Win32:Adan-078 ainsi que Adan-094

Bonsoir

Télécharge FixWareout de l'un de ces deux liens :
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout....

Sauvegarde-le sur ton Bureau, puis lance-le.
Clique Next, puis Install, et assure-toi que "Run fixit" soit coché, puis clique Finish.
Suis les directives à l'écran.
L'outil va te demander de redémarrer ton PC; fais-le s'il te plaît.
Le redémarrage risque de prendre un peu plus de temps; ceci est normal.
Lorsque redémarré, un fichier texte apparaîtra (report.txt); copie/colle ce rapport dans ta prochaine réponse, avec un nouveau rapport HijackThis! également.

Un service plutôt impresionnant :-)
Super rapide.

Bon j'en viens au fait :


Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}6EB13D880960-5C8A-C934-520F-57CB79D7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}F0C631B58E7C-D988-8DE4-01AB-CB2ED7C3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}67E8B0BD937D-5A99-B264-104F-2FDD0BAE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}8FF0021571E1-41BB-41B4-A0AC-844D7B17{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}C3F2B30163AD-BC9B-0AA4-4A91-054DFC4C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}0647811A05D3-5ABB-D3D4-27BD-BA8598DC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}8D1DF27FFCA7-6C79-2E64-8F53-FAB00DB0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}C669987A07A7-2DA9-8E14-0B52-5D8968ED{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}70F88B53EA34-9788-0A34-5772-435E8CCF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}ACECF8971D59-07A8-17E4-2AF7-D928589C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}5B4ABB0AD03C-E86A-6774-2B3A-7687D692{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}CD838EBFD967-AF8B-AB94-6CB0-69B87B5A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}19AB472D6DCE-A77B-89D4-5546-21DF3820{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}E89689287BBE-881A-7CD4-0938-C40380E1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}6E0ABD7CE21E-D909-A514-D42F-CA9B7A35{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}94D118B74C06-D35A-4A44-5812-A7B7CE76{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}3DC460C4A3B4-66A8-7244-8FF3-9BBFDEDC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}CC639C416EFE-E22B-10E4-4F9C-68C60683{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}9007376B03AA-2B0B-27F4-9A41-527B7F7B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}3E4436889CD9-C96B-E224-CF9A-BF294651{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}675804187C6E-CE48-0B94-BAC7-F3B78CE9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}EA40BD0E69F0-318A-2B64-DD83-B1207EB5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}70695096816F-9799-C994-9348-6490A0A6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}B6177E15D4A8-77CA-91A4-0707-8069758D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}BE0BF6B82B0F-03EB-8944-1C25-2B6E1A5D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}4CFA198011F9-CDF8-BBB4-14D2-18D83A1D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}A1EC1C6F9B88-B17A-11F4-1A75-1F75F8BE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}0E83160ABE83-3E7A-9264-4FDE-3B0CD873{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}A7919A5DE9D1-D828-A6C4-D888-5A67C07B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}234A4C65E675-FAC8-0394-AA5C-A897EDBF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}EDA6E8C55A36-99F8-2E84-967B-7D59959E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}492B3369B680-904B-6D64-CBF0-AC03FA23{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}87CAE1DA0909-1E6A-0594-BBAF-9B9BDE40{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}B462F24EBDBE-8F89-97E4-6351-BB4E8C19{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}E3608BAC506B-83AA-A514-2970-8A2AE75E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}48BD3EF41235-51D8-3CD4-50EA-EFBCEF4B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}DE979042D34E-3E3A-FDD4-00BE-2E9EE0E3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}5A9E0B52A083-F5AB-E764-01AC-98E3265F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}AC8F02019122-0C18-5354-8CBC-3827E289{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}D1C63FBA16B0-A28B-7674-4D0F-DFD0E710{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}25F9B69B6CA2-C61A-0AE4-C5B6-3B6B2E77{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}D02E1C1E30B0-B4B9-6DC4-A959-3457861C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}761C834A07FF-B7DA-2634-5B5F-03BB8085{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}BA1A79BB1AAD-119A-AE44-1B3E-A7A299E8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}414EF6A2A1E0-2E48-8594-33AA-7FA0CCAA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}26C1A083DA67-5ADB-8064-D21C-E6F1EA1A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}A4CE5926C629-8659-8A34-A77A-B530E2D4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}7597C5A57CAC-26A8-80D4-063F-AE68F1C6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}08293914C5F1-03FA-D6C4-454A-C8873014{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}E40D4930A940-37C8-D8F4-1057-74472356{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}12B702325EA1-C8C8-5714-8FE7-1EDD4539{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}934D9C227105-56C9-9B94-0E27-227FE47A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}7445CF6D7E6E-0D9A-99D4-B54C-9EABFFC5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}05295D9DFF3D-8FBB-8144-F287-B9B405B5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}6C4F5221B597-8728-18F4-68F2-C698752E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}F7AA38337228-C71A-CA74-7B98-E33D6F48{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}4D8B3D97D1D8-3B58-7E44-68F0-4DAB4178{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}03C2DDB93E5D-CA18-4BA4-9BBE-8E2FCB31{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}6820A0CCD30E-68AB-DD74-AB09-6F4A9E68{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}B551231D215C-B6B9-1E74-EC68-EFF50963{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}D86DAAB1285B-250A-2124-CFEA-D5BF0D03{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}4BF77AC07677-36AB-B0F4-0279-E1D09ABD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}686D4CE85828-CBA9-47D4-5A0F-3FD35F96{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}951314E9D58C-2ACA-30C4-3616-81A7C1DC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}E286D6A0FA5E-5C6B-4634-EDFD-975F69CA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}2BC401B6136B-DAAA-7634-0408-55FFF2BA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}477C7A2699F5-7899-9D44-1D00-45DF3A4A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}609DBDD69E2A-100A-3424-D82E-F4068CE3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}3C1C2FC0DBE4-2C7A-DB24-2375-6E0770FE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}89327A0EC1E7-2798-17F4-25A8-6136ADA5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}08CF547C0615-5BA9-0364-5B9A-15723792{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}F8B14801EDF5-B849-2644-D0DB-D7B77E64{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}EADF8F8219C4-9B0A-D194-1510-AD0F5AAA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}AACC5B9630C9-E03B-FB34-0830-28E060C6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}86688A29ECAE-754A-C204-A11C-FC1F8AA6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}7C981D2FC57A-C5A8-8EB4-B378-BAB86905{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}7BF575816D73-639B-26F4-98C1-B80CA77B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}E3C0E705B6F9-7338-9914-B06F-04C5375E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}6D17D92D106D-496A-8344-2226-EA7E5CE3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}B04EB98F1B8E-7BD9-2494-C10B-A17F555F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}595EFA964E0A-DC9B-D7B4-63D8-689880F4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}A6543F18580B-A208-F2F4-DBC3-7404CF3C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}4146DB114FF4-09CA-3D24-8C13-9458C3C8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}70C7C8D6B746-4FBA-F144-9764-7ADFA769{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}482E8F1A6F24-1899-5224-44A0-73F97DCA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}B075B7A9E319-BE58-B134-03F3-71439BC9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}BCE43C255FA4-BA09-51A4-BE77-DD1D7DDB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}946133944A30-3E3B-B2A4-E57C-72604B60{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}DE97806F5167-CE4A-62D4-6A1A-DAACAF80{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}08C8ACF52078-EC48-2C04-A40C-E6CDBE20{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}D237CB83DB50-A09A-FBA4-24EE-B64EC59D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}F685D05D20C7-BFCA-F834-82C8-870CDE46{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}CA07B6073C36-F899-7D44-5B50-E859F60B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}791A38C02140-8E89-2F84-A746-C871E3A7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}269EC974268B-D5C8-B924-B527-3EF6FAF3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}176F661AA175-8459-20A4-4304-D6969588{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}EFA16147151E-B02A-AD84-DD46-C687BC1B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}7043D2149FCC-043A-EA94-00C5-905D00B3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}A8C105B366DC-DD49-7F14-7939-831A53AF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}27564C0BD3B6-65D9-2844-CA6E-228A5667{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}BB4B02EB9557-7E8B-5B04-31C2-AB27EFB4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}2E496B520FA1-90A9-5644-5409-106A9B45{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}64A533C08EB0-9B9A-2A04-6777-57C929F8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\ugvmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}D2FE1720FB21-E5DA-4C14-2560-7F118BC4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}FAC19C661170-CE39-CC84-2BA7-0D3A6647{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}25B0FFA1C600-A1FB-9174-3F86-6A0617D8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}2B2AD8F878D1-E14A-7954-644F-4C51B044{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}B3B60F978808-FD38-37C4-F12F-A07BF45E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}16D8C6B27B81-F5C9-7694-96A4-52A35307{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}A84BBCCB9F76-94EB-3064-38E6-1DBCC7EA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}B0B8C5EC68B4-7D29-4684-6A60-088C6114{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}45C78228A83C-8418-A4E4-3D7B-F293881F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins

