Virus trojan vundo ou fakealert ou les deux ?

trk689 -  
 trk689 -
Bonjour,
Depuis deux semaines un message d'alerte de bitdefender v10 m'annonce une infection en "c:\windows\system32\ssqohabb.dll" et "...\cbxogapp.dll" par Trojan.Vundo.GJ et Trojan.Vundo.EFK, tout en me signalant que BitDefender a bloqué ce virus. Outre que ces messages incessants ne m'amusent pas, mon P.C. tourne au ralenti et depuis peu les icônes du bureau disparaissent avec la barre horizontale du menu démarrer. Arrivé à ce stade je ne peux qu'éteindre mon ordinateur, sauf si je désire aller sur internet car la barre latérale de google desktop reste elle visible et active.
J'ai déjà essayé, sans méthode de scanner mon P.C. avec des antivirus, j'ai reçu une fois une alerte d'infection par fakealert.

Quelqu'un peut-il m'aider pour le diagnostic et la procédure à suivre pour soigner ?
C'est un ordinateur professionnel sur lequel j'ai des données de travail.
Merci d'avance.
Configuration: Windows XP
Firefox 2.0.0.13

6 réponses

  1. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Bonjour

    1) Affiche les fichiers et dossiers cachés …
    Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
    Ensuite, clique sur > Outils > Options des dossiers ...
    clique sur l' onglet « Affichage » et ...
    coche ---> Afficher les fichiers et dossiers cachés
    décoche > Masquer les extensions des fichiers dont le type est connu
    décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
    « Appliquer » et « OK ».
    refaire la manip inverse en fin de désinfection

    Télécharges ComboFix à partir d'un de ces liens :
    En premier
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Et important, enregistre le sur le bureau.

    Avant d'utiliser ComboFix :

    ► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    ► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    ► Réactive
    la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    ► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    + un log hijackthis

    +++

    1
  2. FFF supertux Messages postés 110 Statut Membre 9
     
    bonjour,

    sa dit vundo?essaye avec vundofix (dispo sur clubic)
    0
    1. trk689 Messages postés 2 Statut Membre
       
      Re-bonjour

      J'essaie mais ça met du temps.

      Je vous tiens au courant.
      0
      1. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280 > trk689 Messages postés 2 Statut Membre
         
        Tout est LA

        0
  3. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Salut

    F - Hijackthis - Outil de diagnostic et réparation
    télécharge HijackThis ici:
    http://telechargement.zebulon.fr/138-hijackthis-1991.html
    https://kerio.probb.fr/t62-comment-utiliser-et-comprendre-hijackthis
    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/Hijenr.gif
    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm
    http://www.tutoriaux-excalibur.com/hijackthis.htm
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Ensuite

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

    http://www.atribune.org/ccount/click.php?id=4

    * Double-clique VundoFix.exe afin de le lancer.
    * Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
    * Clique sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, clique sur le bouton Remove Vundo
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    * Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
    * Démarre ton PC à nouveau.
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt


    Télécharge VirtumundoBegone sur le bureau:

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse

    ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

    Bon courage

    A+
    0
    1. trk689 Messages postés 2 Statut Membre
       
      Bonjoour !
      Dans un premier temps le scan de Vundofix n'a rien trouvé. Je passe donc à la procédure avec Hijackthis et suivants.
      Merci
      A suivre.
      0
    2. trk689
       
