Trojan vx tenace

arnaud1966 -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:18, on 02/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Applications\iebtm.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Applications\iebtmm.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ubpr01.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AntivirusFirewall\Common\FSLAUNCH.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\MsiExec.exe
P:\antivirus\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BD44AB1-76A7-4E05-92F4-4B065FE72BD6} - C:\Program Files\Applications\iebt.dll (file missing)
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Internet Service - {3BEBF2FE-7248-40E2-9752-8163EB6C4038} - C:\Program Files\Applications\iebr.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Msconfig] C:\WINDOWS\system32\icpldrvx.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Windows Mouse Services] winmouse64.exe
O4 - HKLM\..\Run: [Microsoft Memory Flow Cycle] flowcycle.exe
O4 - HKLM\..\Run: [j] C:\WINDOWS\system32\j.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdcby.exe] C:\WINDOWS\system32\kdcby.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\UAV\uav.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\RunServices: [j] C:\WINDOWS\system32\j.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453950 10
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Windows Messenger] C:\windows\msnmsgr2.exe
O4 - HKCU\..\Run: [Logon de rede] C:\windows\kernel.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\UAV\uav.exe
O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun
O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerfiles.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerfiles.com/redirect.php (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arnaud MORELL\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.3.64/cab/aolpPlugins.10.4.0.3.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://morell.dipmap.com/cab/OCXChecker_8000.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://86.197.70.246/cab/DownloadFile_8000.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{091B25B9-108C-4B1E-8119-6B4BC45C1832}: NameServer = 85.255.114.22,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D9F82A9-F013-48FD-98A7-C70B918D4384}: NameServer = 85.255.114.22,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{A00468A1-F265-49C7-8780-D64F7CF5CC8D}: NameServer = 85.255.114.22,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC2D3305-C46F-4060-8D37-C7C0D029F163}: NameServer = 85.255.114.22,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEC137B9-019D-4854-B64B-CAFEF1EDF39D}: NameServer = 85.255.114.22,85.255.112.77
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.22 85.255.112.77
O17 - HKLM\System\CS1\Services\Tcpip\..\{091B25B9-108C-4B1E-8119-6B4BC45C1832}: NameServer = 85.255.114.22,85.255.112.77
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.22 85.255.112.77
O17 - HKLM\System\CS2\Services\Tcpip\..\{091B25B9-108C-4B1E-8119-6B4BC45C1832}: NameServer = 85.255.114.22,85.255.112.77
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.22 85.255.112.77
O22 - SharedTaskScheduler: glycosulfatase - {cac60ee7-ebe0-4082-be2a-3abf704b7af0} - C:\WINDOWS\system32\wighg.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Print Spooler Service (yye0gciy) - Unknown owner - C:\WINDOWS\system32\j.exe (file missing)

--
End of file - 14296 bytes
Configuration: Windows XP
Internet Explorer 6.0

16 réponses

  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour

    ton PC est sur-infecté
    je vais te guider pour le désinfecter

    Télécharge FixWareout de l'un de ces deux liens :
    http://downloads.subratam.org/Fixwareout.exe
    http://download.bleepingcomputer.com/lonny/Fixwareout.exe

    Sauvegarde-le sur ton Bureau, puis lance-le.
    Clique Next, puis Install, et assure-toi que "Run fixit" soit coché, puis clique Finish.
    Suis les directives à l'écran.
    L'outil va te demander de redémarrer ton PC; fais-le s'il te plaît.
    Le redémarrage risque de prendre un peu plus de temps; ceci est normal.

    Lorsque redémarré, un fichier texte apparaîtra (report.txt); copie/colle ce rapport dans ta prochaine réponse, avec un nouveau rapport HijackThis également.

    ensuite
    Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Déconnecte toi d'internet et ferme toutes tes applications.
    * Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
    * Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
    * /! Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!
    * Attends que Combofix ait terminé, un rapport sera créé.
    * réactive ton parefeu, ton antivirus, la garde de ton antispyware
    * copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
    * Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.

    @+
    0
  2. arnaud1966
     
    voici les deux rapport:
    Username "Arnaud MORELL" - 02/09/2008 20:51:59 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check
    HKLM\SOFTWARE\~\Winlogon\ "System"="kdcby.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    "nameserver"="85.255.114.22 85.255.112.77" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{091B25B9-108C-4B1E-8119-6B4BC45C1832}
    "nameserver"="85.255.114.22,85.255.112.77" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5D9F82A9-F013-48FD-98A7-C70B918D4384}
    "nameserver"="85.255.114.22,85.255.112.77" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A00468A1-F265-49C7-8780-D64F7CF5CC8D}
    "nameserver"="85.255.114.22,85.255.112.77" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{CC2D3305-C46F-4060-8D37-C7C0D029F163}
    "nameserver"="85.255.114.22,85.255.112.77" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DEC137B9-019D-4854-B64B-CAFEF1EDF39D}
    "nameserver"="85.255.114.22,85.255.112.77" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{091B25B9-108C-4B1E-8119-6B4BC45C1832}
    "DhcpNameServer"="85.255.114.22,85.255.112.77" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A00468A1-F265-49C7-8780-D64F7CF5CC8D}
    "DhcpNameServer"="85.255.114.22,85.255.112.77" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D438C195-6309-4528-9E1E-F7D90C594F32}
    "DhcpNameServer"="85.255.114.22,85.255.112.77" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DEC137B9-019D-4854-B64B-CAFEF1EDF39D}
    "DhcpNameServer"="85.255.114.22,85.255.112.77" <Value cleared.

    Cache de résolution DNS vidé.

    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "system"=""
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....
    ~~~~~ Other
    C:\WINDOWS\Temp\kdcby.ren 51200 13/06/2007