\}7AB292273135-5A89-E4D4-27CF-44DE358C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\

repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\

####sprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\

lavinraCputeS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\

swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\

ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\

eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\

llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\

ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\

evif
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmvgu.exe"=-
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE

OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...
* csr.exe C:\WINDOWS\System32\CSZEI.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSZEI.EXE 51 280 2006-07-24
C:\WINDOWS\SYSTEM32\DMVGU.EXE 62 011 2005-06-15
Other suspects
Directory of C:\WINDOWS\system32
{C853ED44-FC72-4D4E-98A5-531372292BA7}.exe
{F188392F-B7D3-4E4A-8148-C38A82287C54}.exe
{4116C880-06A6-4864-92D7-4B86CE5C8B0B}.exe
{AE7CCBD1-6E83-4603-BE49-67F9BCCBB48A}.exe
{70353A25-4A69-4967-9C5F-18B72B6C8D61}.exe
{E54FB70A-F21F-4C73-83DF-808879F06B3B}.exe
{440B15C4-F446-4597-A41E-1D878F8DA2B2}.exe
{8D7160A6-68F3-4719-BF1A-006C1AFF0B52}.exe
{7466A3D0-7AB2-48CC-93EC-071166C91CAF}.exe
{4CB811F7-0652-41C4-AD5E-12BF0271EF2D}.exe
{8F929C75-7776-40A2-A9B9-0BE80C335A46}.exe
{54B9A601-9045-4465-9A09-1AF025B694E2}.exe
{4BFE72BA-2C13-40B5-B8E7-7559BE20B4BB}.exe
{7665A822-E6AC-4482-9D56-6B3DB0C46572}.exe
{FA35A138-9397-41F7-94DD-CD663B501C8A}.exe
{3B00D509-5C00-49AE-A340-CCF9412D3407}.exe
{B1CB786C-64DD-48DA-A20B-E15174161AFE}.exe
{8859696D-4034-4A02-9548-571AA166F671}.exe
{3FAF6FE3-725B-429B-8C5D-B862479CE962}.exe
{7A3E178C-647A-48F2-98E8-04120C83A197}.exe
{B06F958E-05B5-44D7-998F-63C3706B70AC}.exe
{64EDC078-8C28-438F-ACFB-7C02D50D586F}.exe
{D95CE46B-EE42-4ABF-A90A-05BD38BC732D}.exe
{02EBDC6E-C04A-40C2-84CE-87025FCA8C80}.exe
{08FACAAD-A1A6-4D26-A4EC-7615F60879ED}.exe
{06B40627-C75E-4A2B-B3E3-03A449331649}.exe
{BDD7D1DD-77EB-4A15-90AB-4AF552C34ECB}.exe
{9CB93417-3F30-431B-85EB-913E9A7B570B}.exe
{ACD79F37-0A44-4225-9981-42F6A1F8E284}.exe
{967AFDA7-4679-441F-ABF4-647B6D8C7C07}.exe
{8C3C8549-31C8-42D3-AC90-4FF411BD6414}.exe
{C3FC4047-3CBD-4F2F-802A-B08581F3456A}.exe
{4F088986-8D36-4B7D-B9CD-A0E469AFE595}.exe
{F555F71A-B01C-4942-9DB7-E8B1F89BE40B}.exe
{3EC5E7AE-6222-4438-A694-D601D29D71D6}.exe
{E5735C40-F60B-4199-8337-9F6B507E0C3E}.exe
{B77AC08B-1C89-4F62-B936-37D618575FB7}.exe
{50968BAB-873B-4BE8-8A5C-A75CF2D189C7}.exe
{6AA8F1CF-C11A-402C-A457-EACE92A88668}.exe
{6C060E82-0380-43BF-B30E-9C0369B5CCAA}.exe
{AAA5F0DA-0151-491D-A0B9-4C9128F8FDAE}.exe
{46E77B7D-BD0D-4462-948B-5FDE10841B8F}.exe
{29732751-A9B5-4630-9AB5-5160C745FC80}.exe
{5ADA6316-8A52-4F71-8972-7E1CE0A72398}.exe
{EF0770E6-5732-42BD-A7C2-4EBD0CF2C1C3}.exe
{3EC8604F-E28D-4243-A001-A2E96DDBD906}.exe
{A4A3FD54-00D1-44D9-9987-5F9962A7C774}.exe
{AB2FFF55-8040-4367-AAAD-B6316B104CB2}.exe
{AC96F579-DFDE-4364-B6C5-E5AF0A6D682E}.exe
{CD1C7A18-6163-4C03-ACA2-C85D9E413159}.exe
{69F53DF3-F0A5-4D74-9ABC-82858EC4D686}.exe
{DBA90D1E-9720-4F0B-BA63-77670CA77FB4}.exe
{30D0FB5D-AEFC-4212-A052-B5821BAAD68D}.exe
{36905FFE-86CE-47E1-9B6B-C512D132155B}.exe
{86E9A4F6-90BA-47DD-BA86-E03DCC0A0286}.exe
{13BCF2E8-EBB9-4AB4-81AC-D5E39BDD2C30}.exe
{8714BAD4-0F86-44E7-85B3-8D1D79D3B8D4}.exe
{84F6D33E-89B7-47AC-A17C-82273383AA7F}.exe
{E257896C-2F86-4F81-8278-795B1225F4C6}.exe
{5B504B9B-782F-4418-BBF8-D3FFD9D59250}.exe
{5CFFBAE9-C45B-4D99-A9D0-E6E7D6FC5447}.exe
{A74EF722-72E0-49B9-9C65-501722C9D439}.exe
{9354DDE1-7EF8-4175-8C8C-1AE523207B21}.exe
{65327447-7501-4F8D-8C73-049A0394D04E}.exe
{4103788C-A454-4C6D-AF30-1F5C41939280}.exe
{6C1F86EA-F360-4D08-8A62-CAC75A5C7957}.exe
{4D2E035B-A77A-43A8-9568-926C6295EC4A}.exe
{A1AE1F6E-C12D-4608-BDA5-76AD380A1C62}.exe
{AACC0AF7-AA33-4958-84E2-0E1A2A6FE414}.exe
{8E992A7A-E3B1-44EA-A911-DAA1BB97A1AB}.exe
{5808BB30-F5B5-4362-AD7B-FF70A438C167}.exe
{C1687543-959A-4CD6-9B4B-0B03E1C1E20D}.exe
{77E2B6B3-6B5C-4EA0-A16C-2AC6B96B9F52}.exe
{017E0DFD-F0D4-4767-B82A-0B61ABF36C1D}.exe
{982E7283-CBC8-4535-81C0-22191020F8CA}.exe
{F5623E89-CA10-467E-BA5F-380A25B0E9A5}.exe
{3E0EE9E2-EB00-4DDF-A3E3-E43D240979ED}.exe
{B4FECBFE-AE05-4DC3-8D15-53214FE3DB84}.exe
{E57EA2A8-0792-415A-AA38-B605CAB8063E}.exe
{91C8E4BB-1536-4E79-98F8-EBDBE42F264B}.exe
{04EDB9B9-FABB-4950-A6E1-9090AD1EAC78}.exe
{32AF30CA-0FBC-46D6-B409-086B9633B294}.exe
{E95995D7-B769-48E2-8F99-63A55C8E6ADE}.exe
{FBDE798A-C5AA-4930-8CAF-576E56C4A432}.exe
{B70C76A5-888D-4C6A-828D-1D9ED5A9197A}.exe
{378DC0B3-EDF4-4629-A7E3-38EBA06138E0}.exe
{EB8F57F1-57A1-4F11-A71B-88B9F6C1CE1A}.exe
{D1A38D81-2D41-4BBB-8FDC-9F110891AFC4}.exe
{D5A1E6B2-52C1-4498-BE30-F0B28B6FB0EB}.exe
{D8579608-7070-4A19-AC77-8A4D51E7716B}.exe
{6A0A0946-8439-499C-9979-F61869059607}.exe
{5BE7021B-38DD-46B2-A813-0F96E0DB04AE}.exe
{9EC87B3F-7CAB-49B0-84EC-E6C781408576}.exe
{156492FB-A9FC-422E-B69C-9DC9886344E3}.exe
{38606C86-C9F4-4E01-B22E-EFE614C936CC}.exe
{CDEDFBB9-3FF8-4427-8A66-4B3A4C064CD3}.exe
{67EC7B7A-2185-44A4-A53D-60C47B811D49}.exe
{53A7B9AC-F24D-415A-909D-E12EC7DBA0E6}.exe
{1E08304C-8390-4DC7-A188-EBB78298698E}.exe
{0283FD12-6455-4D98-B77A-ECD6D274BA91}.exe
{A5B78B96-0BC6-49BA-B8FA-769DFBE838DC}.exe
{296D7867-A3B2-4776-A68E-C30DA0BBA4B5}.exe
{C985829D-7FA2-4E71-8A70-95D1798FCECA}.exe
{FCC8E534-2775-43A0-8879-43AE35B88F07}.exe
{DE8698D5-25B0-41E8-9AD2-7A70A789966C}.exe
{0BD00BAF-35F8-46E2-97C6-7ACFF72FD1D8}.exe
{CD8958AB-DB72-4D3D-BBA5-3D50A1187460}.exe
{C4CFD450-19A4-4AA0-B9CB-DA36103B2F3C}.exe
{71B7D448-CA0A-4B14-BB14-1E1751200FF8}.exe
{EAB0DDF2-F401-462B-99A5-D739DB0B8E76}.exe
{3C7DE2BC-BA10-4ED8-889D-C7E85B136C0F}.exe
{7D97BC75-F025-439C-A8C5-069088D31BE6}.exe
{C4846511-3DC8-4CC3-B957-76BA4D54C79C}.exe
{1218D32A-CD25-4DB8-B269-AD1776295A52}.exe
{49AA0FC9-E0E6-432A-855B-9621059B19B3}.exe
{9BF6FAFB-93A6-450B-A0FC-4147F5D6002F}.exe
{058BE7F0-5F46-4218-BDA7-352351D5BBED}.exe
{891DA1BB-A3E3-4A2B-9B8C-9CF72FAC1628}.exe
{415CB65F-E57D-4BAB-BBB8-23C3B21609D2}.exe
{1ACAB9DC-7B75-40A5-8C5C-A45E77B56F09}.exe
{36ABE13D-B902-495E-8C8D-6543B28EC3B5}.exe
{F6ACF8CE-D50F-42FC-8458-9B9C569AFB24}.exe
{B672D87E-D4A9-4805-BC3E-1C1020A65D86}.exe
{DEB28363-313F-47C2-B5F3-1212F3530FF9}.exe
{3BE6A32B-0242-477B-86E8-04E17EF054F9}.exe
{D06C3141-ED21-4931-97E3-ED5D337F97A1}.exe
{B1BDC778-CF8B-4774-8A3D-56F709B7F99C}.exe
{9AD22F70-EF6C-4F0C-90C5-B41E2C9A163E}.exe
{AA8C3680-C472-4205-9A98-B0125D4FB940}.exe
{F76E15F7-68EA-458E-9539-6E1A93AE4B72}.exe
{65F0D932-1989-4202-B603-F1203CD2F984}.exe
{876B91AD-EC75-4AD0-9813-5850E953483B}.exe
{C806F1FA-4FB7-4361-A5E7-F024797DBC25}.exe
{94FBD315-9DE0-488A-A517-520B29C60769}.exe
{E2D3AB92-ABB3-491B-9033-5EDECA615953}.exe
{CEDB18B4-656C-49DD-A513-631A3C303BD9}.exe
{EF9E0F59-563B-42FF-845B-8FC75BA8745B}.exe
{44DB9084-2664-41A1-87B5-42B198DD7E19}.exe
{3BE4A433-F59A-4F5D-AB19-B466848A99CA}.exe
{F5FF2D7D-F55C-4B43-AADC-59B47FAC9545}.exe
{491EABF2-B512-4698-B5D9-8AB7F0371498}.exe
{6DE8B50E-1E29-4C24-9711-5A80C64FB776}.exe
{308B1A16-6A23-481D-90FD-19043926ACCA}.exe
{C283FA42-BE65-4CBF-A97C-C7D4645FC0F4}.exe
{6793BB5F-C4A9-4516-8123-DD8C7B11857C}.exe
{89A058E2-FBF7-49BB-8143-D165E2373091}.exe
{FED1B5BF-88BB-4D00-86CA-AE11D98A866F}.exe
{75307AEE-5009-45DE-AF9C-90D668C0EB6F}.exe
{90ADA39F-C379-4934-B23C-6D1ECBF1ABF2}.exe
{D853C887-FF5F-4A17-B3CF-3288E6DB4439}.exe
{10D84E45-153C-41AC-8B3C-A236244A7CA3}.exe
{F02342F0-89A7-4737-9567-42BFF3D53DE6}.exe
{C5A562D7-7C02-459F-88E9-BDECCA091D63}.exe
{FD5B4DDA-1522-4BB6-9641-F47F4A29AED7}.exe
{6B52A656-499C-4EB2-AA76-31054081D838}.exe
{8E6A6344-F412-41A9-8213-86EB3B2CE108}.exe
{B54CA74E-9342-4CE6-94F8-C24C1FC64B36}.exe
{A3F9D46F-5A9E-4399-A4C4-AD920801B9B7}.exe
{524670D7-AF81-43F4-9E51-15FEAD094D3E}.exe
{ED61DAEF-F255-4030-833D-A17A0261487D}.exe
{601DE6DB-6164-4679-A461-D279F215B1D6}.exe
{6645EF5C-63AD-4DD7-9F0C-8CA5D1A1767B}.exe
{89E7ACED-4712-43E9-B3E0-4FF127A7C2B0}.exe
{C36BD569-DEB8-460F-B8E1-F8FF860F0886}.exe
{00FF61CF-3D0A-4768-9935-FA264466869C}.exe
{41C54713-45E7-4E80-A7C4-1BC62EF2A96E}.exe
{BC834871-B366-4EF6-8BF0-DDEFA12F3207}.exe
{49EDB6A7-5DB6-47DF-B069-36A46346495B}.exe
{E41F6623-6CE5-440F-8E10-B4F63463B1B6}.exe
{7AE79CF2-D907-44FB-8150-5EA1FDE54E0C}.exe
{F6D82643-7219-47E2-BC61-97845AB4DD1B}.exe
{61D64C95-95C4-4BBA-BC59-0C85F10A1338}.exe


