Virus Trojan.Generic Impossible à SUPPRIMER Fermé

Question

Bonjour, il y'a deux ou trois jours de ca j'ai du attraper cette connerie de trojan et depuit j'ai fait tout les scanner possibles et imaginable je n'arrive pas à m'en débarasser. J'espere trouver de l'aide ici !! Je vous post mon log Hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:53, on 28/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\MICROS~2apimgr.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\windows\system32\lxdxcoms.exe
C:\windows\system32\devldr32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.deezer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MSUSER Class - {8D4D2F69-DF30-4471-988C-CC58545E86C8} - C:\windows\system32\AdminLp.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SystemHelp] RUNDLL32.EXE C:\windows\system32\SystemHper.dll,Install
O4 - HKLM\..\Run: [WindowAdmin] RUNDLL32.EXE C:\windows\system32\AdminLp.dll,Install
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\windows\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
O23 - Service: lxdx_device -   - C:\windows\system32\lxdxcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

Merci d'avance.

archet9 · Answer

bonjour

Fais un scan avec cet antispyware : 

Telecharge malwarebytes + tutoriel : 

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 

Tu l´installes; le programme va se mettre automatiquement a jour. 

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression". 

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet". 

Puis click sur "rechercher". 

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection. 

si il t´es demandé de redemarrer > click sur "yes". 

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum. 

Copie et colle le rapport stp. 
a+

ljm972 · Answer

fais un scan au demarage avec avast ( aparemment il présent sur ton PC, désinstalle-le puis réinstalle -le )

krys95580 · Answer

Avast ne le detecte pas et Malwares j'ai du le faire des 100aines de foix en mod sans echec et rien ni fait. je vais quand meme ressayer.

ljm972 · Answer

réinstalle -le au cas où Avast serait infecté

krys95580 · Answer

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1422
Windows 5.1.2600 Service Pack 3

28/11/2008 15:17:59
mbam-log-2008-11-28 (15-17-59).txt

Type de recherche: Examen complet
Eléments examinés: 58757
Temps écoulé: 27 minute(s), 49 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

ljm972 · Answer

une question :
comment ta fè pour savoir que tu avait un trojan ?

krys95580 · Answer

Le probleme est que ce virus est utilisé comme Keylogger. Il à eté detecté par mon jeu auxquel je joue : World of Warcraft qui me dit tout simplement : Virus detecté : Generic.PWS.WOW.B7078EOE. 
Quand je fait des scann plus rien n'est detecté mais quand je lance le jeu il me dit toujours que le trojan est présent.
Et meme je vois que mon pc est ralenti etc...

ljm972 · Answer

teste un autre antivirus Nod32

krys95580 · Answer

Donc je désinstall Avast et je dl Nod32 ? C'est un freeware ou pas ?

ljm972 · Answer

attend vas sur ce site ( en anglais ), il explique aparemment :
http://us.blizzard.com/support/article.xml?articleId=21613

krys95580 · Answer

Voila ce que me dit mon jeu quand je le lance : https://imageshack.com/

krys95580 · Answer

Déja vu ton lien il éxplique tout simplement qu'il faut faire des test anti virus & anti trojan, spywear. Mais rien à faire il n'est plus detecté sur ma machine et quand je lance le jeu il est detecté alors je comprends plus rien, sachant que je suis deja fait hacker mon compte à cause du trojan.

archet9 · Answer

arrete toutes ces manips avec avast ou autres
ton pc est infecté...
conc cela ne changera rien de changer d AV pour le moment....

fais ceci:

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. 
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici : 
• Redémarre ton ordinateur 
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde). 
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître. 
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée". 
• Choisis ton compte. 
Déroule la liste des instructions ci-dessous : 
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script. 
• Appuie sur Y pour commencer le processus de nettoyage. 
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
• Appuie sur une touche pour redémarrer le PC. 
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. 
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. 
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
a+

ljm972 · Answer

c'est un jeu en ligne, est-ce que le serveur n'est pas atteint.
Ton jeu aurait un antivirus intégré, moi, je louche

krys95580 · Answer

SDFix deja fait mais je vais le refaire et te coller le log ici je reviens d'ici peu de temps.

krys95580 · Answer

Voila le rapport de SDFix : 

[b]SDFix: Version 1.240 [/b]
Run by Michel on 28/11/2008 at 15:59

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 16:05:28
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000006c

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\system32\lxdxcoms.exe"="C:\WINDOWS\system32\lxdxcoms.exe:*:Enabled:3600-4600 Series Server"
"C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"="C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:*:Enabled:Printer Device Monitor"
"C:\WINDOWS\system32\lxdxcfg.exe"="C:\WINDOWS\system32\lxdxcfg.exe:*:Enabled:Printer Communication System"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Sat 17 May 2008         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun  1 Jun 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

[b]Finished![/b]

krys95580 · Answer

Oui c'est un jeu en ligne mais les serveurs ne sont pas atteints impossible c'est Blizzard qui gere les serveurs. Apparement le jeu detecte le trojan car il est utilisé comme Keylogger.

krys95580 · Answer

Non pas du tout c'est quoi ??

krys95580 · Answer

SmitFraudFix v2.378

Rapport fait à 16:43:26,57, 28/11/2008
Executé à partir de C:\Documents and Settings\Michel\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\windows\system32\lxdxcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\MICROS~2apimgr.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\windows\system32\devldr32.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\CDBurnerXP\cdbxpp.exe
C:\Documents and Settings\Michel\Bureau\SmitfraudFix\Policies.exe
C:\windows\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michel


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Michel\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michel\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Michel\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 

C:\Program Files\Google\googletoolbar1.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\windows\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Fast Ethernet PCI 900 SiS - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{832D7469-2A27-4A97-9D58-1EF86BE5E149}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{832D7469-2A27-4A97-9D58-1EF86BE5E149}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

krys95580 · Answer

Oki jvais faire ca alors jreviens d'ici un petit temps j'ai 2,3 trucs a faire.

krys95580 · Answer

J'ai fait ce que tu m'a dit de faire par contre : A la question: "Corriger le fichier infecté ?" répondre O (oui) et presser Entrée 
pour remplacer le fichier corrompu. Il ne m'a pas demander ca il ma juste demander pour le registre voila le rapport : 

