Antivirus xp 2008

Sandromaniac Messages postés 4 Statut Membre -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,
depuis quelques j'ai un un antivirus xp 2008 qui c'est installé sur mon pc, impossible de le désistaller, ni de l'éradiquer avec spybot ou autre avast, j'ai suivi le procédure d'un post, en téléchargeant hijackthis, et en créant un journal, mais la suite de la procédure me parait obscure, je compte sur vous pour me guider
ci-dessus le rapport du journal
salutation

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:55, on 31/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Arcadyan Wireless\pctwpasv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SoftAP] C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe /U
O4 - HKLM\..\Run: [Wireless SoftAP] "C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" /M
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\scksexde.exe/r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8AA71D9-BA17-409E-9A1A-B426E5D84ACA}: NameServer = 192.168.1.1
O21 - SSODL: eqvwamkl - {0BEAC7D8-406B-4556-B492-1ADB3E9A11AB} - C:\WINDOWS\eqvwamkl.dll (file missing)
O21 - SSODL: wnslvxtf - {7B43F6C2-78C3-4749-8B35-166149302EDD} - C:\WINDOWS\wnslvxtf.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 10382 bytes
Configuration: Windows XP
Internet Explorer 7.0

15 réponses

  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec

    ------
    = Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------

    = Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    = Appuie sur Y pour commencer le processus de nettoyage.
    = Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    = Appuie sur une touche pour redémarrer le PC.
    = Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    = Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    = Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    = Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    = Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse
    @+

    1
  2. aaaa7 Messages postés 67 Statut Membre 4
     
    c pas un antivirus c'est un virus un logiciel malveillant qui s'est installe lui meme tout seul
    0
  3. Sandromaniac Messages postés 4 Statut Membre
     
    bonjour,
    pris note, mais comment m'en débarrasser?
    0
  4. aaaa7 Messages postés 67 Statut Membre 4
     
    ton problème c'est pas débarrasser du virus mais, désinstaller AVG ou utiliser un autre antivirus
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. aaaa7 Messages postés 67 Statut Membre 4
     
    pardonnez moi j'ai fait erreur de discussion
    0
  7. Sandromaniac Messages postés 4 Statut Membre
     
    le rapport de SDFix

    [b]SDFix: Version 1.210 [/b]
    Run by Administrateur on 31/07/2008 at 20:29

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Default Security Values
    Restoring Default Hosts File
    Restoring Default HomePage Value
    Restoring Default Desktop Components Value
    Restoring Default Desktop Wallpaper
    Restoring Default ScreenSaver value

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\WINDOWS\SYSTEM32\PPHCTH~1.EXE - Deleted
    C:\WINDOWS\SYSTEM32\PHCTHO~1.BMP - Deleted
    C:\WINDOWS\SYSTEM32\BLPHCT~1.SCR - Deleted
    C:\WINDOWS\EOVP.EXE - Deleted
    C:\WINDOWS\SYSTEM32\RNAPH.DLL - Deleted
    C:\WINDOWS\grswptdl.exe - Deleted
    C:\WINDOWS\system32\WinCtrl32.dll - Deleted

    Folder C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\privacy_danger - Removed

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-31 20:37:09
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
    "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
    "C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\HP\\Digital Imaging\\HP Print Screen\\prnsys.exe"="C:\\Program Files\\HP\\Digital Imaging\\HP Print Screen\\prnsys.exe:*:Enabled:Impression d'‚cran HP"
    "C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Disabled:AOL France"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [b]Remaining Files [/b]:

    File Backups: - C:\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Thu 19 May 2005 218 A.SHR --- "C:\BOOT.BAK"
    Mon 23 May 2005 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
    Sun 31 Jul 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Fri 13 Aug 2004 1,953,792 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe"
    Fri 13 Aug 2004 53,760 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll"
    Fri 13 Aug 2004 94,208 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe"
    Mon 16 Aug 2004 35,328 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll"
    Fri 13 Aug 2004 20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe"
    Fri 18 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Thu 13 Oct 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7e808a3c27f845e09ebb11aa4251afd5\BITA5.tmp"

    [b]Finished![/b]
    0
  8. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    ok ;)

    ensuite

    Télécharge malwarebytes
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    Une aide pour l'installation
    http://www.swl1f.net/viewtopic.php?f=14&t=68

    => Installe le
    => Ensuite va en mode sans echec

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel

    => Lance malwarebytes
    => Coche "Executer un examen complet"
    => Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
    => Clique sur Supprimer la sélection
    => Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
    => Fait copier coller et poste le rapport

    --------------------------

    ensuite

    * Télécharge CCleaner
    https://filehippo.com/download_ccleaner/
    => Aide toi de ce tuto pour l'utiliser
    http://www.swl1f.net/viewtopic.php?f=14&t=69

    --------------------------

    Ensuite refais un nouveau rapport HijackThis stp
    @+
    0
    1. Sandromaniac Messages postés 4 Statut Membre
       
      Bonjour ep44,
      j'ai suivi tes directives
      malwarebytes n'a pu tous supprimer les éléments infecté

      Malwarebytes' Anti-Malware 1.24
      Database version: 1013
      Windows 5.1.2600 Service Pack 3

      18:28:16 01/08/2008
      mbam-log-8-1-2008 (18-28-16).txt

      Scan type: Full Scan (C:\|D:\|)
      Objects scanned: 150411
      Time elapsed: 1 hour(s), 35 minute(s), 54 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 2
      Registry Keys Infected: 8
      Registry Values Infected: 0
      Registry Data Items Infected: 2
      Folders Infected: 22
      Files Infected: 36

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      C:\WINDOWS\system32\ljJCtrst.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\hyhlsw.dll (Trojan.Vundo) -> Delete on reboot.

      Registry Keys Infected:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{242b7572-8ae4-4fcf-847a-0eaf2d9d7b95} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{242b7572-8ae4-4fcf-847a-0eaf2d9d7b95} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5a5f5a1-38da-46dc-9afe-73970d03d068} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{c5a5f5a1-38da-46dc-9afe-73970d03d068} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjctrst -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjctrst -> Delete on reboot.

      Folders Infected:
      C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur\Application Data\rhcphoj0eear\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Application Data\rhcphoj0eear\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

      Files Infected:
      C:\WINDOWS\system32\ljJCtrst.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\tsrtCJjl.ini (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\tsrtCJjl.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\hyhlsw.dll (Trojan.Vundo) -> Delete on reboot.
      C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\1DQ7L60T\favicon[3].ico (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\1DQ7L60T\MediaTubeCodec_ver1.668.1[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\7SB94LEB\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\ZJ71RHNR\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Program Files\Cartoonist\exitpoll.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\Program Files\eChanblard\EvID4226Patch.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1028\A0255605.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255645.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255677.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255678.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255685.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255692.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255699.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255703.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255705.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255717.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255720.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255725.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\snapshot\MFEX-1.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP976\A0243163.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ivnqoqht.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\staipb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\uepqgiar.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\wjvuisxt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\xxyXQKEt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      0
  9. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    très bien ;)

    Vérifie si dans program files tu as antivirus xp 2008 si oui supprime

    ensuite
    Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

    (choisis enregistrer, puis Bureau comme emplacement)

    http://deckard.geekstogo.com/dss.exe

    Ferme toutes les applications en cours.

