trojan vx tenace

Question

Bonjour,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:18, on 02/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Applications\iebtm.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Applications\iebtmm.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ubpr01.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AntivirusFirewall\Common\FSLAUNCH.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32	askmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\MsiExec.exe
P:\antivirus\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BD44AB1-76A7-4E05-92F4-4B065FE72BD6} - C:\Program Files\Applications\iebt.dll (file missing)
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Internet Service - {3BEBF2FE-7248-40E2-9752-8163EB6C4038} - C:\Program Files\Applications\iebr.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Msconfig] C:\WINDOWS\system32\icpldrvx.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Windows Mouse Services] winmouse64.exe
O4 - HKLM\..\Run: [Microsoft Memory Flow Cycle] flowcycle.exe
O4 - HKLM\..\Run: [j] C:\WINDOWS\system32\j.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdcby.exe] C:\WINDOWS\system32\kdcby.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\UAV\uav.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\RunServices: [j] C:\WINDOWS\system32\j.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWSeminder\fsc-reminder.exe 2453950 10
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Windows Messenger] C:\windows\msnmsgr2.exe
O4 - HKCU\..\Run: [Logon de rede] C:\windows\kernel.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\UAV\uav.exe
O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun
O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerfiles.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerfiles.com/redirect.php (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arnaud MORELL\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.3.64/cab/aolpPlugins.10.4.0.3.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://morell.dipmap.com/cab/OCXChecker_8000.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://86.197.70.246/cab/DownloadFile_8000.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{091B25B9-108C-4B1E-8119-6B4BC45C1832}: NameServer = 85.255.114.22,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D9F82A9-F013-48FD-98A7-C70B918D4384}: NameServer = 85.255.114.22,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{A00468A1-F265-49C7-8780-D64F7CF5CC8D}: NameServer = 85.255.114.22,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC2D3305-C46F-4060-8D37-C7C0D029F163}: NameServer = 85.255.114.22,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEC137B9-019D-4854-B64B-CAFEF1EDF39D}: NameServer = 85.255.114.22,85.255.112.77
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.22 85.255.112.77
O17 - HKLM\System\CS1\Services\Tcpip\..\{091B25B9-108C-4B1E-8119-6B4BC45C1832}: NameServer = 85.255.114.22,85.255.112.77
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.22 85.255.112.77
O17 - HKLM\System\CS2\Services\Tcpip\..\{091B25B9-108C-4B1E-8119-6B4BC45C1832}: NameServer = 85.255.114.22,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.22 85.255.112.77
O22 - SharedTaskScheduler: glycosulfatase - {cac60ee7-ebe0-4082-be2a-3abf704b7af0} - C:\WINDOWS\system32\wighg.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Print Spooler Service (yye0gciy) - Unknown owner - C:\WINDOWS\system32\j.exe (file missing)

ep44 · Answer

Bonjour 

ton PC est sur-infecté 
je vais te guider pour le désinfecter 

Télécharge FixWareout de l'un de ces deux liens :
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe

Sauvegarde-le sur ton Bureau, puis lance-le.
Clique Next, puis Install, et assure-toi que "Run fixit" soit coché, puis clique Finish.
Suis les directives à l'écran.
L'outil va te demander de redémarrer ton PC; fais-le s'il te plaît.
Le redémarrage risque de prendre un peu plus de temps; ceci est normal.

Lorsque redémarré, un fichier texte apparaîtra (report.txt); copie/colle ce rapport dans ta prochaine réponse, avec un nouveau rapport HijackThis également.



ensuite 
Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Déconnecte toi d'internet et ferme toutes tes applications.
* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
* /! Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!
* Attends que Combofix ait terminé, un rapport sera créé.
* réactive ton parefeu, ton antivirus, la garde de ton antispyware
* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.

@+

arnaud1966 · Answer

voici les deux rapport:
Username "Arnaud MORELL" - 02/09/2008 20:51:59 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdcby.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.114.22 85.255.112.77" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services	cpip\parameters\interfaces\{091B25B9-108C-4B1E-8119-6B4BC45C1832} 
"nameserver"="85.255.114.22,85.255.112.77" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services	cpip\parameters\interfaces\{5D9F82A9-F013-48FD-98A7-C70B918D4384} 
"nameserver"="85.255.114.22,85.255.112.77" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services	cpip\parameters\interfaces\{A00468A1-F265-49C7-8780-D64F7CF5CC8D} 
"nameserver"="85.255.114.22,85.255.112.77" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services	cpip\parameters\interfaces\{CC2D3305-C46F-4060-8D37-C7C0D029F163} 
"nameserver"="85.255.114.22,85.255.112.77" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services	cpip\parameters\interfaces\{DEC137B9-019D-4854-B64B-CAFEF1EDF39D} 
"nameserver"="85.255.114.22,85.255.112.77" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services	cpip\parameters\interfaces\{091B25B9-108C-4B1E-8119-6B4BC45C1832}
"DhcpNameServer"="85.255.114.22,85.255.112.77" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services	cpip\parameters\interfaces\{A00468A1-F265-49C7-8780-D64F7CF5CC8D}
"DhcpNameServer"="85.255.114.22,85.255.112.77" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services	cpip\parameters\interfaces\{D438C195-6309-4528-9E1E-F7D90C594F32}
"DhcpNameServer"="85.255.114.22,85.255.112.77" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services	cpip\parameters\interfaces\{DEC137B9-019D-4854-B64B-CAFEF1EDF39D}
"DhcpNameServer"="85.255.114.22,85.255.112.77" <Value cleared.

Cache de résolution DNS vidé.


