PC infecté? rapport hijackthis

Dom77 -  
aziz242 Messages postés 501 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour, je pense avoir un virus, mon ordinateur s'éteint et redémarre tout seul, voici le rapport hijackthis, merci de votre aide.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:42, on 16/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe­­
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Aurélie\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: BoontyBox neuf telecom.lnk.disabled
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk.disabled
O4 - Global Startup: AOL Compagnon.lnk.disabled
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab55668.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46DE49D4-6A04-4D4E-95C4-779B71406211}: NameServer = 192.168.1.1
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:42, on 16/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe­­
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Aurélie\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: BoontyBox neuf telecom.lnk.disabled
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk.disabled
O4 - Global Startup: AOL Compagnon.lnk.disabled
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab55668.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46DE49D4-6A04-4D4E-95C4-779B71406211}: NameServer = 192.168.1.1
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Configuration: Windows XP
Internet Explorer 7.0

2 réponses

  1. aziz242 Messages postés 501 Date d'inscription   Statut Membre Dernière intervention   44
     
    télécharge https://www.clubic.com/telecharger-fiche68496-trojan-remover.html et fait un scan et suprime ton virus
    0
    1. Dom77
       
      Merci mais ca ne m'a pas trouvé de virus, voici le rapport :
      ***** THE SYSTEM HAS BEEN RESTARTED *****
      16/12/2008 19:47:38: Trojan Remover has been restarted
      =======================================================
      Removing the following registry keys:
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - already removed (or did not exist)
      HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Ownership taken
      HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - removed
      =======================================================
      16/12/2008 19:47:53: Trojan Remover closed
      ************************************************************


      ***** NORMAL SCAN FOR ACTIVE MALWARE *****
      Trojan Remover Ver 6.7.5.2555. For information, email support@simplysup1.com
      [Unregistered version]
      Scan started at: 19:38:05 16 déc. 2008
      Using Database v7227
      Operating System: Windows XP SP2 [Windows XP Home Edition Service Pack 2 (Build 2600)]
      File System: NTFS
      Data directory: C:\Documents and Settings\Aurélie\Application Data\Simply Super Software\Trojan Remover\
      Database directory: C:\Documents and Settings\Aurélie\Mes documents\Trojan Remover\
      Logfile directory: C:\Documents and Settings\Aurélie\Mes documents\Simply Super Software\Trojan Remover Logfiles\
      Program directory: C:\Documents and Settings\Aurélie\Mes documents\Trojan Remover\
      Running with Administrator privileges

      ************************************************************
      The following Anti-Malware program(s) are loaded:
      Avast! Antivirus

      ************************************************************


      ************************************************************
      19:38:06: Scanning ----------WIN.INI-----------
      WIN.INI found in C:\WINDOWS

      ************************************************************
      19:38:06: Scanning --------SYSTEM.INI---------
      SYSTEM.INI found in C:\WINDOWS

      ************************************************************
      19:38:06: ----- SCANNING FOR ROOTKIT SERVICES -----
      No hidden Services were detected.