    Double-clic sur comboscan.exe pour lancer l'outil.

    Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

    A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

    Le rapport Comboscan.txt va s'afficher, copie le dans ta prochaine réponse.
    Si un rapport complémentaire a été créé, poste le aussi dans ta réponse.
    0
    1. Sandromaniac
       
      Deckard's System Scanner v20071014.68
      Extra logfile - please post this as an attachment with your post.
      --------------------------------------------------------------------------------

      -- System Information ----------------------------------------------------------

      Microsoft Windows XP Édition familiale (build 2600) SP 3.0
      Architecture: X86; Language: French

      CPU 0: Intel(R) Pentium(R) 4 CPU 3.40GHz
      Percentage of Memory in Use: 45%
      Physical Memory (total/avail): 1023.29 MiB / 558.89 MiB
      Pagefile Memory (total/avail): 2460.24 MiB / 2016.7 MiB
      Virtual Memory (total/avail): 2047.88 MiB / 1926.93 MiB

      C: is Fixed (NTFS) - 225.9 GiB total, 89.74 GiB free.
      D: is Fixed (FAT32) - 6.96 GiB total, 3.22 GiB free.
      E: is CDROM (No Media)
      F: is CDROM (No Media)
      G: is Removable (No Media)
      H: is Removable (No Media)
      I: is Removable (No Media)
      J: is Removable (No Media)
      K: is Removable (No Media)

      \\.\PHYSICALDRIVE0 - ST3250823AS - 232.88 GiB - 2 partitions
      \PARTITION0 - Unknown - 6.97 GiB - D:
      \PARTITION1 (bootable) - Système de fichiers installable - 225.9 GiB - C:

      \\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

      \\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

      \\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

      \\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

      \\.\PHYSICALDRIVE5 - HP psc 2410 USB Device



      -- Security Center -------------------------------------------------------------

      AUOptions is scheduled to auto-install.


      -- Environment Variables -------------------------------------------------------

      ALLUSERSPROFILE=C:\Documents and Settings\All Users
      APPDATA=C:\Documents and Settings\HP_Propri‚taire\Application Data
      CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
      CLIENTNAME=Console
      CommonProgramFiles=C:\Program Files\Fichiers communs
      COMPUTERNAME=FIXE
      ComSpec=C:\WINDOWS\system32\cmd.exe
      FP_NO_HOST_CHECK=NO
      HOMEDRIVE=C:
      HOMEPATH=\Documents and Settings\HP_Propri‚taire
      LOGONSERVER=\\FIXE
      NewEnvironment1=C:\Program Files\ATI Technologies\ATI.ACE\
      NUMBER_OF_PROCESSORS=2
      OS=Windows_NT
      Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
      PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      PROCESSOR_ARCHITECTURE=x86
      PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
      PROCESSOR_LEVEL=15
      PROCESSOR_REVISION=0401
      ProgramFiles=C:\Program Files
      PROMPT=$P$G
      QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
      SESSIONNAME=Console
      SystemDrive=C:
      SystemRoot=C:\WINDOWS
      TEMP=C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp
      TMP=C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp
      USERDOMAIN=FIXE
      USERNAME=HP_Propri‚taire
      USERPROFILE=C:\Documents and Settings\HP_Propri‚taire
      windir=C:\WINDOWS
      __COMPAT_LAYER=EnableNXShowUI


      -- User Profiles ---------------------------------------------------------------

      HP_Propriétaire [I](admin)/I
      Administrateur [I](admin)/I


      -- Add/Remove Programs ---------------------------------------------------------

      --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
      --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
      --> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
      --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
      --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
      Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
      Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
      ATI Catalyst Control Center --> MsiExec.exe /I{67A386CE-825D-40DA-8DC8-2098E33B8FF3}
      ATI Control Panel --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
      ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
      avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
      Cartoonist 1.0 --> "C:\Program Files\Cartoonist\unins000.exe"
      CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
      Complément Microsoft Word pour Microsoft Works Suite --> MsiExec.exe /I{17E57E89-DDB3-4f76-9AF1-A8E01CC633E4}
      Connexion Facile à Internet --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1036
      DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
      DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
      DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
      DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
      Encyclopédie Microsoft Encarta 2005 --> MsiExec.exe /I{05460044-64A6-4248-A026-9745C1E9E159}
      Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
      GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
      Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
      High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
      HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
      HP Appareils photos Photosmart 4.0 --> C:\Program Files\HP\Digital Imaging\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}\setup\hpzscr01.exe -datfile hpiscr01.dat
      HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
      HP Image Zone 4.5.4 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
      HP Image Zone Plus 4.5.4 --> C:\Program Files\HP\Digital Imaging\{D0420D64-8D33-4374-A2B2-9225C7925CA6}\setup\hpzscr01.exe -datfile hpdscr01.dat
      HP PSC & OfficeJet 4.0 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
      HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
      HPIZplus450 --> MsiExec.exe /X{5A4E3B3A-D1E1-4586-9249-2DA68D0B09D2}
      InterVideo DiscLabel --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL
      InterVideo WinDVD Creator --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
      InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
      J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
      J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
      J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
      J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
      J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
      Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
      Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
      Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
      Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
      Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
      Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
      Livebox --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c
      Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
      Microsoft AutoRoute 2005 --> MsiExec.exe /I{67E4EE98-59F4-4220-89A6-A20AF5BEC689}
      Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
      Microsoft Money --> c:\program files\microsoft money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
      Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{9112040C-6000-11D3-8CFE-0150048383C9}
      Microsoft Photo Premium 10 --> "C:\Program Files\Fichiers communs\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
      Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
      Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
      Microsoft Works --> MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
      Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB951978) --> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
      MSN Screen Saver (Beta) --> MsiExec.exe /X{54771783-5D95-48B9-A012-23EC33761369}
      PC-Doctor for Windows --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1036
      PC SECURITY TEST 2007 --> "C:\Program Files\AxBx\PC Security Test 2007\unins000.exe"
      PCTV USB2 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9810C3D4-4799-42AB-BCF8-48D93A6C5E15}\Setup.exe" -l0x40c UNINSTALL
      Photosmart 320,370,7400,8100,8400 Series (fra) --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
      PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
      Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
      Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
      QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
      RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
      RealPlayer --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
      Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
      Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
      Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
      Shop for HP Supplies --> C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
      Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
      Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
      SpamPal --> "C:\Program Files\SpamPal\Uninstall.exe" "C:\Program Files\SpamPal\install.log"
      SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l040c -Control_Panel
      Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
      Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
      Sélecteur d'installation de Microsoft Works 2005 --> C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP E:\
      TerraExplorer --> C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U
      Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
      Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
      Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
      Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
      Wireless SoftAP Version 2.7.11.0 --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E1C98B51-B9FD-4D9A-A3CB-F70D97CC5EFA}
      Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL


      -- Application Event Log -------------------------------------------------------

      Event Record #/Type17574 / Error
      Event Submitted/Written: 07/20/2008 11:12:36 PM
      Event ID/Source: 4609 / EventSystem
      Event Description:
      Le système d'événements de COM+ a détecté un code de renvoi erroné lors de son traitement interne. Le HRESULT est 80080005 à partir de la ligne 44 de f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services du Support Technique Microsoft pour signaler cette erreur.