System was rebooted successfully. 
 
~~~~~ Postrun check 
HKLM\SOFTWARE\~\Winlogon\ "system"="" 
....
....
~~~~~ Misc files. 
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdcby.ren 51200 13/06/2007 

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="\"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe\" runtime -Delay"
"Muscbrigade"="c:\Musicbrigade\Musicbrigade.exe check"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe"
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe"
"PhiBtn"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\
5c,64,72,69,76,65,72,73,5c,50,68,69,42,74,6e,2e,65,78,65,00
"Traymin900"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,64,72,69,76,65,72,73,5c,54,72,61,79,39,30,30,2e,65,78,65,00
"Lto Manager"="\"C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe\""
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"Msconfig"="C:\WINDOWS\system32\icpldrvx.exe"
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe"
"My Web Search Bar Search Scope Monitor"="\"C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe\" /m=0"
"EoEngine"=""
"EoWeather"=""
"EoClock"=""
"EoComputer"=""
"EoRss"=""
"EoNet"=""
"EoSudoku"=""
"EoPhoto"=""
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe"
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
"Windows Mouse Services"="winmouse64.exe"
"Microsoft Memory Flow Cycle"="flowcycle.exe"
"j"="C:\WINDOWS\system32\j.exe"
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup"
"wiqiwge"="\"c:\windows\system32\wiqiwge.exe\" wiqiwge"
"C:\WINDOWS\system32\kdcby.exe"="C:\WINDOWS\system32\kdcby.exe"
"Antivirus"="C:\Program Files\UAV\uav.exe"
"F-Secure Manager"="\"C:\Program Files\AntivirusFirewall\Common\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE\" /reboot"
"News Service"="\"C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe\""
"SoundMan"="SOUNDMAN.EXE"
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe 2453950 10"
"MsnMsgr"="\"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe\" /background"
"Skype"="\"C:\Program Files\Skype\Phone\Skype.exe\" /nosplash /minimized"
"MSMSGS"="\"c:\Program Files\Messenger\msmsgs.exe\" /background"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"H/PC Connection Agent"="\"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE\""
"Windows Messenger"="C:\windows\msnmsgr2.exe"
"Logon de rede"="C:\windows\kernel.exe"
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
"wblogon"="C:\WINDOWS\system32\ubpr01.exe"
"Antivirus"="C:\Program Files\UAV\uav.exe"
"s9201"="\"C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe\" /autorun"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

et le second:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:13, on 02/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ubpr01.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\MsiExec.exe
P:\antivirus\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BD44AB1-76A7-4E05-92F4-4B065FE72BD6} - C:\Program Files\Applications\iebt.dll (file missing)
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Internet Service - {3BEBF2FE-7248-40E2-9752-8163EB6C4038} - C:\Program Files\Applications\iebr.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Msconfig] C:\WINDOWS\system32\icpldrvx.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Windows Mouse Services] winmouse64.exe
O4 - HKLM\..\Run: [Microsoft Memory Flow Cycle] flowcycle.exe
O4 - HKLM\..\Run: [j] C:\WINDOWS\system32\j.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdcby.exe] C:\WINDOWS\system32\kdcby.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\UAV\uav.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\RunServices: [j] C:\WINDOWS\system32\j.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWSeminder\fsc-reminder.exe 2453950 10
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Windows Messenger] C:\windows\msnmsgr2.exe
O4 - HKCU\..\Run: [Logon de rede] C:\windows\kernel.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\UAV\uav.exe
O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerfiles.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerfiles.com/redirect.php (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arnaud MORELL\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.3.64/cab/aolpPlugins.10.4.0.3.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://morell.dipmap.com/cab/OCXChecker_8000.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://86.197.70.246/cab/DownloadFile_8000.cab
O22 - SharedTaskScheduler: glycosulfatase - {cac60ee7-ebe0-4082-be2a-3abf704b7af0} - C:\WINDOWS\system32\wighg.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Print Spooler Service (yye0gciy) - Unknown owner - C:\WINDOWS\system32\j.exe (file missing)

ep44 · Answer

très bien ensuite combofix comme demandé au poste 1

arnaud1966 · Answer

voila combofix

ComboFix 08-09-01.03 - Arnaud MORELL 2008-09-02 21:08:27.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1492 [GMT 2:00]
Endroit: C:\Documents and Settings\Arnaud MORELL\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Secure Solutions
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\AS2008XP.0XE
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\BASE\vbase.dat
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080829010111281.log
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080829010243890.log
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free\DriveCleaner 2006.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free\Mode d'emploi en ligne de DriveCleaner 2006.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free\Page d´accueil de DriveCleaner 2006.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free\Support en ligne de DriveCleaner 2006.lnk
C:\Documents and Settings\Arnaud MORELL\Application Data\FunWebProducts
C:\Documents and Settings\Arnaud MORELL\Application Data\FunWebProducts\Data\Arnaud MORELL\avatar.dat
C:\Documents and Settings\Arnaud MORELL\Application Data\FunWebProducts\Data\Arnaud MORELL\register.dat
C:\Documents and Settings\Arnaud MORELL\Application Data\macromedia\Flash Player\#SharedObjects\X47LFRUB\bin.clearspring.com
C:\Documents and Settings\Arnaud MORELL\Application Data\macromedia\Flash Player\#SharedObjects\X47LFRUB\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Arnaud MORELL\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Arnaud MORELL\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Arnaud MORELL\Cookies\arnaud_morell@edt02[2].txt
C:\Documents and Settings\Arnaud MORELL\err.log
C:\Documents and Settings\Arnaud MORELL\Mes documents\My Documents.url
C:\Program Files\AAV
C:\Program Files\AAV\aav.cpl
C:\Program Files\AAV\aav.exe
C:\Program Files\AAV\aav1.dat
C:\Program Files\Applications\iebr.dll
C:\Program Files\Applications\iebu.exe
C:\Program Files\Applications\myd.ico
C:\Program Files\Applications\mym.ico
C:\Program Files\Applications\myp.ico
C:\Program Files\Applications\myv.ico
C:\Program Files\Applications\ot.ico
C:\Program Files\Applications\ts.ico
C:\Program Files\UAV
C:\Program Files\UAV\uav.cpl
C:\Program Files\UAV\uav.exe
C:\Program Files\UAV\uav1.dat
C:\WINDOWS\pack.epk
C:\WINDOWS\system\oeminfo.ini
C:\WINDOWS\system32\120237\120237.dll
C:\WINDOWS\system32\civbasm_navtmp.dat
C:\WINDOWS\system32\kqcuao.dat
C:\WINDOWS\system32\kqcuao.exe
C:\WINDOWS\system32\kqcuao_nav.dat
C:\WINDOWS\system32\kqcuao_navps.dat
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\wiqiwge.dat
C:\WINDOWS\system32\wiqiwge.exe
C:\WINDOWS\system32\wiqiwge_nav.dat
C:\WINDOWS\system32\wiqiwge_navps.dat
P:\Autorun.inf

----- BITS: Possible sites infect‚s -----

http://gllto.glpals.com
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-02 to 2008-09-02 ))))))))))))))))))))))))))))))))))))
.