Logfile of HijackThis v1.99.1
Scan saved at 00:35:10, on 01/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SMSC\Seticon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Philips\Disque externe\Blue Button\bbSysTray.exe
C:\PROGRA~1\M280NT\RMTSTOCK.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\M280NT\MIXERCTL.EXE
C:\Program Files\NetDrive\netdrive.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\PROGRA~1\M280NT\KBOSDCTL.EXE
C:\PROGRA~1\M280NT\KBRmt32.Exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\PROGRA~1\M280NT\CDMng32.EXE
C:\Program Files\SOUNDGRAPH\iMON\iMON.exe
C:\PROGRA~1\M280NT\RmtConvt.EXE
C:\PROGRA~1\M280NT\BKGRD32.EXE
C:\PROGRA~1\M280NT\CDMng32.EXE
C:\PROGRA~1\M280NT\RMTSPECL.EXE
C:\PROGRA~1\M280NT\MxrCtl32.EXE
C:\PROGRA~1\M280NT\CALCMNG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\M280NT\RECMNG.EXE
C:\WINDOWS\lclock.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\M280NT\DKeyBEx.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Fabrice\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [MultimediaKey] C:\PROGRA~1\M280NT\DriBat32.EXE DKBoot.INI
O4 - HKLM\..\Run: [bbSysTray] C:\Program Files\Philips\Disque externe\Blue Button\bbSysTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [iMON] C:\Program Files\SOUNDGRAPH\iMON\iMON.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [STOPzilla] /autostart
O4 - HKLM\..\Run: [mhdzo.exe] C:\WINDOWS\system32\mhdzo.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O17 - HKLM\System\CCS\Services\Tcpip\..\{25BB9DB4-5BD7-4616-949A-A0A6756E1523}: NameServer = 85.255.114.88,85.255.112.72
O17 - HKLM\System\CCS\Services\Tcpip\..\{7339CD24-0EE0-4532-8D6E-4D381CDFB983}: NameServer = 85.255.114.88,85.255.112.72
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F892FA6-C237-4F4E-BD03-BD29E48595F0}: NameServer = 85.255.114.88,85.255.112.72
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDA70CC9-849C-4CA0-9271-8F243BC195F8}: NameServer = 85.255.114.88,85.255.112.72
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.88 85.255.112.72
O17 - HKLM\System\CS1\Services\Tcpip\..\{25BB9DB4-5BD7-4616-949A-A0A6756E1523}: NameServer = 85.255.114.88,85.255.112.72
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.88 85.255.112.72
O17 - HKLM\System\CS2\Services\Tcpip\..\{25BB9DB4-5BD7-4616-949A-A0A6756E1523}: NameServer = 85.255.114.88,85.255.112.72
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.88 85.255.112.72
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Fichiers communs\STOPzilla!\SZServer.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

On continue.

&& Télécharge la dernière version de Killbox
http://www.downloads.subratam.org/KillBox.zip
Place le programme dans le répertoire qui te plaît.