      Event Record #/Type17570 / Warning
      Event Submitted/Written: 07/20/2008 06:20:47 PM
      Event ID/Source: 1524 / Userenv
      Event Description:
      Windows ne peut pas décharger vos classes fichier de Registre - il est en cours d'utilisation par d'autres applications ou services. Le fichier sera déchargé quand il ne sera plus utilisé.

      Event Record #/Type17551 / Success
      Event Submitted/Written: 07/20/2008 10:13:40 AM
      Event ID/Source: 12001 / usnjsvc
      Event Description:
      The Messenger Sharing USN Journal Reader service started successfully.

      Event Record #/Type17523 / Success
      Event Submitted/Written: 07/19/2008 11:30:33 AM
      Event ID/Source: 12001 / usnjsvc
      Event Description:
      The Messenger Sharing USN Journal Reader service started successfully.

      Event Record #/Type17506 / Error
      Event Submitted/Written: 07/18/2008 08:39:00 PM
      Event ID/Source: 1002 / Application Hang
      Event Description:
      Application bloquée msnmsgr.exe, version 8.1.178.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.



      -- Security Event Log ----------------------------------------------------------

      No Errors/Warnings found.


      -- System Event Log ------------------------------------------------------------

      Event Record #/Type27200 / Error
      Event Submitted/Written: 08/01/2008 08:49:07 PM
      Event ID/Source: 10005 / DCOM
      Event Description:
      DCOM a reçu l'erreur "%%1058" lors de la mise en route du service wuauserv avec les arguments ""
      pour démarrer le serveur :
      {E60687F7-01A1-40AA-86AC-DB1CBF673334}

      Event Record #/Type27199 / Warning
      Event Submitted/Written: 08/01/2008 08:48:07 PM
      Event ID/Source: 1007 / Dhcp
      Event Description:
      Votre ordinateur a automatiquement configuré l'adresse IP pour la
      carte avec l'adresse réseau 0012BF065750. L'adresse IP utilisée est 169.254.64.136.

      Event Record #/Type27162 / Error
      Event Submitted/Written: 08/01/2008 07:01:36 PM
      Event ID/Source: 10005 / DCOM
      Event Description:
      DCOM a reçu l'erreur "%%1058" lors de la mise en route du service wuauserv avec les arguments ""
      pour démarrer le serveur :
      {E60687F7-01A1-40AA-86AC-DB1CBF673334}

      Event Record #/Type27161 / Warning
      Event Submitted/Written: 08/01/2008 07:00:20 PM
      Event ID/Source: 8021 / BROWSER
      Event Description:
      L'explorateur n'a pas pu retrouver la liste des serveurs du maître explorateur \\NOMADE sur le réseau \Device\NetBT_Tcpip_{A8AA71D9-BA17-409E-9A1A-B426E5D84ACA}.
      La donnée est le code d'erreur.

      Event Record #/Type27153 / Warning
      Event Submitted/Written: 08/01/2008 06:36:29 PM
      Event ID/Source: 1007 / Dhcp
      Event Description:
      Votre ordinateur a automatiquement configuré l'adresse IP pour la
      carte avec l'adresse réseau 0012BF065750. L'adresse IP utilisée est 169.254.64.136.



      -- End of Deckard's System Scanner: finished at 2008-08-01 21:59:23 ------------
      0
  10. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    OK encore une trace

    rend toi ici et supprime ce qui est en gras
    C:\Program Files\AxBx
    si tu ne peux pas en mode normal fait le en mode sans échec

    ensuite

    Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

    (choisis enregistrer, puis Bureau comme emplacement)

    http://deckard.geekstogo.com/dss.exe

    Ferme toutes les applications en cours.

    Double-clic sur comboscan.exe pour lancer l'outil.

    Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

    A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

    Le rapport Comboscan.txt va s'afficher, copie le dans ta prochaine réponse.
    Si un rapport complémentaire a été créé, poste le aussi dans ta réponse.

    @+
    0
    1. Sandromaniac
       
      Deckard's System Scanner v20071014.68
      Run by HP_Propriétaire on 2008-08-01 23:05:02
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------



      -- HijackThis (run as HP_Propriétaire.exe) -------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:05:03, on 01/08/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16674)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\windows\system\hpsysdrv.exe
      C:\WINDOWS\system32\hphmon06.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\ALCWZRD.EXE
      C:\WINDOWS\ALCMTR.EXE
      C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe
      C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\HP\KBD\KBD.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
      C:\Program Files\SpamPal\spampal.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
      c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Arcadyan Wireless\pctwpasv.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Documents and Settings\HP_Propriétaire\Bureau\dss.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_PRO~1.EXE

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: (no name) - {1dd36c65-dcdd-408c-88a4-7050986707d5} - C:\WINDOWS\system32\ryycsu.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {68548C23-2C63-46E0-8042-AEE994F90D4A} - C:\WINDOWS\system32\ljJCtrst.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
      O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
      O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [SoftAP] C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe /U
      O4 - HKLM\..\Run: [Wireless SoftAP] "C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" /M
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [b4a72fb0] rundll32.exe "C:\WINDOWS\system32\bfegocmw.dll",b
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
      O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
      O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
      O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
      O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = ?
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Pinnacle Scheduler.lnk = ?
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{A8AA71D9-BA17-409E-9A1A-B426E5D84ACA}: NameServer = 192.168.1.1
      O20 - AppInit_DLLs: hyhlsw.dll ryycsu.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
      0
  11. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    bon et bien encore de belle saloperies

    Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Avant de lancer le téléchargement
    Clique droit sur le lien et tu choisis "enregistrer la cible du lien sous"
    et tu le renomme par outil


    => /!\déconnecte toi d'internet et ferme toutes tes applications./!\

    =>/!\ désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,/!\

    => Double-clic sur outil,

    => /!\Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi./!\

    => Attends que combofix ait terminé, un rapport sera créé.

