RESOLU - Bouillon de culture de virus ?

Bonjour


Oui, il en reste.

Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.

Ok merci, je fais ça ce soir. J'ai tout tenté : SDFix, Clean, Spybot, AVG Anti spyware, BFU pfiou, mais pas combofix.exe  
Juste pour info, comme je suis nouveau dans ce domaine (je suis plus dans le développement   ), à quoi tu vois qu'il me faut ça ? Par expérience ? (il y a surement quelque part on ze web des tutos à me recommander ?).

Je vois bien qu'il y a des dll toutes pourries et ce fichu qwerty12.exe que avvg n'arrive pas à supprimer totalement...

En tt cas merci beaucoup d'avance pour ton aide future !

Voici le rapport Combofix :

"Administrateur" - 2007-07-12 20:09:50 - ComboFix 07-07-12.3 - Service Pack 1


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\winmbj32.dll
C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.bak2
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\jkkji.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ADMINI~1\MESDOC~1.\sstem3~1
C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 )))))))))))))))))))))))))))))))


2007-07-12 20:09 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-12 20:08 66,112 --a------ C:\WINDOWS\system32\cyrgvomr.exe
2007-07-11 17:07 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-11 17:07 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-11 17:07 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-11 17:06 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-07-11 17:06 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-11 17:06 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-11 17:06 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-11 17:06 <REP> d-------- C:\Program Files\Alwil Software
2007-07-11 16:11 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-11 16:05 <REP> d-------- C:\bintheredunthat
2007-07-11 15:58 <REP> d-------- C:\WINDOWS\CSC
2007-07-11 15:50 31,254 --a------ C:\WINDOWS\system32\pmnoomj.dll
2007-07-11 15:50 <REP> d-------- C:\BFU
2007-07-11 15:38 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-11 15:25 <REP> d-------- C:\WINDOWS\Favoris
2007-07-11 15:21 <REP> d-------- C:\VundoFix Backups
2007-07-11 15:01 31,254 --a------ C:\WINDOWS\system32\tuvssqq.dll
2007-07-11 14:38 31,254 --a------ C:\WINDOWS\system32\ssqqroo.dll
2007-07-11 14:17 66,624 --a------ C:\WINDOWS\system32\vgyhkrjm.dll
2007-07-11 14:15 10,240 --a------ C:\WINDOWS\system32\syswin.exe
2007-07-11 14:14 31,254 --a------ C:\WINDOWS\system32\ljjiggf.dll
2007-07-11 14:13 66,112 --a------ C:\WINDOWS\system32\uhlshssj.exe
2007-07-10 21:12 <REP> d-------- C:\WINDOWS\AU_Temp
2007-07-10 21:02 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-07-10 21:02 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-07-10 21:02 267,845 --a------ C:\WINDOWS\tsc.exe
2007-07-10 21:02 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-07-10 21:02 <REP> d-------- C:\WINDOWS\report
2007-07-10 21:02 <REP> d-------- C:\WINDOWS\AU_Backup
2007-07-10 20:59 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-07-10 20:59 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-07-10 20:59 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-07-10 20:59 <REP> d-------- C:\WINDOWS\AU_Log
2007-07-10 20:39 31,254 --a------ C:\WINDOWS\system32\rqrqrpo.dll
2007-07-10 20:39 31,254 --a------ C:\WINDOWS\system32\pmnlihf.dll
2007-07-10 20:17 <REP> d-------- C:\Program Files\PowerISO
2007-07-03 19:32 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-03 19:32 <REP> d-------- C:\DOCUME~1\ADMINI~1\Contacts
2007-06-25 20:17 <REP> d-------- C:\Program Files\TortoiseSVN
2007-06-25 20:11 <REP> d-------- C:\wamp
2007-06-25 20:03 <REP> d-------- C:\WINDOWS\system32\appmgmt
2007-06-25 20:00 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-23 13:36 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-06-17 10:47 <REP> d-------- C:\Program Files\Picasa2


