O13 - Gopher Prefix:
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    tu as des traces de norton, alors desinstale le correctement :

    Desinstalleur Norton:
    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

    puis passe ceci :

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    +

    un nouveau rapport hijack this stp

    @+
    0
    1. choubi
       
      merci jvais faire tout ça
      0
    2. choubi
       
      j'arrive pas a désinstaller norton et jpeut pas enregistrer le truc pour le desinstaller
      0
  4. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    @+
    0
    1. choubi
       
      en fait c'est bon j'ai réussi a désinstaler jvais faire le 2èm truc
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    bon c´est pas grave passe a la suite

    @+
    0
    1. choubi
       
      ComboFix 08-04-07.5 - Mick 2008-04-08 17:12:04.1 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.940 [GMT 2:00]
      Endroit: C:\Users\Mick\Desktop\ComboFix.exe
      * Création d'un nouveau point de restauration
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Program Files\ShoppingReport
      C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
      C:\Users\Mick\AppData\Local\ekluurhyy.dat
      c:\users\mick\appdata\local\ekluurhyy.exe
      c:\Users\Mick\AppData\Local\ekluurhyy_nav.dat
      c:\Users\Mick\AppData\Local\ekluurhyy_navps.dat
      C:\Users\Mick\AppData\Local\ekluurhyy_navup.dat
      C:\Windows\system32\nvs2.inf