    => réactive ton parefeu, ton antivirus, la garde de ton antispyware

    => copie/colle le rapport C:\ComboFix.txt

    => Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    @+
    0
    1. Sandromaniac
       
      Bonjour ep44,
      suivi tes tes indications ci-joint le log Combofix

      ComboFix 08-07-31.06 - HP_Propriétaire 2008-08-02 10:37:38.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.577 [GMT 2:00]
      Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\Outils.exe
      * Création d'un nouveau point de restauration
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\tsrtCJjl.ini
      C:\WINDOWS\system32\tsrtCJjl.ini2
      C:\WINDOWS\system32\wmcogefb.ini
      D:\Autorun.inf

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-02 to 2008-08-02 ))))))))))))))))))))))))))))))))))))
      .

      2008-08-01 21:56 . 2008-08-01 21:56 <REP> d-------- C:\Deckard
      2008-08-01 19:23 . <REP> C:\Documents and Settings\HP_Propri'taire
      2008-08-01 18:53 . 2008-08-01 18:58 <REP> d-------- C:\Program Files\CCleaner
      2008-08-01 18:45 . 2008-08-01 18:45 129,920 --a------ C:\WINDOWS\system32\ryycsu.dll
      2008-08-01 18:45 . 2008-08-01 18:45 129,920 --a------ C:\WINDOWS\system32\lauvvpvy.dll
      2008-08-01 18:45 . 2008-08-01 18:45 99,712 --a------ C:\WINDOWS\system32\bfegocmw.dll
      2008-08-01 16:45 . 2008-08-01 16:45 99,200 --a------ C:\WINDOWS\system32\cjrknpek.dll
      2008-07-31 21:55 . 2008-07-31 21:55 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
      2008-07-31 21:51 . 2008-07-31 21:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-07-31 21:51 . 2008-07-31 21:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-07-31 21:51 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
      2008-07-31 21:51 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-07-31 20:28 . 2008-07-31 20:28 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll
      2008-07-31 20:24 . 2008-07-31 20:24 <REP> d-------- C:\WINDOWS\ERUNT
      2008-07-31 20:19 . 2008-07-31 20:40 <REP> d-------- C:\SDFix
      2008-07-31 19:42 . 2008-07-31 19:42 <REP> d-------- C:\Program Files\Trend Micro
      2008-07-30 20:56 . 2008-07-30 20:56 98 --a------ C:\WINDOWS\wininit.ini
      2008-07-27 11:08 . 2005-01-02 02:41 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
      2008-07-27 11:08 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage r‚seau
      2008-07-27 11:08 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
      2008-07-27 11:08 . 2007-01-04 18:18 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
      2008-07-27 11:08 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
      2008-07-27 11:08 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Menu D‚marrer
      2008-07-27 11:08 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
      2008-07-27 11:08 . 2008-08-02 10:42 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
      2008-07-27 11:08 . 2005-01-02 02:59 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
      2008-07-27 11:08 . 2005-01-02 02:51 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
      2008-07-27 11:08 . 2005-01-02 02:41 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
      2008-07-27 11:08 . 2008-07-27 11:08 <REP> d-------- C:\Documents and Settings\Administrateur
      2008-07-14 10:31 . 2008-07-14 10:31 <REP> d-------- C:\Program Files\Windows Media Connect 2
      2008-07-14 10:29 . 2008-07-18 22:27 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-08-01 17:23 --------- d-----w C:\Program Files\JoWooD
      2008-08-01 16:53 --------- d-----w C:\Program Files\Yahoo!
      2008-07-27 00:02 --------- d-----w C:\Program Files\eChanblard
      2008-07-22 20:56 --------- d-----w C:\Program Files\Java
      2008-06-20 19:50 --------- d-----w C:\Program Files\DivX
      2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
      2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
      2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
      2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
      2005-05-23 18:16 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dd36c65-dcdd-408c-88a4-7050986707d5}]
      2008-08-01 18:45 129920 --a------ C:\WINDOWS\system32\ryycsu.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
      "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
      "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:53 49152]
      "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 20:43 659456]
      "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-25 05:10 344064]
      "SoftAP"="C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe" [2004-12-08 14:34 561152]
      "Wireless SoftAP"="C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" [2004-12-08 14:33 913408]
      "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 06:59 878080]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
      "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
      "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54 282624]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-15 19:49 185896]
      "b4a72fb0"="C:\WINDOWS\system32\bfegocmw.dll" [2008-08-01 18:45 99712]
      "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-18 00:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
      "SoundMan"="SOUNDMAN.EXE" [2005-02-21 22:49 90112 C:\WINDOWS\SOUNDMAN.EXE]
      "AlcWzrd"="ALCWZRD.EXE" [2005-02-18 22:32 2754560 C:\WINDOWS\ALCWZRD.EXE]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=hyhlsw.dll ryycsu.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.PIM1"= PCLEPIM1.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winew86.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winia88.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjn80.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrd68.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuw62.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\WINDOWS\\system32\\dpvsetup.exe"=
      "C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
      "C:\\Program Files\\eChanblard\\emule.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\HP Print Screen\\prnsys.exe"=
      "C:\\WINDOWS\\system32\\fxsclnt.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "6672:UDP"= 6672:UDP:echamblardNext
      "6662:TCP"= 6662:TCP:echamblardNext

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
      "AllowInboundEchoRequest"= 1 (0x1)

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
      R2 PCTWPASV;SoftAP WPA Authenticator Service;C:\Program Files\Arcadyan Wireless\pctwpasv.exe [2004-08-06 09:41]
      R3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-11-30 11:40]
      R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45]
      R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
      S0 Winew86;Winew86;C:\WINDOWS\system32\Drivers\Winew86.sys []
      S0 Winia88;Winia88;C:\WINDOWS\system32\Drivers\Winia88.sys []
      S0 Winjn80;Winjn80;C:\WINDOWS\system32\Drivers\Winjn80.sys []
      S0 Winrd68;Winrd68;C:\WINDOWS\system32\Drivers\Winrd68.sys []
      S0 Winuw62;Winuw62;C:\WINDOWS\system32\Drivers\Winuw62.sys []
      S3 Arcadyan;Arcadyan NDIS Protocol Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\Arcadyan.SYS [2004-08-20 03:14]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f54a3dd2-435b-11dd-a5fd-0011d8c2761f}]
      \Shell\AutoRun\command - L:\EmDesk.exe
      \Shell\EmDesk\command - L:\EmDesk.exe
      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

      2008-07-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 16:42]
      .
      - - - - ORPHANS REMOVED - - - -

      BHO-{68548C23-2C63-46E0-8042-AEE994F90D4A} - C:\WINDOWS\system32\ljJCtrst.dll


      .
      ------- Supplementary Scan -------
      .
      R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
      R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
      R0 -: HKLM-Main,Start Page = hxxp://www.ustart.org
      R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
      O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O17 -: HKLM\CCS\Interface\{A8AA71D9-BA17-409E-9A1A-B426E5D84ACA}: NameServer = 192.168.1.1