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
    "Muscbrigade"="c:\\Musicbrigade\\Musicbrigade.exe check"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
    "WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\TaskbarIcon.exe"
    "PhiBtn"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\
    5c,64,72,69,76,65,72,73,5c,50,68,69,42,74,6e,2e,65,78,65,00
    "Traymin900"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
    33,32,5c,64,72,69,76,65,72,73,5c,54,72,61,79,39,30,30,2e,65,78,65,00
    "Lto Manager"="\"C:\\Program Files\\Quick GPS Connection Data Download Manager\\DesktopLtoManager.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "Msconfig"="C:\\WINDOWS\\system32\\icpldrvx.exe"
    "MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"
    "My Web Search Bar Search Scope Monitor"="\"C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\m3SrchMn.exe\" /m=0"
    "EoEngine"=""
    "EoWeather"=""
    "EoClock"=""
    "EoComputer"=""
    "EoRss"=""
    "EoNet"=""
    "EoSudoku"=""
    "EoPhoto"=""
    "Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"
    "SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
    "Windows Mouse Services"="winmouse64.exe"
    "Microsoft Memory Flow Cycle"="flowcycle.exe"
    "j"="C:\\WINDOWS\\system32\\j.exe"
    "NSLauncher"="C:\\Program Files\\Nokia\\Nokia Software Launcher\\NSLauncher.exe /startup"
    "wiqiwge"="\"c:\\windows\\system32\\wiqiwge.exe\" wiqiwge"
    "C:\\WINDOWS\\system32\\kdcby.exe"="C:\\WINDOWS\\system32\\kdcby.exe"
    "Antivirus"="C:\\Program Files\\UAV\\uav.exe"
    "F-Secure Manager"="\"C:\\Program Files\\AntivirusFirewall\\Common\\FSM32.EXE\" /splash"
    "F-Secure TNB"="\"C:\\Program Files\\AntivirusFirewall\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
    "F-Secure Startup Wizard"="\"C:\\Program Files\\AntivirusFirewall\\FSGUI\\FSSW.EXE\" /reboot"
    "News Service"="\"C:\\Program Files\\AntivirusFirewall\\FSGUI\\ispnews.exe\""
    "SoundMan"="SOUNDMAN.EXE"
    "TomcatStartup 2.5"="C:\\Program Files\\Hewlett-Packard\\Toolbox\\hpbpsttp.exe"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "fsc-reminder.exe"="C:\\WINDOWS\\reminder\\fsc-reminder.exe 2453950 10"
    "MsnMsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "MSMSGS"="\"c:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
    "Windows Messenger"="C:\\windows\\msnmsgr2.exe"
    "Logon de rede"="C:\\windows\\kernel.exe"
    "SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
    "wblogon"="C:\\WINDOWS\\system32\\ubpr01.exe"
    "Antivirus"="C:\\Program Files\\UAV\\uav.exe"
    "s9201"="\"C:\\Documents and Settings\\All Users\\Application Data\\Secure Solutions\\Antispyware 2008 XP\\as2008xp.exe\" /autorun"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    ~~~~~ End report ~~~~~

    et le second:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:00:13, on 02/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
    C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
    C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
    C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\WINDOWS\System32\drivers\PhiBtn.exe
    C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ubpr01.exe
    C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\WINDOWS\system32\MsiExec.exe
    P:\antivirus\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0BD44AB1-76A7-4E05-92F4-4B065FE72BD6} - C:\Program Files\Applications\iebt.dll (file missing)
    O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
    O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O3 - Toolbar: Internet Service - {3BEBF2FE-7248-40E2-9752-8163EB6C4038} - C:\Program Files\Applications\iebr.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
    O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
    O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Msconfig] C:\WINDOWS\system32\icpldrvx.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [Windows Mouse Services] winmouse64.exe
    O4 - HKLM\..\Run: [Microsoft Memory Flow Cycle] flowcycle.exe
    O4 - HKLM\..\Run: [j] C:\WINDOWS\system32\j.exe
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdcby.exe] C:\WINDOWS\system32\kdcby.exe
    O4 - HKLM\..\Run: [Antivirus] C:\Program Files\UAV\uav.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
    O4 - HKLM\..\RunServices: [j] C:\WINDOWS\system32\j.exe
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453950 10
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Windows Messenger] C:\windows\msnmsgr2.exe
    O4 - HKCU\..\Run: [Logon de rede] C:\windows\kernel.exe
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe
    O4 - HKCU\..\Run: [Antivirus] C:\Program Files\UAV\uav.exe
    O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerfiles.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerfiles.com/redirect.php (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arnaud MORELL\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
    O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.3.64/cab/aolpPlugins.10.4.0.3.cab
    O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
    O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://morell.dipmap.com/cab/OCXChecker_8000.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://86.197.70.246/cab/DownloadFile_8000.cab
    O22 - SharedTaskScheduler: glycosulfatase - {cac60ee7-ebe0-4082-be2a-3abf704b7af0} - C:\WINDOWS\system32\wighg.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Print Spooler Service (yye0gciy) - Unknown owner - C:\WINDOWS\system32\j.exe (file missing)
    0
  3. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    très bien ensuite combofix comme demandé au poste 1
    0
  4. arnaud1966
     
    voila combofix

    ComboFix 08-09-01.03 - Arnaud MORELL 2008-09-02 21:08:27.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1492 [GMT 2:00]
    Endroit: C:\Documents and Settings\Arnaud MORELL\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\All Users\Application Data\Secure Solutions
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\AS2008XP.0XE
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\BASE\vbase.dat
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080829010111281.log
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080829010243890.log
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free\DriveCleaner 2006.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free\Mode d'emploi en ligne de DriveCleaner 2006.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free\Page d´accueil de DriveCleaner 2006.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free\Support en ligne de DriveCleaner 2006.lnk
    C:\Documents and Settings\Arnaud MORELL\Application Data\FunWebProducts
    C:\Documents and Settings\Arnaud MORELL\Application Data\FunWebProducts\Data\Arnaud MORELL\avatar.dat
    C:\Documents and Settings\Arnaud MORELL\Application Data\FunWebProducts\Data\Arnaud MORELL\register.dat
    C:\Documents and Settings\Arnaud MORELL\Application Data\macromedia\Flash Player\#SharedObjects\X47LFRUB\bin.clearspring.com
    C:\Documents and Settings\Arnaud MORELL\Application Data\macromedia\Flash Player\#SharedObjects\X47LFRUB\bin.clearspring.com\clearspring.sol
    C:\Documents and Settings\Arnaud MORELL\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
    C:\Documents and Settings\Arnaud MORELL\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
    C:\Documents and Settings\Arnaud MORELL\Cookies\arnaud_morell@edt02[2].txt
    C:\Documents and Settings\Arnaud MORELL\err.log
    C:\Documents and Settings\Arnaud MORELL\Mes documents\My Documents.url
    C:\Program Files\AAV
    C:\Program Files\AAV\aav.cpl
    C:\Program Files\AAV\aav.exe
    C:\Program Files\AAV\aav1.dat
    C:\Program Files\Applications\iebr.dll
    C:\Program Files\Applications\iebu.exe
    C:\Program Files\Applications\myd.ico
    C:\Program Files\Applications\mym.ico
    C:\Program Files\Applications\myp.ico
    C:\Program Files\Applications\myv.ico
    C:\Program Files\Applications\ot.ico
    C:\Program Files\Applications\ts.ico
    C:\Program Files\UAV
    C:\Program Files\UAV\uav.cpl
    C:\Program Files\UAV\uav.exe
    C:\Program Files\UAV\uav1.dat
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system\oeminfo.ini
    C:\WINDOWS\system32\120237\120237.dll
    C:\WINDOWS\system32\civbasm_navtmp.dat
    C:\WINDOWS\system32\kqcuao.dat
    C:\WINDOWS\system32\kqcuao.exe
    C:\WINDOWS\system32\kqcuao_nav.dat
    C:\WINDOWS\system32\kqcuao_navps.dat
    C:\WINDOWS\system32\nvs2.inf
    C:\WINDOWS\system32\wiqiwge.dat
    C:\WINDOWS\system32\wiqiwge.exe
    C:\WINDOWS\system32\wiqiwge_nav.dat
    C:\WINDOWS\system32\wiqiwge_navps.dat
    P:\Autorun.inf