&& Relance un scan HijackThis et coche les lignes ci-dessous :

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mhdzo.exe] C:\WINDOWS\system32\mhdzo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{25BB9DB4-5BD7-4616-949A-A0A6756E1523}: NameServer = 85.255.114.88,85.255.112.72
O17 - HKLM\System\CCS\Services\Tcpip\..\{7339CD24-0EE0-4532-8D6E-4D381CDFB983}: NameServer = 85.255.114.88,85.255.112.72
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F892FA6-C237-4F4E-BD03-BD29E48595F0}: NameServer = 85.255.114.88,85.255.112.72
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDA70CC9-849C-4CA0-9271-8F243BC195F8}: NameServer = 85.255.114.88,85.255.112.72
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.88 85.255.112.72
O17 - HKLM\System\CS1\Services\Tcpip\..\{25BB9DB4-5BD7-4616-949A-A0A6756E1523}: NameServer = 85.255.114.88,85.255.112.72
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.88 85.255.112.72
O17 - HKLM\System\CS2\Services\Tcpip\..\{25BB9DB4-5BD7-4616-949A-A0A6756E1523}: NameServer = 85.255.114.88,85.255.112.72
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.88 85.255.112.72


&& Lance Pocket Killbox
--- choisis l'option Delete on Reboot
--- copie la liste ci-dessous, des fichiers à supprimer (Ctrl-C) et File / Paste from Clipboard