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-08 16:24 . 2008-04-08 16:24 <REP> d-------- C:\Program Files\Trend Micro
      2008-04-07 22:01 . 2008-04-07 22:01 <REP> d-------- C:\Users\All Users\keaogjes
      2008-04-07 22:01 . 2008-04-07 22:01 <REP> d-------- C:\PROGRA~2\keaogjes
      2008-04-07 21:28 . 2008-04-07 21:34 <REP> d-------- C:\Users\All Users\Lavasoft
      2008-04-07 21:28 . 2008-04-07 21:28 <REP> d-------- C:\Program Files\Lavasoft
      2008-04-07 21:28 . 2008-04-07 21:34 <REP> d-------- C:\PROGRA~2\Lavasoft
      2008-04-07 21:27 . 2008-04-07 21:27 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-04-07 21:13 . 2008-04-07 21:32 <REP> d-a------ C:\Users\All Users\TEMP
      2008-04-07 21:13 . 2008-04-07 21:32 <REP> d-a------ C:\PROGRA~2\TEMP
      2008-04-07 14:09 . 2008-04-07 14:09 <REP> d-------- C:\Users\All Users\hibsncso
      2008-04-07 14:09 . 2008-04-07 14:09 <REP> d-------- C:\PROGRA~2\hibsncso
      2008-04-07 13:20 . 2008-04-07 21:29 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
      2008-04-07 13:20 . 2008-04-07 21:29 <REP> d-------- C:\PROGRA~2\Spybot - Search & Destroy
      2008-04-07 11:15 . 2008-04-07 11:15 <REP> d-------- C:\Users\Mick\AppData\Roaming\PC-Cleaner
      2008-04-07 11:14 . 2008-04-07 13:11 <REP> d-------- C:\Program Files\PC-Cleaner
      2008-04-07 00:06 . 2008-04-07 00:06 <REP> d-------- C:\Users\All Users\sjyzssya
      2008-04-07 00:06 . 2008-04-07 00:06 <REP> d-------- C:\Users\All Users\shetajgv
      2008-04-07 00:06 . 2008-04-07 00:06 <REP> d-------- C:\PROGRA~2\sjyzssya
      2008-04-07 00:06 . 2008-04-07 00:06 <REP> d-------- C:\PROGRA~2\shetajgv
      2008-04-02 17:11 . 2008-04-02 17:11 <REP> d-------- C:\Program Files\Alwil Software
      2008-04-02 17:11 . 2008-03-29 19:45 1,146,232 --a------ C:\Windows\System32\aswBoot.exe
      2008-04-02 17:11 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
      2008-04-02 17:11 . 2008-03-29 19:23 95,608 --a------ C:\Windows\System32\AvastSS.scr
      2008-04-02 17:11 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
      2008-04-02 17:11 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
      2008-04-02 17:11 . 2008-03-29 19:27 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
      2008-04-02 17:11 . 2008-03-29 19:29 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
      2008-04-02 17:11 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
      2008-03-27 11:17 . 2008-03-27 11:18 <REP> d-------- C:\Program Files\Common Files\Adobe
      2008-03-25 23:49 . 2008-03-25 23:49 <REP> d-------- C:\Users\All Users\Messenger Plus!
      2008-03-25 23:49 . 2008-03-25 23:49 <REP> d-------- C:\PROGRA~2\Messenger Plus!
      2008-03-25 23:36 . 2008-04-02 00:47 <REP> d-------- C:\Program Files\Messenger Plus! Live
      2008-03-13 13:34 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
      2008-03-13 13:34 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-08 15:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-04-07 09:28 --------- d-----w C:\Users\Mick\AppData\Roaming\FUJIFILM
      2008-04-07 08:26 --------- d-----w C:\Users\Mick\AppData\Roaming\LimeWire
      2008-04-02 21:14 --------- d-----w C:\Program Files\Google
      2008-04-02 15:43 --------- d-----w C:\Program Files\Java
      2008-04-02 15:14 --------- d-----w C:\Users\Mick\AppData\Roaming\Packard Bell
      2008-04-01 13:13 --------- d-----w C:\Program Files\Everest Poker
      2008-03-13 14:13 --------- d-----w C:\Program Files\Windows Mail
      2008-03-13 14:11 --------- d-----w C:\PROGRA~2\Microsoft Help
      2008-02-15 14:46 --------- d-----w C:\Program Files\Neuf
      2008-02-15 02:11 --------- d-----w C:\Users\Mick\AppData\Roaming\vlc
      2008-02-14 17:48 --------- d-----w C:\Program Files\Yahoo!
      2008-02-14 17:48 --------- d-----w C:\Program Files\CCleaner
      2008-02-14 17:47 --------- d-----w C:\Program Files\VideoLAN
      2008-02-14 02:14 194,560 ----a-w C:\Windows\System32\WebClnt.dll
      2008-02-14 02:14 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
      2008-02-14 02:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
      2008-02-14 02:08 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
      2008-02-14 02:08 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
      2008-02-14 02:08 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
      2008-02-14 02:08 24,064 ----a-w C:\Windows\System32\netcfg.exe
      2008-02-14 02:08 22,016 ----a-w C:\Windows\System32\netiougc.exe
      2008-02-14 02:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
      2008-02-14 02:08 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
      2008-02-14 02:08 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
      2008-02-14 02:08 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
      2008-02-14 02:08 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
      2008-02-14 02:08 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
      2008-02-14 02:07 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-02-14 02:07 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-02-14 02:07 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-02-14 02:07 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-02-14 02:07 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-02-14 02:07 1,686,528 ----a-w C:\Windows\System32\gameux.dll
      2008-02-14 02:04 824,832 ----a-w C:\Windows\System32\wininet.dll
      2008-02-14 02:04 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2008-02-14 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-02-14 02:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2008-02-13 17:11 --------- d-----w C:\Users\Mick\AppData\Roaming\Media Player Classic
      2008-02-13 17:10 --------- d-----w C:\Program Files\K-Lite Codec Pack
      2008-01-25 14:27 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
      2008-01-25 14:27 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
      2008-01-25 14:27 542,720 ----a-w C:\Windows\System32\sysmain.dll
      2008-01-25 14:27 502,784 ----a-w C:\Windows\System32\wlansvc.dll
      2008-01-25 14:27 47,104 ----a-w C:\Windows\System32\wlanapi.dll
      2008-01-25 14:27 297,984 ----a-w C:\Windows\System32\wlansec.dll
      2008-01-25 14:27 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
      2008-01-25 14:27 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
      2008-01-25 14:27 2,923,520 ----a-w C:\Windows\explorer.exe
      2008-01-25 14:27 2,027,008 ----a-w C:\Windows\System32\win32k.sys
      2008-01-25 14:25 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
      2008-01-25 14:25 7,680 ----a-w C:\Windows\System32\spwmp.dll
      2008-01-25 14:25 4,096 ----a-w C:\Windows\System32\dxmasf.dll
      2008-01-25 14:25 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
      2008-01-25 14:23 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
      2008-01-25 14:23 8,704 ----a-w C:\Windows\System32\hcrstco.dll
      2008-01-25 14:23 8,704 ----a-w C:\Windows\System32\hccoin.dll
      2008-01-25 14:23 223,232 ----a-w C:\Windows\System32\WMASF.DLL
      2008-01-25 14:23 1,327,104 ----a-w C:\Windows\System32\quartz.dll
      2008-01-25 14:22 84,480 ----a-w C:\Windows\System32\INETRES.dll
      2008-01-25 14:22 737,792 ----a-w C:\Windows\System32\inetcomm.dll
      2008-01-25 14:22 11,776 ----a-w C:\Windows\System32\sbunattend.exe
      2008-01-25 14:20 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
      2008-01-25 13:32 53,080 ----a-w C:\Windows\System32\wuauclt.exe
      2008-01-25 13:32 43,352 ----a-w C:\Windows\System32\wups2.dll
      2008-01-25 13:32 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
      2008-01-25 13:32 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
      2008-01-25 13:31 80,896 ----a-w C:\Windows\System32\wudriver.dll
      2008-01-25 13:31 549,720 ----a-w C:\Windows\System32\wuapi.dll
      2008-01-25 13:31 33,624 ----a-w C:\Windows\System32\wups.dll
      2008-01-25 13:30 31,232 ----a-w C:\Windows\System32\wuapp.exe
      2008-01-25 13:30 163,000 ----a-w C:\Windows\System32\wuwebv.dll
      2008-01-10 12:16 159,839 ----a-w C:\Windows\System32\xvidvfw.dll
      2008-01-10 12:15 755,027 ----a-w C:\Windows\System32\xvidcore.dll
      2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
      2007-10-29 11:11 174 --sha-w C:\Program Files\desktop.ini
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-25 16:22 1232896]
      "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
      "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
      "sjyzssya"="C:\ProgramData\sjyzssya\wtwtqxeh.exe" [2008-04-07 00:06 110592]
      "m9jL1Wm2mD"="C:\ProgramData\shetajgv\olytqbyx.exe" [2008-04-07 00:06 33280]
      "hibsncso"="C:\ProgramData\hibsncso\exarqrkn.exe" [2008-04-07 14:09 94208]
      "keaogjes"="C:\ProgramData\keaogjes\hcrkdyxg.exe" [2008-04-07 22:01 106496]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-29 21:45 1006264]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]
      "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 07:27 4702208 C:\Windows\RtHDVCpl.exe]
      "Skytel"="Skytel.exe" [2007-08-03 07:22 1826816 C:\Windows\SkyTel.exe]
      "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 12:40 232184]
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-29 13:45 243200]
      "MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-13 00:36 102400]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 03:18 366400]
      "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2008-01-28 13:09:11 303104]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.YV12"= yv12vfw.dll
      "msacm.ac3acm"= ac3acm.acm
      "msacm.lameacm"= lameACM.acm