      ************************************************************
      19:38:12: Scanning -----WINDOWS REGISTRY-----
      --------------------
      Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
      --------------------
      Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
      This key's "Shell" value calls the following program(s):
      File: Explorer.exe
      C:\WINDOWS\Explorer.exe
      1037312 bytes
      Created: 05/08/2004
      Modified: 13/06/2007
      Company: Microsoft Corporation
      ----------
      This key's "Userinit" value calls the following program(s):
      File: C:\WINDOWS\system32\userinit.exe
      C:\WINDOWS\system32\userinit.exe
      25088 bytes
      Created: 05/08/2004
      Modified: 05/08/2004
      Company: Microsoft Corporation
      ----------
      This key's "System" value appears to be blank
      ----------
      This key's "UIHost" value calls the following program:
      File: logonui.exe
      C:\WINDOWS\system32\logonui.exe
      515584 bytes
      Created: 05/08/2004
      Modified: 05/08/2004
      Company: Microsoft Corporation
      ----------
      --------------------
      Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
      --------------------
      Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
      Value Name: load
      --------------------
      Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      Value Name: ToUcamVProperty
      Value Data: C:\PROGRA~1\PHILIP~1\VProperty.exe
      C:\PROGRA~1\PHILIP~1\VProperty.exe
      131072 bytes
      Created: 25/12/2005
      Modified: 02/04/2003
      Company: Philips PC Cameras
      --------------------
      Value Name: avast!
      Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      81000 bytes
      Created: 11/11/2007
      Modified: 26/11/2008
      Company: ALWIL Software
      --------------------
      Value Name: QuickTime Task
      Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
      C:\Program Files\QuickTime\qttask.exe
      98304 bytes
      Created: 31/12/2001
      Modified: 31/12/2001
      Company: Apple Computer, Inc.
      --------------------
      Value Name: KernelFaultCheck
      Value Data: %systemroot%\system32\dumprep 0 -k
      C:\WINDOWS\system32\dumprep.exe
      10752 bytes
      Created: 05/08/2004
      Modified: 05/08/2004
      Company: Microsoft Corporation
      --------------------
      Value Name: SunJavaUpdateSched
      Value Data: "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
      C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
      75520 bytes
      Created: 11/03/2007
      Modified: 15/12/2006
      Company: Sun Microsystems, Inc.
      --------------------
      Value Name: TrojanScanner
      Value Data: C:\Documents and Settings\Aurélie\Mes documents\Trojan Remover\Trjscan.exe /boot
      C:\Documents and Settings\Aurélie\Mes documents\Trojan Remover\Trjscan.exe
      1230728 bytes
      Created: 16/12/2008
      Modified: 10/12/2008
      Company: Simply Super Software
      --------------------
      --------------------
      Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
      This Registry Key appears to be empty
      --------------------
      Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
      This Registry Key appears to be empty
      --------------------
      Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
      This Registry Key appears to be empty
      --------------------
      Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
      This Registry Key appears to be empty
      --------------------
      Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      Value Name: ctfmon.exe
      Value Data: C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\ctfmon.exe
      15360 bytes
      Created: 05/08/2004
      Modified: 05/08/2004
      Company: Microsoft Corporation
      --------------------
      --------------------
      Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
      This Registry Key appears to be empty
      --------------------
      Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
      This Registry Key appears to be empty
      --------------------
      Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
      This Registry Key appears to be empty

      ************************************************************
      19:38:17: Scanning -----SHELLEXECUTEHOOKS-----
      ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
      File: shell32.dll - this file is expected and has been left in place
      ----------

      ************************************************************
      19:38:17: Scanning -----HIDDEN REGISTRY ENTRIES-----
      Taskdir check completed
      ----------
      No Hidden File-loading Registry Entries found
      ----------

      ************************************************************
      19:38:18: Scanning -----ACTIVE SCREENSAVER-----
      ScreenSaver: C:\WINDOWS\system32\logon.scr
      C:\WINDOWS\system32\logon.scr
      221696 bytes
      Created: 05/08/2004
      Modified: 05/08/2004
      Company: Microsoft Corporation
      --------------------

      ************************************************************
      19:38:18: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
      Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
      Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
      C:\WINDOWS\INF\wmp11.inf
      2441 bytes
      Created: 03/11/2006
      Modified: 03/11/2006
      Company: [no info]
      ----------

      ************************************************************
      19:38:19: Scanning ----- SERVICEDLL REGISTRY KEYS -----
      Key: AppMgmt
      %SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
      --------------------
      Key: HidServ
      %SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
      --------------------