SmitFraudFix v2.378

Rapport fait à 17:49:06,25, 28/11/2008
Executé à partir de C:\Documents and Settings\Michel\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\Program Files\Google\googletoolbar1.dll supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{832D7469-2A27-4A97-9D58-1EF86BE5E149}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{832D7469-2A27-4A97-9D58-1EF86BE5E149}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

krys95580 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:31, on 28/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\MICROS~2apimgr.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\windows\system32\devldr32.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\windows\system32\lxdxcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MSUSER Class - {8D4D2F69-DF30-4471-988C-CC58545E86C8} - C:\windows\system32\AdminLp.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SystemHelp] RUNDLL32.EXE C:\windows\system32\SystemHper.dll,Install
O4 - HKLM\..\Run: [WindowAdmin] RUNDLL32.EXE C:\windows\system32\AdminLp.dll,Install
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\windows\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
O23 - Service: lxdx_device -   - C:\windows\system32\lxdxcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

krys95580 · Answer

Pc Tools m'a detecté un trojan je l'ai bloqué apres j'ai fait le scann voila le rapport : ComboFix 08-11-27.07 - Michel 2008-11-28 18:25:33.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.521 [GMT 1:00] Lancé depuis: c:\documents and settings\Michel\Bureau\FIX\ComboFix.exe * Un nouveau point de restauration a été créé [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR] . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-28 )))))))))))))))))))))))))))))))))))) . 2008-11-28 16:43 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe 2008-11-28 16:43 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe 2008-11-28 16:43 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe 2008-11-28 16:43 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe 2008-11-28 16:43 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe 2008-11-28 16:43 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe 2008-11-28 16:43 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe 2008-11-28 16:43 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe 2008-11-28 16:43 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe 2008-11-28 16:43 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe 2008-11-28 16:43 . 2008-11-28 17:49 1,220 --a------ c:\windows\system32\tmp.reg 2008-11-27 15:57 . 2008-11-27 15:57 d-------- c:\program files\Trend Micro 2008-11-27 14:19 . 2008-11-27 14:19 d-------- c:\program files\Enigma Software Group 2008-11-27 13:40 . 2008-11-27 13:40 d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2008-11-27 12:49 . 2008-11-27 12:49 61,440 --a------ c:\windows\system32\AdminLp.dll 2008-11-27 08:09 . 2008-11-27 16:07 d-------- c:\program files\a-squared Free 2008-11-27 07:55 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe 2008-11-27 07:55 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys 2008-11-27 07:55 . 2008-11-27 07:55 3,120 --a------ c:\windows\system32\118290.54 2008-11-27 07:55 . 2008-11-27 07:55 3,120 --a------ c:\windows\118294.78 2008-11-27 07:55 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys 2008-11-27 07:49 . 2008-11-28 18:23 d-------- c:\program files\Spyware Doctor 2008-11-27 07:49 . 2008-11-27 07:49 d-------- c:\documents and settings\Michel\Application Data\PC Tools 2008-11-27 07:49 . 2008-11-28 18:17 d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-11-27 07:49 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys 2008-11-27 07:49 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys 2008-11-27 07:49 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys 2008-11-27 07:49 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys 2008-11-27 03:20 . 2008-11-27 03:39 d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-27 02:58 . 2008-11-27 16:41 d-------- c:\windows\BDOSCAN8 2008-11-27 02:42 . 2008-11-27 02:42 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll 2008-11-27 02:40 . 2008-11-27 02:41 d-------- c:\windows\ERUNT 2008-11-27 02:40 . 2008-05-02 15:44 d--h----- c:\documents and settings\Administrateur\Voisinage réseau 2008-11-27 02:40 . 2008-05-02 15:44 d--h----- c:\documents and settings\Administrateur\Voisinage d'impression 2008-11-27 02:40 . 2008-05-02 14:49 d--h----- c:\documents and settings\Administrateur\Modèles 2008-11-27 02:40 . 2008-05-02 15:44 d-------- c:\documents and settings\Administrateur\Mes documents 2008-11-27 02:40 . 2008-05-02 15:44 dr------- c:\documents and settings\Administrateur\Menu Démarrer 2008-11-27 02:40 . 2008-05-02 15:44 d-------- c:\documents and settings\Administrateur\Favoris 2008-11-27 02:40 . 2008-11-27 02:42 d-------- c:\documents and settings\Administrateur\Bureau 2008-11-27 02:40 . 2008-11-27 02:40 d-------- c:\documents and settings\Administrateur 2008-11-27 02:36 . 2008-11-28 16:08 d-------- C:\SDFix 2008-11-26 22:55 . 2008-11-27 23:35 d-------- c:\documents and settings\Michel\.housecall6.6 2008-11-25 13:48 . 2008-11-25 13:48 d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-25 13:48 . 2008-11-25 13:48 d-------- c:\documents and settings\Michel\Application Data\Malwarebytes 2008-11-25 13:48 . 2008-11-25 13:48 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-25 13:48 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-25 13:48 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-23 20:59 . 2008-11-23 20:59 65,536 --a------ c:\windows\system32\SystemHper.dll 2008-11-21 01:57 . 2008-11-21 04:12 d-------- c:\program files\WowCartographe 2008-11-16 13:09 . 2008-11-16 13:09 d-------- c:\documents and settings\Michel\Application Data\FaxCtr 2008-11-15 23:58 . 2008-11-16 00:00 d-------- c:\documents and settings\All Users\Lx_cats 2008-11-15 23:56 . 2008-02-19 05:14 360,448 --a------ c:\windows\system32\lxdxcoin.dll 2008-11-15 23:56 . 2008-02-06 11:24 64,737 --a------ c:\windows\system32\lxdxprpr.chm 2008-11-15 23:56 . 2008-02-28 01:15 40,960 --a------ c:\windows\system32\lxdxvs.dll 2008-11-15 23:55 . 2008-02-28 01:11 782,336 --a------ c:\windows\system32\lxdxdrs.dll 2008-11-15 23:55 . 2001-08-23 17:47 87,040 --a------ c:\windows\system32\wiafbdrv.dll 2008-11-15 23:55 . 2001-08-23 17:47 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll 2008-11-15 23:55 . 2008-02-28 01:11 81,920 --a------ c:\windows\system32\lxdxcaps.dll 2008-11-15 23:55 . 2008-02-28 01:02 69,632 --a------ c:\windows\system32\lxdxcnv4.dll 2008-11-15 23:54 . 2008-11-15 23:54 d-------- c:\documents and settings\All Users\Application Data\FaxCtr 2008-11-15 23:54 . 2008-03-20 06:18 339,968 --a------ c:\windows\system32\IMGMAN32.DLL 2008-11-15 23:54 . 2008-03-20 06:18 98,345 --a------ c:\windows\system32\IMHOST32.DLL 2008-11-15 23:54 . 2008-03-20 06:18 98,304 --a------ c:\windows\system32\IM31XPNG.DEL 2008-11-15 23:54 . 2008-03-20 06:18 69,632 --a------ c:\windows\system32\IM31XTIF.DEL 2008-11-15 23:54 . 2008-03-20 06:19 53,248 --a------ c:\windows\system32\lxf3oem.dll 2008-11-15 23:54 . 2008-03-20 06:18 49,152 --a------ c:\windows\system32\IM31IMG.DIL 2008-11-15 23:54 . 2008-01-10 16:17 45,056 --a------ c:\windows\system32\LXF3PMON.DLL 2008-11-15 23:54 . 2008-03-20 06:18 32,768 --a------ c:\windows\system32\LXF3FXPU.DLL 2008-11-15 23:54 . 2008-03-20 06:19 12,288 --a------ c:\windows\system32\LXF3PMRC.DLL 2008-11-15 23:53 . 2008-11-15 23:55 d-------- c:\program files\Lexmark Fax Solutions 2008-11-15 23:50 . 2008-11-23 16:45 d-------- c:\program files\Lexmark Toolbar 2008-11-15 23:50 . 2008-02-19 17:31 102,400 --a------ c:\windows\system32\lxdxwupd.dll 2008-11-15 23:50 . 2008-02-28 01:48 17,064 --a------ c:\windows\system32\lxdxwupd.exe 2008-11-15 23:50 . 2006-12-06 18:19 44 --a------ c:\windows\system32\lxdxrwrd.ini 2008-11-15 23:49 . 2008-11-15 23:58 d-------- c:\program files\Lexmark 3600-4600 Series 2008-11-13 17:26 . 2008-11-13 17:26 d--h----- C:\BJPrinter 2008-11-13 14:49 . 