2008-09-02 20:43 . 2008-09-02 20:55 <REP> d-------- C:\fixwareout
2008-09-02 20:21 . 2008-09-02 20:21 <REP> d-------- C:\Program Files\Lavasoft
2008-09-02 20:21 . 2008-09-02 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-02 20:20 . 2008-09-02 20:20 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-02 11:22 . 2008-09-02 11:22 12,720 --a------ C:\WINDOWS\system32\wpa.bak
2008-09-01 20:15 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-09-01 20:14 . 2004-08-05 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-09-01 20:13 . 2008-09-01 20:13 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-09-01 20:12 . 2008-09-01 20:12 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-09-01 20:12 . 2008-09-01 20:12 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-09-01 20:12 . 2008-09-01 20:12 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-09-01 20:12 . 2008-09-01 20:12 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-29 14:55 . 2008-08-29 14:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-08-29 14:55 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-08-29 14:55 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-08-29 14:54 . 2008-08-29 14:54 118,842 -ra------ C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-08-29 01:07 . 2008-09-02 21:13 <REP> d-------- C:\WINDOWS\system32\120237
2008-08-29 01:01 . 2008-08-29 01:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-29 01:01 . 2008-08-29 01:02 64,362 --a------ C:\WINDOWS\system32\hqaicskjtafcv.exe
2008-08-29 00:30 . 2008-08-25 19:06 165,888 --a------ C:\WINDOWS\system32\aav.cpl
2008-08-28 23:45 . 2008-09-02 21:08 <REP> d-------- C:\Program Files\Applications
2008-08-28 23:45 . 2008-08-28 23:45 27,648 --a------ C:\WINDOWS\system32\ubpr01.exe
2008-08-21 20:55 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 18:57 --------- d-----w C:\Documents and Settings\Arnaud MORELL\Application Data\OpenOffice.org2
2008-09-01 18:48 81,920 ----a-w C:\WINDOWS\system32\W32N50.dll
2008-09-01 18:48 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-09-01 18:48 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.sys
2008-09-01 14:02 --------- d-----w C:\Documents and Settings\Arnaud MORELL\Application Data\AdobeUM
2008-08-29 12:55 --------- d-----w C:\Program Files\AntivirusFirewall
2008-08-28 22:43 --------- d-----w C:\Program Files\MSN Messenger
2008-08-26 18:48 --------- d-----w C:\Program Files\AvantGo Connect
2008-08-26 17:30 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-21 18:59 --------- d-----w C:\Program Files\Palm
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-14 13:24 --------- d-----w C:\Documents and Settings\Arnaud MORELL\Application Data\Image Zone Express
2008-07-14 13:20 --------- d-----w C:\Documents and Settings\Arnaud MORELL\Application Data\Printer Info Cache
2008-02-29 00:02 82,424 ----a-w C:\Documents and Settings\Arnaud MORELL\Application Data\GDIPFONTCACHEV1.DAT
2006-08-17 14:02 92,368 ----a-w C:\Documents and Settings\Arnaud MORELL\Application Data\errorsafescannerinstall_fr[1].exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{176D799E-6C8C-4D1A-8024-044D96A035E2}]
2008-09-02 21:15 15360 --a------ C:\WINDOWS\system32\120237\120237.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 28672]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\Program Files\Messenger\msmsgs.exe" [2005-08-31 1658592]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 103712]
"wblogon"="C:\WINDOWS\system32\ubpr01.exe" [2008-08-28 27648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Muscbrigade"="c:\Musicbrigade\Musicbrigade.exe" [2005-12-22 40960]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-09-14 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-09-14 49152]
"PhiBtn"="C:\WINDOWS\System32\drivers\PhiBtn.exe" [2005-08-25 155648]
"Traymin900"="C:\WINDOWS\System32\drivers\Tray900.exe" [2005-08-25 266240]
"Lto Manager"="C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe" [2005-06-29 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-08-06 135168]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 103712]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" [2005-10-26 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" [2005-10-18 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 356352]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mpg2"= C:\WINDOWS\mpg4c32.dll
"vidc.mpg3"= C:\WINDOWS\mpg4c32.dll
"vidc.GEOX"= C:\WINDOWS\system32\GeoCodec.dll
"vidc.GEOV"= C:\WINDOWS\system32\GeoCodec.dll
"vidc.G264"= C:\WINDOWS\system32\GX264.dll
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\Palm\\HOTSYNC.EXE"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\v8010\\DMMultiView\\MultiView.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 70896]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 48720]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-08-29 55424]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 16816]
R3 HPPLSBULK;HPPLSBULK;C:\WINDOWS\system32\drivers\hpplsbulk.sys [2005-02-03 9344]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]
S2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-08-29 32807]
S2 yye0gciy;Print Spooler Service;C:\WINDOWS\system32\j.exe [ ]
S3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys [2005-08-25 1240576]
S3 SunkFilt6;Alcor Micro Corp - 6360;C:\WINDOWS\System32\Drivers\sunkfilt6.sys [ ]
S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 46536]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Skype - C:\Program Files\Skype\Phone\Skype.exe
HKLM-Run-Msconfig - C:\WINDOWS\system32\icpldrvx.exe
HKLM-Run-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
HKLM-Run-j - C:\WINDOWS\system32\j.exe
HKLM-Run-wiqiwge - c:\windows\system32\wiqiwge.exe
HKLM-Run-C:\WINDOWS\system32\kdcby.exe - C:\WINDOWS\system32\kdcby.exe
HKLM-Run-Antivirus - C:\Program Files\UAV\uav.exe
HKLM-Run-EoEngine - (no file)
HKLM-Run-EoWeather - (no file)
HKLM-Run-EoClock - (no file)
HKLM-Run-EoComputer - (no file)
HKLM-Run-EoRss - (no file)
HKLM-Run-EoNet - (no file)
HKLM-Run-EoSudoku - (no file)
HKLM-Run-EoPhoto - (no file)
HKLM-RunServices-j - C:\WINDOWS\system32\j.exe
SharedTaskScheduler-{cac60ee7-ebe0-4082-be2a-3abf704b7af0} - C:\WINDOWS\system32\wighg.dll