    ----- BITS: Possible sites infect‚s -----

    http://gllto.glpals.com
    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-02 to 2008-09-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-02 20:43 . 2008-09-02 20:55 <REP> d-------- C:\fixwareout
    2008-09-02 20:21 . 2008-09-02 20:21 <REP> d-------- C:\Program Files\Lavasoft
    2008-09-02 20:21 . 2008-09-02 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-09-02 20:20 . 2008-09-02 20:20 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-02 11:22 . 2008-09-02 11:22 12,720 --a------ C:\WINDOWS\system32\wpa.bak
    2008-09-01 20:15 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-09-01 20:14 . 2004-08-05 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
    2008-09-01 20:13 . 2008-09-01 20:13 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
    2008-09-01 20:12 . 2008-09-01 20:12 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
    2008-09-01 20:12 . 2008-09-01 20:12 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
    2008-09-01 20:12 . 2008-09-01 20:12 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
    2008-09-01 20:12 . 2008-09-01 20:12 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
    2008-08-29 14:55 . 2008-08-29 14:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-08-29 14:55 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-08-29 14:55 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-08-29 14:54 . 2008-08-29 14:54 118,842 -ra------ C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
    2008-08-29 01:07 . 2008-09-02 21:13 <REP> d-------- C:\WINDOWS\system32\120237
    2008-08-29 01:01 . 2008-08-29 01:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
    2008-08-29 01:01 . 2008-08-29 01:02 64,362 --a------ C:\WINDOWS\system32\hqaicskjtafcv.exe
    2008-08-29 00:30 . 2008-08-25 19:06 165,888 --a------ C:\WINDOWS\system32\aav.cpl
    2008-08-28 23:45 . 2008-09-02 21:08 <REP> d-------- C:\Program Files\Applications
    2008-08-28 23:45 . 2008-08-28 23:45 27,648 --a------ C:\WINDOWS\system32\ubpr01.exe
    2008-08-21 20:55 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-02 18:57 --------- d-----w C:\Documents and Settings\Arnaud MORELL\Application Data\OpenOffice.org2
    2008-09-01 18:48 81,920 ----a-w C:\WINDOWS\system32\W32N50.dll
    2008-09-01 18:48 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2008-09-01 18:48 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.sys
    2008-09-01 14:02 --------- d-----w C:\Documents and Settings\Arnaud MORELL\Application Data\AdobeUM
    2008-08-29 12:55 --------- d-----w C:\Program Files\AntivirusFirewall
    2008-08-28 22:43 --------- d-----w C:\Program Files\MSN Messenger
    2008-08-26 18:48 --------- d-----w C:\Program Files\AvantGo Connect
    2008-08-26 17:30 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-08-21 18:59 --------- d-----w C:\Program Files\Palm
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-14 13:24 --------- d-----w C:\Documents and Settings\Arnaud MORELL\Application Data\Image Zone Express
    2008-07-14 13:20 --------- d-----w C:\Documents and Settings\Arnaud MORELL\Application Data\Printer Info Cache
    2008-02-29 00:02 82,424 ----a-w C:\Documents and Settings\Arnaud MORELL\Application Data\GDIPFONTCACHEV1.DAT
    2006-08-17 14:02 92,368 ----a-w C:\Documents and Settings\Arnaud MORELL\Application Data\errorsafescannerinstall_fr[1].exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{176D799E-6C8C-4D1A-8024-044D96A035E2}]
    2008-09-02 21:15 15360 --a------ C:\WINDOWS\system32\120237\120237.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 28672]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "MSMSGS"="c:\Program Files\Messenger\msmsgs.exe" [2005-08-31 1658592]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
    "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 103712]
    "wblogon"="C:\WINDOWS\system32\ubpr01.exe" [2008-08-28 27648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
    "Muscbrigade"="c:\Musicbrigade\Musicbrigade.exe" [2005-12-22 40960]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-09-14 24576]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-09-14 49152]
    "PhiBtn"="C:\WINDOWS\System32\drivers\PhiBtn.exe" [2005-08-25 155648]
    "Traymin900"="C:\WINDOWS\System32\drivers\Tray900.exe" [2005-08-25 266240]
    "Lto Manager"="C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe" [2005-06-29 53248]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]
    "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-08-06 135168]
    "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 103712]
    "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
    "F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" [2005-10-26 122929]
    "F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 700416]
    "F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" [2005-10-18 372736]
    "News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 356352]
    "TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
    "SoundMan"="SOUNDMAN.EXE" [2006-03-01 C:\WINDOWS\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.mpg2"= C:\WINDOWS\mpg4c32.dll
    "vidc.mpg3"= C:\WINDOWS\mpg4c32.dll
    "vidc.GEOX"= C:\WINDOWS\system32\GeoCodec.dll
    "vidc.GEOV"= C:\WINDOWS\system32\GeoCodec.dll
    "vidc.G264"= C:\WINDOWS\system32\GX264.dll
    "MSACM.CEGSM"= mobilev.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\Msmsgs.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
    "C:\\Program Files\\Palm\\HOTSYNC.EXE"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "C:\\Program Files\\v8010\\DMMultiView\\MultiView.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1700:TCP"= 1700:TCP:MioNet Remote Drive Access
    "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 70896]
    R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 48720]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-08-29 55424]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 16816]
    R3 HPPLSBULK;HPPLSBULK;C:\WINDOWS\system32\drivers\hpplsbulk.sys [2005-02-03 9344]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]
    S2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-08-29 32807]
    S2 yye0gciy;Print Spooler Service;C:\WINDOWS\system32\j.exe [ ]
    S3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys [2005-08-25 1240576]
    S3 SunkFilt6;Alcor Micro Corp - 6360;C:\WINDOWS\System32\Drivers\sunkfilt6.sys [ ]
    S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 46536]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Skype - C:\Program Files\Skype\Phone\Skype.exe
    HKLM-Run-Msconfig - C:\WINDOWS\system32\icpldrvx.exe
    HKLM-Run-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
    HKLM-Run-j - C:\WINDOWS\system32\j.exe
    HKLM-Run-wiqiwge - c:\windows\system32\wiqiwge.exe
    HKLM-Run-C:\WINDOWS\system32\kdcby.exe - C:\WINDOWS\system32\kdcby.exe
    HKLM-Run-Antivirus - C:\Program Files\UAV\uav.exe
    HKLM-Run-EoEngine - (no file)
    HKLM-Run-EoWeather - (no file)
    HKLM-Run-EoClock - (no file)
    HKLM-Run-EoComputer - (no file)
    HKLM-Run-EoRss - (no file)
    HKLM-Run-EoNet - (no file)
    HKLM-Run-EoSudoku - (no file)
    HKLM-Run-EoPhoto - (no file)
    HKLM-RunServices-j - C:\WINDOWS\system32\j.exe
    SharedTaskScheduler-{cac60ee7-ebe0-4082-be2a-3abf704b7af0} - C:\WINDOWS\system32\wighg.dll