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{74C69D1B-F30F-4D74-8BC2-B24890EC6DFE}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
      "{579FD62D-76A9-4493-8CF5-EFE50AD5A38D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{60363410-AA70-440E-B26C-8FE6413362CD}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{7579D979-874F-46DC-8F67-2936FC5BE07D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
      "{CFEA1B95-EC12-4D5D-A8B4-3746E8FB29C9}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
      "{6E624C5F-4370-4BF4-97F4-F53BB2E1A13F}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

      R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
      R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-02-28 19:04]
      R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-24 16:01]

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-04-08 15:00:00 C:\Windows\Tasks\Extension de garantie.job"
      - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
      "2008-04-08 15:00:00 C:\Windows\Tasks\Recovery DVD Creator.job"
      - C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
      "2008-04-07 20:39:22 C:\Windows\Tasks\User_Feed_Synchronization-{20044B23-DB1C-4B19-8FC4-CFD9CF5454D4}.job"
      - C:\Windows\system32\msfeedssync.exe
      .
      **************************************************************************

      catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-08 17:14:42
      Windows 6.0.6000 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-08 17:15:23
      ComboFix-quarantined-files.txt 2008-04-08 15:15:19
      Pre-Run: 98,165,592,064 octets libres
      Post-Run: 98,138,759,168 octets libres
      .
      2008-04-06 19:41:02 --- E O F ---
      0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok cool

    @+
    0
    1. choubi
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:32:02, on 08/04/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16609)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Picasa2\PicasaMediaDetector.exe
      C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Windows\ehome\ehtray.exe
      C:\Users\Mick\AppData\Local\ekluurhyy.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
      C:\ProgramData\shetajgv\olytqbyx.exe
      C:\ProgramData\hibsncso\exarqrkn.exe
      C:\Program Files\FinePixViewerS\QuickDCF2.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\rundll32.exe
      C:\Windows\system32\rundll32.exe
      C:\Windows\system32\rundll32.exe
      C:\Windows\system32\rundll32.exe
      C:\Windows\system32\rundll32.exe
      C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Windows\explorer.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O1 - Hosts: ::1 localhost
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
      O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
      O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
      O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [ekluurhyy] c:\users\mick\appdata\local\ekluurhyy.exe ekluurhyy
      O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Mick\AppData\Local\Temp\jkkKdeeD.dll,#1
      O4 - HKCU\..\Run: [sjyzssya] C:\ProgramData\sjyzssya\wtwtqxeh.exe
      O4 - HKCU\..\Run: [m9jL1Wm2mD] C:\ProgramData\shetajgv\olytqbyx.exe
      O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Mick\AppData\Local\Temp\jkkHAsQJ.dll,c
      O4 - HKCU\..\Run: [hibsncso] C:\ProgramData\hibsncso\exarqrkn.exe
      O4 - HKCU\..\Run: [keaogjes] C:\ProgramData\keaogjes\hcrkdyxg.exe
      O4 - HKCU\..\Run: [cc96feff] rundll32.exe "C:\Users\Mick\AppData\Local\Temp\obrmrotc.dll",b
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
      O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
      O13 - Gopher Prefix:
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok
    post un nouveau rapport hijack this stp
    0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    la suite :

    Copie le texte ci-dessous :

    Folder::
    C:\ProgramData\keaogjes
    C:\ProgramData\hibsncso
    C:\ProgramData\sjyzssya
    C:\ProgramData\shetajgv
    C:\Users\All Users\keaogjes
    C:\PROGRA~2\keaogjes
    C:\Users\All Users\TEMP
    C:\PROGRA~2\TEMP
    C:\Users\All Users\sjyzssya
    C:\Users\All Users\shetajgv
    C:\PROGRA~2\sjyzssya
    C:\PROGRA~2\shetajgv

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hibsncso"=-
    "keaogjes"=-
    "sjyzssya"=-
    "m9jL1Wm2mD"=-

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
    1. choubi
       
      ComboFix 08-04-07.5 - Mick 2008-04-08 17:58:02.2 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1047 [GMT 2:00]
      Endroit: C:\Users\Mick\Desktop\ComboFix.exe
      Command switches used :: C:\Users\Mick\Documents\CFScript.txt..txt
      * Création d'un nouveau point de restauration
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\PROGRA~2\keaogjes
      C:\PROGRA~2\keaogjes\hcrkdyxg.exe
      C:\PROGRA~2\shetajgv
      C:\PROGRA~2\shetajgv\olytqbyx.exe
      C:\PROGRA~2\sjyzssya
      C:\PROGRA~2\sjyzssya\wtwtqxeh.exe
      C:\PROGRA~2\TEMP
      C:\ProgramData\hibsncso
      C:\ProgramData\hibsncso\exarqrkn.exe
      C:\ProgramData\keaogjes\hcrkdyxg.exe
      C:\ProgramData\shetajgv\olytqbyx.exe
      C:\ProgramData\sjyzssya\wtwtqxeh.exe
      C:\Users\All Users\keaogjes\hcrkdyxg.exe
      C:\Users\All Users\shetajgv\olytqbyx.exe
      C:\Users\All Users\sjyzssya\wtwtqxeh.exe