2008-11-13 14:49 d-------- c:\documents and settings\All Users\Application Data\Blizzard 2008-11-13 12:49 . 2008-11-27 14:52 d-------- c:\documents and settings\All Users\Bureau 2008-11-12 12:36 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 12:36 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-10 18:02 . 2008-11-10 18:02 d-------- c:\program files\SplitCam 2008-11-10 18:02 . 2003-05-14 21:07 389,120 --a------ c:\windows\system32\actskn43.ocx 2008-11-10 18:02 . 2008-11-10 18:02 13,824 --a------ c:\windows\system32\drivers\splitcam.sys 2008-11-10 18:00 . 2008-11-10 18:00 d-------- c:\program files\Messenger Plus! Live 2008-11-10 17:48 . 2008-11-10 17:56 d-------- c:\program files\CamStudio 2008-11-07 14:31 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll 2008-11-07 14:29 . 2008-11-07 14:29 d-------- c:\windows\Logs 2008-11-04 01:18 . 2008-11-04 01:19 d-------- c:\program files\Teamspeak2_RC2 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-28 16:55 --------- d-----w c:\program files\Wanadoo 2008-11-28 16:49 --------- d-----w c:\program files\Google 2008-11-27 22:48 --------- d-----w c:\program files\World of Warcraft 2008-11-27 13:49 --------- d-----w c:\program files\Fichiers communs\Adobe 2008-11-27 06:54 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-24 01:51 --------- d-----w c:\program files\Vuze 2008-11-24 01:51 --------- d-----w c:\documents and settings\Michel\Application Data\Azureus 2008-11-13 14:23 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment 2008-11-13 11:48 --------- d-----w c:\program files\Windows Media Connect 2 2008-11-13 11:43 --------- d-----w c:\program files\UPS Widget 2008-11-13 11:42 --------- d-----w c:\program files\PokerStars 2008-11-13 01:34 --------- d-----w c:\documents and settings\Michel\Application Data\Skype 2008-11-11 02:43 --------- d-----w c:\documents and settings\Michel\Application Data\teamspeak2 2008-11-09 00:40 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-20 14:15 --------- d-----w c:\program files\Windows Live 2008-10-20 14:13 --------- d-----w c:\program files\Microsoft 2008-10-20 14:09 --------- d-----w c:\program files\Fichiers communs\Windows Live 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-05 14:52 --------- d-----w c:\program files\Fichiers communs\Roxio Shared 2008-10-05 14:50 --------- d-----w c:\program files\INFORAD 2008-10-05 14:48 --------- d-----w c:\documents and settings\Michel\Application Data\dvdcss 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll 2008-09-08 22:03 51,712 ----a-w c:\windows\system32\sirenacm.dll 2008-09-05 14:04 288,768 ----a-w c:\windows\WLXPGSS.SCR 2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-09-02 17:52 256 ----a-w c:\documents and settings\Michel\pool.bin 2008-05-02 14:17 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe 2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((( snapshot@2008-11-25_13.54.06,43 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-27 01:58:59 45,056 ----a-w c:\windows\BDOSCAN8\avxdisk.dll + 2008-11-27 01:58:59 10,240 ----a-w c:\windows\BDOSCAN8\avxs.dll + 2008-11-27 01:59:00 27,136 ----a-w c:\windows\BDOSCAN8\avxt.dll + 2008-11-27 01:59:01 102,400 ----a-w c:\windows\BDOSCAN8\bdcore.dll + 2006-05-25 00:21:00 118,784 ----a-w c:\windows\BDOSCAN8\bdupd.dll + 2006-05-25 00:21:14 53,248 ----a-w c:\windows\BDOSCAN8\ipsupd.dll + 2008-11-27 01:59:02 142,848 ----a-w c:\windows\BDOSCAN8\libfn.dll + 2008-11-27 01:59:00 86,016 ----a-w c:\windows\BDOSCAN8\librtvr.dll + 2006-05-25 00:22:06 53,248 ----a-w c:\windows\bdoscandel.exe + 2006-05-25 00:21:00 118,784 ----a-w c:\windows\Downloaded Program Files\bdupd.dll + 2008-10-04 19:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe + 2008-10-04 19:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe + 2008-05-02 13:22:56 385,536 ----a-w c:\windows\Downloaded Program Files\Housecall_ActiveX.dll + 2006-05-25 00:21:14 53,248 ----a-w c:\windows\Downloaded Program Files\ipsupd.dll + 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE + 2008-11-28 14:57:56 4,255,744 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-11-28 14:57:56 159,744 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-11-27 01:41:01 385,024 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-11-27 01:41:01 8,192 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat + 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe - 2008-05-02 15:13:59 74,137 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2008-11-27 15:42:39 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe - 2008-10-26 11:26:04 67,820 ----a-w c:\windows\system32\perfc009.dat + 2008-11-27 06:51:14 67,820 ----a-w c:\windows\system32\perfc009.dat - 2008-10-26 11:26:04 81,094 ----a-w c:\windows\system32\perfc00C.dat + 2008-11-27 06:51:14 81,094 ----a-w c:\windows\system32\perfc00C.dat - 2008-10-26 11:26:04 433,116 ----a-w c:\windows\system32\perfh009.dat + 2008-11-27 06:51:14 433,116 ----a-w c:\windows\system32\perfh009.dat - 2008-10-26 11:26:04 501,172 ----a-w c:\windows\system32\perfh00C.dat + 2008-11-27 06:51:14 501,172 ----a-w c:\windows\system32\perfh00C.dat + 2006-01-09 08:36:06 40,960 ----a-w c:\windows\system32\swsc.exe - 2008-11-25 12:34:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_458.dat + 2008-11-28 16:54:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_458.dat . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-08 3513344] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000] "lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328] "lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-20 320168] "SystemHelp"="c:\windows\system32\SystemHper.dll" [2008-11-23 65536] "WindowAdmin"="c:\windows\system32\AdminLp.dll" [2008-11-27 61440] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= ctwdm32.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] --------- 2004-08-23 13:49 20480 c:\progra~1\Wanadoo\Watch.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\Program Files\Messenger\msmsgs.exe"= "c:\Program Files\LimeWire\LimeWire.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "c:\Program Files\Windows Live\Messenger\wlcsdk.exe"= "c:\Program Files\Vuze\Azureus.exe"= "c:\Program Files\Skype\Phone\Skype.exe"= "c:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "c:\WINDOWS\system32\lxdxcoms.exe"= "c:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"= "c:\WINDOWS\system32\lxdxcfg.exe"= "c:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe"= "c:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe"= "c:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "2059:UDP"= 2059:UDP:Windows Media Format SDK (iexplore.exe) R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-02 110160] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-19 20560] R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-10-20 56344] R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service [] S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe [2008-11-15 98984] S3 fsssvc;Windows Live Contrôle parental;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2008-09-04 512536] . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe . ------- Examen supplémentaire ------- . O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe c:\windows\Downloaded Program Files\live.ini c:\windows\Downloaded Program Files\scanoptions.tsi c:\windows\Downloaded Program Files\lang.ini c:\windows\Downloaded Program Files\ipsupd.dll c:\windows\Downloaded Program Files\bdupd.dll c:\windows\Downloaded Program Files\libfn.dll c:\windows\Downloaded Program Files\bdcore.dll c:\windows\Downloaded Program Files\oscan8.ocx O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab c:\windows\Downloaded Program Files\oscan8.inf . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-28 18:30:13 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-11-28 18:31:49 ComboFix-quarantined-files.txt 2008-11-28 17:31:45 ComboFix2.txt 2008-11-26 13:14:06 ComboFix3.txt 2008-11-25 12:54:40 Avant-CF: 36 376 788 992 octets libres Après-CF: 36,564,873,216 octets libres 278 --- E O F --- 2008-11-12 12:23:55