      Bonsoir
      De retour sur mon P.C. j'ai trouvé le fichier suivant comme résultat du scanne de hijackthis, je passe immédiatement aux autres étapes et vous transmets les rapports correspondants.
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:42:59, on 16/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0013)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
      C:\WINDOWS\system32\slserv.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
      C:\Program Files\Softwin\BitDefender10\bdmcon.exe
      C:\Program Files\Softwin\BitDefender10\bdagent.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\SuperCopier2\SuperCopier2.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\Google Talk\googletalk.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
      C:\Program Files\Palm\Hotsync.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      C:\Program Files\Softwin\BitDefender10\vsserv.exe
      C:\WINDOWS\explorer.exe
      C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
      C:\Program Files\eMule\emule.exe
      C:\Program Files\uTorrent\uTorrent.exe
      C:\Documents and Settings\trk\Bureau\Pirateça.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://french.eazel.com/index.php?rvs=hompag
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
      F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
      O2 - BHO: (no name) - {00000000-0000-11D1-ABED-709549C10000} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
      O2 - BHO: (no name) - {1967FE6D-9EC2-40AB-AFDF-C62B0A345C2E} - C:\WINDOWS\system32\cbXOGApp.dll
      O2 - BHO: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
      O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
      O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: (no name) - {826A5ED9-1316-4EFD-87F8-AA400C5D551A} - C:\WINDOWS\system32\ssqOHabb.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
      O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
      O4 - HKLM\..\Run: [402c995d] rundll32.exe "C:\WINDOWS\system32\gtjrdinu.dll",b
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: La Solution Ciel (L).lnk = C:\CIEL\STARTER.EXE
      O4 - Startup: LifeDrive™ Manager.lnk = C:\Program Files\Palm\LifeDriveMgrTray.exe
      O4 - Global Startup: BlueSoleil.lnk = ?
      O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
      O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
      O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\System32\shdocvw.dll
      O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\System32\shdocvw.dll
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Alice ADSL - {850A3F98-36CB-4C77-8378-AD5CF0669FA5} - https://portail.free.fr/ (file missing) (HKCU)
      O14 - IERESET.INF: START_PAGE_URL=https://portail.free.fr/
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O20 - Winlogon Notify: ssqOHabb - C:\WINDOWS\SYSTEM32\ssqOHabb.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
      O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
      O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      0
  4. trk689
     
    RE..

    Vundofix n'a rien trouvé, ci dessous le rapport de VirtumundoBeGone :
    Je relance hijackthis.