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-08 17:41 . 2008-04-08 17:41 <REP> d-------- C:\Users\All Users\qawjnuey
      2008-04-08 17:41 . 2008-04-08 17:41 <REP> d-------- C:\PROGRA~2\qawjnuey
      2008-04-08 16:24 . 2008-04-08 16:24 <REP> d-------- C:\Program Files\Trend Micro
      2008-04-07 21:28 . 2008-04-07 21:34 <REP> d-------- C:\Users\All Users\Lavasoft
      2008-04-07 21:28 . 2008-04-07 21:28 <REP> d-------- C:\Program Files\Lavasoft
      2008-04-07 21:28 . 2008-04-07 21:34 <REP> d-------- C:\PROGRA~2\Lavasoft
      2008-04-07 21:27 . 2008-04-07 21:27 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-04-07 13:20 . 2008-04-07 21:29 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
      2008-04-07 13:20 . 2008-04-07 21:29 <REP> d-------- C:\PROGRA~2\Spybot - Search & Destroy
      2008-04-07 11:15 . 2008-04-07 11:15 <REP> d-------- C:\Users\Mick\AppData\Roaming\PC-Cleaner
      2008-04-07 11:14 . 2008-04-07 13:11 <REP> d-------- C:\Program Files\PC-Cleaner
      2008-04-02 17:11 . 2008-04-02 17:11 <REP> d-------- C:\Program Files\Alwil Software
      2008-04-02 17:11 . 2008-03-29 19:45 1,146,232 --a------ C:\Windows\System32\aswBoot.exe
      2008-04-02 17:11 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
      2008-04-02 17:11 . 2008-03-29 19:23 95,608 --a------ C:\Windows\System32\AvastSS.scr
      2008-04-02 17:11 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
      2008-04-02 17:11 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
      2008-04-02 17:11 . 2008-03-29 19:27 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
      2008-04-02 17:11 . 2008-03-29 19:29 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
      2008-04-02 17:11 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
      2008-03-27 11:17 . 2008-03-27 11:18 <REP> d-------- C:\Program Files\Common Files\Adobe
      2008-03-25 23:49 . 2008-03-25 23:49 <REP> d-------- C:\Users\All Users\Messenger Plus!
      2008-03-25 23:49 . 2008-03-25 23:49 <REP> d-------- C:\PROGRA~2\Messenger Plus!
      2008-03-25 23:36 . 2008-04-02 00:47 <REP> d-------- C:\Program Files\Messenger Plus! Live
      2008-03-13 13:34 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
      2008-03-13 13:34 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-08 15:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-04-07 09:28 --------- d-----w C:\Users\Mick\AppData\Roaming\FUJIFILM
      2008-04-07 08:26 --------- d-----w C:\Users\Mick\AppData\Roaming\LimeWire
      2008-04-02 21:14 --------- d-----w C:\Program Files\Google
      2008-04-02 15:43 --------- d-----w C:\Program Files\Java
      2008-04-02 15:14 --------- d-----w C:\Users\Mick\AppData\Roaming\Packard Bell
      2008-04-01 13:13 --------- d-----w C:\Program Files\Everest Poker
      2008-03-13 14:13 --------- d-----w C:\Program Files\Windows Mail
      2008-03-13 14:11 --------- d-----w C:\PROGRA~2\Microsoft Help
      2008-02-15 14:46 --------- d-----w C:\Program Files\Neuf
      2008-02-15 02:11 --------- d-----w C:\Users\Mick\AppData\Roaming\vlc
      2008-02-14 17:48 --------- d-----w C:\Program Files\Yahoo!
      2008-02-14 17:48 --------- d-----w C:\Program Files\CCleaner
      2008-02-14 17:47 --------- d-----w C:\Program Files\VideoLAN
      2008-02-14 02:14 194,560 ----a-w C:\Windows\System32\WebClnt.dll
      2008-02-14 02:14 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
      2008-02-14 02:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
      2008-02-14 02:08 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
      2008-02-14 02:08 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
      2008-02-14 02:08 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
      2008-02-14 02:08 24,064 ----a-w C:\Windows\System32\netcfg.exe
      2008-02-14 02:08 22,016 ----a-w C:\Windows\System32\netiougc.exe
      2008-02-14 02:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
      2008-02-14 02:08 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
      2008-02-14 02:08 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
      2008-02-14 02:08 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
      2008-02-14 02:08 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
      2008-02-14 02:08 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
      2008-02-14 02:07 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-02-14 02:07 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-02-14 02:07 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-02-14 02:07 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-02-14 02:07 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-02-14 02:07 1,686,528 ----a-w C:\Windows\System32\gameux.dll
      2008-02-14 02:04 824,832 ----a-w C:\Windows\System32\wininet.dll
      2008-02-14 02:04 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2008-02-14 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-02-14 02:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2008-02-13 17:11 --------- d-----w C:\Users\Mick\AppData\Roaming\Media Player Classic
      2008-02-13 17:10 --------- d-----w C:\Program Files\K-Lite Codec Pack
      2008-01-25 14:27 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
      2008-01-25 14:27 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
      2008-01-25 14:27 542,720 ----a-w C:\Windows\System32\sysmain.dll
      2008-01-25 14:27 502,784 ----a-w C:\Windows\System32\wlansvc.dll
      2008-01-25 14:27 47,104 ----a-w C:\Windows\System32\wlanapi.dll
      2008-01-25 14:27 297,984 ----a-w C:\Windows\System32\wlansec.dll
      2008-01-25 14:27 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
      2008-01-25 14:27 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
      2008-01-25 14:27 2,923,520 ----a-w C:\Windows\explorer.exe
      2008-01-25 14:27 2,027,008 ----a-w C:\Windows\System32\win32k.sys
      2008-01-25 14:25 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
      2008-01-25 14:25 7,680 ----a-w C:\Windows\System32\spwmp.dll
      2008-01-25 14:25 4,096 ----a-w C:\Windows\System32\dxmasf.dll
      2008-01-25 14:25 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
      2008-01-25 14:23 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
      2008-01-25 14:23 8,704 ----a-w C:\Windows\System32\hcrstco.dll
      2008-01-25 14:23 8,704 ----a-w C:\Windows\System32\hccoin.dll
      2008-01-25 14:23 223,232 ----a-w C:\Windows\System32\WMASF.DLL
      2008-01-25 14:23 1,327,104 ----a-w C:\Windows\System32\quartz.dll
      2008-01-25 14:22 84,480 ----a-w C:\Windows\System32\INETRES.dll
      2008-01-25 14:22 737,792 ----a-w C:\Windows\System32\inetcomm.dll
      2008-01-25 14:22 11,776 ----a-w C:\Windows\System32\sbunattend.exe
      2008-01-25 14:20 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
      2008-01-25 13:32 53,080 ----a-w C:\Windows\System32\wuauclt.exe
      2008-01-25 13:32 43,352 ----a-w C:\Windows\System32\wups2.dll
      2008-01-25 13:32 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
      2008-01-25 13:32 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
      2008-01-25 13:31 80,896 ----a-w C:\Windows\System32\wudriver.dll
      2008-01-25 13:31 549,720 ----a-w C:\Windows\System32\wuapi.dll
      2008-01-25 13:31 33,624 ----a-w C:\Windows\System32\wups.dll
      2008-01-25 13:30 31,232 ----a-w C:\Windows\System32\wuapp.exe
      2008-01-25 13:30 163,000 ----a-w C:\Windows\System32\wuwebv.dll
      2008-01-10 12:16 159,839 ----a-w C:\Windows\System32\xvidvfw.dll
      2008-01-10 12:15 755,027 ----a-w C:\Windows\System32\xvidcore.dll
      2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
      2007-10-29 11:11 174 --sha-w C:\Program Files\desktop.ini
      .