      ************************************************************
      19:38:24: Scanning ----- SERVICES REGISTRY KEYS -----
      Key: AmdK7
      ImagePath: system32\DRIVERS\amdk7.sys
      C:\WINDOWS\system32\DRIVERS\amdk7.sys
      41600 bytes
      Created: 04/08/2004
      Modified: 05/08/2004
      Company: Microsoft Corporation
      ----------
      Key: aswFsBlk
      ImagePath: system32\DRIVERS\aswFsBlk.sys
      C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
      20560 bytes
      Created: 09/04/2008
      Modified: 26/11/2008
      Company: ALWIL Software
      ----------
      Key: aswUpdSv
      ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      18752 bytes
      Created: 11/11/2007
      Modified: 26/11/2008
      Company: ALWIL Software
      ----------
      Key: atksgt
      ImagePath: system32\DRIVERS\atksgt.sys
      C:\WINDOWS\system32\DRIVERS\atksgt.sys
      271360 bytes
      Created: 03/02/2007
      Modified: 03/02/2007
      Company: [no info]
      ----------
      Key: avast! Antivirus
      ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      155160 bytes
      Created: 11/11/2007
      Modified: 26/11/2008
      Company: ALWIL Software
      ----------
      Key: avast! Mail Scanner
      ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      254040 bytes
      Created: 11/11/2007
      Modified: 26/11/2008
      Company: ALWIL Software
      ----------
      Key: avast! Web Scanner
      ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      352920 bytes
      Created: 11/11/2007
      Modified: 26/11/2008
      Company: ALWIL Software
      ----------
      Key: Boonty Games
      ImagePath: "C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
      C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      69120 bytes
      Created: 01/08/2006
      Modified: 01/08/2006
      Company: BOONTY
      ----------
      Key: C-DillaCdaC11BA
      ImagePath: C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      54784 bytes
      Created: 01/08/2006
      Modified: 01/08/2006
      Company: Macrovision
      ----------
      Key: camvid20
      ImagePath: system32\DRIVERS\camdrv21.sys
      C:\WINDOWS\system32\DRIVERS\camdrv21.sys
      223232 bytes
      Created: 25/12/2005
      Modified: 17/08/2001
      Company: Microsoft Corporation
      ----------
      Key: CdaC15BA
      ImagePath: \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS
      C:\WINDOWS\system32\drivers\CdaC15BA.SYS
      12464 bytes
      Created: 17/07/2006
      Modified: 17/07/2006
      Company: Macrovision Europe Ltd
      ----------
      Key: CLTNetCnService
      ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
      C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [file not found to scan]
      ----------
      Key: eeCtrl
      ImagePath: \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
      C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
      395312 bytes
      Created: 26/06/2007
      Modified: 30/08/2007
      Company: Symantec Corporation
      ----------
      Key: fbxusb
      ImagePath: system32\DRIVERS\fbxusb32.sys
      C:\WINDOWS\system32\DRIVERS\fbxusb32.sys
      21344 bytes
      Created: 20/10/2004
      Modified: 20/10/2004
      Company: FreeBox SA
      ----------
      Key: HPZid412
      ImagePath: system32\DRIVERS\HPZid412.sys
      C:\WINDOWS\system32\DRIVERS\HPZid412.sys
      -R- 50960 bytes
      Created: 07/07/2005
      Modified: 15/02/2002
      Company: HP
      ----------
      Key: HPZipr12
      ImagePath: system32\DRIVERS\HPZipr12.sys
      C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
      -R- 16112 bytes
      Created: 07/07/2005
      Modified: 21/03/2002
      Company: HP
      ----------
      Key: HPZius12
      ImagePath: system32\DRIVERS\HPZius12.sys
      C:\WINDOWS\system32\DRIVERS\HPZius12.sys
      -R- 22512 bytes
      Created: 07/07/2005
      Modified: 08/03/2002
      Company: HP
      ----------
      Key: JL2005
      ImagePath: System32\Drivers\toywdm.sys
      C:\WINDOWS\System32\Drivers\toywdm.sys [file not found to scan]
      ----------
      Key: lirsgt
      ImagePath: system32\DRIVERS\lirsgt.sys
      C:\WINDOWS\system32\DRIVERS\lirsgt.sys
      18048 bytes
      Created: 03/02/2007
      Modified: 03/02/2007
      Company: [no info]
      ----------
      Key: LiveUpdate
      ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      2528960 bytes
      Created: 24/10/2006
      Modified: 08/09/2006
      Company: Symantec Corporation
      ----------
      Key: LiveUpdate Notice Ex
      ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
      C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [file not found to scan]
      ----------
      Key: LiveUpdate Notice Service
      ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
      C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      517768 bytes
      Created: 12/03/2007
      Modified: 12/03/2007
      Company: Symantec Corporation
      ----------
      Key: MR97310_VGA_DUAL_CAMERA
      ImagePath: system32\DRIVERS\mr97310v.sys
      C:\WINDOWS\system32\DRIVERS\mr97310v.sys [file not found to scan]