    [04/16/2008, 23:42:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\trk\Bureau\VirtumundoBeGone.exe" )
    [04/16/2008, 23:43:07] - Detected System Information:
    [04/16/2008, 23:43:07] - Windows Version: 5.1.2600, Service Pack 2
    [04/16/2008, 23:43:07] - Current Username: trk (Admin)
    [04/16/2008, 23:43:07] - Windows is in NORMAL mode.
    [04/16/2008, 23:43:07] - Searching for Browser Helper Objects:
    [04/16/2008, 23:43:07] - BHO 1: {00000000-0000-11D1-ABED-709549C10000} ()
    [04/16/2008, 23:43:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/16/2008, 23:43:07] - No filename found. Continuing.
    [04/16/2008, 23:43:07] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [04/16/2008, 23:43:07] - BHO 3: {100EB1FD-D03E-47FD-81F3-EE91287F9465} ()
    [04/16/2008, 23:43:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/16/2008, 23:43:07] - No filename found. Continuing.
    [04/16/2008, 23:43:08] - BHO 4: {1967FE6D-9EC2-40AB-AFDF-C62B0A345C2E} ()
    [04/16/2008, 23:43:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/16/2008, 23:43:08] - Checking for HKLM\...\Winlogon\Notify\cbXOGApp
    [04/16/2008, 23:43:08] - Key not found: HKLM\...\Winlogon\Notify\cbXOGApp, continuing.
    [04/16/2008, 23:43:08] - BHO 5: {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} (Online TV Toolbar)
    [04/16/2008, 23:43:08] - BHO 6: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} ()
    [04/16/2008, 23:43:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/16/2008, 23:43:08] - No filename found. Continuing.
    [04/16/2008, 23:43:08] - BHO 7: {64F56FC1-1272-44CD-BA6E-39723696E350} ()
    [04/16/2008, 23:43:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/16/2008, 23:43:08] - No filename found. Continuing.
    [04/16/2008, 23:43:08] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [04/16/2008, 23:43:08] - BHO 9: {826A5ED9-1316-4EFD-87F8-AA400C5D551A} ()
    [04/16/2008, 23:43:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/16/2008, 23:43:08] - Checking for HKLM\...\Winlogon\Notify\ssqOHabb
    [04/16/2008, 23:43:08] - Found: HKLM\...\Winlogon\Notify\ssqOHabb - This is probably Virtumundo.
    [04/16/2008, 23:43:08] - Assigning {826A5ED9-1316-4EFD-87F8-AA400C5D551A} MSEvents Object
    [04/16/2008, 23:43:08] - BHO list has been changed! Starting over...
    [04/16/2008, 23:43:09] - BHO 1: {00000000-0000-11D1-ABED-709549C10000} ()
    [04/16/2008, 23:43:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/16/2008, 23:43:09] - No filename found. Continuing.
    [04/16/2008, 23:43:09] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [04/16/2008, 23:43:09] - BHO 3: {100EB1FD-D03E-47FD-81F3-EE91287F9465} ()
    [04/16/2008, 23:43:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/16/2008, 23:43:09] - No filename found. Continuing.
    [04/16/2008, 23:43:09] - BHO 4: {1967FE6D-9EC2-40AB-AFDF-C62B0A345C2E} ()
    [04/16/2008, 23:43:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/16/2008, 23:43:09] - Checking for HKLM\...\Winlogon\Notify\cbXOGApp
    [04/16/2008, 23:43:09] - Key not found: HKLM\...\Winlogon\Notify\cbXOGApp, continuing.
    [04/16/2008, 23:43:09] - BHO 5: {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} (Online TV Toolbar)
    [04/16/2008, 23:43:09] - BHO 6: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} ()
    [04/16/2008, 23:43:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/16/2008, 23:43:09] - No filename found. Continuing.
    [04/16/2008, 23:43:09] - BHO 7: {64F56FC1-1272-44CD-BA6E-39723696E350} ()
    [04/16/2008, 23:43:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/16/2008, 23:43:09] - No filename found. Continuing.
    [04/16/2008, 23:43:09] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [04/16/2008, 23:43:09] - BHO 9: {826A5ED9-1316-4EFD-87F8-AA400C5D551A} (MSEvents Object)
    [04/16/2008, 23:43:09] - ALERT: Found MSEvents Object!
    [04/16/2008, 23:43:09] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [04/16/2008, 23:43:09] - BHO 11: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [04/16/2008, 23:43:10] - BHO 12: {B56A7D7D-6927-48C8-A975-17DF180C71AC} (PCTools Browser Monitor)
    [04/16/2008, 23:43:10] - Finished Searching Browser Helper Objects
    [04/16/2008, 23:43:10] - *** Detected MSEvents Object
    [04/16/2008, 23:43:10] - Trying to remove MSEvents Object...
    [04/16/2008, 23:43:11] - Terminating Process: IEXPLORE.EXE
    [04/16/2008, 23:43:17] - Terminating Process: RUNDLL32.EXE
    [04/16/2008, 23:43:21] - Disabling Automatic Shell Restart
    [04/16/2008, 23:43:21] - Terminating Process: EXPLORER.EXE
    [04/16/2008, 23:43:43] - Suspending the NT Session Manager System Service
    [04/16/2008, 23:43:46] - Terminating Windows NT Logon/Logoff Manager
    [04/16/2008, 23:43:49] - Re-enabling Automatic Shell Restart
    [04/16/2008, 23:43:49] - File to disable: C:\WINDOWS\system32\ssqOHabb.dll
    [04/16/2008, 23:43:49] - Renaming C:\WINDOWS\system32\ssqOHabb.dll -> C:\WINDOWS\system32\ssqOHabb.dll.vir
    [04/16/2008, 23:43:52] - File successfully renamed!
    [04/16/2008, 23:43:52] - Removing HKLM\...\Browser Helper Objects\{826A5ED9-1316-4EFD-87F8-AA400C5D551A}
    [04/16/2008, 23:43:52] - Removing HKCR\CLSID\{826A5ED9-1316-4EFD-87F8-AA400C5D551A}
    [04/16/2008, 23:43:52] - Adding Kill Bit for ActiveX for GUID: {826A5ED9-1316-4EFD-87F8-AA400C5D551A}
    [04/16/2008, 23:43:52] - Deleting ATLEvents/MSEvents Registry entries
    [04/16/2008, 23:43:52] - Removing HKLM\...\Winlogon\Notify\ssqOHabb
    [04/16/2008, 23:43:52] - Searching for Browser Helper Objects:
    [04/16/2008, 23:43:52] - BHO 1: {00000000-0000-11D1-ABED-709549C10000} ()
    [04/16/2008, 23:43:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/16/2008, 23:43:52] - No filename found. Continuing.
    [04/16/2008, 23:43:52] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [04/16/2008, 23:43:52] - BHO 3: {100EB1FD-D03E-47FD-81F3-EE91287F9465} ()
    [04/16/2008, 23:43:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/16/2008, 23:43:52] - No filename found. Continuing.
    [04/16/2008, 23:43:52] - BHO 4: {1967FE6D-9EC2-40AB-AFDF-C62B0A345C2E} ()
    [04/16/2008, 23:43:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/16/2008, 23:43:52] - Checking for HKLM\...\Winlogon\Notify\cbXOGApp
    [04/16/2008, 23:43:52] - Key not found: HKLM\...\Winlogon\Notify\cbXOGApp, continuing.
    [04/16/2008, 23:43:52] - BHO 5: {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} (Online TV Toolbar)
    [04/16/2008, 23:43:52] - BHO 6: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} ()
    [04/16/2008, 23:43:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/16/2008, 23:43:52] - No filename found. Continuing.
    [04/16/2008, 23:43:53] - BHO 7: {64F56FC1-1272-44CD-BA6E-39723696E350} ()
    [04/16/2008, 23:43:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/16/2008, 23:43:53] - No filename found. Continuing.
    [04/16/2008, 23:43:53] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [04/16/2008, 23:43:53] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [04/16/2008, 23:43:53] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [04/16/2008, 23:43:53] - BHO 11: {B56A7D7D-6927-48C8-A975-17DF180C71AC} (PCTools Browser Monitor)
    [04/16/2008, 23:43:53] - Finished Searching Browser Helper Objects
    [04/16/2008, 23:43:53] - Finishing up...
    [04/16/2008, 23:43:53] - A restart is needed.
    [04/16/2008, 23:44:13] - Attempting to Restart via STOP error (Blue Screen!)