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-11 14:45:19 32 ----a-w C:\WINDOWS\system32\getfile.dat
2007-07-11 13:45:37 64,492 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-07-11 13:45:37 447,772 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-07-11 12:14:56 -------- d-----w C:\Program Files\Common Files
2007-07-11 12:13:50 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
2007-07-10 18:39:52 -------- d-----w C:\Program Files\Winamp
2007-07-09 06:49:37 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\MySQL
2007-07-04 18:04:25 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\gtk-2.0
2007-07-03 17:32:19 -------- d-----w C:\Program Files\MSN Messenger
2007-06-25 18:13:35 -------- d-----w C:\Program Files\MySQL
2007-06-17 08:47:54 -------- d-----w C:\Program Files\Google
2007-06-08 16:55:38 -------- d-----w C:\Program Files\Inkscape
2007-06-08 16:42:19 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Inkscape
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2006-08-03 17:03:16 461 ----a-w C:\Program Files\INSTALL.LOG


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 21:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
2002-07-17 12:00 163906 --a------ C:\Program Files\Microsoft Money\System\mnyside.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-10-12 04:25 434279 --a------ C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F}]
2007-07-10 20:39 31254 --a------ C:\WINDOWS\system32\pmnlihf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SchedulingAgent"="mstinit.exe" [2004-06-08 23:51 C:\WINDOWS\system32\mstinit.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"nwiz"="nwiz.exe" []
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-11-23 11:12]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 16:08 C:\WINDOWS\SOUNDMAN.EXE]
"BDMCon"="c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe" [2006-04-28 13:00]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 19:53]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"BDNewsAgent"="C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe" [2005-06-09 12:28]
"BDSwitchAgent"="C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-04-22 14:55]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-05-02 08:08]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32]
"Tcea"="C:\DOCUME~1\ADMINI~1\MESDOC~1\SSTEM3~1\spool32.exe" []
"Qkmnnzp"="C:\Program Files\Common Files\??sks\w?auclt.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]
"{FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F}"="C:\WINDOWS\system32\pmnlihf.dll" [2007-07-10 20:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlihf]
pmnlihf.dll --a------ 2007-07-10 20:39 31254 C:\WINDOWS\system32\pmnlihf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-12 20:18:04
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" \"MySQL\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wampmysqld]
"ImagePath"="c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld"

Completion time: 2007-07-12 20:20:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-12 20:19

--- E O F ---

Et le hijack :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:22, on 12/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\EasyBox\apache\apache.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\EasyBox\apache\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F} - C:\WINDOWS\system32\pmnlihf.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Tcea] "C:\DOCUME~1\ADMINI~1\MESDOC~1\SSTEM3~1\spool32.exe" -vt yazb
O4 - HKCU\..\Run: [Qkmnnzp] "C:\Program Files\Common Files\??sks\w?auclt.exe"
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MagicTune 3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O14 - IERESET.INF: START_PAGE_URL=http://fr.yahoo.com/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1A7DE6D-D28D-4E5A-BA94-80D287298A36}: NameServer = 212.27.32.5,213.228.0.168
O20 - Winlogon Notify: pmnlihf - C:\WINDOWS\SYSTEM32\pmnlihf.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EasyModApache - Apache Software Foundation - C:\Program Files\EasyBox\apache\apache.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 10520 bytes

Re


Relance un scan HijackThis et coche les lignes ci-dessous :

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F} - C:\WINDOWS\system32\pmnlihf.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Tcea] "C:\DOCUME~1\ADMINI~1\MESDOC~1\SSTEM3~1\spool32.exe" -vt yazb
O4 - HKCU\..\Run: [Qkmnnzp] "C:\Program Files\Common Files\??sks\w?auclt.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt  aste List of Files/Folders to be moved.

C:\WINDOWS\system32\cyrgvomr.exe
C:\WINDOWS\system32\pmnoomj.dll
C:\WINDOWS\system32\tuvssqq.dll
C:\WINDOWS\system32\ssqqroo.dll
C:\WINDOWS\system32\vgyhkrjm.dll
C:\WINDOWS\system32\syswin.exe
C:\WINDOWS\system32\ljjiggf.dll
C:\WINDOWS\system32\uhlshssj.exe
C:\WINDOWS\system32\rqrqrpo.dll
C:\WINDOWS\system32\pmnlihf.dll
C:\Program Files\Common Files\??sks
C:\Documents and Settings\Administrateur\mes documents\SSTEM3~1

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.


Poste le rapport situé dans C:\_OTMoveIt\MovedFiles avec un nouveau Hijackthis.