krys95580 · Answer

PC Tools m'a detecté un trojan generic dans le registre HKEY_USER nommé : Wget.
Rapport Hijackthis : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:58, on 28/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\MICROS~2apimgr.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\a-squared Free\a2service.exe
C:\windows\system32\devldr32.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\windows\system32\lxdxcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\windows\System32\svchost.exe
C:\windows\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\windows\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SystemHelp] RUNDLL32.EXE C:\windows\system32\SystemHper.dll,Install
O4 - HKLM\..\Run: [WindowAdmin] RUNDLL32.EXE C:\windows\system32\AdminLp.dll,Install
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\windows\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
O23 - Service: lxdx_device -   - C:\windows\system32\lxdxcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

krys95580 · Answer

-----------\  ToolBar S&D 1.2.5   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Multiprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.80GHz )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : Michel ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1290 [VPS 081128-0] 4.8.1290 (Activated)
   A:\ (USB)
   C:\ (Local Disk) - NTFS - Total:63 Go (Free:34 Go)
   D:\ (Local Disk) - NTFS - Total:48 Go (Free:20 Go)
   E:\ (Local Disk) - NTFS - Total:152 Go (Free:119 Go)
   F:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
   Option : [1] ( 28/11/2008|19:06 )

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !


   1 - "C:\ToolBar SD\TB_1.txt" - 28/11/2008|19:07 - Option : [1]

   -----------\  Fin du rapport a 19:07:45,96

krys95580 · Answer

Desolé mais je comprends pas ce que tu me dit en parlant de CFscript....

krys95580 · Answer

J'ai relancer mon jeu et il me dit que le trojan est toujours la.... Je comprends pas trop ce que je dois faire à présent.