C:\WINDOWS\SYSTEM32\CSZEI.EXE
C:\WINDOWS\SYSTEM32\DMVGU.EXE
C:\WINDOWS\SYSTEM32\{C853ED44-FC72-4D4E-98A5-531372292BA7}.exe
C:\WINDOWS\SYSTEM32\{F188392F-B7D3-4E4A-8148-C38A82287C54}.exe
C:\WINDOWS\SYSTEM32\{4116C880-06A6-4864-92D7-4B86CE5C8B0B}.exe
C:\WINDOWS\SYSTEM32\{AE7CCBD1-6E83-4603-BE49-67F9BCCBB48A}.exe
C:\WINDOWS\SYSTEM32\{70353A25-4A69-4967-9C5F-18B72B6C8D61}.exe
C:\WINDOWS\SYSTEM32\{E54FB70A-F21F-4C73-83DF-808879F06B3B}.exe
C:\WINDOWS\SYSTEM32\{440B15C4-F446-4597-A41E-1D878F8DA2B2}.exe
C:\WINDOWS\SYSTEM32\{8D7160A6-68F3-4719-BF1A-006C1AFF0B52}.exe
C:\WINDOWS\SYSTEM32\{7466A3D0-7AB2-48CC-93EC-071166C91CAF}.exe
C:\WINDOWS\SYSTEM32\{4CB811F7-0652-41C4-AD5E-12BF0271EF2D}.exe
C:\WINDOWS\SYSTEM32\{8F929C75-7776-40A2-A9B9-0BE80C335A46}.exe
C:\WINDOWS\SYSTEM32\{54B9A601-9045-4465-9A09-1AF025B694E2}.exe
C:\WINDOWS\SYSTEM32\{4BFE72BA-2C13-40B5-B8E7-7559BE20B4BB}.exe
C:\WINDOWS\SYSTEM32\{7665A822-E6AC-4482-9D56-6B3DB0C46572}.exe
C:\WINDOWS\SYSTEM32\{FA35A138-9397-41F7-94DD-CD663B501C8A}.exe
C:\WINDOWS\SYSTEM32\{3B00D509-5C00-49AE-A340-CCF9412D3407}.exe
C:\WINDOWS\SYSTEM32\{B1CB786C-64DD-48DA-A20B-E15174161AFE}.exe
C:\WINDOWS\SYSTEM32\{8859696D-4034-4A02-9548-571AA166F671}.exe
C:\WINDOWS\SYSTEM32\{3FAF6FE3-725B-429B-8C5D-B862479CE962}.exe
C:\WINDOWS\SYSTEM32\{7A3E178C-647A-48F2-98E8-04120C83A197}.exe
C:\WINDOWS\SYSTEM32\{B06F958E-05B5-44D7-998F-63C3706B70AC}.exe
C:\WINDOWS\SYSTEM32\{64EDC078-8C28-438F-ACFB-7C02D50D586F}.exe
C:\WINDOWS\SYSTEM32\{D95CE46B-EE42-4ABF-A90A-05BD38BC732D}.exe
C:\WINDOWS\SYSTEM32\{02EBDC6E-C04A-40C2-84CE-87025FCA8C80}.exe
C:\WINDOWS\SYSTEM32\{08FACAAD-A1A6-4D26-A4EC-7615F60879ED}.exe
C:\WINDOWS\SYSTEM32\{06B40627-C75E-4A2B-B3E3-03A449331649}.exe
C:\WINDOWS\SYSTEM32\{BDD7D1DD-77EB-4A15-90AB-4AF552C34ECB}.exe
C:\WINDOWS\SYSTEM32\{9CB93417-3F30-431B-85EB-913E9A7B570B}.exe
C:\WINDOWS\SYSTEM32\{ACD79F37-0A44-4225-9981-42F6A1F8E284}.exe
C:\WINDOWS\SYSTEM32\{967AFDA7-4679-441F-ABF4-647B6D8C7C07}.exe
C:\WINDOWS\SYSTEM32\{8C3C8549-31C8-42D3-AC90-4FF411BD6414}.exe
C:\WINDOWS\SYSTEM32\{C3FC4047-3CBD-4F2F-802A-B08581F3456A}.exe
C:\WINDOWS\SYSTEM32\{4F088986-8D36-4B7D-B9CD-A0E469AFE595}.exe
C:\WINDOWS\SYSTEM32\{F555F71A-B01C-4942-9DB7-E8B1F89BE40B}.exe
C:\WINDOWS\SYSTEM32\{3EC5E7AE-6222-4438-A694-D601D29D71D6}.exe
C:\WINDOWS\SYSTEM32\{E5735C40-F60B-4199-8337-9F6B507E0C3E}.exe
C:\WINDOWS\SYSTEM32\{B77AC08B-1C89-4F62-B936-37D618575FB7}.exe
C:\WINDOWS\SYSTEM32\{50968BAB-873B-4BE8-8A5C-A75CF2D189C7}.exe
C:\WINDOWS\SYSTEM32\{6AA8F1CF-C11A-402C-A457-EACE92A88668}.exe
C:\WINDOWS\SYSTEM32\{6C060E82-0380-43BF-B30E-9C0369B5CCAA}.exe
C:\WINDOWS\SYSTEM32\{AAA5F0DA-0151-491D-A0B9-4C9128F8FDAE}.exe
C:\WINDOWS\SYSTEM32\{46E77B7D-BD0D-4462-948B-5FDE10841B8F}.exe
C:\WINDOWS\SYSTEM32\{29732751-A9B5-4630-9AB5-5160C745FC80}.exe
C:\WINDOWS\SYSTEM32\{5ADA6316-8A52-4F71-8972-7E1CE0A72398}.exe
C:\WINDOWS\SYSTEM32\{EF0770E6-5732-42BD-A7C2-4EBD0CF2C1C3}.exe
C:\WINDOWS\SYSTEM32\{3EC8604F-E28D-4243-A001-A2E96DDBD906}.exe
C:\WINDOWS\SYSTEM32\{A4A3FD54-00D1-44D9-9987-5F9962A7C774}.exe
C:\WINDOWS\SYSTEM32\{AB2FFF55-8040-4367-AAAD-B6316B104CB2}.exe
C:\WINDOWS\SYSTEM32\{AC96F579-DFDE-4364-B6C5-E5AF0A6D682E}.exe
C:\WINDOWS\SYSTEM32\{CD1C7A18-6163-4C03-ACA2-C85D9E413159}.exe
C:\WINDOWS\SYSTEM32\{69F53DF3-F0A5-4D74-9ABC-82858EC4D686}.exe
C:\WINDOWS\SYSTEM32\{DBA90D1E-9720-4F0B-BA63-77670CA77FB4}.exe
C:\WINDOWS\SYSTEM32\{30D0FB5D-AEFC-4212-A052-B5821BAAD68D}.exe
C:\WINDOWS\SYSTEM32\{36905FFE-86CE-47E1-9B6B-C512D132155B}.exe
C:\WINDOWS\SYSTEM32\{86E9A4F6-90BA-47DD-BA86-E03DCC0A0286}.exe
C:\WINDOWS\SYSTEM32\{13BCF2E8-EBB9-4AB4-81AC-D5E39BDD2C30}.exe
C:\WINDOWS\SYSTEM32\{8714BAD4-0F86-44E7-85B3-8D1D79D3B8D4}.exe