    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
    R0 -: HKCU-Main,Start Page = about:blank
    R0 -: HKLM-Main,Search Bar = hxxp://internetsearchservice.com/ie6.html
    R0 -: HKLM-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
    R1 -: HKCU-Internet Settings,ProxyOverride = <local>
    R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 -: HKLM-Internet Explorer,SearchURL = hxxp://internetsearchservice.com
    O8 -: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
    O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arnaud MORELL\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
    O18 -: Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll
    O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
    O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
    O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
    O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
    O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
    O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll

    O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
    C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll

    O16 -: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} - hxxp://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
    C:\WINDOWS\Downloaded Program Files\ICQVideoControl.inf
    C:\WINDOWS\Downloaded Program Files\ICQVideoControl.dll

    O16 -: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://morell.dipmap.com/cab/OCXChecker_8000.cab
    C:\WINDOWS\Downloaded Program Files\OCXDownloadChecker.inf
    C:\WINDOWS\Downloaded Program Files\OCXDownloadChecker_8000.ocx

    O16 -: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} - hxxp://86.197.70.246/cab/DownloadFile_8000.cab
    C:\WINDOWS\Downloaded Program Files\Download.inf
    C:\WINDOWS\Downloaded Program Files\Download_8000.ocx
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-02 21:11:57
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "C:\\WINDOWS\\system32\\kdcby.exe"="C:\\WINDOWS\\system32\\kdcby.exe"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32.exe
    C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Wanadoo\TaskBarIcon.exe
    C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\msiexec.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-02 21:19:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-02 19:18:57

    Pre-Run: 138,021,691,392 octets libres
    Post-Run: 138,495,950,848 octets libres

    279 --- E O F --- 2008-08-28 22:28:12
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    selectionne ceci

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{176D799E-6C8C-4D1A-8024-044D96A035E2}]  
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]  
    "wblogon"=-
    
    
    File::
    C:\WINDOWS\system32\hqaicskjtafcv.exe  
    C:\WINDOWS\system32\aav.cpl  
    C:\WINDOWS\system32\120237  
    C:\WINDOWS\system32\ubpr01.exe       
    


    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Veille à ce que Retour à la ligne ne soit pas coché dans Format.
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
    si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.  


    @+
    0
  7. arnaud1966
     
    que dois je faire?
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:18:16, on 03/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\WINDOWS\System32\drivers\PhiBtn.exe
    C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\HP\HP UT\bin\hppusg.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ubpr01.exe
    C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\AntivirusFirewall\Common\FSLAUNCH.EXE
    P:\antivirus\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: 120237 helper - {176D799E-6C8C-4D1A-8024-044D96A035E2} - C:\WINDOWS\system32\120237\120237.dll
    O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
    O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
    O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
    O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453950 10
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arnaud MORELL\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.3.64/cab/aolpPlugins.10.4.0.3.cab
    O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
    O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://morell.dipmap.com/cab/OCXChecker_8000.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://86.197.70.246/cab/DownloadFile_8000.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Print Spooler Service (yye0gciy) - Unknown owner - C:\WINDOWS\system32\j.exe (file missing)
    0
  8. arnaud1966
     
    voila le dernier rapport de combofix modifier par CFSript

    ComboFix 08-09-01.05 - Arnaud MORELL 2008-09-03 20:31:37.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1239 [GMT 2:00]
    Endroit: P:\antivirus\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Arnaud MORELL\Mes documents\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\aav.cpl
    C:\WINDOWS\system32\hqaicskjtafcv.exe
    C:\WINDOWS\system32\ubpr01.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-08-03 to 2008-09-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-02 23:53 . 2004-08-20 15:02 102,400 --a------ C:\WINDOWS\system32\PMLJNI.dll
    2008-09-02 23:53 . 2003-06-16 23:52 74,752 --a------ C:\WINDOWS\system32\jst.dll
    2008-09-02 23:53 . 2004-05-10 22:11 40,960 --a------ C:\WINDOWS\system32\d4channel.dll
    2008-09-02 23:53 . 2003-06-20 19:21 36,864 --a------ C:\WINDOWS\system32\hpbmmjno.dll
    2008-09-02 23:53 . 2005-02-03 19:31 32,768 --a------ C:\WINDOWS\system32\compJNI.dll
    2008-09-02 23:48 . 2008-09-02 23:59 54,453 --a------ C:\WINDOWS\hppins01.dat
    2008-09-02 23:48 . 2006-08-02 19:12 3,402 --a------ C:\WINDOWS\hpbvnstp.hi1
    2008-09-02 23:48 . 2005-04-08 18:52 2,392 --------- C:\WINDOWS\hppmdl01.dat
    2008-09-02 23:48 . 2006-08-02 19:12 1,030 --a------ C:\WINDOWS\hpbvnstp.bu1
    2008-09-02 23:48 . 2006-08-02 19:13 655 --a------ C:\WINDOWS\hpbvspst.hi1
    2008-09-02 23:48 . 2006-08-02 19:13 314 --a------ C:\WINDOWS\hpbvspst.bu1
    2008-09-02 23:39 . 2008-09-02 23:39 <REP> d-------- C:\WINDOWS\system32\NtmsData
    2008-09-02 23:03 . 2008-09-02 23:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-09-02 23:03 . 2008-09-02 23:06 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-09-02 20:43 . 2008-09-02 20:55 <REP> d-------- C:\fixwareout
    2008-09-02 20:21 . 2008-09-02 20:21 <REP> d-------- C:\Program Files\Lavasoft
    2008-09-02 20:21 . 2008-09-02 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-09-02 20:20 . 2008-09-02 20:20 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-02 11:22 . 2008-09-02 11:22 12,720 --a------ C:\WINDOWS\system32\wpa.bak
    2008-09-01 20:15 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-09-01 20:14 . 2004-08-05 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
    2008-09-01 20:13 . 2008-09-01 20:13 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
    2008-09-01 20:12 . 2008-09-01 20:12 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
    2008-09-01 20:12 . 2008-09-01 20:12 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
    2008-09-01 20:12 . 2008-09-01 20:12 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
    2008-09-01 20:12 . 2008-09-01 20:12 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
    2008-08-29 14:55 . 2008-08-29 14:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-08-29 14:55 . 2005-11-18 17:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-08-29 14:55 . 2005-11-18 17:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-08-29 14:54 . 2008-08-29 14:54 118,842 -ra------ C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
    2008-08-29 01:07 . 2008-09-03 20:20 <REP> d-------- C:\WINDOWS\system32\120237
    2008-08-29 01:01 . 2008-08-29 01:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
    2008-08-28 23:45 . 2008-09-02 21:08 <REP> d-------- C:\Program Files\Applications
    2008-08-21 20:55 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-03 10:02 82,424 ----a-w C:\Documents and Settings\Arnaud MORELL\Application Data\GDIPFONTCACHEV1.DAT
    2008-09-02 22:00 --------- d-----w C:\Documents and Settings\Arnaud MORELL\Application Data\OpenOffice.org2
    2008-09-02 21:53 --------- d--h--w C:\Program Files\Zero G Registry
    2008-09-02 21:53 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-09-02 21:52 --------- d-----w C:\Program Files\HP
    2008-09-01 18:48 81,920 ----a-w C:\WINDOWS\system32\W32N50.dll
    2008-09-01 18:48 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2008-09-01 18:48 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.sys
    2008-09-01 14:02 --------- d-----w C:\Documents and Settings\Arnaud MORELL\Application Data\AdobeUM
    2008-08-29 12:55 --------- d-----w C:\Program Files\AntivirusFirewall
    2008-08-28 22:43 --------- d-----w C:\Program Files\MSN Messenger
    2008-08-26 18:48 --------- d-----w C:\Program Files\AvantGo Connect
    2008-08-21 18:59 --------- d-----w C:\Program Files\Palm
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-14 13:24 --------- d-----w C:\Documents and Settings\Arnaud MORELL\Application Data\Image Zone Express
    2008-07-14 13:20 --------- d-----w C:\Documents and Settings\Arnaud MORELL\Application Data\Printer Info Cache
    2006-08-17 14:02 92,368 ----a-w C:\Documents and Settings\Arnaud MORELL\Application Data\errorsafescannerinstall_fr[1].exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 28672]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "MSMSGS"="c:\Program Files\Messenger\msmsgs.exe" [2005-08-31 1658592]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
    "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 103712]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
    "Muscbrigade"="c:\Musicbrigade\Musicbrigade.exe" [2005-12-22 40960]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-09-14 24576]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-09-14 49152]
    "PhiBtn"="C:\WINDOWS\System32\drivers\PhiBtn.exe" [2005-08-25 155648]
    "Traymin900"="C:\WINDOWS\System32\drivers\Tray900.exe" [2005-08-25 266240]
    "Lto Manager"="C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe" [2005-06-29 53248]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]
    "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-08-06 135168]
    "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 103712]
    "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
    "F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" [2005-10-26 122929]
    "F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 700416]
    "F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" [2005-10-18 372736]
    "News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 356352]
    "HPUsageTracking"="C:\Program Files\HP\HP UT\bin\hppusg.exe" [2005-02-07 36864]
    "TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
    "SoundMan"="SOUNDMAN.EXE" [2006-03-01 C:\WINDOWS\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