      O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
      C:\WINDOWS\Downloaded Program Files\oscan8.inf
      C:\WINDOWS\Downloaded Program Files\oscan81.ocx_x
      C:\WINDOWS\bdoscandellang.ini
      C:\WINDOWS\bdoscandel.exe
      C:\WINDOWS\Downloaded Program Files\live.ini
      C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
      C:\WINDOWS\Downloaded Program Files\lang.ini
      C:\WINDOWS\Downloaded Program Files\ipsupd.dll
      C:\WINDOWS\Downloaded Program Files\bdupd.dll
      C:\WINDOWS\Downloaded Program Files\libfn.dll
      C:\WINDOWS\Downloaded Program Files\bdcore.dll
      C:\WINDOWS\Downloaded Program Files\oscan8.ocx


      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-08-02 10:43:07
      Windows 5.1.2600 Service Pack 3 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      --------------------- DLLs a charg‚ sous des processus courants ---------------------

      PROCESS: C:\WINDOWS\explorer.exe
      -> C:\WINDOWS\system32\bfegocmw.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\ati2evxx.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\ati2evxx.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
      C:\Program Files\SpamPal\spampal.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
      C:\WINDOWS\system32\wscntfy.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-08-02 10:47:25 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-08-02 08:47:21

      Pre-Run: 96,257,564,672 octets libres
      Post-Run: 96,179,130,368 octets libres

      207 --- E O F --- 2008-07-14 15:46:52
      0
  12. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    selectionne ceci

    registry::

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dd36c65-dcdd-408c-88a4-7050986707d5}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=-

    File::
    C:\WINDOWS\system32\ryycsu.dll
    C:\WINDOWS\system32\lauvvpvy.dll
    C:\WINDOWS\system32\bfegocmw.dll
    C:\WINDOWS\system32\cjrknpek.dll


    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Veille à ce que Retour à la ligne ne soit pas coché dans Format.
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
    si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.  
    

    @+
    0
    1. Sandromaniac
       
      le rapport Combofix

      ComboFix 08-07-31.06 - HP_Propriétaire 2008-08-02 13:46:16.2 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.574 [GMT 2:00]
      Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\Outils.exe
      Command switches used :: C:\Documents and Settings\HP_Propriétaire\Bureau\CFScript.txt
      * Création d'un nouveau point de restauration

      FILE ::
      C:\WINDOWS\system32\bfegocmw.dll
      C:\WINDOWS\system32\cjrknpek.dll
      C:\WINDOWS\system32\lauvvpvy.dll
      C:\WINDOWS\system32\ryycsu.dll
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\bfegocmw.dll
      C:\WINDOWS\system32\cjrknpek.dll
      C:\WINDOWS\system32\lauvvpvy.dll
      C:\WINDOWS\system32\ryycsu.dll

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-02 to 2008-08-02 ))))))))))))))))))))))))))))))))))))
      .

      2008-08-02 10:47 . 2008-08-02 10:47 <REP> d-------- C:\Documents and Settings\HP_Propriétaire
      2008-08-02 10:47 . <REP> C:\Documents and Settings\HP_PropriÚtaire\Local Settings
      2008-08-02 10:47 . <REP> C:\Documents and Settings\HP_PropriÚtaire\Local Settings
      2008-08-02 10:47 . 2008-08-02 13:31 354 ---hs---- C:\WINDOWS\system32\wmcogefb.ini
      2008-08-01 21:56 . 2008-08-01 21:56 <REP> d-------- C:\Deckard
      2008-08-01 19:23 . <REP> C:\Documents and Settings\HP_Propri'taire
      2008-08-01 18:53 . 2008-08-01 18:58 <REP> d-------- C:\Program Files\CCleaner
      2008-07-31 21:55 . 2008-07-31 21:55 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
      2008-07-31 21:51 . 2008-07-31 21:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-07-31 21:51 . 2008-07-31 21:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-07-31 21:51 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
      2008-07-31 21:51 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-07-31 20:28 . 2008-07-31 20:28 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll
      2008-07-31 20:24 . 2008-07-31 20:24 <REP> d-------- C:\WINDOWS\ERUNT
      2008-07-31 20:19 . 2008-07-31 20:40 <REP> d-------- C:\SDFix
      2008-07-31 19:42 . 2008-07-31 19:42 <REP> d-------- C:\Program Files\Trend Micro
      2008-07-30 20:56 . 2008-07-30 20:56 98 --a------ C:\WINDOWS\wininit.ini
      2008-07-27 11:08 . 2005-01-02 02:41 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
      2008-07-27 11:08 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage r‚seau
      2008-07-27 11:08 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
      2008-07-27 11:08 . 2007-01-04 18:18 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
      2008-07-27 11:08 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
      2008-07-27 11:08 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Menu D‚marrer
      2008-07-27 11:08 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
      2008-07-27 11:08 . 2008-08-02 10:42 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
      2008-07-27 11:08 . 2005-01-02 02:59 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
      2008-07-27 11:08 . 2005-01-02 02:51 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
      2008-07-27 11:08 . 2005-01-02 02:41 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
      2008-07-27 11:08 . 2008-07-27 11:08 <REP> d-------- C:\Documents and Settings\Administrateur
      2008-07-14 10:31 . 2008-07-14 10:31 <REP> d-------- C:\Program Files\Windows Media Connect 2
      2008-07-14 10:29 . 2008-07-18 22:27 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-08-01 17:23 --------- d-----w C:\Program Files\JoWooD
      2008-08-01 16:53 --------- d-----w C:\Program Files\Yahoo!
      2008-07-27 00:02 --------- d-----w C:\Program Files\eChanblard
      2008-07-22 20:56 --------- d-----w C:\Program Files\Java
      2008-06-20 19:50 --------- d-----w C:\Program Files\DivX
      2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
      2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
      2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
      2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
      2005-05-23 18:16 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
      .

      ((((((((((((((((((((((((((((( snapshot@2008-08-02_10.47.04.76 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2008-08-02 11:50:24 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6c0.dat
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
      "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
      "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:53 49152]
      "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 20:43 659456]
      "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-25 05:10 344064]
      "SoftAP"="C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe" [2004-12-08 14:34 561152]
      "Wireless SoftAP"="C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" [2004-12-08 14:33 913408]
      "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 06:59 878080]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
      "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
      "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54 282624]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-15 19:49 185896]
      "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-18 00:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
      "SoundMan"="SOUNDMAN.EXE" [2005-02-21 22:49 90112 C:\WINDOWS\SOUNDMAN.EXE]
      "AlcWzrd"="ALCWZRD.EXE" [2005-02-18 22:32 2754560 C:\WINDOWS\ALCWZRD.EXE]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.PIM1"= PCLEPIM1.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winew86.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winia88.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjn80.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrd68.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuw62.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\WINDOWS\\system32\\dpvsetup.exe"=
      "C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
      "C:\\Program Files\\eChanblard\\emule.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\HP Print Screen\\prnsys.exe"=
      "C:\\WINDOWS\\system32\\fxsclnt.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "6672:UDP"= 6672:UDP:echamblardNext
      "6662:TCP"= 6662:TCP:echamblardNext