      ((((((((((((((((((((((((((((( snapshot@2008-04-08_17.15.01.07 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-04-08 09:16:38 67,584 --s-a-w C:\Windows\bootstat.dat
      + 2008-04-08 15:40:18 67,584 --s-a-w C:\Windows\bootstat.dat
      - 2008-04-08 14:31:56 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-04-08 15:55:31 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
      - 2008-04-08 09:18:49 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
      + 2008-04-08 15:42:38 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
      + 2008-04-08 15:42:38 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
      - 2008-04-08 15:10:59 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-04-08 15:57:38 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      - 2008-04-08 09:18:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
      + 2008-04-08 15:42:33 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
      + 2008-04-08 15:42:33 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
      - 2008-04-08 13:29:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2008-04-08 15:40:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      - 2008-04-08 13:29:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      + 2008-04-08 15:40:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2008-04-08 13:29:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2008-04-08 15:40:42 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2008-04-08 09:24:53 107,614 ----a-w C:\Windows\System32\perfc009.dat
      + 2008-04-08 15:47:38 107,614 ----a-w C:\Windows\System32\perfc009.dat
      - 2008-04-08 09:24:53 122,020 ----a-w C:\Windows\System32\perfc00C.dat
      + 2008-04-08 15:47:38 122,020 ----a-w C:\Windows\System32\perfc00C.dat
      - 2008-04-08 09:24:53 618,470 ----a-w C:\Windows\System32\perfh009.dat
      + 2008-04-08 15:47:38 618,470 ----a-w C:\Windows\System32\perfh009.dat
      - 2008-04-08 09:24:54 700,222 ----a-w C:\Windows\System32\perfh00C.dat
      + 2008-04-08 15:47:38 700,222 ----a-w C:\Windows\System32\perfh00C.dat
      - 2008-04-08 09:19:13 7,050 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3669695481-830603187-3325182165-1002_UserData.bin
      + 2008-04-08 15:42:53 7,050 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3669695481-830603187-3325182165-1002_UserData.bin
      - 2008-04-08 09:19:13 53,862 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      + 2008-04-08 15:42:53 53,862 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      - 2008-04-08 09:19:11 41,022 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      + 2008-04-08 15:42:51 41,398 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      .
      -- Snapshot reset to current date --
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-25 16:22 1232896]
      "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
      "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
      "qawjnuey"="C:\ProgramData\qawjnuey\mbkfitqh.exe" [2008-04-08 17:41 98304]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-29 21:45 1006264]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]
      "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 07:27 4702208 C:\Windows\RtHDVCpl.exe]
      "Skytel"="Skytel.exe" [2007-08-03 07:22 1826816 C:\Windows\SkyTel.exe]
      "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 12:40 232184]
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-29 13:45 243200]
      "MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-13 00:36 102400]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 03:18 366400]
      "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2008-01-28 13:09:11 303104]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.YV12"= yv12vfw.dll
      "msacm.ac3acm"= ac3acm.acm
      "msacm.lameacm"= lameACM.acm

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{74C69D1B-F30F-4D74-8BC2-B24890EC6DFE}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
      "{579FD62D-76A9-4493-8CF5-EFE50AD5A38D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{60363410-AA70-440E-B26C-8FE6413362CD}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{7579D979-874F-46DC-8F67-2936FC5BE07D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
      "{CFEA1B95-EC12-4D5D-A8B4-3746E8FB29C9}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
      "{6E624C5F-4370-4BF4-97F4-F53BB2E1A13F}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

      R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
      R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-02-28 19:04]
      R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-24 16:01]