    C:\Documents and Settings\Arnaud MORELL\Menu D‚marrer\Programmes\D‚marrage\
    HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-10-14 299008]
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]
    PowerReg Scheduler.exe [2006-08-02 233472]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Dataviz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2003-07-01 24576]
    D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.mpg2"= C:\WINDOWS\mpg4c32.dll
    "vidc.mpg3"= C:\WINDOWS\mpg4c32.dll
    "vidc.GEOX"= C:\WINDOWS\system32\GeoCodec.dll
    "vidc.GEOV"= C:\WINDOWS\system32\GeoCodec.dll
    "vidc.G264"= C:\WINDOWS\system32\GX264.dll
    "MSACM.CEGSM"= mobilev.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\Msmsgs.exe"=
    "C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
    "C:\\Program Files\\Palm\\HOTSYNC.EXE"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "C:\\Program Files\\v8010\\DMMultiView\\MultiView.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1700:TCP"= 1700:TCP:MioNet Remote Drive Access
    "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 70896]
    R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 48720]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2008-08-29 55424]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 16816]
    R3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys [2005-08-25 1240576]
    R3 HPPLSBULK;HPPLSBULK;C:\WINDOWS\system32\drivers\hpplsbulk.sys [2005-02-03 9344]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-08-29 32807]
    S2 yye0gciy;Print Spooler Service;C:\WINDOWS\system32\j.exe [ ]
    S3 SunkFilt6;Alcor Micro Corp - 6360;C:\WINDOWS\System32\Drivers\sunkfilt6.sys [ ]
    S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 46536]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-03 20:32:18
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-03 20:32:52
    ComboFix-quarantined-files.txt 2008-09-03 18:32:49
    ComboFix2.txt 2008-09-03 18:21:19
    ComboFix3.txt 2008-09-02 19:19:01

    Pre-Run: 136,832,684,032 octets libres
    Post-Run: 136,822,931,456 octets libres

    177 --- E O F --- 2008-08-28 22:28:12
    0
  9. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    fait un scan en ligne

    avec bitdefender et colle le rapport

    https://www.bitdefender.com/toolbox/

    Scan à faire sous Internet Explorer

    un tuto
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    ensuite un nouveau rapport hijack stp
    @+
    0
  10. arnaud1966
     
    Logfile of HijackThis v1.99.1
    Scan saved at 23:30:55, on 03/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\WINDOWS\System32\drivers\PhiBtn.exe
    C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\HP\HP UT\bin\hppusg.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\AntivirusFirewall\Common\FSLAUNCH.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    P:\antivirus\hijackthis_hijackthis_1.99.1_anglais_17891.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
    O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
    O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
    O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453950 10
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arnaud MORELL\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.3.64/cab/aolpPlugins.10.4.0.3.cab
    O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://morell.dipmap.com/cab/OCXChecker_8000.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://86.197.70.246/cab/DownloadFile_8000.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Print Spooler Service (yye0gciy) - Unknown owner - C:\WINDOWS\system32\j.exe (file missing)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:31:27, on 03/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\WINDOWS\System32\drivers\PhiBtn.exe
    C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\HP\HP UT\bin\hppusg.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\AntivirusFirewall\Common\FSLAUNCH.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    P:\antivirus\hijackthis_hijackthis_1.99.1_anglais_17891.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    P:\antivirus\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
    O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
    O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
    O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453950 10
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arnaud MORELL\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.3.64/cab/aolpPlugins.10.4.0.3.cab
    O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://morell.dipmap.com/cab/OCXChecker_8000.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://86.197.70.246/cab/DownloadFile_8000.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Print Spooler Service (yye0gciy) - Unknown owner - C:\WINDOWS\system32\j.exe (file missing)
    0
  11. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    SAlut

    j'ai trouvé ça qui doit appartenir à ce topic ;)

    ********************************
    bit defender:

    BitDefender Online Scanner

    Scan report generated at: Wed, Sep 03, 2008 - 23:16:07

    Scan path: C:\;D:\;E:\;G:\;H:\;I:\;J:\;L:\;P:\;­

    Statistics

    Time
    01:53:39

    Files
    745420

    Folders
    10683

    Boot Sectors
    0

    Archives
    13301

    Packed Files
    22528

    Results

    Identified Viruses
    36

    Infected Files
    60

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    60

    Engines Info

    Virus Definitions
    1714384

    Engine build
    AVCORE v1.7 (build 8314.19) (i386) (Aug 11 2008 17:31:32)