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
      "AllowInboundEchoRequest"= 1 (0x1)

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
      R2 PCTWPASV;SoftAP WPA Authenticator Service;C:\Program Files\Arcadyan Wireless\pctwpasv.exe [2004-08-06 09:41]
      R3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-11-30 11:40]
      R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45]
      R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
      S0 Winew86;Winew86;C:\WINDOWS\system32\Drivers\Winew86.sys []
      S0 Winia88;Winia88;C:\WINDOWS\system32\Drivers\Winia88.sys []
      S0 Winjn80;Winjn80;C:\WINDOWS\system32\Drivers\Winjn80.sys []
      S0 Winrd68;Winrd68;C:\WINDOWS\system32\Drivers\Winrd68.sys []
      S0 Winuw62;Winuw62;C:\WINDOWS\system32\Drivers\Winuw62.sys []
      S3 Arcadyan;Arcadyan NDIS Protocol Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\Arcadyan.SYS [2004-08-20 03:14]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f54a3dd2-435b-11dd-a5fd-0011d8c2761f}]
      \Shell\AutoRun\command - L:\EmDesk.exe
      \Shell\EmDesk\command - L:\EmDesk.exe
      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

      2008-07-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 16:42]
      .
      - - - - ORPHANS REMOVED - - - -

      HKLM-Run-b4a72fb0 - C:\WINDOWS\system32\bfegocmw.dll


      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-08-02 13:51:02
      Windows 5.1.2600 Service Pack 3 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\ati2evxx.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\ati2evxx.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\SpamPal\spampal.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-08-02 13:55:35 - machine was rebooted [HP_Propri‚taire]
      ComboFix-quarantined-files.txt 2008-08-02 11:55:31
      ComboFix2.txt 2008-08-02 08:47:27

      Pre-Run: 96,157,106,176 octets libres
      Post-Run: 96,144,343,040 octets libres

      182 --- E O F --- 2008-07-14 15:46:52
      0
  13. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    très bien ;)

    fait un scan en ligne

    avec bitdefender et colle le rapport (le sacn est souvent long)

    https://www.bitdefender.com/toolbox/

    Scan à faire sous Internet Explorer

    un tuto
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    ensuite un nouveau rapport hijack stp
    @+
    0
    1. Sandromaniac
       
      Bonjour ep44,

      ci-dessous le rapport de Bitdefender


      BitDefender Online Scanner



      Scan report generated at: Sat, Aug 02, 2008 - 21:39:24





      Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;







      Statistics

      Time
      02:13:29

      Files
      608167

      Folders
      9762

      Boot Sectors
      3

      Archives
      16328

      Packed Files
      31301




      Results

      Identified Viruses
      7

      Infected Files
      18

      Suspect Files
      0

      Warnings
      0

      Disinfected
      0

      Deleted Files
      22




      Engines Info

      Virus Definitions
      1412989

      Engine build
      AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

      Scan plugins
      16

      Archive plugins
      43

      Unpack plugins
      7

      E-mail plugins
      6

      System plugins
      5




      Scan Settings

      First Action
      Disinfect

      Second Action
      Delete

      Heuristics
      Yes

      Enable Warnings
      Yes

      Scanned Extensions
      *;

      Exclude Extensions


      Scan Emails
      Yes

      Scan Archives
      Yes

      Scan Packed
      Yes

      Scan Files
      Yes

      Scan Boot
      Yes




      Scanned File
      Status

      C:\20062709_002555_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE.nco=>20062709_002555_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE
      Infected with: Trojan.Hacktool.Tpatch.C

      C:\20062709_002555_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE.nco=>20062709_002555_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE
      Deleted

      C:\20062709_002555_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE.nco
      Updated

      C:\20062709_002555_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20062709_002555_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)=>(Instyler Module 2)
      Detected with: Application.VTesttool.A

      C:\20062709_002555_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20062709_002555_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)=>(Instyler Module 2)
      Deleted

      C:\20062709_002555_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20062709_002555_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)
      Update failed

      C:\20062709_002555_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20062709_002555_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)=>(Instyler Module 3)
      Detected with: Application.VTesttool.B

      C:\20062709_002555_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20062709_002555_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)=>(Instyler Module 3)
      Deleted

      C:\20062709_002555_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20062709_002555_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)
      Update failed

      C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE
      Infected with: Trojan.Hacktool.Tpatch.C

      C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE
      Deleted

      C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\Dico\BABYLO~1.0_C\BABYLO~1.0_C\Crack\BABYLO~1.EXE.nco
      Updated

      C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)=>(Instyler Module 2)
      Detected with: Application.VTesttool.A

      C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)=>(Instyler Module 2)
      Deleted

      C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)
      Update failed

      C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)=>(Instyler Module 3)
      Detected with: Application.VTesttool.B

      C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)=>(Instyler Module 3)
      Deleted

      C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\TESTAN~1\PCSECU~1.ZIP=>setup.exe=>(Instyler o)
      Update failed

      C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\Windows\ACTIVE~1\adc.exe.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\Windows\ACTIVE~1\adc.exe=>(Instyler o)=>(Instyler Module 61)
      Detected with: Spyware.Keypresshooker.C

      C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\Windows\ACTIVE~1\adc.exe.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\Windows\ACTIVE~1\adc.exe=>(Instyler o)=>(Instyler Module 61)
      Deleted

      C:\Documents and Settings\HP_Propriétaire\Application Data\Ahead\Nero BackItUp\Info Files\20061410_183345_HP_Propriétaire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\Windows\ACTIVE~1\adc.exe.nco=>20061410_183345_HP_Propri?taire\C\DOCUME~1\HP_PRO~1\MESDOC~1\FREDER~1.PON\INFORM~1\TLCHAR~1\Windows\ACTIVE~1\adc.exe=>(Instyler o)
      Update failed

      C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest\setup.exe=>(Instyler o)=>(Instyler Module 2)=>(Quarantine-PE)
      Detected with: Application.VTesttool.A

      C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest\setup.exe=>(Instyler o)=>(Instyler Module 2)=>(Quarantine-PE)
      Deleted

      C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest\setup.exe=>(Instyler o)
      Update failed

      C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest\setup.exe=>(Instyler o)=>(Instyler Module 3)=>(Quarantine-PE)
      Detected with: Application.VTesttool.B

      C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest\setup.exe=>(Instyler o)=>(Instyler Module 3)=>(Quarantine-PE)
      Deleted

      C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest\setup.exe=>(Instyler o)
      Update failed

      C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 2)=>(Quarantine-PE)
      Detected with: Application.VTesttool.A

      C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 2)=>(Quarantine-PE)
      Deleted

      C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest.zip=>setup.exe=>(Instyler o)
      Update failed

      C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 3)=>(Quarantine-PE)
      Detected with: Application.VTesttool.B

      C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 3)=>(Quarantine-PE)
      Deleted