C:\WINDOWS\SYSTEM32\{84F6D33E-89B7-47AC-A17C-82273383AA7F}.exe
C:\WINDOWS\SYSTEM32\{E257896C-2F86-4F81-8278-795B1225F4C6}.exe
C:\WINDOWS\SYSTEM32\{5B504B9B-782F-4418-BBF8-D3FFD9D59250}.exe
C:\WINDOWS\SYSTEM32\{5CFFBAE9-C45B-4D99-A9D0-E6E7D6FC5447}.exe
C:\WINDOWS\SYSTEM32\{A74EF722-72E0-49B9-9C65-501722C9D439}.exe
C:\WINDOWS\SYSTEM32\{9354DDE1-7EF8-4175-8C8C-1AE523207B21}.exe
C:\WINDOWS\SYSTEM32\{65327447-7501-4F8D-8C73-049A0394D04E}.exe
C:\WINDOWS\SYSTEM32\{4103788C-A454-4C6D-AF30-1F5C41939280}.exe
C:\WINDOWS\SYSTEM32\{6C1F86EA-F360-4D08-8A62-CAC75A5C7957}.exe
C:\WINDOWS\SYSTEM32\{4D2E035B-A77A-43A8-9568-926C6295EC4A}.exe
C:\WINDOWS\SYSTEM32\{A1AE1F6E-C12D-4608-BDA5-76AD380A1C62}.exe
C:\WINDOWS\SYSTEM32\{AACC0AF7-AA33-4958-84E2-0E1A2A6FE414}.exe
C:\WINDOWS\SYSTEM32\{8E992A7A-E3B1-44EA-A911-DAA1BB97A1AB}.exe
C:\WINDOWS\SYSTEM32\{5808BB30-F5B5-4362-AD7B-FF70A438C167}.exe
C:\WINDOWS\SYSTEM32\{C1687543-959A-4CD6-9B4B-0B03E1C1E20D}.exe
C:\WINDOWS\SYSTEM32\{77E2B6B3-6B5C-4EA0-A16C-2AC6B96B9F52}.exe
C:\WINDOWS\SYSTEM32\{017E0DFD-F0D4-4767-B82A-0B61ABF36C1D}.exe
C:\WINDOWS\SYSTEM32\{982E7283-CBC8-4535-81C0-22191020F8CA}.exe
C:\WINDOWS\SYSTEM32\{F5623E89-CA10-467E-BA5F-380A25B0E9A5}.exe
C:\WINDOWS\SYSTEM32\{3E0EE9E2-EB00-4DDF-A3E3-E43D240979ED}.exe
C:\WINDOWS\SYSTEM32\{B4FECBFE-AE05-4DC3-8D15-53214FE3DB84}.exe
C:\WINDOWS\SYSTEM32\{E57EA2A8-0792-415A-AA38-B605CAB8063E}.exe
C:\WINDOWS\SYSTEM32\{91C8E4BB-1536-4E79-98F8-EBDBE42F264B}.exe
C:\WINDOWS\SYSTEM32\{04EDB9B9-FABB-4950-A6E1-9090AD1EAC78}.exe
C:\WINDOWS\SYSTEM32\{32AF30CA-0FBC-46D6-B409-086B9633B294}.exe
C:\WINDOWS\SYSTEM32\{E95995D7-B769-48E2-8F99-63A55C8E6ADE}.exe
C:\WINDOWS\SYSTEM32\{FBDE798A-C5AA-4930-8CAF-576E56C4A432}.exe
C:\WINDOWS\SYSTEM32\{B70C76A5-888D-4C6A-828D-1D9ED5A9197A}.exe
C:\WINDOWS\SYSTEM32\{378DC0B3-EDF4-4629-A7E3-38EBA06138E0}.exe
C:\WINDOWS\SYSTEM32\{EB8F57F1-57A1-4F11-A71B-88B9F6C1CE1A}.exe
C:\WINDOWS\SYSTEM32\{D1A38D81-2D41-4BBB-8FDC-9F110891AFC4}.exe
C:\WINDOWS\SYSTEM32\{D5A1E6B2-52C1-4498-BE30-F0B28B6FB0EB}.exe
C:\WINDOWS\SYSTEM32\{D8579608-7070-4A19-AC77-8A4D51E7716B}.exe
C:\WINDOWS\SYSTEM32\{6A0A0946-8439-499C-9979-F61869059607}.exe
C:\WINDOWS\SYSTEM32\{5BE7021B-38DD-46B2-A813-0F96E0DB04AE}.exe
{C:\WINDOWS\SYSTEM32\9EC87B3F-7CAB-49B0-84EC-E6C781408576}.exe
C:\WINDOWS\SYSTEM32\{156492FB-A9FC-422E-B69C-9DC9886344E3}.exe
C:\WINDOWS\SYSTEM32\{38606C86-C9F4-4E01-B22E-EFE614C936CC}.exe
C:\WINDOWS\SYSTEM32\{CDEDFBB9-3FF8-4427-8A66-4B3A4C064CD3}.exe
C:\WINDOWS\SYSTEM32\{67EC7B7A-2185-44A4-A53D-60C47B811D49}.exe
C:\WINDOWS\SYSTEM32\{53A7B9AC-F24D-415A-909D-E12EC7DBA0E6}.exe
C:\WINDOWS\SYSTEM32\{1E08304C-8390-4DC7-A188-EBB78298698E}.exe
C:\WINDOWS\SYSTEM32\{0283FD12-6455-4D98-B77A-ECD6D274BA91}.exe
C:\WINDOWS\SYSTEM32\{A5B78B96-0BC6-49BA-B8FA-769DFBE838DC}.exe
C:\WINDOWS\SYSTEM32\{296D7867-A3B2-4776-A68E-C30DA0BBA4B5}.exe
C:\WINDOWS\SYSTEM32\{C985829D-7FA2-4E71-8A70-95D1798FCECA}.exe
C:\WINDOWS\SYSTEM32\{FCC8E534-2775-43A0-8879-43AE35B88F07}.exe
C:\WINDOWS\SYSTEM32\{DE8698D5-25B0-41E8-9AD2-7A70A789966C}.exe
C:\WINDOWS\SYSTEM32\{0BD00BAF-35F8-46E2-97C6-7ACFF72FD1D8}.exe
C:\WINDOWS\SYSTEM32\{CD8958AB-DB72-4D3D-BBA5-3D50A1187460}.exe
C:\WINDOWS\SYSTEM32\{C4CFD450-19A4-4AA0-B9CB-DA36103B2F3C}.exe
C:\WINDOWS\SYSTEM32\{71B7D448-CA0A-4B14-BB14-1E1751200FF8}.exe
C:\WINDOWS\SYSTEM32\{EAB0DDF2-F401-462B-99A5-D739DB0B8E76}.exe
C:\WINDOWS\SYSTEM32\{3C7DE2BC-BA10-4ED8-889D-C7E85B136C0F}.exe
C:\WINDOWS\SYSTEM32\{7D97BC75-F025-439C-A8C5-069088D31BE6}.exe
C:\WINDOWS\SYSTEM32\{C4846511-3DC8-4CC3-B957-76BA4D54C79C}.exe
C:\WINDOWS\SYSTEM32\{1218D32A-CD25-4DB8-B269-AD1776295A52}.exe