Voilou
C:\WINDOWS\system32\cyrgvomr.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmnoomj.dll
C:\WINDOWS\system32\pmnoomj.dll NOT unregistered.
C:\WINDOWS\system32\pmnoomj.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tuvssqq.dll
C:\WINDOWS\system32\tuvssqq.dll NOT unregistered.
C:\WINDOWS\system32\tuvssqq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ssqqroo.dll
C:\WINDOWS\system32\ssqqroo.dll NOT unregistered.
C:\WINDOWS\system32\ssqqroo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vgyhkrjm.dll
C:\WINDOWS\system32\vgyhkrjm.dll NOT unregistered.
C:\WINDOWS\system32\vgyhkrjm.dll moved successfully.
C:\WINDOWS\system32\syswin.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ljjiggf.dll
C:\WINDOWS\system32\ljjiggf.dll NOT unregistered.
C:\WINDOWS\system32\ljjiggf.dll moved successfully.
C:\WINDOWS\system32\uhlshssj.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqrqrpo.dll
C:\WINDOWS\system32\rqrqrpo.dll NOT unregistered.
C:\WINDOWS\system32\rqrqrpo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmnlihf.dll
C:\WINDOWS\system32\pmnlihf.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\pmnlihf.dll scheduled to be moved on reboot.
File/Folder C:\Program Files\Common Files\??sks not found.
File/Folder C:\Documents and Settings\Administrateur\mes documents\SSTEM3~1 not found.

----------------------------------
et le jijack

Created on 07/13/2007 17:55:20
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:05, on 13/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\EasyBox\apache\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\EasyBox\apache\apache.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {F3ACB75F-DDF0-4721-AFEB-24634C1C7249} - C:\WINDOWS\System32\mljgg.dll
O2 - BHO: (no name) - {FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F} - C:\WINDOWS\system32\pmnlihf.dll
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Qkmnnzp] "C:\Program Files\Common Files\??sks\w?auclt.exe"
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: MagicTune 3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O14 - IERESET.INF: START_PAGE_URL=http://fr.yahoo.com/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1A7DE6D-D28D-4E5A-BA94-80D287298A36}: NameServer = 212.27.32.5,213.228.0.168
O20 - Winlogon Notify: mljgg - C:\WINDOWS\System32\mljgg.dll
O20 - Winlogon Notify: pmnlihf - C:\WINDOWS\SYSTEM32\pmnlihf.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EasyModApache - Apache Software Foundation - C:\Program Files\EasyBox\apache\apache.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 9597 bytes

Il en reste


Refais un scan avec Combofix.

Poste son rapport avec un nouveu Hijackthis.

"Administrateur" - 2007-07-13 18:45:28 - ComboFix 07-07-12.3 - Service Pack 1


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\mljgg.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))


2007-07-12 20:09 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-11 17:07 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-11 17:07 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-11 17:07 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-11 17:06 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-07-11 17:06 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-11 17:06 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-11 17:06 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-11 17:06 <REP> d-------- C:\Program Files\Alwil Software
2007-07-11 16:11 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-11 16:05 <REP> d-------- C:\bintheredunthat
2007-07-11 15:58 <REP> d-------- C:\WINDOWS\CSC
2007-07-11 15:50 <REP> d-------- C:\BFU
2007-07-11 15:38 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-11 15:25 <REP> d-------- C:\WINDOWS\Favoris
2007-07-11 15:21 <REP> d-------- C:\VundoFix Backups
2007-07-10 21:12 <REP> d-------- C:\WINDOWS\AU_Temp
2007-07-10 21:02 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-07-10 21:02 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-07-10 21:02 267,845 --a------ C:\WINDOWS\tsc.exe
2007-07-10 21:02 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-07-10 21:02 <REP> d-------- C:\WINDOWS\report
2007-07-10 21:02 <REP> d-------- C:\WINDOWS\AU_Backup
2007-07-10 20:59 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-07-10 20:59 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-07-10 20:59 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-07-10 20:59 <REP> d-------- C:\WINDOWS\AU_Log
2007-07-10 20:39 31,254 --a------ C:\WINDOWS\system32\pmnlihf.dll
2007-07-10 20:17 <REP> d-------- C:\Program Files\PowerISO
2007-07-03 19:32 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-03 19:32 <REP> d-------- C:\DOCUME~1\ADMINI~1\Contacts
2007-06-25 20:17 <REP> d-------- C:\Program Files\TortoiseSVN
2007-06-25 20:11 <REP> d-------- C:\wamp
2007-06-25 20:03 <REP> d-------- C:\WINDOWS\system32\appmgmt
2007-06-25 20:00 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-23 13:36 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-06-17 10:47 <REP> d-------- C:\Program Files\Picasa2