krys95580 · Answer

Voila le rapport : ComboFix 08-11-28.02 - Michel 2008-11-29 1:00:07.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.406 [GMT 1:00] Lancé depuis: C:\Documents and Settings\Michel\Bureau\FIX\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\Michel\Bureau\CFScript.txt * Un nouveau point de restauration a été créé [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR] FILE :: c:\windows\system32\AdminLp.dll c:\windows\system32\SystemHper.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\AdminLp.dll c:\windows\system32\SystemHper.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-29 )))))))))))))))))))))))))))))))))))) . 2008-11-28 19:05 . 2008-11-28 19:07 d-------- C:\ToolBar SD 2008-11-28 16:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-11-28 16:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-11-28 16:43 . 2008-10-01 14:51 87,552 --a------ C:\WINDOWS\system32\VACFix.exe 2008-11-28 16:43 . 2008-10-10 07:58 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe 2008-11-28 16:43 . 2008-10-10 07:58 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-11-28 16:43 . 2008-08-18 11:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe 2008-11-28 16:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-11-28 16:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-11-28 16:43 . 2008-11-28 17:49 1,220 --a------ C:\WINDOWS\system32 mp.reg 2008-11-27 15:57 . 2008-11-27 15:57 d-------- C:\Program Files\Trend Micro 2008-11-27 14:19 . 2008-11-27 14:19 d-------- C:\Program Files\Enigma Software Group 2008-11-27 13:40 . 2008-11-27 13:40 d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-11-27 08:09 . 2008-11-27 16:07 d-------- C:\Program Files\a-squared Free 2008-11-27 07:55 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe 2008-11-27 07:55 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys 2008-11-27 07:55 . 2008-11-27 07:55 3,120 --a------ C:\WINDOWS\system32\118290.54 2008-11-27 07:55 . 2008-11-27 07:55 3,120 --a------ C:\WINDOWS\118294.78 2008-11-27 07:55 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys 2008-11-27 07:49 . 2008-11-28 18:23 d-------- C:\Program Files\Spyware Doctor 2008-11-27 07:49 . 2008-11-27 07:49 d-------- C:\Documents and Settings\Michel\Application Data\PC Tools 2008-11-27 07:49 . 2008-11-29 01:06 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-11-27 07:49 . 2008-08-25 12:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-11-27 07:49 . 2008-08-25 12:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-11-27 07:49 . 2008-08-25 12:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-11-27 07:49 . 2008-06-02 16:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-11-27 03:20 . 2008-11-27 03:39 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-27 02:58 . 2008-11-27 16:41 d-------- C:\WINDOWS\BDOSCAN8 2008-11-27 02:42 . 2008-11-27 02:42 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-11-27 02:40 . 2008-11-27 02:41 d-------- C:\WINDOWS\ERUNT 2008-11-27 02:40 . 2008-05-02 15:44 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-11-27 02:40 . 2008-05-02 15:44 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-11-27 02:40 . 2008-05-02 14:49 d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-11-27 02:40 . 2008-05-02 15:44 d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-11-27 02:40 . 2008-05-02 15:44 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-11-27 02:40 . 2008-05-02 15:44 d-------- C:\Documents and Settings\Administrateur\Favoris 2008-11-27 02:40 . 2008-11-27 02:42 d-------- C:\Documents and Settings\Administrateur\Bureau 2008-11-27 02:40 . 2008-11-27 02:40 d-------- C:\Documents and Settings\Administrateur 2008-11-27 02:36 . 2008-11-28 16:08 d-------- C:\SDFix 2008-11-26 22:55 . 2008-11-27 23:35 d-------- C:\Documents and Settings\Michel\.housecall6.6 2008-11-25 13:48 . 2008-11-25 13:48 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-11-25 13:48 . 2008-11-25 13:48 d-------- C:\Documents and Settings\Michel\Application Data\Malwarebytes 2008-11-25 13:48 . 2008-11-25 13:48 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-11-25 13:48 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-11-25 13:48 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-11-21 01:57 . 2008-11-21 04:12 d-------- C:\Program Files\WowCartographe 2008-11-16 13:09 . 2008-11-16 13:09 d-------- C:\Documents and Settings\Michel\Application Data\FaxCtr 2008-11-15 23:58 . 2008-11-16 00:00 d-------- C:\Documents and Settings\All Users\Lx_cats 2008-11-15 23:56 . 2008-02-19 05:14 360,448 --a------ C:\WINDOWS\system32\lxdxcoin.dll 2008-11-15 23:56 . 2008-02-06 11:24 64,737 --a------ C:\WINDOWS\system32\lxdxprpr.chm 2008-11-15 23:56 . 2008-02-28 01:15 40,960 --a------ C:\WINDOWS\system32\lxdxvs.dll 2008-11-15 23:55 . 2008-02-28 01:11 782,336 --a------ C:\WINDOWS\system32\lxdxdrs.dll 2008-11-15 23:55 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2008-11-15 23:55 . 2001-08-23 17:47 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll 2008-11-15 23:55 . 2008-02-28 01:11 81,920 --a------ C:\WINDOWS\system32\lxdxcaps.dll 2008-11-15 23:55 . 2008-02-28 01:02 69,632 --a------ C:\WINDOWS\system32\lxdxcnv4.dll 2008-11-15 23:54 . 2008-11-15 23:54 d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr 2008-11-15 23:54 . 2008-03-20 06:18 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL 2008-11-15 23:54 . 2008-03-20 06:18 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL 2008-11-15 23:54 . 2008-03-20 06:18 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL 2008-11-15 23:54 . 2008-03-20 06:18 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL 2008-11-15 23:54 . 2008-03-20 06:19 53,248 --a------ C:\WINDOWS\system32\lxf3oem.dll 2008-11-15 23:54 . 2008-03-20 06:18 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL 2008-11-15 23:54 . 2008-01-10 16:17 45,056 --a------ C:\WINDOWS\system32\LXF3PMON.DLL 2008-11-15 23:54 . 2008-03-20 06:18 32,768 --a------ C:\WINDOWS\system32\LXF3FXPU.DLL 2008-11-15 23:54 . 2008-03-20 06:19 12,288 --a------ C:\WINDOWS\system32\LXF3PMRC.DLL 2008-11-15 23:53 . 2008-11-15 23:55 d-------- C:\Program Files\Lexmark Fax Solutions 2008-11-15 23:50 . 2008-11-23 16:45 d-------- C:\Program Files\Lexmark Toolbar 2008-11-15 23:50 . 2008-02-19 17:31 102,400 --a------ C:\WINDOWS\system32\lxdxwupd.dll 2008-11-15 23:50 . 2008-02-28 01:48 17,064 --a------ C:\WINDOWS\system32\lxdxwupd.exe 2008-11-15 23:50 . 2006-12-06 18:19 44 --a------ C:\WINDOWS\system32\lxdxrwrd.ini 2008-11-15 23:49 . 2008-11-15 23:58 d-------- C:\Program Files\Lexmark 3600-4600 Series 2008-11-13 17:26 . 2008-11-13 17:26 d--h----- C:\BJPrinter 2008-11-13 14:49 . 2008-11-13 14:49 d-------- C:\Documents and Settings\All Users\Application Data\Blizzard 2008-11-13 12:49 . 2008-11-27 14:52 d-------- C:\Documents and Settings\All Users\Bureau 2008-11-12 12:36 . 2008-09-04 18:16 1,106,944 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll 2008-11-12 12:36 . 2008-10-24 12:21 455,296 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys 2008-11-10 18:02 . 2008-11-10 18:02 d-------- C:\Program Files\SplitCam 2008-11-10 18:02 . 2003-05-14 21:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx 2008-11-10 18:02 . 2008-11-10 18:02 13,824 --a------ C:\WINDOWS\system32\drivers\splitcam.sys 2008-11-10 18:00 . 2008-11-10 18:00 d-------- C:\Program Files\Messenger Plus! Live 2008-11-10 17:48 . 2008-11-10 17:56 d-------- C:\Program Files\CamStudio 2008-11-07 14:31 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2008-11-07 14:29 . 2008-11-07 14:29 d-------- C:\WINDOWS\Logs 2008-11-04 01:18 . 2008-11-04 01:19 d-------- C:\Program Files\Teamspeak2_RC2 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-29 00:06 --------- d-----w C:\Program Files\Wanadoo 2008-11-28 16:49 --------- d-----w C:\Program Files\Google 2008-11-27 22:48 --------- d-----w C:\Program Files\World of Warcraft 2008-11-27 13:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-11-27 06:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-11-24 01:51 --------- d-----w C:\Program Files\Vuze 2008-11-24 01:51 --------- d-----w C:\Documents and Settings\Michel\Application Data\Azureus 2008-11-13 14:23 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment 2008-11-13 11:48 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-11-13 11:43 --------- d-----w C:\Program Files\UPS Widget 2008-11-13 11:42 --------- d-----w C:\Program Files\PokerStars 2008-11-13 01:34 --------- d-----w C:\Documents and Settings\Michel\Application Data\Skype 2008-11-11 02:43 --------- d-----w C:\Documents and Settings\Michel\Application Data eamspeak2 2008-11-09 00:40 5,632 ----a-w C:\windows\system32\drivers\StarOpen.sys 2008-10-24 11:21 455,296 ----a-w C:\windows\system32\drivers\mrxsmb.sys 2008-10-20 14:15 --------- d-----w C:\Program Files\Windows Live 2008-10-20 14:13 --------- d-----w C:\Program Files\Microsoft 2008-10-20 14:09 --------- d-----w C:\Program Files\Fichiers communs\Windows Live 2008-10-05 14:52 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared 2008-10-05 14:50 --------- d-----w C:\Program Files\INFORAD 2008-10-05 14:48 --------- d-----w C:\Documents and Settings\Michel\Application Data\dvdcss 2008-09-05 14:04 288,768 ----a-w C:\windows\WLXPGSS.SCR 2008-09-02 17:52 256 ----a-w C:\Documents and Settings\Michel\pool.bin 2008-05-02 14:17 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2001-11-23 04:08 712,704 ----a-w C:\windows\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((( snapshot_2008-11-28_18.30.53,60 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-28 16:54:43 16,384 ----atw C:\windows\Temp\Perflib_Perfdata_458.dat + 2008-11-29 00:05:46 16,384 ----atw C:\windows\Temp\Perflib_Perfdata_458.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-08 23:02 3513344] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 21:45 1211176] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 03:34 1695232] "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2008-04-14 03:33 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 18:39 81000] "lxdxmon.exe"="C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 07:25 668328] "lxdxamon"="C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 07:25 16040] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2008-03-20 07:22 320168] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 12:36 1168264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 03:33 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= ctwdm32.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 03:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] --------- 2004-08-23 13:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Microsoft ActiveSync apimgr.exe"= C:\Program Files\Microsoft ActiveSync apimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\LimeWire\LimeWire.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"= "C:\Program Files\Vuze\Azureus.exe"= "C:\Program Files\Skype\Phone\Skype.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\WINDOWS\system32\lxdxcoms.exe"= "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"= "C:\WINDOWS\system32\lxdxcfg.exe"= "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe"= "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe"= "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "2059:UDP"= 2059:UDP:Windows Media Format SDK (iexplore.exe) R1 aswSP;avast! Self Protection;C:\windows\system32\drivers\aswSP.sys [2008-05-02 16:17:07 110160] R2 aswFsBlk;aswFsBlk;C:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-19 08:25:40 20560] R2 fssfltr;FssFltr;C:\windows\system32\DRIVERS\fssfltr.sys [2008-10-20 15:15:29 56344] R2 lxdx_device;lxdx_device;C:\windows\system32\lxdxcoms.exe -service [] S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;C:\windows\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe [2008-11-15 23:56:09 98984] S3 fsssvc;Windows Live Contrôle parental;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2008-09-04 21:03:04 512536] . Contenu du dossier 'Tâches planifiées' 2008-11-28 C:\windows\Tasks\User_Feed_Synchronization-{ABD7D069-DDF8-4EF7-ADC9-068A0A5E026A}.job - C:\windows\system32\msfeedssync.exe [2007-08-13 17:36]