      ----------
      Key: ms_mpu401
      ImagePath: system32\drivers\msmpu401.sys
      C:\WINDOWS\system32\drivers\msmpu401.sys
      2944 bytes
      Created: 05/07/2005
      Modified: 17/08/2001
      Company: Microsoft Corporation
      ----------
      Key: Mtlmnt5
      ImagePath: system32\DRIVERS\Mtlmnt5.sys
      C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
      172708 bytes
      Created: 06/07/2005
      Modified: 29/11/2001
      Company:
      ----------
      Key: Mtlstrm
      ImagePath: system32\DRIVERS\Mtlstrm.sys
      C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
      2383460 bytes
      Created: 06/07/2005
      Modified: 29/11/2001
      Company:
      ----------
      Key: NtMtlFax
      ImagePath: system32\DRIVERS\NtMtlFax.sys
      C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
      607732 bytes
      Created: 06/07/2005
      Modified: 29/11/2001
      Company:
      ----------
      Key: PALLADIA
      ImagePath: system32\DRIVERS\usbiad.sys
      C:\WINDOWS\system32\DRIVERS\usbiad.sys
      31547 bytes
      Created: 27/07/2005
      Modified: 14/07/2004
      Company: Centillium Communications, Inc.
      ----------
      Key: Planificateur LiveUpdate automatique
      ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      198336 bytes
      Created: 24/10/2006
      Modified: 08/09/2006
      Company: Symantec Corporation
      ----------
      Key: Pml Driver HPZ12
      ImagePath: C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\HPZipm12.exe
      -R- 81920 bytes
      Created: 07/07/2005
      Modified: 15/03/2002
      Company: HP
      ----------
      Key: sfdrv01
      ImagePath: System32\drivers\sfdrv01.sys
      C:\WINDOWS\System32\drivers\sfdrv01.sys
      50688 bytes
      Created: 10/08/2005
      Modified: 10/08/2005
      Company: Protection Technology
      ----------
      Key: sfhlp02
      ImagePath: System32\drivers\sfhlp02.sys
      C:\WINDOWS\System32\drivers\sfhlp02.sys
      6656 bytes
      Created: 16/05/2005
      Modified: 16/05/2005
      Company: Protection Technology
      ----------
      Key: Slntamr
      ImagePath: system32\DRIVERS\slntamr.sys
      C:\WINDOWS\system32\DRIVERS\slntamr.sys
      -R- 220432 bytes
      Created: 06/07/2005
      Modified: 29/01/2002
      Company:
      ----------
      Key: SlNtHal
      ImagePath: system32\DRIVERS\Slnthal.sys
      C:\WINDOWS\system32\DRIVERS\Slnthal.sys
      175160 bytes
      Created: 06/07/2005
      Modified: 29/11/2001
      Company:
      ----------
      Key: SLService
      ImagePath: slserv.exe
      C:\WINDOWS\system32\slserv.exe
      45056 bytes
      Created: 06/07/2005
      Modified: 29/11/2001
      Company:
      ----------
      Key: SlWdmSup
      ImagePath: system32\DRIVERS\SlWdmSup.sys
      C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
      -R- 33028 bytes
      Created: 06/07/2005
      Modified: 29/11/2001
      Company: Vireo Software
      ----------
      Key: SQTECH905C
      ImagePath: System32\Drivers\Capt905c.sys
      C:\WINDOWS\System32\Drivers\Capt905c.sys
      647072 bytes
      Created: 19/12/2005
      Modified: 27/08/2004
      Company: Service & Quality Technology.
      ----------
      Key: SwPrv
      ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{864CE732-8534-4BF6-B774-FD73D7E5D6D4}
      C:\WINDOWS\system32\dllhost.exe
      5120 bytes
      Created: 05/08/2004
      Modified: 05/08/2004
      Company: Microsoft Corporation
      ----------
      Key: usnjsvc
      ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      98328 bytes
      Created: 18/10/2007
      Modified: 18/10/2007
      Company: Microsoft Corporation
      ----------
      Key: V90drv
      ImagePath: system32\DRIVERS\v90drv.sys
      C:\WINDOWS\system32\DRIVERS\v90drv.sys
      1432836 bytes
      Created: 06/07/2005
      Modified: 29/11/2001
      Company:
      ----------
      Key: viaagp
      ImagePath: system32\DRIVERS\viaagp.sys
      C:\WINDOWS\system32\DRIVERS\viaagp.sys
      42240 bytes
      Created: 05/07/2005
      Modified: 04/08/2004
      Company: Microsoft Corporation
      ----------
      Key: viaagp1
      ImagePath: system32\DRIVERS\viaagp1.sys
      C:\WINDOWS\system32\DRIVERS\viaagp1.sys
      27904 bytes
      Created: 02/07/2003
      Modified: 06/07/2005
      Company: VIA Technologies, Inc.
      ----------
      Key: VIAudio
      ImagePath: system32\drivers\vinyl97.sys
      C:\WINDOWS\system32\drivers\vinyl97.sys
      179968 bytes
      Created: 08/04/2005
      Modified: 06/07/2005
      Company: VIA Technologies, Inc.
      ----------
      Key: WlanUIG
      ImagePath: system32\DRIVERS\WlanUIG.sys
      C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
      379456 bytes
      Created: 15/07/2008
      Modified: 15/07/2008
      Company: Conexant Systems, Inc.
      ----------
      Key: WLSetupSvc
      ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
      C:\Program Files\Windows Live\installer\WLSetupSvc.exe
      266240 bytes
      Created: 25/10/2007
      Modified: 25/10/2007
      Company: Microsoft Corporation
      ----------