    Scan plugins
    16

    Archive plugins
    43

    Unpack plugins
    7

    E-mail plugins
    6

    System plugins
    4

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.ja­r-195c1c92-5d66d179.0ip=>OwnClassLoader.class
    Infected with: Trojan.Exploit.Byteverify.V

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-195c1c92-5d66d179.0ip=>OwnClassLoader.class
    Deleted

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-195c1c92-5d66d179.0ip
    Updated

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-195c1c92-5d66d179.0ip=>ProxyClassLoader.class
    Infected with: Trojan.Exploit.Byteverify.AC

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-195c1c92-5d66d179.0ip=>ProxyClassLoader.class
    Deleted

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-195c1c92-5d66d179.0ip
    Updated

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-195c1c92-5d66d179.0ip=>Installer.class
    Infected with: Trojan.Downloader.Java.Agent.A

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-195c1c92-5d66d179.0ip=>Installer.class
    Deleted

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-195c1c92-5d66d179.0ip
    Updated

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-43993d93-253c13c8.zip=>OwnClassLoader.class
    Infected with: Trojan.Exploit.Byteverify.V

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-43993d93-253c13c8.zip=>OwnClassLoader.class
    Deleted

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-43993d93-253c13c8.zip
    Updated

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-43993d93-253c13c8.zip=>ProxyClassLoader.class
    Infected with: Trojan.Exploit.Byteverify.AC

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-43993d93-253c13c8.zip=>ProxyClassLoader.class
    Deleted

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-43993d93-253c13c8.zip
    Updated

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-43993d93-253c13c8.zip=>Installer.class
    Infected with: Trojan.Downloader.Java.Agent.A

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-43993d93-253c13c8.zip=>Installer.class
    Deleted

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\ms03011.jar-43993d93-253c13c8.zip
    Updated

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\OP.jar-38ed336b-7e4a2554.zip=>OP.class
    Infected with: Trojan.Exploit.Java.Byteverify.L

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\OP.jar-38ed336b-7e4a2554.zip=>OP.class
    Deleted

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\OP.jar-38ed336b-7e4a2554.zip
    Updated

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\OP.jar-ef5b68e-39f3cc13.0ip=>OP.class
    Infected with: Trojan.Exploit.Java.Byteverify.L

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\OP.jar-ef5b68e-39f3cc13.0ip=>OP.class
    Deleted

    C:\Documents and Settings\Arnaud MORELL\.jpi_cache\jar\1.0\OP.jar-ef5b68e-39f3cc13.0ip
    Updated

    C:\Documents and Settings\Arnaud MORELL\Application Data\errorsafescannerinstall_fr[1].exe
    Infected with: Trojan.Downloader.Winfixer.O

    C:\Documents and Settings\Arnaud MORELL\Application Data\errorsafescannerinstall_fr[1].exe
    Deleted

    C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\43443E5E-000005D4.0ml=>[Subject: hello, my love !!! !][Date: Wed, 6 Feb 2008 03:27:57 -0800]=>(MIME part)=>animation my photo.scr
    Infected with: BehavesLike:Trojan.Downloader

    C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\43443E5E-000005D4.0ml=>[Subject: hello, my love !!! !][Date: Wed, 6 Feb 2008 03:27:57 -0800]=>(MIME part)=>animation my photo.scr
    Disinfection failed

    C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\43443E5E-000005D4.0ml=>[Subject: hello, my love !!! !][Date: Wed, 6 Feb 2008 03:27:57 -0800]=>(MIME part)=>animation my photo.scr
    Deleted

    C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\43443E5E-000005D4.0ml=>[Subject: hello, my love !!! !][Date: Wed, 6 Feb 2008 03:27:57 -0800]=>(MIME part)
    Updated

    C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\43443E5E-000005D4.0ml
    Updated

    C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\6A67146B-0000058F.0ml=>[Subject: hello, my love!][Date: Tue, 5 Feb 2008 07:36:23 -0800]=>(MIME part)=>animation my photo.scr
    Infected with: BehavesLike:Trojan.Downloader

    C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\6A67146B-0000058F.0ml=>[Subject: hello, my love!][Date: Tue, 5 Feb 2008 07:36:23 -0800]=>(MIME part)=>animation my photo.scr
    Disinfection failed

    C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\6A67146B-0000058F.0ml=>[Subject: hello, my love!][Date: Tue, 5 Feb 2008 07:36:23 -0800]=>(MIME part)=>animation my photo.scr
    Deleted

    C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\6A67146B-0000058F.0ml=>[Subject: hello, my love!][Date: Tue, 5 Feb 2008 07:36:23 -0800]=>(MIME part)
    Updated

    C:\Documents and Settings\Arnaud MORELL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ar a11\Boîte de ré 29\6A67146B-0000058F.0ml
    Updated

    C:\Documents and Settings\Arnaud MORELL\Mes documents\Mes fichiers reçus\@\oumou_lastar@hotmail.com\Dance_dec_jpg.0ip=>www.Dance_dec_jpg_Msn.com
    Infected with: Backdoor.SdBot.DFAB

    C:\Documents and Settings\Arnaud MORELL\Mes documents\Mes fichiers reçus\@\oumou_lastar@hotmail.com\Dance_dec_jpg.0ip=>www.Dance_dec_jpg_Msn.com
    Deleted

    C:\Documents and Settings\Arnaud MORELL\Mes documents\Mes fichiers reçus\@\oumou_lastar@hotmail.com\Dance_dec_jpg.0ip
    Updated

    C:\Documents and Settings\Arnaud MORELL\Mes documents\Mes fichiers reçus\@\t_gladyss@hotmail.com\IMG-0012.0ip
    Infected with: Win32.Netsky.DAR@mm

    C:\Documents and Settings\Arnaud MORELL\Mes documents\Mes fichiers reçus\@\t_gladyss@hotmail.com\IMG-0012.0ip
    Deleted

    C:\Documents and Settings\Arnaud MORELL\Mes documents\Mes fichiers reçus\@\yoly1501@hotmail.com\photo267x.0ip=>photo_727.JPEG-arnaud1966@hotmail.fr.com
    Infected with: Backdoor.Oderoor.1.Gen

    C:\Documents and Settings\Arnaud MORELL\Mes documents\Mes fichiers reçus\@\yoly1501@hotmail.com\photo267x.0ip=>photo_727.JPEG-arnaud1966@hotmail.fr.com
    Disinfection failed

    C:\Documents and Settings\Arnaud MORELL\Mes documents\Mes fichiers reçus\@\yoly1501@hotmail.com\photo267x.0ip=>photo_727.JPEG-arnaud1966@hotmail.fr.com
    Deleted