krys95580 · Answer

Bon j'ai relancer le jeu il ne me dit plus qu'il y'a de virus donc je pense etre desinfecté voila le rapport Hijackthis : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11, on 2008-11-29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\MICROS~2apimgr.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\windows\system32\devldr32.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\windows\system32\lxdxcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\World of Warcraft\WoW.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\windows\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
O23 - Service: lxdx_device -   - C:\windows\system32\lxdxcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

krys95580 · Answer

Voila les résultats que tu m'a demander : 

Fichier 118290.54 :

Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 2008.11.28.2 2008.11.28 - 
AntiVir 7.9.0.36 2008.11.28 - 
Authentium 5.1.0.4 2008.11.28 - 
Avast 4.8.1281.0 2008.11.28 - 
AVG 8.0.0.199 2008.11.29 - 
BitDefender 7.2 2008.11.29 - 
CAT-QuickHeal 10.00 2008.11.29 - 
ClamAV 0.94.1 2008.11.29 - 
DrWeb 4.44.0.09170 2008.11.29 - 
eSafe 7.0.17.0 2008.11.27 - 
eTrust-Vet 31.6.6234 2008.11.28 - 
Ewido 4.0 2008.11.29 - 
F-Prot 4.4.4.56 2008.11.28 - 
Fortinet 3.117.0.0 2008.11.29 - 
GData 19 2008.11.29 - 
Ikarus T3.1.1.45.0 2008.11.29 - 
K7AntiVirus 7.10.538 2008.11.29 - 
Kaspersky 7.0.0.125 2008.11.29 - 
McAfee 5448 2008.11.28 - 
McAfee+Artemis 5448 2008.11.28 - 
Microsoft 1.4104 2008.11.29 - 
NOD32 3650 2008.11.28 - 
Panda 9.0.0.4 2008.11.29 - 
PCTools 4.4.2.0 2008.11.28 - 
Rising 21.05.52.00 2008.11.29 - 
SecureWeb-Gateway 6.7.6 2008.11.28 - 
Sophos 4.36.0 2008.11.29 - 
Sunbelt 3.1.1832.2 2008.11.27 - 
Symantec 10 2008.11.29 - 
TheHacker 6.3.1.1.166 2008.11.28 - 
TrendMicro 8.700.0.1004 2008.11.28 - 
VBA32 3.12.8.9 2008.11.28 - 
ViRobot 2008.11.29.1492 2008.11.29 - 
VirusBuster 4.5.11.0 2008.11.28 -

krys95580 · Answer

En ce qui concerne le deuxieme fichier : 118294.78 quand je demande l'analyse sur le site il me dit : 

Le fichier a déjà été analysé:
MD5: 5b09779926a8aca46f9cafa14b2a9093 
First received: - 
Date 2008.11.29 13:41:41 (CET) [<1D] 
Résultats 0/34 
Permalink: analisis/082b7f2e68d5a26fe0843eaa36b7a305