      ************************************************************
      19:38:45: Scanning -----VXD ENTRIES-----
      Checking the following VxD entries:
      C:\WINDOWS\system32\JAVASUP.VXD
      7315 bytes
      Created: 03/08/2005
      Modified: 28/02/2003
      Company: [no info]
      VxD Key = JAVASUP
      ----------
      ----------

      ************************************************************
      19:38:45: Scanning ----- WINLOGON\NOTIFY DLLS -----

      ************************************************************
      19:38:46: Scanning ----- CONTEXTMENUHANDLERS -----
      Key: avast
      CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
      Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
      C:\Program Files\Alwil Software\Avast4\ashShell.dll
      76880 bytes
      Created: 11/11/2007
      Modified: 26/11/2008
      Company: ALWIL Software
      ----------
      Key: Trojan Remover
      CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
      Path: C:\DOCUME~1\AURLIE~1\MESDOC~1\TROJAN~1\Trshlex.dll
      C:\DOCUME~1\AURLIE~1\MESDOC~1\TROJAN~1\Trshlex.dll
      467552 bytes
      Created: 16/12/2008
      Modified: 05/02/2007
      Company: Simply Super Software
      ----------

      ************************************************************
      19:38:47: Scanning ----- FOLDER\COLUMNHANDLERS -----

      ************************************************************
      19:38:47: Scanning ----- BROWSER HELPER OBJECTS -----
      Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
      BHO: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - this BHO was being loaded by the following key:
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - this key has been removed [file not found to scan]
      C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - this BHO is referenced by the following key:
      HKEY_CLASSES_ROOT\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Trojan Remover was unable to remove this key
      ----------
      Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
      BHO: C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      440056 bytes
      Created: 15/12/2006
      Modified: 15/12/2006
      Company: Sun Microsystems, Inc.
      ----------
      Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
      BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      328752 bytes
      Created: 20/09/2007
      Modified: 20/09/2007
      Company: Microsoft Corporation
      ----------
      Key: {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
      BHO: C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
      C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
      155648 bytes
      Created: 04/10/2005
      Modified: 13/08/2004
      Company: Microsoft Corporation
      ----------
      Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
      BHO: C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
      C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
      282624 bytes
      Created: 09/02/2006
      Modified: 17/01/2006
      Company: Microsoft Corporation
      ----------

      ************************************************************
      19:39:33: Scanning ----- SHELLSERVICEOBJECTS -----

      ************************************************************
      19:39:33: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

      ************************************************************
      19:39:33: Scanning ----- IMAGEFILE DEBUGGERS -----
      No "Debugger" entries found.