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-11 14:45:19 32 ----a-w C:\WINDOWS\system32\getfile.dat
2007-07-11 13:45:37 64,492 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-07-11 13:45:37 447,772 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-07-11 12:14:56 -------- d-----w C:\Program Files\Common Files
2007-07-11 12:13:50 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
2007-07-10 18:39:52 -------- d-----w C:\Program Files\Winamp
2007-07-09 06:49:37 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\MySQL
2007-07-04 18:04:25 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\gtk-2.0
2007-07-03 17:32:19 -------- d-----w C:\Program Files\MSN Messenger
2007-06-25 18:13:35 -------- d-----w C:\Program Files\MySQL
2007-06-17 08:47:54 -------- d-----w C:\Program Files\Google
2007-06-08 16:55:38 -------- d-----w C:\Program Files\Inkscape
2007-06-08 16:42:19 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Inkscape
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2006-08-03 17:03:16 461 ----a-w C:\Program Files\INSTALL.LOG


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
2002-07-17 12:00 163906 --a------ C:\Program Files\Microsoft Money\System\mnyside.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-10-12 04:25 434279 --a------ C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F}]
2007-07-10 20:39 31254 --a------ C:\WINDOWS\system32\pmnlihf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SchedulingAgent"="mstinit.exe" [2004-06-08 23:51 C:\WINDOWS\system32\mstinit.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"nwiz"="nwiz.exe" []
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-11-23 11:12]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 16:08 C:\WINDOWS\SOUNDMAN.EXE]
"BDMCon"="c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe" [2006-04-28 13:00]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 19:53]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"BDNewsAgent"="C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe" [2005-06-09 12:28]
"BDSwitchAgent"="C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-04-22 14:55]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-05-02 08:08]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32]
"Qkmnnzp"="C:\Program Files\Common Files\??sks\w?auclt.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]
"{FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F}"="C:\WINDOWS\system32\pmnlihf.dll" [2007-07-10 20:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlihf]
pmnlihf.dll --a------ 2007-07-10 20:39 31254 C:\WINDOWS\system32\pmnlihf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-13 18:50:44
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" \"MySQL\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wampmysqld]
"ImagePath"="c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld"

Completion time: 2007-07-13 18:53:04 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-13 18:52
C:\ComboFix2.txt ... 2007-07-12 20:20

--- E O F ---


hijack

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:54, on 13/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\EasyBox\apache\apache.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\EasyBox\apache\apache.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F} - C:\WINDOWS\system32\pmnlihf.dll
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Qkmnnzp] "C:\Program Files\Common Files\??sks\w?auclt.exe"
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: MagicTune 3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O14 - IERESET.INF: START_PAGE_URL=http://fr.yahoo.com/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1A7DE6D-D28D-4E5A-BA94-80D287298A36}: NameServer = 212.27.32.5,213.228.0.168
O20 - Winlogon Notify: pmnlihf - C:\WINDOWS\SYSTEM32\pmnlihf.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EasyModApache - Apache Software Foundation - C:\Program Files\EasyBox\apache\apache.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 9415 bytes

Re

Relance un scan HijackThis et coche les lignes ci-dessous :

O2 - BHO: (no name) - {FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F} - C:\WINDOWS\system32\pmnlihf.dll
O4 - HKCU\..\Run: [Qkmnnzp] "C:\Program Files\Common Files\??sks\w?auclt.exe"
O20 - Winlogon Notify: pmnlihf - C:\WINDOWS\SYSTEM32\pmnlihf.dll

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Supprime le dossier
C:\Program Files\Common Files\??sks


Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt  aste List of Files/Folders to be moved.

C:\WINDOWS\system32\pmnlihf.dll
C:\WINDOWS\system32\fhilnmp.bak
C:\WINDOWS\system32\fhilnmp.bak1
C:\WINDOWS\system32\fhilnmp.bak2
C:\WINDOWS\SYSTEM32\fhilnmp.ini
C:\WINDOWS\system32\fhilnmp.ini1
C:\WINDOWS\system32\fhilnmp.ini2
C:\WINDOWS\SYSTEM32\fhilnmp.tmp

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.