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-04-08 16:00:00 C:\Windows\Tasks\Extension de garantie.job"
      - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
      "2008-04-08 16:00:00 C:\Windows\Tasks\Recovery DVD Creator.job"
      - C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
      "2008-04-07 20:39:22 C:\Windows\Tasks\User_Feed_Synchronization-{20044B23-DB1C-4B19-8FC4-CFD9CF5454D4}.job"
      - C:\Windows\system32\msfeedssync.exe
      .
      **************************************************************************

      catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-08 18:00:54
      Windows 6.0.6000 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-08 18:01:41
      ComboFix-quarantined-files.txt 2008-04-08 16:01:36
      ComboFix2.txt 2008-04-08 15:15:24
      Pre-Run: 97,475,305,472 octets libres
      Post-Run: 97,451,757,568 octets libres
      .
      2008-04-06 19:41:02 --- E O F ---
      0
  10. choubi
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:32:02, on 08/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Mick\AppData\Local\ekluurhyy.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\ProgramData\shetajgv\olytqbyx.exe
    C:\ProgramData\hibsncso\exarqrkn.exe
    C:\Program Files\FinePixViewerS\QuickDCF2.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ekluurhyy] c:\users\mick\appdata\local\ekluurhyy.exe ekluurhyy
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Mick\AppData\Local\Temp\jkkKdeeD.dll,#1
    O4 - HKCU\..\Run: [sjyzssya] C:\ProgramData\sjyzssya\wtwtqxeh.exe
    O4 - HKCU\..\Run: [m9jL1Wm2mD] C:\ProgramData\shetajgv\olytqbyx.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Mick\AppData\Local\Temp\jkkHAsQJ.dll,c
    O4 - HKCU\..\Run: [hibsncso] C:\ProgramData\hibsncso\exarqrkn.exe
    O4 - HKCU\..\Run: [keaogjes] C:\ProgramData\keaogjes\hcrkdyxg.exe
    O4 - HKCU\..\Run: [cc96feff] rundll32.exe "C:\Users\Mick\AppData\Local\Temp\obrmrotc.dll",b
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    0
  11. g!rly Messages postés 18462 Statut Contributeur 407
     
    post un nouveau rapport de hijack this

    le tient est de 16h 32

    @+
    0
    1. choubi
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:25:48, on 08/04/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16609)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
      C:\Program Files\Picasa2\PicasaMediaDetector.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Windows\ehome\ehtray.exe
      C:\ProgramData\qawjnuey\mbkfitqh.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
      C:\Program Files\FinePixViewerS\QuickDCF2.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Windows\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O1 - Hosts: ::1 localhost
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
      O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
      O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
      O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [qawjnuey] C:\ProgramData\qawjnuey\mbkfitqh.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O13 - Gopher Prefix:
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    j´ai zappé un truc tout a l´heure :

    fais ceci :

    Copie le texte ci-dessous :

    Folder::
    C:\Users\All Users\qawjnuey
    C:\PROGRA~2\qawjnuey
    C:\ProgramData\qawjnuey

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "qawjnuey"=-

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
    1. choubi
       
      ComboFix 08-04-07.5 - Mick 2008-04-08 18:40:01.3 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1012 [GMT 2:00]
      Endroit: C:\Users\Mick\Desktop\ComboFix.exe
      Command switches used :: C:\Users\Mick\Documents\CFScript.txt
      * Création d'un nouveau point de restauration
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\PROGRA~2\qawjnuey
      C:\PROGRA~2\qawjnuey\mbkfitqh.exe
      C:\ProgramData\qawjnuey\mbkfitqh.exe
      C:\Users\All Users\qawjnuey\mbkfitqh.exe