C:\WINDOWS\SYSTEM32\{49AA0FC9-E0E6-432A-855B-9621059B19B3}.exe
C:\WINDOWS\SYSTEM32\{9BF6FAFB-93A6-450B-A0FC-4147F5D6002F}.exe
C:\WINDOWS\SYSTEM32\{058BE7F0-5F46-4218-BDA7-352351D5BBED}.exe
C:\WINDOWS\SYSTEM32\{891DA1BB-A3E3-4A2B-9B8C-9CF72FAC1628}.exe
C:\WINDOWS\SYSTEM32\{415CB65F-E57D-4BAB-BBB8-23C3B21609D2}.exe
C:\WINDOWS\SYSTEM32\{1ACAB9DC-7B75-40A5-8C5C-A45E77B56F09}.exe
C:\WINDOWS\SYSTEM32\{36ABE13D-B902-495E-8C8D-6543B28EC3B5}.exe
C:\WINDOWS\SYSTEM32\{F6ACF8CE-D50F-42FC-8458-9B9C569AFB24}.exe
C:\WINDOWS\SYSTEM32\{B672D87E-D4A9-4805-BC3E-1C1020A65D86}.exe
C:\WINDOWS\SYSTEM32\{DEB28363-313F-47C2-B5F3-1212F3530FF9}.exe
C:\WINDOWS\SYSTEM32\{3BE6A32B-0242-477B-86E8-04E17EF054F9}.exe
C:\WINDOWS\SYSTEM32\{D06C3141-ED21-4931-97E3-ED5D337F97A1}.exe
C:\WINDOWS\SYSTEM32\{B1BDC778-CF8B-4774-8A3D-56F709B7F99C}.exe
C:\WINDOWS\SYSTEM32\{9AD22F70-EF6C-4F0C-90C5-B41E2C9A163E}.exe
C:\WINDOWS\SYSTEM32\{AA8C3680-C472-4205-9A98-B0125D4FB940}.exe
C:\WINDOWS\SYSTEM32\{F76E15F7-68EA-458E-9539-6E1A93AE4B72}.exe
C:\WINDOWS\SYSTEM32\{65F0D932-1989-4202-B603-F1203CD2F984}.exe
C:\WINDOWS\SYSTEM32\{876B91AD-EC75-4AD0-9813-5850E953483B}.exe
C:\WINDOWS\SYSTEM32\{C806F1FA-4FB7-4361-A5E7-F024797DBC25}.exe
C:\WINDOWS\SYSTEM32\{94FBD315-9DE0-488A-A517-520B29C60769}.exe
C:\WINDOWS\SYSTEM32\{E2D3AB92-ABB3-491B-9033-5EDECA615953}.exe
C:\WINDOWS\SYSTEM32\{CEDB18B4-656C-49DD-A513-631A3C303BD9}.exe
C:\WINDOWS\SYSTEM32\{EF9E0F59-563B-42FF-845B-8FC75BA8745B}.exe
C:\WINDOWS\SYSTEM32\{44DB9084-2664-41A1-87B5-42B198DD7E19}.exe
C:\WINDOWS\SYSTEM32\{3BE4A433-F59A-4F5D-AB19-B466848A99CA}.exe
C:\WINDOWS\SYSTEM32\{F5FF2D7D-F55C-4B43-AADC-59B47FAC9545}.exe
C:\WINDOWS\SYSTEM32\{491EABF2-B512-4698-B5D9-8AB7F0371498}.exe
C:\WINDOWS\SYSTEM32\{6DE8B50E-1E29-4C24-9711-5A80C64FB776}.exe
C:\WINDOWS\SYSTEM32\{308B1A16-6A23-481D-90FD-19043926ACCA}.exe
C:\WINDOWS\SYSTEM32\{C283FA42-BE65-4CBF-A97C-C7D4645FC0F4}.exe
C:\WINDOWS\SYSTEM32\{6793BB5F-C4A9-4516-8123-DD8C7B11857C}.exe
C:\WINDOWS\SYSTEM32\{89A058E2-FBF7-49BB-8143-D165E2373091}.exe
C:\WINDOWS\SYSTEM32\{FED1B5BF-88BB-4D00-86CA-AE11D98A866F}.exe
C:\WINDOWS\SYSTEM32\{75307AEE-5009-45DE-AF9C-90D668C0EB6F}.exe
C:\WINDOWS\SYSTEM32\{90ADA39F-C379-4934-B23C-6D1ECBF1ABF2}.exe
C:\WINDOWS\SYSTEM32\{D853C887-FF5F-4A17-B3CF-3288E6DB4439}.exe
C:\WINDOWS\SYSTEM32\{10D84E45-153C-41AC-8B3C-A236244A7CA3}.exe
C:\WINDOWS\SYSTEM32\{F02342F0-89A7-4737-9567-42BFF3D53DE6}.exe
C:\WINDOWS\SYSTEM32\{C5A562D7-7C02-459F-88E9-BDECCA091D63}.exe
C:\WINDOWS\SYSTEM32\{FD5B4DDA-1522-4BB6-9641-F47F4A29AED7}.exe
C:\WINDOWS\SYSTEM32\{6B52A656-499C-4EB2-AA76-31054081D838}.exe
C:\WINDOWS\SYSTEM32\{8E6A6344-F412-41A9-8213-86EB3B2CE108}.exe
C:\WINDOWS\SYSTEM32\{B54CA74E-9342-4CE6-94F8-C24C1FC64B36}.exe
C:\WINDOWS\SYSTEM32\{A3F9D46F-5A9E-4399-A4C4-AD920801B9B7}.exe
C:\WINDOWS\SYSTEM32\{524670D7-AF81-43F4-9E51-15FEAD094D3E}.exe
C:\WINDOWS\SYSTEM32\{ED61DAEF-F255-4030-833D-A17A0261487D}.exe
C:\WINDOWS\SYSTEM32\{601DE6DB-6164-4679-A461-D279F215B1D6}.exe
C:\WINDOWS\SYSTEM32\{6645EF5C-63AD-4DD7-9F0C-8CA5D1A1767B}.exe
C:\WINDOWS\SYSTEM32\{89E7ACED-4712-43E9-B3E0-4FF127A7C2B0}.exe
C:\WINDOWS\SYSTEM32\{C36BD569-DEB8-460F-B8E1-F8FF860F0886}.exe
C:\WINDOWS\SYSTEM32\{00FF61CF-3D0A-4768-9935-FA264466869C}.exe
C:\WINDOWS\SYSTEM32\{41C54713-45E7-4E80-A7C4-1BC62EF2A96E}.exe
C:\WINDOWS\SYSTEM32\{BC834871-B366-4EF6-8BF0-DDEFA12F3207}.exe
C:\WINDOWS\SYSTEM32\{49EDB6A7-5DB6-47DF-B069-36A46346495B}.exe
C:\WINDOWS\SYSTEM32\{E41F6623-6CE5-440F-8E10-B4F63463B1B6}.exe
C:\WINDOWS\SYSTEM32\{7AE79CF2-D907-44FB-8150-5EA1FDE54E0C}.exe
C:\WINDOWS\SYSTEM32\{F6D82643-7219-47E2-BC61-97845AB4DD1B}.exe
C:\WINDOWS\SYSTEM32\{61D64C95-95C4-4BBA-BC59-0C85F10A1338}.exe[/color]