    C:\Documents and Settings\Arnaud MORELL\Mes documents\Mes fichiers reçus\@\yoly1501@hotmail.com\photo267x.0ip
    Updated

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav1.dat
    Infected with: Trojan.FakeAlert.ACZ

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav1.dat
    Deleted

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\AAVSetup.exe=>(ZIP Sfx o)
    Updated

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav.cpl
    Infected with: Trojan.Fakealert.ACM

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav.cpl
    Deleted

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\AAVSetup.exe=>(ZIP Sfx o)
    Updated

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav.exe
    Detected with: Adware.XpAntivirus.AS

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav.exe
    Deleted

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\AAVSetup.exe=>(ZIP Sfx o)
    Updated

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\AAVSetup.exe
    Update failed

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\setup_100636_506_.0xe
    Infected with: Trojan.FakeAlert.Gen.1

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\setup_100636_506_.0xe
    Disinfection failed

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\setup_100636_506_.0xe
    Deleted

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\SPPSetup.exe=>(ZIP Sfx o)=>SPP1.dat
    Infected with: Trojan.FakeAlert.ACZ

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\SPPSetup.exe=>(ZIP Sfx o)=>SPP1.dat
    Deleted

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\SPPSetup.exe=>(ZIP Sfx o)
    Updated

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\SPPSetup.exe
    Update failed

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\SpywareSecure_trial_setup.exe
    Detected with: Application.SpywareSecure.A

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\SpywareSecure_trial_setup.exe
    Deleted

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\spywarsecure-setup.exe
    Detected with: Adware.Generic.10092

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\spywarsecure-setup.exe
    Deleted

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\UAV2008Setup.exe=>(ZIP Sfx o)=>uav1.dat
    Infected with: Trojan.FakeAlert.ACZ

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\UAV2008Setup.exe=>(ZIP Sfx o)=>uav1.dat
    Deleted

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\UAV2008Setup.exe=>(ZIP Sfx o)
    Updated

    C:\Documents and Settings\Arnaud MORELL\Mes documents\telecharger\UAV2008Setup.exe
    Update failed

    C:\Program Files\Applications\iebtm.exe
    Infected with: Trojan.Zlob.26534

    C:\Program Files\Applications\iebtm.exe
    Deleted

    C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\AS2008XP.0XE.vir
    Infected with: Trojan.FakeAlert.Gen.1

    C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\AS2008XP.0XE.vir
    Disinfection failed

    C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\AS2008XP.0XE.vir
    Deleted

    C:\QooBox\Quarantine\C\Program Files\AAV\aav.cpl.vir
    Infected with: Trojan.Fakealert.ACM

    C:\QooBox\Quarantine\C\Program Files\AAV\aav.cpl.vir
    Deleted

    C:\QooBox\Quarantine\C\Program Files\AAV\aav.exe.vir
    Detected with: Adware.XpAntivirus.AS

    C:\QooBox\Quarantine\C\Program Files\AAV\aav.exe.vir
    Deleted

    C:\QooBox\Quarantine\C\Program Files\AAV\aav1.dat.vir
    Infected with: Trojan.FakeAlert.ACZ

    C:\QooBox\Quarantine\C\Program Files\AAV\aav1.dat.vir
    Deleted

    C:\QooBox\Quarantine\C\Program Files\UAV\uav1.dat.vir
    Infected with: Trojan.FakeAlert.ACZ

    C:\QooBox\Quarantine\C\Program Files\UAV\uav1.dat.vir
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005
    Detected with: Adware.Navipromo.GO

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)
    Update failed

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0009
    Detected with: Spyware.618

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0009
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)
    Update failed

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002
    Detected with: Adware.Navipromo.GO

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)
    Update failed

    C:\QooBox\Quarantine\C\WINDOWS\system32\aav.cpl.vir
    Infected with: Trojan.Fakealert.ACM

    C:\QooBox\Quarantine\C\WINDOWS\system32\aav.cpl.vir
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\system32\kqcuao.exe.vir
    Infected with: GenPack:Adware.Navipromo.CAK

    C:\QooBox\Quarantine\C\WINDOWS\system32\kqcuao.exe.vir
    Disinfection failed

    C:\QooBox\Quarantine\C\WINDOWS\system32\kqcuao.exe.vir
    Deleted

    C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP6\A0000292.cpl
    Infected with: Trojan.Fakealert.ACM

    C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP6\A0000292.cpl
    Deleted

    C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP6\A0000293.exe
    Detected with: Adware.XpAntivirus.AS

    C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP6\A0000293.exe
    Deleted

    C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP6\A0000305.exe
    Infected with: GenPack:Adware.Navipromo.CAK

    C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP6\A0000305.exe
    Disinfection failed

    C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP6\A0000305.exe
    Deleted

    C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP9\A0001420.cpl
    Infected with: Trojan.Fakealert.ACM

    C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP9\A0001420.cpl
    Deleted

    C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP9\A0001460.exe
    Infected with: Trojan.Downloader.Winfixer.O

    C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP9\A0001460.exe
    Deleted

    C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP9\A0001461.exe
    Infected with: Trojan.Zlob.26534

    C:\System Volume Information\_restore{05FA61F4-CF48-4D65-8FEA-39591F72CA3D}\RP9\A0001461.exe
    Deleted

    C:\WINDOWS\bootvid.dll
    Infected with: Trojan.Banker.AT

    C:\WINDOWS\bootvid.dll
    Deleted

    C:\WINDOWS\msnmsgr2.0xe
    Infected with: Trojan.Downloader.Small.AOV

    C:\WINDOWS\msnmsgr2.0xe
    Deleted

    C:\WINDOWS\system32\FLOWCYCLE.0XE
    Infected with: Backdoor.Ircbot.ABNF

    C:\WINDOWS\system32\FLOWCYCLE.0XE
    Deleted

    C:\WINDOWS\system32\j.0xe
    Infected with: Backdoor.Oderoor.AC

    C:\WINDOWS\system32\j.0xe
    Deleted

    C:\WINDOWS\winhlp.0xe
    Infected with: Backdoor.Generic.58463

    C:\WINDOWS\winhlp.0xe
    Deleted

    P:\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 2)
    Detected with: Application.VTesttool.A

    P:\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 2)
    Deleted

    P:\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)
    Update failed

    P:\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 3)
    Detected with: Application.VTesttool.B

    P:\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 3)
    Deleted

    P:\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)
    Update failed

    P:\antivirus\installdrivecleanerstart_fr.exe
    Detected with: Application.Drivecleaner.H

    P:\antivirus\installdrivecleanerstart_fr.exe
    Disinfection failed

    P:\antivirus\installdrivecleanerstart_fr.exe
    Deleted

    P:\copie D\telecharger\ErrorSafeScannerInstall_fr.exe
    Infected with: Trojan.Downloader.Winfixer.O