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKLM-Main,Search Bar = hxxp://internetsearchservice.com/ie6.html
R0 -: HKLM-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 -: HKLM-Internet Explorer,SearchURL = hxxp://internetsearchservice.com
O8 -: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arnaud MORELL\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O18 -: Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll

O16 -: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} - hxxp://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
C:\WINDOWS\Downloaded Program Files\ICQVideoControl.inf
C:\WINDOWS\Downloaded Program Files\ICQVideoControl.dll

O16 -: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://morell.dipmap.com/cab/OCXChecker_8000.cab
C:\WINDOWS\Downloaded Program Files\OCXDownloadChecker.inf
C:\WINDOWS\Downloaded Program Files\OCXDownloadChecker_8000.ocx

O16 -: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} - hxxp://86.197.70.246/cab/DownloadFile_8000.cab
C:\WINDOWS\Downloaded Program Files\Download.inf
C:\WINDOWS\Downloaded Program Files\Download_8000.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 21:11:57
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\system32\\kdcby.exe"="C:\\WINDOWS\\system32\\kdcby.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-02 21:19:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-02 19:18:57

Pre-Run: 138,021,691,392 octets libres
Post-Run: 138,495,950,848 octets libres

279 --- E O F --- 2008-08-28 22:28:12

arnaud1966 · Answer

que dois je faire maintenant?

ep44 · Answer

Bonsoir 

selectionne ceci

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{176D799E-6C8C-4D1A-8024-044D96A035E2}]  
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]  
"wblogon"=-


File::
C:\WINDOWS\system32\hqaicskjtafcv.exe  
C:\WINDOWS\system32\aav.cpl  
C:\WINDOWS\system32\120237  
C:\WINDOWS\system32\ubpr01.exe       


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format. 
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci 
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.  

@+

arnaud1966 · Answer

que dois je faire?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:16, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ubpr01.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSLAUNCH.EXE
P:\antivirus\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: 120237 helper - {176D799E-6C8C-4D1A-8024-044D96A035E2} - C:\WINDOWS\system32\120237\120237.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453950 10
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arnaud MORELL\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.3.64/cab/aolpPlugins.10.4.0.3.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://morell.dipmap.com/cab/OCXChecker_8000.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://86.197.70.246/cab/DownloadFile_8000.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Print Spooler Service (yye0gciy) - Unknown owner - C:\WINDOWS\system32\j.exe (file missing)

arnaud1966 · Answer

voila le dernier rapport de combofix modifier par CFSript

ComboFix 08-09-01.05 - Arnaud MORELL 2008-09-03 20:31:37.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1239 [GMT 2:00]
Endroit: P:\antivirus\ComboFix.exe
Command switches used :: C:\Documents and Settings\Arnaud MORELL\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\aav.cpl
C:\WINDOWS\system32\hqaicskjtafcv.exe
C:\WINDOWS\system32\ubpr01.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-03 to 2008-09-03 ))))))))))))))))))))))))))))))))))))
.