      ************************************************************
      19:39:33: Scanning ----- APPINIT_DLLS -----
      The AppInit_DLLs value is blank or does not exist

      ************************************************************
      19:39:35: Scanning ----- SECURITY PROVIDER DLLS -----

      ************************************************************
      19:39:36: Scanning ------ COMMON STARTUP GROUP ------
      [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
      The Common Startup Group attempts to load the following file(s) at boot time:
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 8.0 Icône AOL.lnk.disabled
      730 bytes
      Created: 09/07/2005
      Modified: 09/07/2005
      Company: [no info]
      --------------------
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk.disabled
      1646 bytes
      Created: 31/12/2001
      Modified: 20/08/2005
      Company: [no info]
      --------------------
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
      -HS- 84 bytes
      Created: 05/07/2005
      Modified: 05/07/2005
      Company: [no info]
      --------------------
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
      323646 bytes
      Created: 11/06/2002
      Modified: 11/06/2002
      Company: Hewlett-Packard Co.
      hp psc 2000 Series.lnk - links to C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
      --------------------
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk.disabled
      1757 bytes
      Created: 14/07/2008
      Modified: 14/07/2008
      Company: [no info]
      --------------------
      C:\Program Files\Microsoft Office\Office\OSA9.EXE
      65588 bytes
      Created: 17/02/1999
      Modified: 17/02/1999
      Company: Microsoft Corporation
      Microsoft Office.lnk - links to C:\Program Files\Microsoft Office\Office\OSA9.EXE
      --------------------
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
      147456 bytes
      Created: 11/06/2002
      Modified: 11/06/2002
      Company: Hewlett-Packard Co.
      officejet 6100.lnk - links to C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
      --------------------

      ************************************************************
      No User Startup Groups were located to check

      ************************************************************
      19:39:38: Scanning ----- SCHEDULED TASKS -----
      Taskname: FRU Task #Hewlett-Packard#hp psc 2200 series#1120754494.job
      File: C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
      61440 bytes
      Created: 11/06/2002
      Modified: 11/06/2002
      Company:
      Parameters: -I "#Hewlett-Packard#hp psc 2200 series#1120754494"
      Next Run Time: 17/12/2008 18:42:00
      Status: La tâche n'a pas encore été exécutée
      Creator: prevost
      Comments: [blank]
      ----------
      Taskname: WebReg 20050707184256.job
      File: C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe
      53248 bytes
      Created: 18/04/2002
      Modified: 18/04/2002
      Company: Hewlett-Packard
      Parameters: /TaskName 20050707184256 /N "psc 2210v" /M C8660A /S MY27ND10T90G
      Next Run Time: 17/12/2008 18:42:00
      Status: La tâche n'a pas encore été exécutée
      Creator: prevost
      Comments: [blank]
      ----------

      ************************************************************
      19:39:39: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

      ************************************************************
      19:39:39: ----- ADDITIONAL CHECKS -----
      PE386 rootkit checks completed
      ----------
      Winlogon registry rootkit checks completed
      ----------
      Heuristic checks for hidden files/drivers completed
      ----------
      Layered Service Provider entries checks completed
      ----------
      Windows Explorer Policies checks completed
      ----------
      Desktop Wallpaper: C:\Documents and Settings\Aurélie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
      C:\Documents and Settings\Aurélie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
      1501834 bytes
      Created: 02/08/2008
      Modified: 03/12/2008
      Company: [no info]
      ----------
      Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
      C:\Documents and Settings\Aurélie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
      1501834 bytes
      Created: 02/08/2008
      Modified: 03/12/2008
      Company: [no info]
      ----------
      Checks for rogue DNS NameServers completed
      ----------
      Additional checks completed