Poste le rapport situé dans C:\_OTMoveIt\MovedFiles avec un nouveau Hijackthis.

Toujours pas !  

A noter : le redémarrage du PC plante à la demande de mot de passe, je suis obligé de reredémarrer en mode brute (5s ...)

Le répertoire ??sks dans Common files n'existe et rien ne s'en approche  

Petite question : quelle est l'ampleur des dégats ? Ie : puis-je exporter mes données (qui sont sur une autre partition que C  vers un autre ordi sans le mettre en danger ?

Si oui, je réinstallerais celui-ci.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmnlihf.dll
C:\WINDOWS\system32\pmnlihf.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\pmnlihf.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\fhilnmp.bak not found.
File/Folder C:\WINDOWS\system32\fhilnmp.bak1 not found.
File/Folder C:\WINDOWS\system32\fhilnmp.bak2 not found.
File/Folder C:\WINDOWS\SYSTEM32\fhilnmp.ini not found.
File/Folder C:\WINDOWS\system32\fhilnmp.ini1 not found.
File/Folder C:\WINDOWS\system32\fhilnmp.ini2 not found.
File/Folder C:\WINDOWS\SYSTEM32\fhilnmp.tmp not found.

Created on 07/14/2007 22:04:39


----------------------


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:13, on 14/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\EasyBox\apache\apache.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EasyBox\apache\apache.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {014403FB-26B5-49B5-9D6F-0D3B7A5E6FF9} - C:\WINDOWS\System32\sstqn.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F} - C:\WINDOWS\system32\pmnlihf.dll
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: MagicTune 3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1A7DE6D-D28D-4E5A-BA94-80D287298A36}: NameServer = 212.27.32.5,213.228.0.168
O20 - Winlogon Notify: pmnlihf - C:\WINDOWS\SYSTEM32\pmnlihf.dll
O20 - Winlogon Notify: sstqn - C:\WINDOWS\System32\sstqn.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EasyModApache - Apache Software Foundation - C:\Program Files\EasyBox\apache\apache.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 9443 bytes

Bonjour


Un formatage complet supprime toutes les données et sauvegardes.
Cela veut dire télécharger les mises à jour et autres.

Double-clique VundoFix.exe afin de le lancer.
[***]Ne clique pas sur "Scan for Vundo"

Fais un clic droit dans la fenêtre blanche et clique "Add more files?"

Dans la nouvelle fenêtre qui apparait, Copie/colle les chemins des fichiers suivants dans les cases (un par ligne):

C:\WINDOWS\system32\pmnlihf.dll

C:\WINDOWS\System32\sstqn.dll

C:\WINDOWS\System32\fhilnmp.*

C:\WINDOWS\System32\nqtss.*

Clique sur le bouton "Add File(s)"

Clique sur le bouton "Close Window"

Clique à nouveau sur "Remove Vundo"

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.

Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK

Démarre ton PC à nouveau.

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle le rapport de Combofix dans ta prochaine réponse avec un nouveau HijackThis et le contenu du rapport situé dans C:\vundofix.txt.

ok, donc ca a l'air un poil mieux  
COMBOFIX
"Administrateur" - 2007-07-16 8:27:00 - ComboFix 07-07-12.3 - Service Pack 1


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\iyjmulde.dll
C:\WINDOWS\system32\xjcypxyv.exe
C:\WINDOWS\system32\edlumjyi.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((( Files Created from 2007-06-16 to 2007-07-16 )))))))))))))))))))))))))))))))