2008-09-02 23:53 . 2004-08-20 15:02 102,400 --a------ C:\WINDOWS\system32\PMLJNI.dll
2008-09-02 23:53 . 2003-06-16 23:52 74,752 --a------ C:\WINDOWS\system32\jst.dll
2008-09-02 23:53 . 2004-05-10 22:11 40,960 --a------ C:\WINDOWS\system32\d4channel.dll
2008-09-02 23:53 . 2003-06-20 19:21 36,864 --a------ C:\WINDOWS\system32\hpbmmjno.dll
2008-09-02 23:53 . 2005-02-03 19:31 32,768 --a------ C:\WINDOWS\system32\compJNI.dll
2008-09-02 23:48 . 2008-09-02 23:59 54,453 --a------ C:\WINDOWS\hppins01.dat
2008-09-02 23:48 . 2006-08-02 19:12 3,402 --a------ C:\WINDOWS\hpbvnstp.hi1
2008-09-02 23:48 . 2005-04-08 18:52 2,392 --------- C:\WINDOWS\hppmdl01.dat
2008-09-02 23:48 . 2006-08-02 19:12 1,030 --a------ C:\WINDOWS\hpbvnstp.bu1
2008-09-02 23:48 . 2006-08-02 19:13 655 --a------ C:\WINDOWS\hpbvspst.hi1
2008-09-02 23:48 . 2006-08-02 19:13 314 --a------ C:\WINDOWS\hpbvspst.bu1
2008-09-02 23:39 . 2008-09-02 23:39 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-09-02 23:03 . 2008-09-02 23:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-02 23:03 . 2008-09-02 23:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-02 20:43 . 2008-09-02 20:55 <REP> d-------- C:\fixwareout
2008-09-02 20:21 . 2008-09-02 20:21 <REP> d-------- C:\Program Files\Lavasoft
2008-09-02 20:21 . 2008-09-02 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-02 20:20 . 2008-09-02 20:20 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-02 11:22 . 2008-09-02 11:22 12,720 --a------ C:\WINDOWS\system32\wpa.bak
2008-09-01 20:15 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-09-01 20:14 . 2004-08-05 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-09-01 20:13 . 2008-09-01 20:13 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-09-01 20:12 . 2008-09-01 20:12 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-09-01 20:12 . 2008-09-01 20:12 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-09-01 20:12 . 2008-09-01 20:12 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-09-01 20:12 . 2008-09-01 20:12 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-29 14:55 . 2008-08-29 14:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-08-29 14:55 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-08-29 14:55 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-08-29 14:54 . 2008-08-29 14:54 118,842 -ra------ C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2008-08-29 01:07 . 2008-09-03 20:20 <REP> d-------- C:\WINDOWS\system32\120237
2008-08-29 01:01 . 2008-08-29 01:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-28 23:45 . 2008-09-02 21:08 <REP> d-------- C:\Program Files\Applications
2008-08-21 20:55 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 10:02 82,424 ----a-w C:\Documents and Settings\Arnaud MORELL\Application Data\GDIPFONTCACHEV1.DAT
2008-09-02 22:00 --------- d-----w C:\Documents and Settings\Arnaud MORELL\Application Data\OpenOffice.org2
2008-09-02 21:53 --------- d--h--w C:\Program Files\Zero G Registry
2008-09-02 21:53 --------- d-----w C:\Program Files\Hewlett-Packard
2008-09-02 21:52 --------- d-----w C:\Program Files\HP
2008-09-01 18:48 81,920 ----a-w C:\WINDOWS\system32\W32N50.dll
2008-09-01 18:48 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-09-01 18:48 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.sys
2008-09-01 14:02 --------- d-----w C:\Documents and Settings\Arnaud MORELL\Application Data\AdobeUM
2008-08-29 12:55 --------- d-----w C:\Program Files\AntivirusFirewall
2008-08-28 22:43 --------- d-----w C:\Program Files\MSN Messenger
2008-08-26 18:48 --------- d-----w C:\Program Files\AvantGo Connect
2008-08-21 18:59 --------- d-----w C:\Program Files\Palm
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-14 13:24 --------- d-----w C:\Documents and Settings\Arnaud MORELL\Application Data\Image Zone Express
2008-07-14 13:20 --------- d-----w C:\Documents and Settings\Arnaud MORELL\Application Data\Printer Info Cache
2006-08-17 14:02 92,368 ----a-w C:\Documents and Settings\Arnaud MORELL\Application Data\errorsafescannerinstall_fr[1].exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 28672]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\Program Files\Messenger\msmsgs.exe" [2005-08-31 1658592]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 103712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Muscbrigade"="c:\Musicbrigade\Musicbrigade.exe" [2005-12-22 40960]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-09-14 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-09-14 49152]
"PhiBtn"="C:\WINDOWS\System32\drivers\PhiBtn.exe" [2005-08-25 155648]
"Traymin900"="C:\WINDOWS\System32\drivers\Tray900.exe" [2005-08-25 266240]
"Lto Manager"="C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe" [2005-06-29 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-08-06 135168]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 103712]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" [2005-10-26 122929]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 700416]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" [2005-10-18 372736]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 356352]
"HPUsageTracking"="C:\Program Files\HP\HP UT\bin\hppusg.exe" [2005-02-07 36864]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

C:\Documents and Settings\Arnaud MORELL\Menu D‚marrer\Programmes\D‚marrage\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-10-14 299008]
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]
PowerReg Scheduler.exe [2006-08-02 233472]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Dataviz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2003-07-01 24576]
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mpg2"= C:\WINDOWS\mpg4c32.dll
"vidc.mpg3"= C:\WINDOWS\mpg4c32.dll
"vidc.GEOX"= C:\WINDOWS\system32\GeoCodec.dll
"vidc.GEOV"= C:\WINDOWS\system32\GeoCodec.dll
"vidc.G264"= C:\WINDOWS\system32\GX264.dll
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\Palm\\HOTSYNC.EXE"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\v8010\\DMMultiView\\MultiView.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 70896]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 48720]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-08-29 55424]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 16816]
R3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys [2005-08-25 1240576]
R3 HPPLSBULK;HPPLSBULK;C:\WINDOWS\system32\drivers\hpplsbulk.sys [2005-02-03 9344]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-08-29 32807]
S2 yye0gciy;Print Spooler Service;C:\WINDOWS\system32\j.exe [ ]
S3 SunkFilt6;Alcor Micro Corp - 6360;C:\WINDOWS\System32\Drivers\sunkfilt6.sys [ ]
S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 46536]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 20:32:18
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-09-03 20:32:52
ComboFix-quarantined-files.txt 2008-09-03 18:32:49
ComboFix2.txt 2008-09-03 18:21:19
ComboFix3.txt 2008-09-02 19:19:01

Pre-Run: 136,832,684,032 octets libres
Post-Run: 136,822,931,456 octets libres

177 --- E O F --- 2008-08-28 22:28:12

ep44 · Answer

fait un scan en ligne

avec bitdefender et colle le rapport

https://www.bitdefender.com/toolbox/

Scan à faire sous Internet Explorer

un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm

ensuite un nouveau rapport hijack stp
@+

arnaud1966 · Answer

Logfile of HijackThis v1.99.1
Scan saved at 23:30:55, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSLAUNCH.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
P:\antivirus\hijackthis_hijackthis_1.99.1_anglais_17891.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453950 10
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arnaud MORELL\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.3.64/cab/aolpPlugins.10.4.0.3.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://morell.dipmap.com/cab/OCXChecker_8000.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://86.197.70.246/cab/DownloadFile_8000.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Print Spooler Service (yye0gciy) - Unknown owner - C:\WINDOWS\system32\j.exe (file missing)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:27, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSLAUNCH.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
P:\antivirus\hijackthis_hijackthis_1.99.1_anglais_17891.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
P:\antivirus\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453950 10
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arnaud MORELL\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.3.64/cab/aolpPlugins.10.4.0.3.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://morell.dipmap.com/cab/OCXChecker_8000.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://86.197.70.246/cab/DownloadFile_8000.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Print Spooler Service (yye0gciy) - Unknown owner - C:\WINDOWS\system32\j.exe (file missing)

noctambule28 · Answer

SAlut

j'ai trouvé ça qui doit appartenir à ce topic ;)

********************************
bit defender:

BitDefender Online Scanner



Scan report generated at: Wed, Sep 03, 2008 - 23:16:07





Scan path: C:\;D:\;E:\;G:\;H:\;I:\;J:\;L:\;P:\;­







Statistics

Time
01:53:39

Files
745420

Folders
10683

Boot Sectors
0

Archives
13301

Packed Files
22528




Results

Identified Viruses
36

Infected Files
60

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
60




Engines Info

Virus Definitions
1714384

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Aug 11 2008 17:31:32)