    [04/17/2008, 0:00:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\trk\Bureau\VirtumundoBeGone.exe" )
    [04/17/2008, 0:00:57] - Detected System Information:
    [04/17/2008, 0:00:57] - Windows Version: 5.1.2600, Service Pack 2
    [04/17/2008, 0:00:57] - Current Username: trk (Admin)
    [04/17/2008, 0:00:57] - Windows is in NORMAL mode.
    [04/17/2008, 0:00:57] - Searching for Browser Helper Objects:
    [04/17/2008, 0:00:57] - BHO 1: {00000000-0000-11D1-ABED-709549C10000} ()
    [04/17/2008, 0:00:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/17/2008, 0:00:57] - No filename found. Continuing.
    [04/17/2008, 0:00:58] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [04/17/2008, 0:00:58] - BHO 3: {100EB1FD-D03E-47FD-81F3-EE91287F9465} ()
    [04/17/2008, 0:00:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/17/2008, 0:00:58] - No filename found. Continuing.
    [04/17/2008, 0:00:58] - BHO 4: {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} (Online TV Toolbar)
    [04/17/2008, 0:00:58] - BHO 5: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} ()
    [04/17/2008, 0:00:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/17/2008, 0:00:58] - No filename found. Continuing.
    [04/17/2008, 0:00:58] - BHO 6: {64F56FC1-1272-44CD-BA6E-39723696E350} ()
    [04/17/2008, 0:00:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/17/2008, 0:00:58] - No filename found. Continuing.
    [04/17/2008, 0:00:58] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [04/17/2008, 0:00:58] - BHO 8: {85540D24-F3CE-4A57-ADBC-2A86820C438C} ()
    [04/17/2008, 0:00:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [04/17/2008, 0:00:58] - Checking for HKLM\...\Winlogon\Notify\cbXOGApp
    [04/17/2008, 0:00:58] - Key not found: HKLM\...\Winlogon\Notify\cbXOGApp, continuing.
    [04/17/2008, 0:00:58] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [04/17/2008, 0:00:58] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [04/17/2008, 0:00:58] - BHO 11: {B56A7D7D-6927-48C8-A975-17DF180C71AC} (PCTools Browser Monitor)
    [04/17/2008, 0:00:58] - Finished Searching Browser Helper Objects
    [04/17/2008, 0:00:58] - Finishing up...
    [04/17/2008, 0:00:58] - Nothing found! Exiting...
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. trk689
     
