Pubs intenpestives Résolu/Fermé

Question

Bonjour,

J'ai un problème de Pub intempestive sur mon PC, suite à un trojan
Je vous poste mon rapport Hijackthis, merci pour votre aide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:42, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\lotus
otes
tmulti.exe
C:\OfficeScan NT
trtscan.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\OfficeScan NT	mlisten.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\OfficeScan NT\ofcdog.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\E!PC\EXTRA.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Gaston\Mes documents\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ascometal.lucchini.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 140*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: {c6396cc1-6276-c3a9-ec14-484aa77069b4} - {4b96077a-a484-41ce-9a3c-67261cc6936c} - C:\WINDOWS\system32\mrsyjlgj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8053AF4F-F35D-4EC6-A411-039EFB515CD8} - C:\WINDOWS\system32\jkkKbXpp.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [BM4db55ef0] Rundll32.exe "C:\WINDOWS\system32\kodlgrtr.dll",s
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [DelOldFile] cmd.exe /C del /Q "C:\Program Files\Spcron"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ascometal.ad
O17 - HKLM\Software\..\Telephony: DomainName = ascometal.ad
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ascometal.ad
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ascometal.ad
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: jkkKbXpp - C:\WINDOWS\SYSTEM32\jkkKbXpp.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus
otes
tmulti.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT
trtscan.exe
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - http://ocsinventory.sourceforge.net - C:\Program Files\OCS Inventory Agent\ocsservice.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT	mlisten.exe

jlpjlp · Answer

slt

c'est ton domaine ceci?

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ascometal.ad 



________________

tu as une infection vundo:




scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

___________
puis :


virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
____________

télécharge combofix (par sUBs) ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

et enregistre le sur le bureau. 

déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix 

___________________
recolle un nouvel hijakhcits et dis tes soucis

ybous · Answer

Bonjour, O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ascometal.ad ceci est bien mon domaine ;) vundofix n'a rien trouvé VundoFix V7.0.5 Scan started at 11:34:45 05/06/2008 Listing files found while scanning.... No infected files were found. VundoFix V7.0.5 Scan started at 11:48:48 05/06/2008 Listing files found while scanning.... le rapport virtumondebegone est le suivant : 06/06/2008, 15:48:40] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Gaston\Local Settings\Temporary Internet Files\Content.IE5\HQ34TOKV\VirtumundoBeGone[1].exe" ) [06/06/2008, 15:48:43] - Detected System Information: [06/06/2008, 15:48:43] - Windows Version: 5.1.2600, Service Pack 2 [06/06/2008, 15:48:43] - Current Username: GASTON (Admin) [06/06/2008, 15:48:43] - Windows is in NORMAL mode. [06/06/2008, 15:48:43] - Searching for Browser Helper Objects: [06/06/2008, 15:48:43] - BHO 1: {4b96077a-a484-41ce-9a3c-67261cc6936c} () [06/06/2008, 15:48:43] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/06/2008, 15:48:43] - Checking for HKLM\...\Winlogon\Notify\mrsyjlgj [06/06/2008, 15:48:43] - Key not found: HKLM\...\Winlogon\Notify\mrsyjlgj, continuing. [06/06/2008, 15:48:43] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} () [06/06/2008, 15:48:43] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/06/2008, 15:48:43] - Checking for HKLM\...\Winlogon\Notify\SDHelper [06/06/2008, 15:48:43] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [06/06/2008, 15:48:43] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [06/06/2008, 15:48:43] - BHO 4: {8053AF4F-F35D-4EC6-A411-039EFB515CD8} () [06/06/2008, 15:48:43] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/06/2008, 15:48:43] - Checking for HKLM\...\Winlogon\Notify\jkkKbXpp [06/06/2008, 15:48:43] - Found: HKLM\...\Winlogon\Notify\jkkKbXpp - This is probably Virtumundo. [06/06/2008, 15:48:43] - Assigning {8053AF4F-F35D-4EC6-A411-039EFB515CD8} MSEvents Object [06/06/2008, 15:48:43] - BHO list has been changed! Starting over... [06/06/2008, 15:48:43] - BHO 1: {4b96077a-a484-41ce-9a3c-67261cc6936c} () [06/06/2008, 15:48:43] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/06/2008, 15:48:43] - Checking for HKLM\...\Winlogon\Notify\mrsyjlgj [06/06/2008, 15:48:43] - Key not found: HKLM\...\Winlogon\Notify\mrsyjlgj, continuing. [06/06/2008, 15:48:43] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} () [06/06/2008, 15:48:43] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/06/2008, 15:48:43] - Checking for HKLM\...\Winlogon\Notify\SDHelper [06/06/2008, 15:48:43] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [06/06/2008, 15:48:43] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [06/06/2008, 15:48:43] - BHO 4: {8053AF4F-F35D-4EC6-A411-039EFB515CD8} (MSEvents Object) [06/06/2008, 15:48:43] - ALERT: Found MSEvents Object! [06/06/2008, 15:48:43] - Finished Searching Browser Helper Objects [06/06/2008, 15:48:43] - *** Detected MSEvents Object [06/06/2008, 15:48:43] - Trying to remove MSEvents Object... [06/06/2008, 15:48:44] - Terminating Process: IEXPLORE.EXE [06/06/2008, 15:48:44] - Terminating Process: RUNDLL32.EXE [06/06/2008, 15:48:44] - Disabling Automatic Shell Restart [06/06/2008, 15:48:44] - Terminating Process: EXPLORER.EXE [06/06/2008, 15:48:45] - Suspending the NT Session Manager System Service [06/06/2008, 15:48:45] - Terminating Windows NT Logon/Logoff Manager [06/06/2008, 15:48:45] - Re-enabling Automatic Shell Restart [06/06/2008, 15:48:45] - File to disable: C:\WINDOWS\system32\jkkKbXpp.dll [06/06/2008, 15:48:45] - Renaming C:\WINDOWS\system32\jkkKbXpp.dll -> C:\WINDOWS\system32\jkkKbXpp.dll.vir [06/06/2008, 15:48:45] - File successfully renamed! [06/06/2008, 15:48:45] - Removing HKLM\...\Browser Helper Objects\{8053AF4F-F35D-4EC6-A411-039EFB515CD8} [06/06/2008, 15:48:45] - Removing HKCR\CLSID\{8053AF4F-F35D-4EC6-A411-039EFB515CD8} [06/06/2008, 15:48:45] - Adding Kill Bit for ActiveX for GUID: {8053AF4F-F35D-4EC6-A411-039EFB515CD8} [06/06/2008, 15:48:45] - Deleting ATLEvents/MSEvents Registry entries [06/06/2008, 15:48:45] - Removing HKLM\...\Winlogon\Notify\jkkKbXpp [06/06/2008, 15:48:45] - Searching for Browser Helper Objects: [06/06/2008, 15:48:45] - BHO 1: {4b96077a-a484-41ce-9a3c-67261cc6936c} () [06/06/2008, 15:48:45] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/06/2008, 15:48:45] - Checking for HKLM\...\Winlogon\Notify\mrsyjlgj [06/06/2008, 15:48:45] - Key not found: HKLM\...\Winlogon\Notify\mrsyjlgj, continuing. [06/06/2008, 15:48:45] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} () [06/06/2008, 15:48:45] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/06/2008, 15:48:45] - Checking for HKLM\...\Winlogon\Notify\SDHelper [06/06/2008, 15:48:45] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [06/06/2008, 15:48:45] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [06/06/2008, 15:48:45] - Finished Searching Browser Helper Objects [06/06/2008, 15:48:45] - Finishing up... [06/06/2008, 15:48:45] - A restart is needed. [06/06/2008, 15:48:50] - Attempting to Restart via STOP error (Blue Screen!) le rapport combofix est le suivant : ComboFix 08-06-05.3 - GASTON 2008-06-06 15:56:43.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.429 [GMT 2:00] Endroit: C:\Documents and Settings\Gaston\Bureau\ComboFix.exe * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll C:\Program Files\Temporary C:\WINDOWS\BM4db55ef0.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\kodlgrtr.dll C:\WINDOWS\system32\mrsyjlgj.dll C:\WINDOWS\system32\osedggsx.ini C:\WINDOWS\system32\qoMFXnon.dll C:\WINDOWS\system32 YIQrtwa.ini C:\WINDOWS\system32 YIQrtwa.ini2 E:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASBroker -------\Service_ASBroker ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))))))) . 2008-06-05 11:34 . 2008-06-05 11:34 d-------- C:\VundoFix Backups 2008-06-02 14:25 . 2008-06-02 15:37 d-------- C:\Program Files\a-squared Free 2008-06-02 14:03 . 2008-06-02 14:24 d-------- C:\Program Files\Trojan Remover 2008-06-02 14:03 . 2008-06-02 14:03 d-------- C:\Documents and Settings\Gaston\Application Data\Simply Super Software 2008-06-02 14:03 . 