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-08 16:24 . 2008-04-08 16:24 <REP> d-------- C:\Program Files\Trend Micro
      2008-04-07 21:28 . 2008-04-07 21:34 <REP> d-------- C:\Users\All Users\Lavasoft
      2008-04-07 21:28 . 2008-04-07 21:28 <REP> d-------- C:\Program Files\Lavasoft
      2008-04-07 21:28 . 2008-04-07 21:34 <REP> d-------- C:\PROGRA~2\Lavasoft
      2008-04-07 21:27 . 2008-04-07 21:27 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-04-07 13:20 . 2008-04-07 21:29 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
      2008-04-07 13:20 . 2008-04-07 21:29 <REP> d-------- C:\PROGRA~2\Spybot - Search & Destroy
      2008-04-07 11:15 . 2008-04-07 11:15 <REP> d-------- C:\Users\Mick\AppData\Roaming\PC-Cleaner
      2008-04-07 11:14 . 2008-04-07 13:11 <REP> d-------- C:\Program Files\PC-Cleaner
      2008-04-02 17:11 . 2008-04-02 17:11 <REP> d-------- C:\Program Files\Alwil Software
      2008-04-02 17:11 . 2008-03-29 19:45 1,146,232 --a------ C:\Windows\System32\aswBoot.exe
      2008-04-02 17:11 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
      2008-04-02 17:11 . 2008-03-29 19:23 95,608 --a------ C:\Windows\System32\AvastSS.scr
      2008-04-02 17:11 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
      2008-04-02 17:11 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
      2008-04-02 17:11 . 2008-03-29 19:27 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
      2008-04-02 17:11 . 2008-03-29 19:29 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
      2008-04-02 17:11 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
      2008-03-27 11:17 . 2008-03-27 11:18 <REP> d-------- C:\Program Files\Common Files\Adobe
      2008-03-25 23:49 . 2008-03-25 23:49 <REP> d-------- C:\Users\All Users\Messenger Plus!
      2008-03-25 23:49 . 2008-03-25 23:49 <REP> d-------- C:\PROGRA~2\Messenger Plus!
      2008-03-25 23:36 . 2008-04-02 00:47 <REP> d-------- C:\Program Files\Messenger Plus! Live
      2008-03-13 13:34 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
      2008-03-13 13:34 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-08 15:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-04-07 09:28 --------- d-----w C:\Users\Mick\AppData\Roaming\FUJIFILM
      2008-04-07 08:26 --------- d-----w C:\Users\Mick\AppData\Roaming\LimeWire
      2008-04-02 21:14 --------- d-----w C:\Program Files\Google
      2008-04-02 15:43 --------- d-----w C:\Program Files\Java
      2008-04-02 15:14 --------- d-----w C:\Users\Mick\AppData\Roaming\Packard Bell
      2008-04-01 13:13 --------- d-----w C:\Program Files\Everest Poker
      2008-03-13 14:13 --------- d-----w C:\Program Files\Windows Mail
      2008-03-13 14:11 --------- d-----w C:\PROGRA~2\Microsoft Help
      2008-02-15 14:46 --------- d-----w C:\Program Files\Neuf
      2008-02-15 02:11 --------- d-----w C:\Users\Mick\AppData\Roaming\vlc
      2008-02-14 17:48 --------- d-----w C:\Program Files\Yahoo!
      2008-02-14 17:48 --------- d-----w C:\Program Files\CCleaner
      2008-02-14 17:47 --------- d-----w C:\Program Files\VideoLAN
      2008-02-14 02:14 194,560 ----a-w C:\Windows\System32\WebClnt.dll
      2008-02-14 02:14 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
      2008-02-14 02:08 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
      2008-02-14 02:08 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
      2008-02-14 02:08 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
      2008-02-14 02:08 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
      2008-02-14 02:08 24,064 ----a-w C:\Windows\System32\netcfg.exe
      2008-02-14 02:08 22,016 ----a-w C:\Windows\System32\netiougc.exe
      2008-02-14 02:08 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
      2008-02-14 02:08 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
      2008-02-14 02:08 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
      2008-02-14 02:08 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
      2008-02-14 02:08 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
      2008-02-14 02:08 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
      2008-02-14 02:07 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-02-14 02:07 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-02-14 02:07 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-02-14 02:07 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-02-14 02:07 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-02-14 02:07 1,686,528 ----a-w C:\Windows\System32\gameux.dll
      2008-02-14 02:04 824,832 ----a-w C:\Windows\System32\wininet.dll
      2008-02-14 02:04 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2008-02-14 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-02-14 02:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2008-02-13 17:11 --------- d-----w C:\Users\Mick\AppData\Roaming\Media Player Classic
      2008-02-13 17:10 --------- d-----w C:\Program Files\K-Lite Codec Pack
      2008-01-25 14:27 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
      2008-01-25 14:27 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
      2008-01-25 14:27 542,720 ----a-w C:\Windows\System32\sysmain.dll
      2008-01-25 14:27 502,784 ----a-w C:\Windows\System32\wlansvc.dll
      2008-01-25 14:27 47,104 ----a-w C:\Windows\System32\wlanapi.dll
      2008-01-25 14:27 297,984 ----a-w C:\Windows\System32\wlansec.dll
      2008-01-25 14:27 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
      2008-01-25 14:27 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
      2008-01-25 14:27 2,923,520 ----a-w C:\Windows\explorer.exe
      2008-01-25 14:27 2,027,008 ----a-w C:\Windows\System32\win32k.sys
      2008-01-25 14:25 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
      2008-01-25 14:25 7,680 ----a-w C:\Windows\System32\spwmp.dll
      2008-01-25 14:25 4,096 ----a-w C:\Windows\System32\dxmasf.dll
      2008-01-25 14:25 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
      2008-01-25 14:23 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
      2008-01-25 14:23 8,704 ----a-w C:\Windows\System32\hcrstco.dll
      2008-01-25 14:23 8,704 ----a-w C:\Windows\System32\hccoin.dll
      2008-01-25 14:23 223,232 ----a-w C:\Windows\System32\WMASF.DLL
      2008-01-25 14:23 1,327,104 ----a-w C:\Windows\System32\quartz.dll
      2008-01-25 14:22 84,480 ----a-w C:\Windows\System32\INETRES.dll
      2008-01-25 14:22 737,792 ----a-w C:\Windows\System32\inetcomm.dll
      2008-01-25 14:22 11,776 ----a-w C:\Windows\System32\sbunattend.exe
      2008-01-25 14:20 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
      2008-01-25 13:32 53,080 ----a-w C:\Windows\System32\wuauclt.exe
      2008-01-25 13:32 43,352 ----a-w C:\Windows\System32\wups2.dll
      2008-01-25 13:32 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
      2008-01-25 13:32 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
      2008-01-25 13:31 80,896 ----a-w C:\Windows\System32\wudriver.dll
      2008-01-25 13:31 549,720 ----a-w C:\Windows\System32\wuapi.dll
      2008-01-25 13:31 33,624 ----a-w C:\Windows\System32\wups.dll
      2008-01-25 13:30 31,232 ----a-w C:\Windows\System32\wuapp.exe
      2008-01-25 13:30 163,000 ----a-w C:\Windows\System32\wuwebv.dll
      2008-01-10 12:16 159,839 ----a-w C:\Windows\System32\xvidvfw.dll
      2008-01-10 12:15 755,027 ----a-w C:\Windows\System32\xvidcore.dll
      2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
      2007-10-29 11:11 174 --sha-w C:\Program Files\desktop.ini
      .