      C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Test anti virus\pcsecuritytest.zip=>setup.exe=>(Instyler o)
      Update failed

      C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Windows\Active Desktop\adc.exe=>(Instyler o)=>(Instyler Module 61)
      Detected with: Spyware.Keypresshooker.C

      C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Windows\Active Desktop\adc.exe=>(Instyler o)=>(Instyler Module 61)
      Deleted

      C:\Documents and Settings\HP_Propriétaire\Mes documents\frederic.ponelle\Informatique\Téléchargements\Windows\Active Desktop\adc.exe=>(Instyler o)
      Update failed

      C:\SDFix\backups\backups.zip=>backups/phcthoj0eear.bmp
      Infected with: Trojan.FakeAlert.UM

      C:\SDFix\backups\backups.zip=>backups/phcthoj0eear.bmp
      Deleted

      C:\SDFix\backups\backups.zip
      Updated

      C:\SDFix\backups\backups.zip=>backups/pphcthoj0eear.exe
      Infected with: Trojan.FakeAlert.TR

      C:\SDFix\backups\backups.zip=>backups/pphcthoj0eear.exe
      Deleted

      C:\SDFix\backups\backups.zip
      Updated

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1028\A0255602.exe=>(NSIS o)=>lzma_solid_nsis0000
      Detected with: Adware.XpAntivirus.AJ

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1028\A0255602.exe=>(NSIS o)=>lzma_solid_nsis0000
      Disinfection failed

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1028\A0255602.exe=>(NSIS o)=>lzma_solid_nsis0000
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1028\A0255602.exe=>(NSIS o)
      Update failed

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1028\A0255632.exe=>(NSIS o)=>lzma_solid_nsis0000
      Detected with: Adware.XpAntivirus.AJ

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1028\A0255632.exe=>(NSIS o)=>lzma_solid_nsis0000
      Disinfection failed

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1028\A0255632.exe=>(NSIS o)=>lzma_solid_nsis0000
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1028\A0255632.exe=>(NSIS o)
      Update failed

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255684.exe=>(NSIS o)=>lzma_solid_nsis0000
      Detected with: Adware.XpAntivirus.AJ

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255684.exe=>(NSIS o)=>lzma_solid_nsis0000
      Disinfection failed

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255684.exe=>(NSIS o)=>lzma_solid_nsis0000
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1029\A0255684.exe=>(NSIS o)
      Update failed

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1032\A0256124.exe=>(NSIS o)=>lzma_solid_nsis0000
      Detected with: Adware.XpAntivirus.AJ

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1032\A0256124.exe=>(NSIS o)=>lzma_solid_nsis0000
      Disinfection failed

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1032\A0256124.exe=>(NSIS o)=>lzma_solid_nsis0000
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1032\A0256124.exe=>(NSIS o)
      Update failed
      0
      1. Sandromaniac > Sandromaniac
         
        le scan et le rapport hijackthis

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 08:06:22, on 03/08/2008
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16674)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
        C:\windows\system\hpsysdrv.exe
        C:\WINDOWS\system32\hphmon06.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\WINDOWS\ALCWZRD.EXE
        C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe
        C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
        C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\HP\KBD\KBD.EXE
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\MSN Messenger\msnmsgr.exe
        C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
        C:\Program Files\SpamPal\spampal.exe
        C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
        c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
        C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\Arcadyan Wireless\pctwpasv.exe
        C:\WINDOWS\system32\HPZipm12.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
        R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
        O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
        O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
        O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
        O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
        O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
        O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
        O4 - HKLM\..\Run: [SoftAP] C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe /U
        O4 - HKLM\..\Run: [Wireless SoftAP] "C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" /M
        O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
        O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
        O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
        O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
        O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
        O4 - Global Startup: Adobe Gamma Loader.lnk = ?
        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        O4 - Global Startup: Pinnacle Scheduler.lnk = ?
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
        O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
        O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
        O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
        O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
        O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
        O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
        O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{A8AA71D9-BA17-409E-9A1A-B426E5D84ACA}: NameServer = 192.168.1.1
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
        O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
        0
  14. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour

    très bien ;)

    rend ici
    https://www.virustotal.com/gui/
    et fait analyser ce fichier stp

    C:\Program Files\Arcadyan Wireless\pctwpasv.exe
    0
    1. Sandromaniac
       
      Le rapport de VirusTotal

      Antivirus Version Dernière mise à jour Résultat
      AhnLab-V3 2008.7.29.1 2008.08.02 -
      AntiVir 7.8.1.15 2008.08.01 -
      Authentium 5.1.0.4 2008.08.03 -
      Avast 4.8.1195.0 2008.08.02 -
      AVG 8.0.0.156 2008.08.02 -
      BitDefender 7.2 2008.08.03 -
      CAT-QuickHeal 9.50 2008.08.02 -
      ClamAV 0.93.1 2008.08.03 -
      DrWeb 4.44.0.09170 2008.08.03 -
      eSafe 7.0.17.0 2008.08.03 -
      eTrust-Vet 31.6.6002 2008.08.02 -
      Ewido 4.0 2008.08.03 -
      F-Prot 4.4.4.56 2008.08.03 -
      F-Secure 7.60.13501.0 2008.08.03 -
      Fortinet 3.14.0.0 2008.08.03 -
      GData 2.0.7306.1023 2008.08.03 -
      Ikarus T3.1.1.34.0 2008.08.03 -
      K7AntiVirus 7.10.402 2008.08.02 -
      Kaspersky 7.0.0.125 2008.08.03 -
      McAfee 5352 2008.08.01 -
      Microsoft 1.3807 2008.08.03 -
      NOD32v2 3322 2008.08.03 -
      Norman 5.80.02 2008.08.01 -
      Panda 9.0.0.4 2008.08.03 -
      PCTools 4.4.2.0 2008.08.03 -
      Prevx1 V2 2008.08.03 -
      Rising 20.55.62.00 2008.08.03 -
      Sophos 4.31.0 2008.08.03 -
      Sunbelt 3.1.1537.1 2008.08.01 -
      Symantec 10 2008.08.03 -
      TheHacker 6.2.96.392 2008.08.02 -
      TrendMicro 8.700.0.1004 2008.08.01 -
      VBA32 3.12.8.2 2008.08.02 -
      ViRobot 2008.8.1.1321 2008.08.01 -
      VirusBuster 4.5.11.0 2008.08.02 -
      Webwasher-Gateway 6.6.2 2008.08.03 -
      Information additionnelle
      File size: 204800 bytes
      MD5...: a78fc0cb90715ed223ef9efdf8f43041
      SHA1..: c405bec32b2d2a0f51c878b4535e29011e1d4246
      SHA256: b260650bac6b93bb8ed4fd284ea9d6ef445ad57ea1f2ad7140028c9c59b5a0b1
      SHA512: db2318ca3189b2591cc83b7f01aa2f7e0205efbe9fc95abcbcc1ead161ec0b36
      e343041b452145566ad4d7a8e3b93ba730fb56325160f39285f338c964529347
      PEiD..: -
      PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x40cdc6
      timedatestamp.....: 0x40f70959 (Thu Jul 15 22:46:49 2004)
      machinetype.......: 0x14c (I386)