Scan plugins
16

Archive plugins
43

Unpack plugins
7

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.ja­r-195c1c92-5d66d179.0ip=>OwnClassLoader.class
Infected with: Trojan.Exploit.Byteverify.V

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-195c1c92-5d66d179.0ip=>OwnClassLoader.class
Deleted

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-195c1c92-5d66d179.0ip
Updated

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-195c1c92-5d66d179.0ip=>ProxyClassLoader.class
Infected with: Trojan.Exploit.Byteverify.AC

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-195c1c92-5d66d179.0ip=>ProxyClassLoader.class
Deleted

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-195c1c92-5d66d179.0ip
Updated

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-195c1c92-5d66d179.0ip=>Installer.class
Infected with: Trojan.Downloader.Java.Agent.A

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-195c1c92-5d66d179.0ip=>Installer.class
Deleted

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-195c1c92-5d66d179.0ip
Updated

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-43993d93-253c13c8.zip=>OwnClassLoader.class
Infected with: Trojan.Exploit.Byteverify.V

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-43993d93-253c13c8.zip=>OwnClassLoader.class
Deleted

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-43993d93-253c13c8.zip
Updated

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-43993d93-253c13c8.zip=>ProxyClassLoader.class
Infected with: Trojan.Exploit.Byteverify.AC

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-43993d93-253c13c8.zip=>ProxyClassLoader.class
Deleted

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-43993d93-253c13c8.zip
Updated

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-43993d93-253c13c8.zip=>Installer.class
Infected with: Trojan.Downloader.Java.Agent.A

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-43993d93-253c13c8.zip=>Installer.class
Deleted

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-43993d93-253c13c8.zip
Updated

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\OP.jar-38ed336b-7e4a2554.zip=>OP.class
Infected with: Trojan.Exploit.Java.Byteverify.L

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\OP.jar-38ed336b-7e4a2554.zip=>OP.class
Deleted

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\OP.jar-38ed336b-7e4a2554.zip
Updated

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\OP.jar-ef5b68e-39f3cc13.0ip=>OP.class
Infected with: Trojan.Exploit.Java.Byteverify.L

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\OP.jar-ef5b68e-39f3cc13.0ip=>OP.class
Deleted

C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\OP.jar-ef5b68e-39f3cc13.0ip
Updated

C:\Documents and Settings\Arnaud MORELL\Application Data\errorsafescannerinstall_fr[1].exe
Infected with: Trojan.Downloader.Winfixer.O

C:\Documents and Settings\Arnaud MORELL\Application Data\errorsafescannerinstall_fr[1].exe
Deleted

C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\43443E5E-000005D4.0ml=>[Subject: hello, my love !!! !][Date: Wed, 6 Feb 2008 03:27:57 -0800]=>(MIME part)=>animation my photo.scr
Infected with: BehavesLike:Trojan.Downloader

C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\43443E5E-000005D4.0ml=>[Subject: hello, my love !!! !][Date: Wed, 6 Feb 2008 03:27:57 -0800]=>(MIME part)=>animation my photo.scr
Disinfection failed

C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\43443E5E-000005D4.0ml=>[Subject: hello, my love !!! !][Date: Wed, 6 Feb 2008 03:27:57 -0800]=>(MIME part)=>animation my photo.scr
Deleted

C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\43443E5E-000005D4.0ml=>[Subject: hello, my love !!! !][Date: Wed, 6 Feb 2008 03:27:57 -0800]=>(MIME part)
Updated

C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\43443E5E-000005D4.0ml
Updated

C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\6A67146B-0000058F.0ml=>[Subject: hello, my love!][Date: Tue, 5 Feb 2008 07:36:23 -0800]=>(MIME part)=>animation my photo.scr
Infected with: BehavesLike:Trojan.Downloader

C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\6A67146B-0000058F.0ml=>[Subject: hello, my love!][Date: Tue, 5 Feb 2008 07:36:23 -0800]=>(MIME part)=>animation my photo.scr
Disinfection failed

C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\6A67146B-0000058F.0ml=>[Subject: hello, my love!][Date: Tue, 5 Feb 2008 07:36:23 -0800]=>(MIME part)=>animation my photo.scr
Deleted

C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\6A67146B-0000058F.0ml=>[Subject: hello, my love!][Date: Tue, 5 Feb 2008 07:36:23 -0800]=>(MIME part)
Updated

C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\6A67146B-0000058F.0ml
Updated

C:\Documents and Settings\Arnaud MORELL\Mes documents\Mes fichiers reçus\@\oumou_lastar@hotmail.com\Dance_dec_jpg.0ip=>www.Dance_dec_jpg_Msn.com
Infected with: Backdoor.SdBot.DFAB

C:\Documents and Settings\Arnaud MORELL\Mes documents\Mes fichiers reçus\@\oumou_lastar@hotmail.com\Dance_dec_jpg.0ip=>www.Dance_dec_jpg_Msn.com
Deleted

C:\Documents and Settings\Arnaud MORELL\Mes documents\Mes fichiers reçus\@\oumou_lastar@hotmail.com\Dance_dec_jpg.0ip
Updated

C:\Documents and Settings\Arnaud MORELL\Mes documents\Mes fichiers reçus\@	_gladyss@hotmail.com\IMG-0012.0ip
Infected with: Win32.Netsky.DAR@mm

C:\Documents and Settings\Arnaud MORELL\Mes documents\Mes fichiers reçus\@	_gladyss@hotmail.com\IMG-0012.0ip
Deleted

C:\Documents and Settings\Arnaud MORELL\Mes documents\Mes fichiers reçus\@\yoly1501@hotmail.com\photo267x.0ip=>photo_727.JPEG-arnaud1966@hotmail.fr.com
Infected with: Backdoor.Oderoor.1.Gen