    P:\copie D\telecharger\ErrorSafeScannerInstall_fr.exe
    Deleted

    P:\copie D\telecharger\jeu\sudoku.exe
    Detected with: Adware.Navipromo.BYD

    P:\copie D\telecharger\jeu\sudoku.exe
    Disinfection failed

    P:\copie D\telecharger\jeu\sudoku.exe
    Deleted

    P:\copie D\telecharger\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 2)
    Detected with: Application.VTesttool.A

    P:\copie D\telecharger\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 2)
    Deleted

    P:\copie D\telecharger\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)
    Update failed

    P:\copie D\telecharger\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 3)
    Detected with: Application.VTesttool.B

    P:\copie D\telecharger\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)=>(Instyler Module 3)
    Deleted

    P:\copie D\telecharger\antivirus\pcsecuritytest.zip=>setup.exe=>(Instyler o)
    Update failed

    P:\copie D\telecharger\antivirus\installdrivecleanerstart_fr.exe
    Detected with: Application.Drivecleaner.H

    P:\copie D\telecharger\antivirus\installdrivecleanerstart_fr.exe
    Disinfection failed

    P:\copie D\telecharger\antivirus\installdrivecleanerstart_fr.exe
    Deleted

    P:\copie D\telecharger\telecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav1.dat
    Infected with: Trojan.FakeAlert.ACZ

    P:\copie D\telecharger\telecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav1.dat
    Deleted

    P:\copie D\telecharger\telecharger\AAVSetup.exe=>(ZIP Sfx o)
    Updated

    P:\copie D\telecharger\telecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav.cpl
    Infected with: Trojan.Fakealert.ACM

    P:\copie D\telecharger\telecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav.cpl
    Deleted

    P:\copie D\telecharger\telecharger\AAVSetup.exe=>(ZIP Sfx o)
    Updated

    P:\copie D\telecharger\telecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav.exe
    Detected with: Adware.XpAntivirus.AS

    P:\copie D\telecharger\telecharger\AAVSetup.exe=>(ZIP Sfx o)=>aav.exe
    Deleted

    P:\copie D\telecharger\telecharger\AAVSetup.exe=>(ZIP Sfx o)
    Updated

    P:\copie D\telecharger\telecharger\AAVSetup.exe
    Update failed

    P:\copie D\telecharger\telecharger\SPPSetup.exe=>(ZIP Sfx o)=>SPP1.dat
    Infected with: Trojan.FakeAlert.ACZ

    P:\copie D\telecharger\telecharger\SPPSetup.exe=>(ZIP Sfx o)=>SPP1.dat
    Deleted

    P:\copie D\telecharger\telecharger\SPPSetup.exe=>(ZIP Sfx o)
    Updated

    P:\copie D\telecharger\telecharger\SPPSetup.exe
    Update failed

    P:\copie D\telecharger\telecharger\SpywareSecure_trial_setup.exe
    Detected with: Application.SpywareSecure.A

    P:\copie D\telecharger\telecharger\SpywareSecure_trial_setup.exe
    Deleted

    P:\copie D\telecharger\telecharger\spywarsecure-setup.exe
    Detected with: Adware.Generic.10092

    P:\copie D\telecharger\telecharger\spywarsecure-setup.exe
    Deleted

    P:\copie D\DIVERS\My Videos\Mes fichiers reçus\IMG-0012.0ip
    Infected with: Win32.Netsky.DAR@mm

    P:\copie D\DIVERS\My Videos\Mes fichiers reçus\IMG-0012.0ip
    Deleted

    P:\copie D\DIVERS\My Videos\Mes fichiers reçus\IMG0024.0ip=>IMG033-JPG-www.photobucket.com
    Infected with: Trojan.Multidrop.IB.Dam

    P:\copie D\DIVERS\My Videos\Mes fichiers reçus\IMG0024.0ip=>IMG033-JPG-www.photobucket.com
    Deleted

    P:\copie D\DIVERS\My Videos\Mes fichiers reçus\IMG0024.0ip
    Updated
    0
  12. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour noctambule,

    un rapport perdue :)))

    arnaud1966 dit moi comment ce comporte ton PC

    ensuite

    Relance HijackThis et clique sur "Do a system scan only"
    Ensuite recherche ces lignes et coches les cases

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
    O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://morell.dipmap.com/cab/OCXChecker_8000.cab

    Une fois coché, ferme toutes les fenêtres et applications et clique sur "Fix checked"

    Ensuite fait: Démarrer > Exécuter > tape cmd (Ok)

    - Dans la fenêtre DOS, taper chacune des lignes suivantes, une à une et très exactement, en validant avec [Entrée] après chacune :

    sc stop yye0gciy [Entrée]

    sc delete yye0gciy [Entrée]

    Ensuite
    Télécharge OTMoveIt (de OldTimer) sur ton Bureau.
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
    clic double sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :
    Paste List of Files/Folders to be moved.

    C:\WINDOWS\system32\j.exe
    EmptyTemp

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaîtra dans le cadre Results.
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demandé de faire redémarrer le PC pour achever la suppression.

    @+

    0
  13. arnaud1966
     
    avant manipulation

    Logfile of HijackThis v1.99.1
    Scan saved at 23:23, on 2008-09-04
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
    C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
    C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
    C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\WINDOWS\System32\drivers\PhiBtn.exe
    C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
    C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\HP\HP UT\bin\hppusg.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
    C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
    C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    P:\antivirus\hijackthis_hijackthis_1.99.1_anglais_17891.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
    O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
    O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
    O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453950 10
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arnaud MORELL\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.3.64/cab/aolpPlugins.10.4.0.3.cab
    O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://morell.dipmap.com/cab/OCXChecker_8000.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://86.197.70.246/cab/DownloadFile_8000.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Print Spooler Service (yye0gciy) - Unknown owner - C:\WINDOWS\system32\j.exe (file missing)
    0
  14. arnaud1966
     
    File/Folder C:\WINDOWS\system32\j.exe not found.
    File/Folder Empty Temp not found.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09042008_233724
    0
  15. arnaud1966
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:41, on 2008-09-04
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\WINDOWS\System32\drivers\PhiBtn.exe
    C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\HP\HP UT\bin\hppusg.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\AntivirusFirewall\Common\FSLAUNCH.EXE
    P:\antivirus\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
    O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
    O4 - HKLM\..\Run: [Lto Manager] "C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
    O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453950 10
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "c:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arnaud MORELL\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.3.64/cab/aolpPlugins.10.4.0.3.cab
    O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://86.197.70.246/cab/DownloadFile_8000.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  16. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    on pousse la recherche concernant ce j.exe
    Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
    - Enregistre le sur ton bureau

    Double clique sur le OAD pour le lancer

    - nom de fichier à rechercher tape ou fais un copier coller de : j.exe
    - Type de recherche : sélectionne l'option 6 puis valide [entree]

    OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
    Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

    - Fais un copier / coller de ce rapport dans ton prochain post.
    0