* les boutons "Single File" et "All Files" deviennent actifs mais "Single File" est activé par défaut.
Il faut alors impérativement activer (cliquer sur) "All Files", impérativement, sinon seul le premier de la liste sera supprimé.
--- clique sur la croix blanche sur fond rouge (Delete File) :

- "File will be Removed on Reboot, Do you want to reboot now?", réponds NON.


&& Relance Fixwareout.

Poste ensuite les rapports HijackThis et FixWareout.

Bonjour et merci à toi pour ton aide.

Voiçi les 2 rapports :


Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects
Directory of C:\WINDOWS\system32
{9EC87B3F-7CAB-49B0-84EC-E6C781408576}.exe


Logfile of HijackThis v1.99.1
Scan saved at 07:35:47, on 01/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SMSC\Seticon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Philips\Disque externe\Blue Button\bbSysTray.exe
C:\PROGRA~1\M280NT\RMTSTOCK.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\M280NT\MIXERCTL.EXE
C:\Program Files\NetDrive\netdrive.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\PROGRA~1\M280NT\KBOSDCTL.EXE
C:\PROGRA~1\M280NT\KBRmt32.Exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\PROGRA~1\M280NT\CDMng32.EXE
C:\PROGRA~1\M280NT\RmtConvt.EXE
C:\Program Files\SOUNDGRAPH\iMON\iMON.exe
C:\PROGRA~1\M280NT\BKGRD32.EXE
C:\PROGRA~1\M280NT\RMTSPECL.EXE
C:\PROGRA~1\M280NT\CALCMNG.EXE
C:\PROGRA~1\M280NT\RECMNG.EXE
C:\PROGRA~1\M280NT\MxrCtl32.EXE
C:\PROGRA~1\M280NT\DKeyBEx.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Documents and Settings\Fabrice\Bureau\HijackThis.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\sistray.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [MultimediaKey] C:\PROGRA~1\M280NT\DriBat32.EXE DKBoot.INI
O4 - HKLM\..\Run: [bbSysTray] C:\Program Files\Philips\Disque externe\Blue Button\bbSysTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [iMON] C:\Program Files\SOUNDGRAPH\iMON\iMON.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [STOPzilla] /autostart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Fichiers communs\STOPzilla!\SZServer.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

C'est mieux.

FixWareout trouve encore un fichier.

&& Lance Pocket Killbox
--- choisis l'option Delete on Reboot
--- copie le chemin complet du fichier dans la boîte "Full Path of File to Delete" :

C:\WINDOWS\SYSTEM32\{9EC87B3F-7CAB-49B0-84EC-E6C781408576}.exe[/color]

--- clique sur la croix blanche sur fond rouge (Delete File) :
- "File will be Removed on Reboot, Do you want to reboot now?", réponds NON.


&& Relance Fixwareout.

Poste ensuite les rapports HijackThis et FixWareout.

Voiçi les fichiers :


Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects
Directory of C:\WINDOWS\system32


Logfile of HijackThis v1.99.1
Scan saved at 18:28:09, on 01/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SMSC\Seticon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\PROGRA~1\M280NT\RMTSTOCK.EXE
C:\Program Files\Philips\Disque externe\Blue Button\bbSysTray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NetDrive\netdrive.exe
C:\PROGRA~1\M280NT\MIXERCTL.EXE
C:\PROGRA~1\M280NT\KBRmt32.Exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\PROGRA~1\M280NT\KBOSDCTL.EXE
C:\Program Files\SOUNDGRAPH\iMON\iMON.exe
C:\PROGRA~1\M280NT\CDMng32.EXE
C:\PROGRA~1\M280NT\RmtConvt.EXE
C:\PROGRA~1\M280NT\BKGRD32.EXE
C:\PROGRA~1\M280NT\RMTSPECL.EXE
C:\PROGRA~1\M280NT\CDMng32.EXE
C:\PROGRA~1\M280NT\CALCMNG.EXE
C:\PROGRA~1\M280NT\MxrCtl32.EXE
C:\PROGRA~1\M280NT\RECMNG.EXE
C:\PROGRA~1\M280NT\DKeyBEx.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Documents and Settings\Fabrice\Bureau\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [MultimediaKey] C:\PROGRA~1\M280NT\DriBat32.EXE DKBoot.INI
O4 - HKLM\..\Run: [bbSysTray] C:\Program Files\Philips\Disque externe\Blue Button\bbSysTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [iMON] C:\Program Files\SOUNDGRAPH\iMON\iMON.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [STOPzilla] /autostart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Fichiers communs\STOPzilla!\SZServer.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

Bonjour,

Je suppose que si il n'y a pas de suite, le problème est réglé :-)

Un grand merci pour ton aide, et merci de l'existence de ce forum :-)