C:\Documents and Settings\Arnaud MORELL\Mes documents\Mes fichiers reçus\@\yoly1501@hotmail.com\photo267x.0ip=>photo_727.JPEG-arnaud1966@hotmail.fr.com
Disinfection failed

C:\Documents and Settings\Arnaud MORELL\Mes documents\Mes fichiers reçus\@\yoly1501@hotmail.com\photo267x.0ip=>photo_727.JPEG-arnaud1966@hotmail.fr.com
Deleted

C:\Documents and Settings\Arnaud MORELL\Mes documents\Mes fichiers reçus\@\yoly1501@hotmail.com\photo267x.0ip
Updated

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav1.dat
Infected with: Trojan.FakeAlert.ACZ

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav1.dat
Deleted

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\AAVSetup.exe=>(ZIP Sfx o)
Updated

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav.cpl
Infected with: Trojan.Fakealert.ACM

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav.cpl
Deleted

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\AAVSetup.exe=>(ZIP Sfx o)
Updated

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav.exe
Detected with: Adware.XpAntivirus.AS

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav.exe
Deleted

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\AAVSetup.exe=>(ZIP Sfx o)
Updated

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\AAVSetup.exe
Update failed

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\setup_100636_506_.0xe
Infected with: Trojan.FakeAlert.Gen.1

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\setup_100636_506_.0xe
Disinfection failed

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\setup_100636_506_.0xe
Deleted

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\SPPSetup.exe=>(ZIP Sfx o)=>SPP1.dat
Infected with: Trojan.FakeAlert.ACZ

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\SPPSetup.exe=>(ZIP Sfx o)=>SPP1.dat
Deleted

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\SPPSetup.exe=>(ZIP Sfx o)
Updated

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\SPPSetup.exe
Update failed

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\SpywareSecure_trial_setup.exe
Detected with: Application.SpywareSecure.A

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\SpywareSecure_trial_setup.exe
Deleted

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\spywarsecure-setup.exe
Detected with: Adware.Generic.10092

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\spywarsecure-setup.exe
Deleted

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\UAV2008Setup.exe=>(ZIP Sfx o)=>uav1.dat
Infected with: Trojan.FakeAlert.ACZ

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\UAV2008Setup.exe=>(ZIP Sfx o)=>uav1.dat
Deleted

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\UAV2008Setup.exe=>(ZIP Sfx o)
Updated

C:\Documents and Settings\Arnaud MORELL\Mes documents	elecharger\UAV2008Setup.exe
Update failed

C:\Program Files\Applications\iebtm.exe
Infected with: Trojan.Zlob.26534

C:\Program Files\Applications\iebtm.exe
Deleted

C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\AS2008XP.0XE.vir
Infected with: Trojan.FakeAlert.Gen.1

C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\AS2008XP.0XE.vir
Disinfection failed

C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\AS2008XP.0XE.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\AAV\aav.cpl.vir
Infected with: Trojan.Fakealert.ACM

C:\QooBox\Quarantine\C\Program Files\AAV\aav.cpl.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\AAV\aav.exe.vir
Detected with: Adware.XpAntivirus.AS

C:\QooBox\Quarantine\C\Program Files\AAV\aav.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\AAV\aav1.dat.vir
Infected with: Trojan.FakeAlert.ACZ

C:\QooBox\Quarantine\C\Program Files\AAV\aav1.dat.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\UAV\uav1.dat.vir
Infected with: Trojan.FakeAlert.ACZ

C:\QooBox\Quarantine\C\Program Files\UAV\uav1.dat.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005
Detected with: Adware.Navipromo.GO

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005
Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)
Update failed

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0009
Detected with: Spyware.618

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0009
Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)
Update failed

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002
Detected with: Adware.Navipromo.GO

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002
Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)
Update failed

C:\QooBox\Quarantine\C\WINDOWS\system32\aav.cpl.vir
Infected with: Trojan.Fakealert.ACM

C:\QooBox\Quarantine\C\WINDOWS\system32\aav.cpl.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\kqcuao.exe.vir
Infected with: GenPack:Adware.Navipromo.CAK

C:\QooBox\Quarantine\C\WINDOWS\system32\kqcuao.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\kqcuao.exe.vir
Deleted

C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP6\A0000292.cpl
Infected with: Trojan.Fakealert.ACM

C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP6\A0000292.cpl
Deleted

C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP6\A0000293.exe
Detected with: Adware.XpAntivirus.AS

C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP6\A0000293.exe
Deleted

C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP6\A0000305.exe
Infected with: GenPack:Adware.Navipromo.CAK

C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP6\A0000305.exe
Disinfection failed

C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP6\A0000305.exe
Deleted

C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP9\A0001420.cpl
Infected with: Trojan.Fakealert.ACM

C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP9\A0001420.cpl
Deleted

C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP9\A0001460.exe
Infected with: Trojan.Downloader.Winfixer.O

C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP9\A0001460.exe
Deleted

C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP9\A0001461.exe
Infected with: Trojan.Zlob.26534

C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP9\A0001461.exe
Deleted

C:\WINDOWS\bootvid.dll
Infected with: Trojan.Banker.AT

C:\WINDOWS\bootvid.dll
Deleted

C:\WINDOWS\msnmsgr2.0xe
Infected with: Trojan.Downloader.Small.AOV

C:\WINDOWS\msnmsgr2.0xe
Deleted

C:\WINDOWS\system32\FLOWCYCLE.0XE
Infected with: Backdoor.Ircbot.ABNF

C:\WINDOWS\system32\FLOWCYCLE.0XE
Deleted

C:\WINDOWS\system32\j.0xe
Infected with: Backdoor.Oderoor.AC

C:\WINDOWS\system32\j.0xe
Deleted

C:\WINDOWS\winhlp.0xe
Infected with: Backdoor.Generic.58463

C:\WINDOWS\winhlp.0xe
Deleted

P:\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 2)
Detected with: Application.VTesttool.A

P:\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 2)
Deleted

P:\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)
Update failed

P:\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 3)
Detected with: Application.VTesttool.B

P:\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 3)
Deleted

P:\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)
Update failed

P:\antivirus\installdrivecleanerstart_fr.exe
Detected with: Application.Drivecleaner.H