    Voici enfin le dernier rapport, celui de hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:11:09, on 17/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Documents and Settings\trk\Bureau\Pirateça.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://french.eazel.com/index.php?rvs=hompag
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
    O2 - BHO: (no name) - {00000000-0000-11D1-ABED-709549C10000} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
    O2 - BHO: {ba46187c-9bc3-5d38-fb44-fd94595386e2} - {2e683595-49df-44bf-83d5-3cb9c78164ab} - C:\WINDOWS\system32\fnvhriex.dll
    O2 - BHO: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {85540D24-F3CE-4A57-ADBC-2A86820C438C} - C:\WINDOWS\system32\cbXOGApp.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [402c995d] rundll32.exe "C:\WINDOWS\system32\kehaowsi.dll",b
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: La Solution Ciel (L).lnk = C:\CIEL\STARTER.EXE
    O4 - Startup: LifeDrive™ Manager.lnk = C:\Program Files\Palm\LifeDriveMgrTray.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Alice ADSL - {850A3F98-36CB-4C77-8378-AD5CF0669FA5} - https://portail.free.fr/ (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=https://portail.free.fr/
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    0
  7. trk689
     
    Bonjour!
    J'ai ces derniers temps utilisé un autre ordinateur.
    J'ai fais ce matin ce qu'il fallait avec combofix. à la reconnexion sur internet tout semblait fonctionner normalement, mon ordinateur a récupéré sa vitesse normale et je n'ai plus de message d'alert de bitdefender.
    Je vous trasmets les deux derniers rapports celui de combofix et celui de hijackthis.
    J'en attends votre analyse, qui confirmera je l'espère que tout est rentré dans l'ordre, et je vous remercie pour vos consignes.
    Dernière chose, pourriez vous sur mon cas me "traduire" les informations que le rapport hijackthis a fournies, qui permettait de reconnaitre l'infection en cause ?
    Encore merci.