2008-06-02 14:03 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-06-02 14:03 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-06-02 14:03 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-06-02 14:03 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-06-02 14:03 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-06-02 11:07 . 2008-06-02 11:07 d-------- C:\Program Files\Trend Micro 2008-06-02 08:04 . 2008-06-02 08:04 24 --a------ C:\WINDOWS\pccntmon.INI 2008-06-01 22:23 . 2008-06-01 22:23 d-------- C:\Program Files\Lavasoft 2008-06-01 22:23 . 2008-06-01 22:23 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-06-01 22:23 . 2008-06-01 22:25 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-01 21:02 . 2008-06-01 21:02 d-------- C:\Program Files\Geonaute KeyMaze 300 2008-06-01 21:01 . 2005-07-25 10:04 48,640 --------- C:\WINDOWS\system32\drivers\ser2pl.sys 2008-06-01 20:50 . 2008-06-01 20:50 114,176 --a------ C:\WINDOWS\system32\bbxqgwnd.dll.vir 2008-05-30 16:47 . 2008-05-30 16:47 370,688 --a------ C:\WINDOWS\system32\awtrQIYr.dll.vir 2008-05-30 16:42 . 2008-05-30 16:42 57,344 --a------ C:\WINDOWS\system32\jkkKbXpp.dll.vir 2008-05-27 06:48 . 2008-06-02 14:25 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-27 06:32 . 2008-05-30 16:31 d-------- C:\Documents and Settings\Gaston\Application Data\Tunebite 2008-05-27 06:32 . 2008-05-31 10:13 d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution 2008-05-27 06:32 . 2008-02-20 13:47 27,936 --a------ C:\WINDOWS\system32\drivers bhsd.sys 2008-05-27 06:18 . 2008-05-30 16:11 d-------- C:\Program Files\Free Audio Pack 2008-05-17 15:17 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2008-05-17 15:17 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2008-05-17 15:17 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2008-05-17 15:17 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2008-05-17 15:17 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2008-05-17 15:17 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2008-05-17 15:17 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2008-05-17 15:17 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-05 08:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-05 08:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-01 19:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-01 19:03 --------- d-----w C:\Program Files\Google 2008-05-31 02:04 --------- d-----w C:\Documents and Settings\Gaston\Application Data\Azureus 2008-05-31 00:47 --------- d-----w C:\Program Files\eMule 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-26 17:09 --------- d-----w C:\Program Files\Softick 2008-04-17 17:38 --------- d-----w C:\Program Files\Azureus 2008-04-16 08:12 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-04-16 08:12 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2008-04-16 08:09 --------- d-----w C:\Program Files\Microsoft IntelliPoint 2008-04-12 06:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-04-09 11:12 --------- d-----w C:\Program Files\Puzzle B . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112] "LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 18:36 872448] "PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 08:38 331552] "PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 15:52 145184] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 15:36 827392] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 16:17 163840] "CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 19:12 17920] "Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 16:51 1187840] "Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-10-09 11:23 697976] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152] "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 11:52 57344] "OfficeScanNT Monitor"="C:\OfficeScan NT\pccntmon.exe" [2004-01-19 15:50 458752] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 20:51 233472] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-08 02:56 188416] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 21:01 1037736] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-05-21 14:00 877136] "WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 12:00 192512] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 10:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys [2007-02-07 11:22] R0 SbAlg;SbAlg;C:\WINDOWS\system32\drivers\SbAlg.sys [2006-10-09 13:31] R0 SbFsLock;SbFsLock;C:\WINDOWS\system32\drivers\SbFsLock.sys [2007-03-29 16:54] R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys [2007-02-07 11:23] R2 ASChannel;Canal de communication local;C:\WINDOWS\System32\svchost.exe [2004-08-05 10:00] R2 HpFkCryptService;Drive Encryption Service;"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe" [2007-03-29 17:50] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 08:38] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 18:58] S3 OCS INVENTORY;OCS INVENTORY SERVICE;"C:\Program Files\OCS Inventory Agent\ocsservice.exe" [2007-02-27 21:32] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 12:11] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 12:11] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 12:11] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Cognizance REG_MULTI_SZ ASBroker ASChannel [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {09258F12-48E7-B18E-C414-1F48C215685F} /qb [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-04-17 09:58:06 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job" - C:\Program Files\Microsoft IntelliPoint\ipoint.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-06 16:00:28 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@ Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\msdtc.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\lotus otes tmulti.exe C:\OfficeScan NT trtscan.exe C:\OfficeScan NT mlisten.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe C:\WINDOWS\system32\mqtgsvc.exe C:\OfficeScan NT\OfcDog.exe C:\WINDOWS\system32\scardsvr.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-06 16:03:18 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-06 14:03:14 Pre-Run: 29,684,379,648 octets libres Post-Run: 29,606,776,832 octets libres 195 ouf, ça fait beaucoup de choses à lire ;) Sinon apparement je n'ai plus trop de problème... suis je sauvé ?? Merci encore.