P:\antivirus\installdrivecleanerstart_fr.exe
Disinfection failed

P:\antivirus\installdrivecleanerstart_fr.exe
Deleted

P:\copie D	elecharger\ErrorSafeScannerInstall_fr.exe
Infected with: Trojan.Downloader.Winfixer.O

P:\copie D	elecharger\ErrorSafeScannerInstall_fr.exe
Deleted

P:\copie D	elecharger\jeu\sudoku.exe
Detected with: Adware.Navipromo.BYD

P:\copie D	elecharger\jeu\sudoku.exe
Disinfection failed

P:\copie D	elecharger\jeu\sudoku.exe
Deleted

P:\copie D	elecharger\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 2)
Detected with: Application.VTesttool.A

P:\copie D	elecharger\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 2)
Deleted

P:\copie D	elecharger\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)
Update failed

P:\copie D	elecharger\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 3)
Detected with: Application.VTesttool.B

P:\copie D	elecharger\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 3)
Deleted

P:\copie D	elecharger\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)
Update failed

P:\copie D	elecharger\antivirus\installdrivecleanerstart_fr.exe
Detected with: Application.Drivecleaner.H

P:\copie D	elecharger\antivirus\installdrivecleanerstart_fr.exe
Disinfection failed

P:\copie D	elecharger\antivirus\installdrivecleanerstart_fr.exe
Deleted

P:\copie D	elecharger	elecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav1.dat
Infected with: Trojan.FakeAlert.ACZ

P:\copie D	elecharger	elecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav1.dat
Deleted

P:\copie D	elecharger	elecharger\AAVSetup.exe=>(ZIP Sfx o)
Updated

P:\copie D	elecharger	elecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav.cpl
Infected with: Trojan.Fakealert.ACM

P:\copie D	elecharger	elecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav.cpl
Deleted

P:\copie D	elecharger	elecharger\AAVSetup.exe=>(ZIP Sfx o)
Updated

P:\copie D	elecharger	elecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav.exe
Detected with: Adware.XpAntivirus.AS

P:\copie D	elecharger	elecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav.exe
Deleted

P:\copie D	elecharger	elecharger\AAVSetup.exe=>(ZIP Sfx o)
Updated

P:\copie D	elecharger	elecharger\AAVSetup.exe
Update failed

P:\copie D	elecharger	elecharger\SPPSetup.exe=>(ZIP Sfx o)=>SPP1.dat
Infected with: Trojan.FakeAlert.ACZ

P:\copie D	elecharger	elecharger\SPPSetup.exe=>(ZIP Sfx o)=>SPP1.dat
Deleted

P:\copie D	elecharger	elecharger\SPPSetup.exe=>(ZIP Sfx o)
Updated

P:\copie D	elecharger	elecharger\SPPSetup.exe
Update failed

P:\copie D	elecharger	elecharger\SpywareSecure_trial_setup.exe
Detected with: Application.SpywareSecure.A

P:\copie D	elecharger	elecharger\SpywareSecure_trial_setup.exe
Deleted

P:\copie D	elecharger	elecharger\spywarsecure-setup.exe
Detected with: Adware.Generic.10092

P:\copie D	elecharger	elecharger\spywarsecure-setup.exe
Deleted

P:\copie D\DIVERS\My Videos\Mes fichiers reçus\IMG-0012.0ip
Infected with: Win32.Netsky.DAR@mm

P:\copie D\DIVERS\My Videos\Mes fichiers reçus\IMG-0012.0ip
Deleted

P:\copie D\DIVERS\My Videos\Mes fichiers reçus\IMG0024.0ip=>IMG033-JPG-www.photobucket.com
Infected with: Trojan.Multidrop.IB.Dam

P:\copie D\DIVERS\My Videos\Mes fichiers reçus\IMG0024.0ip=>IMG033-JPG-www.photobucket.com
Deleted

P:\copie D\DIVERS\My Videos\Mes fichiers reçus\IMG0024.0ip
Updated

ep44 · Answer

Bonjour noctambule, 

un rapport perdue :)))

arnaud1966  dit moi comment ce comporte ton PC

ensuite 


 Relance HijackThis et clique sur "Do a system scan only"
Ensuite recherche ces lignes et coches les cases 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC 
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)     
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) 
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://morell.dipmap.com/cab/OCXChecker_8000.cab 

Une fois coché, ferme toutes les fenêtres et applications et clique sur "Fix checked" 

Ensuite fait: Démarrer > Exécuter > tape cmd (Ok)

- Dans la fenêtre DOS, taper chacune des lignes suivantes, une à une et très exactement, en validant avec [Entrée] après chacune :

sc stop yye0gciy [Entrée]

sc delete yye0gciy [Entrée]



Ensuite 
Télécharge OTMoveIt (de OldTimer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\j.exe 
EmptyTemp

clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demandé de faire redémarrer le PC pour achever la suppression. 


@+

arnaud1966 · Answer

avant manipulation

Logfile of HijackThis v1.99.1
Scan saved at 23:23, on 2008-09-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
P:\antivirus\hijackthis_hijackthis_1.99.1_anglais_17891.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453950 10
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arnaud MORELL\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.3.64/cab/aolpPlugins.10.4.0.3.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://morell.dipmap.com/cab/OCXChecker_8000.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://86.197.70.246/cab/DownloadFile_8000.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Print Spooler Service (yye0gciy) - Unknown owner - C:\WINDOWS\system32\j.exe (file missing)

arnaud1966 · Answer

File/Folder C:\WINDOWS\system32\j.exe not found.
File/Folder Empty Temp not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09042008_233724

arnaud1966 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:41, on 2008-09-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AntivirusFirewall\Common\FSLAUNCH.EXE
P:\antivirus\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453950 10
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arnaud MORELL\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.3.64/cab/aolpPlugins.10.4.0.3.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://86.197.70.246/cab/DownloadFile_8000.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

ep44 · Answer

on pousse la recherche concernant ce j.exe 
Télécharge OAD  http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau


Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de : j.exe 
- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Trojan vx tenace

16 réponses

Votre réponse

Discussions similaires

Newsletters