      ************************************************************
      19:39:41: Scanning ----- RUNNING PROCESSES -----

      C:\WINDOWS\System32\smss.exe
      --------------------
      C:\WINDOWS\system32\csrss.exe
      --------------------
      C:\WINDOWS\system32\winlogon.exe
      --------------------
      C:\WINDOWS\system32\services.exe
      --------------------
      C:\WINDOWS\system32\lsass.exe
      --------------------
      C:\WINDOWS\system32\svchost.exe
      --------------------
      C:\WINDOWS\system32\svchost.exe - file already scanned
      --------------------
      C:\WINDOWS\System32\svchost.exe - file already scanned
      --------------------
      C:\WINDOWS\system32\svchost.exe - file already scanned
      --------------------
      C:\WINDOWS\system32\svchost.exe - file already scanned
      --------------------
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned
      --------------------
      C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned
      --------------------
      C:\WINDOWS\Explorer.EXE - file already scanned
      --------------------
      C:\WINDOWS\system32\spoolsv.exe
      --------------------
      C:\PROGRA~1\PHILIP~1\VProperty.exe - file already scanned
      --------------------
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - file already scanned
      --------------------
      C:\Program Files\QuickTime\qttask.exe - file already scanned
      --------------------
      C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe - file already scanned
      --------------------
      C:\WINDOWS\system32\ctfmon.exe - file already scanned
      --------------------
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE - file already scanned
      --------------------
      C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe - file already scanned
      --------------------
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
      --------------------
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
      --------------------
      C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
      --------------------
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - file already scanned
      --------------------
      C:\WINDOWS\system32\slserv.exe - file already scanned
      --------------------
      C:\WINDOWS\system32\svchost.exe - file already scanned
      --------------------
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      --------------------
      C:\Program Files\Messenger\msmsgs.exe
      --------------------
      C:\WINDOWS\system32\HPZipm12.exe - file already scanned
      --------------------
      C:\WINDOWS\System32\alg.exe
      --------------------
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe - file already scanned
      --------------------
      C:\WINDOWS\system32\wuauclt.exe
      --------------------
      C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
      --------------------
      C:\Program Files\Internet Explorer\iexplore.exe
      --------------------
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      --------------------
      C:\Documents and Settings\Aurélie\Application Data\Simply Super Software\Trojan Remover\dls2.exe
      FileSize: 2884472
      [This is a Trojan Remover component]
      --------------------
      C:\WINDOWS\system32\wscntfy.exe
      --------------------

      ************************************************************
      19:39:51: Checking AUTOEXEC.BAT file
      AUTOEXEC.BAT found in C:\
      No malicious entries were found in the AUTOEXEC.BAT file

      ************************************************************
      19:39:51: Checking AUTOEXEC.NT file
      AUTOEXEC.NT found in C:\WINDOWS\system32
      No malicious entries were found in the AUTOEXEC.NT file

      ************************************************************
      19:39:52: Checking HOSTS file
      No malicious entries were found in the HOSTS file

      ************************************************************
      ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
      HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
      https://www.msn.com/fr-fr/?ocid=iehp
      HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
      %SystemRoot%\system32\blank.htm
      HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
      https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
      https://www.msn.com/fr-fr/?ocid=iehp
      HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
      https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
      https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
      HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
      https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
      HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
      https://www.free.fr/freebox/index.html
      HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
      C:\WINDOWS\system32\blank.htm
      HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
      http://www.bing.com/spresults.aspx
      HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
      http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=isearch

      ************************************************************
      === CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
      Scan completed at: 19:39:52 16 déc. 2008
      Total Scan time: 00:01:46
      -------------------------------------------------------------------------
      One or more files could not be moved or renamed as requested.
      They may be in use by Windows, so Trojan Remover needs
      to restart the system in order to deal with these files.
      16/12/2008 19:40:02: restart commenced
      ************************************************************




      par contre depuis j'ai des fenetres "microsoft windows" qui n'arretent pas d'apparaitre : "le systeme a recupéré d'une erreur serieuse" ...
      0