      ( 4 sections )
      name viradd virsiz rawdsiz ntrpy md5
      .text 0x1000 0x1b4c0 0x1c000 6.55 daa29fe034da67a7b139565863a1898d
      .rdata 0x1d000 0x8da2 0x9000 6.36 85a276c84445b01bd08f242c92692b22
      .data 0x26000 0x7324 0x2000 3.24 155e6105b8701a9dd6cd5e5f732aecc1
      .rsrc 0x2e000 0x9210 0xa000 4.99 29902809e390d408205a40be0d2bec8a

      ( 13 imports )
      > PCTIN50.dll: W32N_IsWindows95, W32N_PacketReadEx, W32N_IsWindowsNT, W32N_CloseAdapter, W32N_PacketSend, W32N_GetLastError, W32N_GetFirstAdapterRegistryInfo, W32N_GetNextAdapterRegistryInfo, W32N_MakeNdisRequest, W32N_OpenAdapterA, W32N_OpenProtocolDriver
      > WS2_32.dll: -, -
      > CFGMGR32.dll: CM_Get_DevNode_Status
      > SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiGetDeviceRegistryPropertyA, SetupDiEnumDeviceInfo, SetupDiGetClassDevsA, SetupDiOpenDevRegKey, SetupDiClassGuidsFromNameA
      > KERNEL32.dll: GlobalFlags, GetCPInfo, GetOEMCP, WriteFile, SetFilePointer, FlushFileBuffers, GetCurrentProcess, ExitProcess, RtlUnwind, HeapAlloc, HeapFree, GetStartupInfoA, GetSystemTimeAsFileTime, RaiseException, HeapReAlloc, HeapSize, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetTimeZoneInformation, SetUnhandledExceptionFilter, VirtualProtect, GetSystemInfo, VirtualQuery, IsBadReadPtr, IsBadCodePtr, SetStdHandle, SetEnvironmentVariableA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, LoadLibraryA, FreeLibrary, lstrcmpW, lstrcmpA, InterlockedIncrement, InterlockedDecrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, TlsGetValue, EnterCriticalSection, GlobalHandle, GlobalReAlloc, LeaveCriticalSection, SetErrorMode, GetProcAddress, lstrcpyA, lstrcatA, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, lstrcpynA, WaitForMultipleObjects, CreateMutexA, ReleaseMutex, WaitForSingleObjectEx, GetTickCount, GetCurrentThreadId, WaitForMultipleObjectsEx, ResetEvent, lstrcmpiA, CompareStringW, CompareStringA, GetVersion, MultiByteToWideChar, Sleep, TerminateThread, ExitThread, SuspendThread, ResumeThread, FormatMessageA, GetCommandLineA, OutputDebugStringA, CreateThread, WideCharToMultiByte, FindResourceA, LoadResource, LockResource, SizeofResource, SetEvent, WaitForSingleObject, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, LocalAlloc, LocalFree, lstrlenA, SetLastError, GetVersionExA, QueryDosDeviceA, GetLastError, DefineDosDeviceA, CreateEventA, CloseHandle, CreateFileA, GetModuleHandleA, GetModuleFileNameA, GetShortPathNameA, GetSystemDirectoryA
      > USER32.dll: DestroyMenu, SetMenuItemBitmaps, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetMenuCheckMarkDimensions, LoadBitmapA, ClientToScreen, SetWindowTextA, ValidateRect, RegisterWindowMessageA, WinHelpA, GetCapture, SetWindowsHookExA, CallNextHookEx, GetClassLongA, GetClassInfoExA, GetClassNameA, SetPropA, GetPropA, RemovePropA, GetFocus, GetForegroundWindow, GetDlgItem, GetTopWindow, DestroyWindow, TabbedTextOutA, GetMessagePos, LoadIconA, MapWindowPoints, GetKeyState, SetForegroundWindow, GetClientRect, GetMenu, AdjustWindowRectEx, DrawTextA, DrawTextExA, GrayStringA, SetTimer, GetClassInfoA, UnregisterClassA, GetDlgCtrlID, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, CopyRect, PtInRect, GetWindow, GetWindowTextA, SendMessageA, MessageBoxA, GetParent, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, EnableWindow, LoadCursorA, GetSystemMetrics, GetMessageTime, KillTimer, DefWindowProcA, PostQuitMessage, ShowWindow, CreateWindowExA, RegisterClassA, WaitMessage, TranslateMessage, PeekMessageA, DispatchMessageA, FindWindowA, PostMessageA, wvsprintfA, wsprintfA, GetDC, ReleaseDC, GetSysColor, GetSysColorBrush, UnhookWindowsHookEx, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu
      > GDI32.dll: GetStockObject, DeleteDC, SetMapMode, RestoreDC, SaveDC, ExtTextOutA, CreateBitmap, DeleteObject, SetBkColor, SetTextColor, GetClipBox, GetDeviceCaps, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape,
      +TextOutA, RectVisible, PtVisible
      > WINSPOOL.DRV: OpenPrinterA, ClosePrinter, DocumentPropertiesA
      > ADVAPI32.dll: RegCloseKey, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, RegOpenKeyExA, RegQueryValueExA, CryptGenRandom, CryptAcquireContextA, CryptReleaseContext, StartServiceCtrlDispatcherA, OpenServiceA, ControlService, QueryServiceStatus, DeleteService, OpenSCManagerA, CreateServiceA, CloseServiceHandle, RegisterServiceCtrlHandlerA, SetServiceStatus
      > COMCTL32.dll: -
      > SHLWAPI.dll: PathFindExtensionA, PathFindFileNameA
      > OLEAUT32.dll: -, -, -
      > OLEACC.dll: CreateStdAccessibleObject, LresultFromObject

      ( 0 exports )



      ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
      0
  15. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Relance hijack et clique sur "Do a system scan only"
    Ensuite recherche ces lignes et coches les cases

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Pinnacle Scheduler.lnk = ?
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    Une fois coché, ferme toutes les fenêtres et applications et clique sur "Fix checked"

    ensuite redémarre ton PC et dit moi si tu as encore des soucis
    0
    1. Sandromaniac
       
      Plus de fenêtres intempestives Internet Explorer
      Plus de fenêtres d'Erreur d'applications...(lors du démarrage du pc)
      Plus de trace d'Antivirus XP 2008 dans le panneau de configuration
      La bureau à retrouver une apparente stabilité
      Me laisse une période de "rodage" pour avis ferme et définitif pour éventuelles séquelles

      Te remercie de ta patience, ta compétence et de ton abnégation

      Salutation
      Sandromaniac
      0
  16. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Merci

    pas de soucis attend quelques jours et tient moi au courant

    @+
    0