krys95580 · Answer

Et voila le rapport : ComboFix 08-11-29.02 - Michel 2008-11-29 20:53:42.5 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.633 [GMT 1:00] Lancé depuis: c:\documents and settings\Michel\Bureau\FIX\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Michel\Bureau\CFScript.txt * Un nouveau point de restauration a été créé [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\windows\system32\AdminLp.dll c:\windows\system32\SystemHper.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-29 )))))))))))))))))))))))))))))))))))) . 2008-11-28 19:05 . 2008-11-28 19:07 d-------- C:\ToolBar SD 2008-11-28 16:43 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe 2008-11-28 16:43 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe 2008-11-28 16:43 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe 2008-11-28 16:43 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe 2008-11-28 16:43 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe 2008-11-28 16:43 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe 2008-11-28 16:43 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe 2008-11-28 16:43 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe 2008-11-28 16:43 . 2008-11-28 17:49 1,220 --a------ c:\windows\system32 mp.reg 2008-11-27 15:57 . 2008-11-27 15:57 d-------- c:\program files\Trend Micro 2008-11-27 14:19 . 2008-11-27 14:19 d-------- c:\program files\Enigma Software Group 2008-11-27 13:40 . 2008-11-27 13:40 d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2008-11-27 08:09 . 2008-11-27 16:07 d-------- c:\program files\a-squared Free 2008-11-27 07:55 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe 2008-11-27 07:55 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys 2008-11-27 07:55 . 2008-11-27 07:55 3,120 --a------ c:\windows\system32\118290.54 2008-11-27 07:55 . 2008-11-27 07:55 3,120 --a------ c:\windows\118294.78 2008-11-27 07:55 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys 2008-11-27 07:49 . 2008-11-28 18:23 d-------- c:\program files\Spyware Doctor 2008-11-27 07:49 . 2008-11-27 07:49 d-------- c:\documents and settings\Michel\Application Data\PC Tools 2008-11-27 07:49 . 2008-11-29 20:50 d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-11-27 07:49 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys 2008-11-27 07:49 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys 2008-11-27 07:49 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys 2008-11-27 07:49 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys 2008-11-27 03:20 . 2008-11-27 03:39 d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-27 02:58 . 2008-11-27 16:41 d-------- c:\windows\BDOSCAN8 2008-11-27 02:42 . 2008-11-27 02:42 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll 2008-11-27 02:40 . 2008-11-27 02:41 d-------- c:\windows\ERUNT 2008-11-27 02:40 . 2008-05-02 15:44 d--h----- c:\documents and settings\Administrateur\Voisinage réseau 2008-11-27 02:40 . 2008-05-02 15:44 d--h----- c:\documents and settings\Administrateur\Voisinage d'impression 2008-11-27 02:40 . 2008-05-02 14:49 d--h----- c:\documents and settings\Administrateur\Modèles 2008-11-27 02:40 . 2008-05-02 15:44 d-------- c:\documents and settings\Administrateur\Mes documents 2008-11-27 02:40 . 2008-05-02 15:44 dr------- c:\documents and settings\Administrateur\Menu Démarrer 2008-11-27 02:40 . 2008-05-02 15:44 d-------- c:\documents and settings\Administrateur\Favoris 2008-11-27 02:40 . 2008-11-27 02:42 d-------- c:\documents and settings\Administrateur\Bureau 2008-11-27 02:40 . 2008-11-27 02:40 d-------- c:\documents and settings\Administrateur 2008-11-27 02:36 . 2008-11-28 16:08 d-------- C:\SDFix 2008-11-26 22:55 . 2008-11-27 23:35 d-------- c:\documents and settings\Michel\.housecall6.6 2008-11-25 13:48 . 2008-11-25 13:48 d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-25 13:48 . 2008-11-25 13:48 d-------- c:\documents and settings\Michel\Application Data\Malwarebytes 2008-11-25 13:48 . 2008-11-25 13:48 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-25 13:48 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-25 13:48 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-21 01:57 . 2008-11-21 04:12 d-------- c:\program files\WowCartographe 2008-11-16 13:09 . 2008-11-16 13:09 d-------- c:\documents and settings\Michel\Application Data\FaxCtr 2008-11-15 23:58 . 2008-11-16 00:00 d-------- c:\documents and settings\All Users\Lx_cats 2008-11-15 23:56 . 2008-02-19 05:14 360,448 --a------ c:\windows\system32\lxdxcoin.dll 2008-11-15 23:56 . 2008-02-06 11:24 64,737 --a------ c:\windows\system32\lxdxprpr.chm 2008-11-15 23:56 . 2008-02-28 01:15 40,960 --a------ c:\windows\system32\lxdxvs.dll 2008-11-15 23:55 . 2008-02-28 01:11 782,336 --a------ c:\windows\system32\lxdxdrs.dll 2008-11-15 23:55 . 2001-08-23 17:47 87,040 --a------ c:\windows\system32\wiafbdrv.dll 2008-11-15 23:55 . 2001-08-23 17:47 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll 2008-11-15 23:55 . 2008-02-28 01:11 81,920 --a------ c:\windows\system32\lxdxcaps.dll 2008-11-15 23:55 . 2008-02-28 01:02 69,632 --a------ c:\windows\system32\lxdxcnv4.dll 2008-11-15 23:54 . 2008-11-15 23:54 d-------- c:\documents and settings\All Users\Application Data\FaxCtr 2008-11-15 23:54 . 2008-03-20 06:18 339,968 --a------ c:\windows\system32\IMGMAN32.DLL 2008-11-15 23:54 . 2008-03-20 06:18 98,345 --a------ c:\windows\system32\IMHOST32.DLL 2008-11-15 23:54 . 2008-03-20 06:18 98,304 --a------ c:\windows\system32\IM31XPNG.DEL 2008-11-15 23:54 . 2008-03-20 06:18 69,632 --a------ c:\windows\system32\IM31XTIF.DEL 2008-11-15 23:54 . 2008-03-20 06:19 53,248 --a------ c:\windows\system32\lxf3oem.dll 2008-11-15 23:54 . 2008-03-20 06:18 49,152 --a------ c:\windows\system32\IM31IMG.DIL 2008-11-15 23:54 . 2008-01-10 16:17 45,056 --a------ c:\windows\system32\LXF3PMON.DLL 2008-11-15 23:54 . 2008-03-20 06:18 32,768 --a------ c:\windows\system32\LXF3FXPU.DLL 2008-11-15 23:54 . 2008-03-20 06:19 12,288 --a------ c:\windows\system32\LXF3PMRC.DLL 2008-11-15 23:53 . 2008-11-15 23:55 d-------- c:\program files\Lexmark Fax Solutions 2008-11-15 23:50 . 2008-11-23 16:45 d-------- c:\program files\Lexmark Toolbar 2008-11-15 23:50 . 2008-02-19 17:31 102,400 --a------ c:\windows\system32\lxdxwupd.dll 2008-11-15 23:50 . 2008-02-28 01:48 17,064 --a------ c:\windows\system32\lxdxwupd.exe 2008-11-15 23:50 . 2006-12-06 18:19 44 --a------ c:\windows\system32\lxdxrwrd.ini 2008-11-15 23:49 . 2008-11-15 23:58 d-------- c:\program files\Lexmark 3600-4600 Series 2008-11-13 17:26 . 2008-11-13 17:26 d--h----- C:\BJPrinter 2008-11-13 14:49 . 2008-11-13 14:49 d-------- c:\documents and settings\All Users\Application Data\Blizzard 2008-11-13 12:49 . 2008-11-27 14:52 d-------- c:\documents and settings\All Users\Bureau 2008-11-12 12:36 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 12:36 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-10 18:02 . 2008-11-10 18:02 d-------- c:\program files\SplitCam 2008-11-10 18:02 . 2003-05-14 21:07 389,120 --a------ c:\windows\system32\actskn43.ocx 2008-11-10 18:02 . 2008-11-10 18:02 13,824 --a------ c:\windows\system32\drivers\splitcam.sys 2008-11-10 18:00 . 2008-11-10 18:00 d-------- c:\program files\Messenger Plus! Live 2008-11-10 17:48 . 2008-11-10 17:56 d-------- c:\program files\CamStudio 2008-11-07 14:31 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll 2008-11-07 14:29 . 2008-11-07 14:29 d-------- c:\windows\Logs 2008-11-04 01:18 . 2008-11-04 01:19 d-------- c:\program files\Teamspeak2_RC2 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-29 11:53 --------- d-----w c:\program files\Wanadoo 2008-11-28 16:49 --------- d-----w c:\program files\Google 2008-11-27 22:48 --------- d-----w c:\program files\World of Warcraft 2008-11-27 13:49 --------- d-----w c:\program files\Fichiers communs\Adobe 2008-11-27 06:54 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-24 01:51 --------- d-----w c:\program files\Vuze 2008-11-24 01:51 --------- d-----w c:\documents and settings\Michel\Application Data\Azureus 2008-11-13 14:23 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment 2008-11-13 11:48 --------- d-----w c:\program files\Windows Media Connect 2 2008-11-13 11:43 --------- d-----w c:\program files\UPS Widget 2008-11-13 11:42 --------- d-----w c:\program files\PokerStars 2008-11-13 01:34 --------- d-----w c:\documents and settings\Michel\Application Data\Skype 2008-11-11 02:43 --------- d-----w c:\documents and settings\Michel\Application Data eamspeak2 2008-11-09 00:40 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-20 14:15 --------- d-----w c:\program files\Windows Live 2008-10-20 14:13 --------- d-----w c:\program files\Microsoft 2008-10-20 14:09 --------- d-----w c:\program files\Fichiers communs\Windows Live 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-05 14:52 --------- d-----w c:\program files\Fichiers communs\Roxio Shared 2008-10-05 14:50 --------- d-----w c:\program files\INFORAD 2008-10-05 14:48 --------- d-----w c:\documents and settings\Michel\Application Data\dvdcss 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll 2008-09-08 22:03 51,712 ----a-w c:\windows\system32\sirenacm.dll 2008-09-05 14:04 288,768 ----a-w c:\windows\WLXPGSS.SCR 2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-09-02 17:52 256 ----a-w c:\documents and settings\Michel\pool.bin 2008-05-02 14:17 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe 2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((( snapshot_2008-11-28_18.30.53,60 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-29 11:51:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_444.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-08 3513344] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000] "lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328] "lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-20 320168] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= ctwdm32.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] --------- 2004-08-23 13:49 20480 c:\progra~1\Wanadoo\Watch.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "c:\program files\Microsoft ActiveSync apimgr.exe"= c:\program files\Microsoft ActiveSync apimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\Program Files\Messenger\msmsgs.exe"= "c:\Program Files\LimeWire\LimeWire.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "c:\Program Files\Windows Live\Messenger\wlcsdk.exe"= "c:\Program Files\Vuze\Azureus.exe"= "c:\Program Files\Skype\Phone\Skype.exe"= "c:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "c:\WINDOWS\system32\lxdxcoms.exe"= "c:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"= "c:\WINDOWS\system32\lxdxcfg.exe"= "c:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe"= "c:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe"= "c:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "2059:UDP"= 2059:UDP:Windows Media Format SDK (iexplore.exe) R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-02 110160] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-19 20560] R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-10-20 56344] R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service [] S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe [2008-11-15 98984] S3 fsssvc;Windows Live Contrôle parental;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2008-09-04 512536] . Contenu du dossier 'Tâches planifiées' 2008-11-29 c:\windows\Tasks\User_Feed_Synchronization-{ABD7D069-DDF8-4EF7-ADC9-068A0A5E026A}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-29 20:57:45 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-11-29 20:59:15 ComboFix-quarantined-files.txt 2008-11-29 19:59:10 ComboFix2.txt 2008-11-28 17:31:52 ComboFix3.txt 2008-11-26 13:14:06 ComboFix4.txt 2008-11-25 12:54:40 Avant-CF: 36,394,045,440 octets libres Après-CF: 36,496,400,384 octets libres 230 --- E O F --- 2008-11-12 12:23:55