      ((((((((((((((((((((((((((((( snapshot_2008-04-08_18.01.16.04 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-04-08 15:40:18 67,584 --s-a-w C:\Windows\bootstat.dat
      + 2008-04-08 16:09:49 67,584 --s-a-w C:\Windows\bootstat.dat
      - 2008-04-08 15:55:31 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-04-08 16:25:02 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
      - 2008-04-08 15:42:38 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
      + 2008-04-08 16:12:05 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
      + 2008-04-08 16:12:05 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
      - 2008-04-08 15:57:38 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-04-08 16:11:17 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      - 2008-04-08 15:42:33 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
      + 2008-04-08 16:12:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
      + 2008-04-08 16:12:00 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
      - 2008-04-08 15:40:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2008-04-08 16:10:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      - 2008-04-08 15:40:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      + 2008-04-08 16:10:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2008-04-08 15:40:42 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2008-04-08 16:10:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2008-04-08 15:47:38 107,614 ----a-w C:\Windows\System32\perfc009.dat
      + 2008-04-08 16:17:05 107,614 ----a-w C:\Windows\System32\perfc009.dat
      - 2008-04-08 15:47:38 122,020 ----a-w C:\Windows\System32\perfc00C.dat
      + 2008-04-08 16:17:05 122,020 ----a-w C:\Windows\System32\perfc00C.dat
      - 2008-04-08 15:47:38 618,470 ----a-w C:\Windows\System32\perfh009.dat
      + 2008-04-08 16:17:05 618,470 ----a-w C:\Windows\System32\perfh009.dat
      - 2008-04-08 15:47:38 700,222 ----a-w C:\Windows\System32\perfh00C.dat
      + 2008-04-08 16:17:05 700,222 ----a-w C:\Windows\System32\perfh00C.dat
      - 2008-04-08 15:42:53 7,050 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3669695481-830603187-3325182165-1002_UserData.bin
      + 2008-04-08 16:12:22 7,066 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3669695481-830603187-3325182165-1002_UserData.bin
      - 2008-04-08 15:42:53 53,862 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      + 2008-04-08 16:12:22 53,870 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      - 2008-04-08 15:42:51 41,398 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      + 2008-04-08 16:12:21 41,502 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      .
      -- Snapshot reset to current date --
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-25 16:22 1232896]
      "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
      "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-29 21:45 1006264]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]
      "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 07:27 4702208 C:\Windows\RtHDVCpl.exe]
      "Skytel"="Skytel.exe" [2007-08-03 07:22 1826816 C:\Windows\SkyTel.exe]
      "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 12:40 232184]
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-29 13:45 243200]
      "MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-13 00:36 102400]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 03:18 366400]
      "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2008-01-28 13:09:11 303104]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.YV12"= yv12vfw.dll
      "msacm.ac3acm"= ac3acm.acm
      "msacm.lameacm"= lameACM.acm

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{74C69D1B-F30F-4D74-8BC2-B24890EC6DFE}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
      "{579FD62D-76A9-4493-8CF5-EFE50AD5A38D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{60363410-AA70-440E-B26C-8FE6413362CD}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{7579D979-874F-46DC-8F67-2936FC5BE07D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
      "{CFEA1B95-EC12-4D5D-A8B4-3746E8FB29C9}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
      "{6E624C5F-4370-4BF4-97F4-F53BB2E1A13F}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

      R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
      R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-02-28 19:04]
      R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-24 16:01]

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-04-08 16:30:00 C:\Windows\Tasks\Extension de garantie.job"
      - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
      "2008-04-08 16:30:00 C:\Windows\Tasks\Recovery DVD Creator.job"
      - C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
      "2008-04-07 20:39:22 C:\Windows\Tasks\User_Feed_Synchronization-{20044B23-DB1C-4B19-8FC4-CFD9CF5454D4}.job"
      - C:\Windows\system32\msfeedssync.exe
      .
      **************************************************************************

      catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-08 18:42:09
      Windows 6.0.6000 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-08 18:42:52
      ComboFix-quarantined-files.txt 2008-04-08 16:42:48
      ComboFix2.txt 2008-04-08 16:01:41
      ComboFix3.txt 2008-04-08 15:15:24
      Pre-Run: 96,938,332,160 octets libres
      Post-Run: 96,911,540,224 octets libres
      .
      2008-04-06 19:41:02 --- E O F ---
      0
  13. choubi
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:45:58, on 08/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\FinePixViewerS\QuickDCF2.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    0
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok choubi,

    passe cet antispyware maintenant :

    Fais un scan avec cet antispyware :

    Telecharge malwarebytes + tutoriel :

    -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    @+
    0
  15. choubi
     
    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 600

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 107702
    Temps écoulé: 23 minute(s), 57 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 17
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 8

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{76a1043a-73cb-407f-9074-57edbdb4a2d9} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e28aaab8-eec5-4116-8b30-43bae8bff7f5} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76a1043a-73cb-407f-9074-57edbdb4a2d9} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{e28aaab8-eec5-4116-8b30-43bae8bff7f5} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Cleaner\com (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    C:\Users\Mick\AppData\Roaming\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\ProgramData\hibsncso\exarqrkn.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\PROGRA~2\keaogjes\hcrkdyxg.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\PROGRA~2\qawjnuey\mbkfitqh.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\PROGRA~2\shetajgv\olytqbyx.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\PROGRA~2\sjyzssya\wtwtqxeh.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\PC-Cleaner\com\pcsd.dll (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    C:\Users\Mick\AppData\Roaming\PC-Cleaner\log.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    C:\Users\Mick\AppData\Roaming\PC-Cleaner\settings.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
    0
  16. g!rly Messages postés 18462 Statut Contributeur 407
     
    oui c´est ok choubi

    post un nouveau rapport hijack this stp

    @+
    0
  17. choubi
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:27:05, on 08/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ATK Hotkey\Hcontrol.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ATK Hotkey\ATKOSD.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\FinePixViewerS\QuickDCF2.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    0
  18. g!rly Messages postés 18462 Statut Contributeur 407
     
    choubi, comment ca va de ton coté ?

    ca serait bien de faire un scan en ligne pour verifier :

    http://www.vista-xp.fr/forum/topic110.html

    post le rapport a la fin

    @+
    0
    1. choubi
       
      un quick scan ou un full scan?
      0
    2. choubi
       
      ça marche pas...et en tout cas merci du coup de main
      0
  19. g!rly Messages postés 18462 Statut Contributeur 407
     
    il faut que tu arretes avast le temps du scan

    fais un full scan

    @+
    0