jlpjlp · Answer

télécharge OTMoveIt 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.  Ou sur  https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

Citation : 

C:\WINDOWS\system32\bbxqgwnd.dll.vir
C:\WINDOWS\system32\awtrQIYr.dll.vir
C:\WINDOWS\system32\jkkKbXpp.dll.vir 

clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 

__________________
vire ce qui est dans moved files en allant dans poste de travail puiis c puis otmovit

_________________
recolle un hijakchits pour verfier

ybous · Answer

Rapport OTMoveIt2 :

C:\WINDOWS\system32\bbxqgwnd.dll.vir moved successfully.
C:\WINDOWS\system32\awtrQIYr.dll.vir moved successfully.
C:\WINDOWS\system32\jkkKbXpp.dll.vir moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06062008_170654



Rapport Hijackthis : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10, on 2008-06-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\lotus
otes
tmulti.exe
C:\OfficeScan NT
trtscan.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\OfficeScan NT	mlisten.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\OfficeScan NT\ofcdog.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gaston\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ascometal.lucchini.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 140*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ascometal.ad
O17 - HKLM\Software\..\Telephony: DomainName = ascometal.ad
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ascometal.ad
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ascometal.ad
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus
otes
tmulti.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT
trtscan.exe
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - http://ocsinventory.sourceforge.net - C:\Program Files\OCS Inventory Agent\ocsservice.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT	mlisten.exe

jlpjlp · Answer

si plus de soucis c'est bon

vire ce que je t'ai fais utiliser


et installe

SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation  : il suffit de faire "update" pour mettre à jour tous les mois  et ensuite" enable all protection" pour immuniser)...

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html

ybous · Answer

Merci pour tout, mon pc rame plus comme avant et j'ai plus de pub ;)

jlpjlp · Answer

de rien 

bonne continuation

Pubs intenpestives

7 réponses

Discussions similaires