krys95580 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:24, on 29/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2apimgr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\windows\system32\devldr32.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\windows\system32\lxdxcoms.exe
C:\windows\system32\msiexec.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\windows\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
O23 - Service: lxdx_device -   - C:\windows\system32\lxdxcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

krys95580 · Answer

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper moved successfully.
C:\Program Files\Microsoft\Search Enhancement Pack\Search Box Extension moved successfully.
C:\Program Files\Microsoft\Search Enhancement Pack\Choice Guard moved successfully.
C:\Program Files\Microsoft\Search Enhancement Pack moved successfully.
File/Folder commands not found.
File/Folder [purity] not found.
File/Folder [emptytemp] not found.
File/Folder [start explorer] not found.
File/Folder [reboot] not found.
 
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11302008_034537

krys95580 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:34, on 30/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2apimgr.exe
C:\windows\system32\devldr32.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\windows\system32\lxdxcoms.exe
C:\windows\system32\msiexec.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\windows\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
O23 - Service: lxdx_device -   - C:\windows\system32\lxdxcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

krys95580 · Answer

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Program Files\Microsoft\Search Enhancement Pack not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\2FxfK52Fechb6ofNw4670Iu3ky5BA= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\2sn9tqFWFaOnnwPmxgzOB8zNq1o= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\3UEqiKKNCWgSgebLYI30ZWfllK0= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\8Mp217ta1FvP6PQnyWaFcU4QEGI= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\9swuUm0eHsE73deAm+L0Bbi202M= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\SN2rgcPbNlkjFFNR2F86WZJ0wxCk= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\V5o2Fo6SR92F2F2FUir9FIE4jSFX7es= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\WjaYCImvurWzrORsVPrdwcut1CU= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\WMnU5xmgkT1iK8qxzjtYGNOIKrk= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\Yy6yswyGkL9xJpWoUvHWM8b2xD4= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\ziWp8neS1vFbmGVXs179hY3HQO0= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\hsperfdata_Michel\2440 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\e4jF.tmp_dir2357\exe4jlib.jar scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\azemp-win32_2.0.30.zip scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\swt-gdip-win32-3448.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\swt-win32-3448.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\~DF3306.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\~DF3322.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\~DFC882.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\windows	emp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\windows	emp\Perflib_Perfdata_43c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11302008_154305

Files moved on Reboot...
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\2FxfK52Fechb6ofNw4670Iu3ky5BA= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\2sn9tqFWFaOnnwPmxgzOB8zNq1o= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\3UEqiKKNCWgSgebLYI30ZWfllK0= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\8Mp217ta1FvP6PQnyWaFcU4QEGI= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\9swuUm0eHsE73deAm+L0Bbi202M= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\SN2rgcPbNlkjFFNR2F86WZJ0wxCk= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\V5o2Fo6SR92F2F2FUir9FIE4jSFX7es= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\WjaYCImvurWzrORsVPrdwcut1CU= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\WMnU5xmgkT1iK8qxzjtYGNOIKrk= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\Yy6yswyGkL9xJpWoUvHWM8b2xD4= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\ziWp8neS1vFbmGVXs179hY3HQO0= moved successfully.
File C:\DOCUME~1\Michel\LOCALS~1\Temp\hsperfdata_Michel\2440 not found!
C:\DOCUME~1\Michel\LOCALS~1\Temp\e4jF.tmp_dir2357\exe4jlib.jar moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\azemp-win32_2.0.30.zip moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Michel\LOCALS~1\Temp\swt-gdip-win32-3448.dll
C:\DOCUME~1\Michel\LOCALS~1\Temp\swt-gdip-win32-3448.dll NOT unregistered.
C:\DOCUME~1\Michel\LOCALS~1\Temp\swt-gdip-win32-3448.dll moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Michel\LOCALS~1\Temp\swt-win32-3448.dll
C:\DOCUME~1\Michel\LOCALS~1\Temp\swt-win32-3448.dll NOT unregistered.
C:\DOCUME~1\Michel\LOCALS~1\Temp\swt-win32-3448.dll moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\WCESLog.log moved successfully.
File C:\DOCUME~1\Michel\LOCALS~1\Temp\~DF3306.tmp not found!
File C:\DOCUME~1\Michel\LOCALS~1\Temp\~DF3322.tmp not found!
File C:\DOCUME~1\Michel\LOCALS~1\Temp\~DFC882.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\windows	emp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\windows	emp\Perflib_Perfdata_43c.dat moved successfully.

krys95580 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:02, on 30/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\windows\system32\lxdxcoms.exe
C:\windows\system32\msiexec.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2apimgr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\windows\system32\devldr32.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\windows\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
O23 - Service: lxdx_device -   - C:\windows\system32\lxdxcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

krys95580 · Answer

Je sais pas si tout est bon. En tout cas si oui je voulais te remercier d'avoir prit du temps pour m'aider à virer ce virus c'est tres gentil à toi !

Virus Trojan.Generic Impossible à SUPPRIMER

38 réponses

Discussions similaires