    ComboFix 08-04-18.3 - trk 2008-04-20 11:09:18.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.442 [GMT 2:00]
    Endroit: C:\Documents and Settings\trk\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\trk\Application Data\DriveCleaner 2006 Free
    C:\Documents and Settings\trk\Application Data\DriveCleaner 2006 Free\Logs\update.log
    C:\Documents and Settings\trk\Application Data\ShoppingReport
    C:\Documents and Settings\trk\Application Data\ShoppingReport\cs\Config.xml
    C:\Documents and Settings\trk\Application Data\ShoppingReport\cs\db\Aliases.dbs
    C:\Documents and Settings\trk\Application Data\ShoppingReport\cs\db\Sites.dbs
    C:\Documents and Settings\trk\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    C:\Documents and Settings\trk\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    C:\Documents and Settings\trk\Application Data\ShoppingReport\cs\report\send_storage.xml
    C:\Documents and Settings\trk\Application Data\ShoppingReport\cs\res3\WhiteList.dbs
    C:\Program Files\ShoppingReport
    C:\Program Files\ShoppingReport\Uninst.exe
    C:\WA6P
    C:\WINDOWS\BM431faac1.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\cbxjkydy.dll
    C:\WINDOWS\system32\cbXOGApp.dll
    C:\WINDOWS\system32\iswoahek.ini
    C:\WINDOWS\system32\kehaowsi.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\ppAGOXbc.ini
    C:\WINDOWS\system32\ppAGOXbc.ini2
    C:\WINDOWS\system32\stera.log
    C:\WINDOWS\system32\winspool.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-20 10:46 . 2008-04-20 10:46 <REP> d-------- C:\WINDOWS\LastGood
    2008-04-16 10:36 . 2008-04-16 11:02 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-04-16 02:39 . 2008-04-16 02:39 <REP> d-------- C:\Documents and Settings\trk\Application Data\Grisoft
    2008-04-16 02:38 . 2008-04-16 02:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-04-16 02:38 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-04-15 23:32 . 2008-04-16 23:00 1,942 ---hs---- C:\WINDOWS\system32\unidrjtg.ini
    2008-04-12 00:28 . 2008-04-12 00:28 <REP> d-------- C:\Program Files\Lavasoft
    2008-04-12 00:28 . 2008-04-12 00:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-12 00:25 . 2008-04-12 00:25 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-04-09 19:20 . 2008-04-09 19:20 <REP> d-------- C:\VundoFix Backups
    2008-04-08 01:35 . 2008-04-08 01:35 <REP> d-------- C:\Documents and Settings\trk\Application Data\Bitdefender
    2008-04-08 01:33 . 2008-04-08 01:33 <REP> d-------- C:\Program Files\Softwin
    2008-04-08 01:33 . 2008-04-08 01:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
    2008-04-08 01:30 . 2008-04-08 01:33 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
    2008-04-08 01:14 . 2008-04-08 01:14 <REP> d-------- C:\Program Files\CCleaner
    2008-04-07 16:44 . 2008-04-07 16:44 6,116,304 --a------ C:\WINDOWS\Firefox Setup 2.0.0.13.exe
    2008-04-06 02:48 . 2008-04-12 08:12 3,333,728 --a------ C:\WINDOWS\system32\scolmpdain.xml
    2008-04-05 10:50 . 2008-04-05 10:50 <REP> d-------- C:\Program Files\Nero
    2008-04-05 10:50 . 2008-04-05 10:56 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-04-05 02:14 . 2008-03-01 16:31 <REP> d-------- C:\Documents and Settings\trk\Nero 8 Ultra Edition 8.2.8.0+Keymaker
    2008-04-05 00:54 . 2008-04-05 00:54 <REP> d-------- C:\Documents and Settings\trk\Application Data\ItsLabel
    2008-04-04 23:01 . 2008-04-04 23:01 <REP> d-------- C:\Program Files\uTorrent
    2008-04-04 23:00 . 2008-04-16 23:44 <REP> d-------- C:\Documents and Settings\trk\Application Data\uTorrent
    2008-04-04 22:59 . 2008-04-05 03:41 <REP> d-------- C:\Documents and Settings\trk\Application Data\EoRezo
    2008-04-04 14:18 . 2008-04-04 14:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-03-31 12:58 . 2008-04-07 11:36 2,000 --a------ C:\WINDOWS\ESwork.ini
    2008-03-31 12:47 . 2008-03-31 12:47 31 --a------ C:\WINDOWS\ESPROTECT.ini
    2008-03-31 12:46 . 2008-03-31 12:46 <REP> d-------- C:\Program Files\Interstem
    2008-03-31 12:46 . 2008-03-31 12:46 <REP> d-------- C:\Documents and Settings\trk\WINDOWS
    2008-03-31 12:46 . 2008-03-31 12:46 0 --a------ C:\WINDOWS\PROTOCOL.INI
    2008-03-30 12:58 . 2007-06-28 18:43 123,602 --a------ C:\WINDOWS\system32\nvapps.nvb
    2008-03-20 11:26 . 2008-04-15 22:28 <REP> d-------- C:\Program Files\Mozilla Thunderbird
    2008-03-20 11:26 . 2008-03-20 11:26 <REP> d-------- C:\Documents and Settings\trk\Application Data\Thunderbird

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-20 09:12 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-04-19 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-04-16 17:28 --------- d-----w C:\Program Files\eMule
    2008-04-16 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-09 21:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-07 13:23 --------- d-----w C:\Program Files\Picasa2
    2008-04-05 08:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-04-05 02:13 --------- d-----w C:\Program Files\Palm
    2008-04-05 01:40 --------- d-----w C:\Program Files\CyberLink
    2008-04-04 21:20 --------- d-----w C:\Program Files\DivX
    2008-04-04 12:17 --------- d-----w C:\Documents and Settings\trk\Application Data\CyberLink
    2008-04-04 12:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-04 12:04 29,480 ----a-w C:\WINDOWS\system32\msxml3a.dll
    2008-03-31 17:23 --------- d---a-w C:\Program Files\OFFICE One6.5
    2008-03-31 12:29 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-03-16 10:30 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-03-16 10:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-03-16 00:05 --------- d-----w C:\Program Files\Le Gérant
    2008-03-01 12:58 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2008-03-01 12:58 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-03-01 12:58 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-03-01 12:58 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-03-01 12:58 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-03-01 12:58 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2007-08-08 20:57 88 --sh--r C:\WINDOWS\system32\4FD29FC089.sys
    2007-08-08 20:57 3,140 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-12-13 18:54 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007121320071214\index.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-10 20:51 68856]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
    "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-04-19 07:39 3297280]
    "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-03-25 11:48 906480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
    "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

    C:\Documents and Settings\trk\Menu D‚marrer\Programmes\D‚marrage\
    La Solution Ciel (L).lnk - C:\CIEL\STARTER.EXE [2006-02-18 21:48:24 487424]
    LifeDriveT Manager.lnk - C:\Program Files\Palm\LifeDriveMgrTray.exe [2005-04-28 12:49:30 86016]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-11-25 19:56:33 1048576]
    DataViz Inc Messenger.lnk - C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe [2006-11-22 01:23:09 28672]
    HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 15:16:08 471040]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-12-08 00:27:16 124912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\Palm\\Hotsync.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=

    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-02-02 17:40]
    R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-08 17:58]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-20 11:13:04
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\C:\DOCUME~1\trk\LOCALS~1\Temp\mc23.tmp"
    .
    Temps d'accomplissement: 2008-04-20 11:15:38
    ComboFix-quarantined-files.txt 2008-04-20 09:15:04

    Pre-Run: 19,958,784,000 octets libres
    Post-Run: 19,945,041,920 octets libres

    191 --- E O F --- 2008-04-09 20:49:04

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:16:28, on 20/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Palm\LifeDriveMgrTray.exe
    C:\Program Files\Palm\PalmOneLiveConnect.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\trk\Bureau\Pirateça.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://french.eazel.com/index.php?rvs=hompag
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: La Solution Ciel (L).lnk = C:\CIEL\STARTER.EXE
    O4 - Startup: LifeDrive™ Manager.lnk = C:\Program Files\Palm\LifeDriveMgrTray.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Alice ADSL - {850A3F98-36CB-4C77-8378-AD5CF0669FA5} - https://portail.free.fr/ (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=https://portail.free.fr/
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    0