2007-07-16 08:18 66,624 --a------ C:\WINDOWS\system32\qmpecqvu.dll
2007-07-16 08:14 66,112 --a------ C:\WINDOWS\system32\xbbbamwd.exe
2007-07-14 21:54 66,112 --a------ C:\WINDOWS\system32\gmuvvxwx.exe
2007-07-14 21:50 1,043,073 ---hs---- C:\WINDOWS\system32\nqtss.bak2
2007-07-13 18:56 6,369 ---hs---- C:\WINDOWS\system32\nqtss.bak1
2007-07-12 20:09 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-11 17:07 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-11 17:07 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-11 17:07 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-11 17:06 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-07-11 17:06 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-11 17:06 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-11 17:06 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-11 17:06 <REP> d-------- C:\Program Files\Alwil Software
2007-07-11 16:11 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-11 16:05 <REP> d-------- C:\bintheredunthat
2007-07-11 15:58 <REP> d-------- C:\WINDOWS\CSC
2007-07-11 15:50 <REP> d-------- C:\BFU
2007-07-11 15:38 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-11 15:25 <REP> d-------- C:\WINDOWS\Favoris
2007-07-11 15:21 <REP> d-------- C:\VundoFix Backups
2007-07-10 21:12 <REP> d-------- C:\WINDOWS\AU_Temp
2007-07-10 21:02 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-07-10 21:02 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-07-10 21:02 267,845 --a------ C:\WINDOWS\tsc.exe
2007-07-10 21:02 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-07-10 21:02 <REP> d-------- C:\WINDOWS\report
2007-07-10 21:02 <REP> d-------- C:\WINDOWS\AU_Backup
2007-07-10 20:59 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-07-10 20:59 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-07-10 20:59 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-07-10 20:59 <REP> d-------- C:\WINDOWS\AU_Log
2007-07-10 20:17 <REP> d-------- C:\Program Files\PowerISO
2007-07-03 19:32 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-03 19:32 <REP> d-------- C:\DOCUME~1\ADMINI~1\Contacts
2007-06-25 20:17 <REP> d-------- C:\Program Files\TortoiseSVN
2007-06-25 20:11 <REP> d-------- C:\wamp
2007-06-25 20:03 <REP> d-------- C:\WINDOWS\system32\appmgmt
2007-06-25 20:00 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-23 13:36 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-06-17 10:47 <REP> d-------- C:\Program Files\Picasa2


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-16 06:24:58 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
2007-07-11 14:45:19 32 ----a-w C:\WINDOWS\system32\getfile.dat
2007-07-11 13:45:37 64,492 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-07-11 13:45:37 447,772 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-07-11 12:14:56 -------- d-----w C:\Program Files\Common Files
2007-07-10 18:39:52 -------- d-----w C:\Program Files\Winamp
2007-07-09 06:49:37 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\MySQL
2007-07-04 18:04:25 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\gtk-2.0
2007-07-03 17:32:19 -------- d-----w C:\Program Files\MSN Messenger
2007-06-25 18:13:35 -------- d-----w C:\Program Files\MySQL
2007-06-17 08:47:54 -------- d-----w C:\Program Files\Google
2007-06-08 16:55:38 -------- d-----w C:\Program Files\Inkscape
2007-06-08 16:42:19 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Inkscape
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2006-08-03 17:03:16 461 ----a-w C:\Program Files\INSTALL.LOG


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
2002-07-17 12:00 163906 --a------ C:\Program Files\Microsoft Money\System\mnyside.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-10-12 04:25 434279 --a------ C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B06017E2-B704-44AD-9541-1E07462FF800}]
C:\WINDOWS\System32\sstqn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SchedulingAgent"="mstinit.exe" [2004-06-08 23:51 C:\WINDOWS\system32\mstinit.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"nwiz"="nwiz.exe" []
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-11-23 11:12]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 16:08 C:\WINDOWS\SOUNDMAN.EXE]
"BDMCon"="c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe" [2006-04-28 13:00]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 19:53]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"BDNewsAgent"="C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe" [2005-06-09 12:28]
"BDSwitchAgent"="C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-04-22 14:55]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-05-02 08:08]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 17:53]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-16 08:32:11
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" \"MySQL\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wampmysqld]
"ImagePath"="c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld"

Completion time: 2007-07-16 8:34:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-16 08:33
C:\ComboFix2.txt ... 2007-07-13 18:53
C:\ComboFix3.txt ... 2007-07-12 20:20

--- E O F ---
-----------------------------------------------------
HIJACK

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 08:38, on 16/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\EasyBox\apache\apache.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\EasyBox\apache\apache.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {B06017E2-B704-44AD-9541-1E07462FF800} - C:\WINDOWS\System32\sstqn.dll (file missing)
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: MagicTune 3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1A7DE6D-D28D-4E5A-BA94-80D287298A36}: NameServer = 212.27.32.5,213.228.0.168
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EasyModApache - Apache Software Foundation - C:\Program Files\EasyBox\apache\apache.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 9453 bytes
-------------------------------------------------------
VUNDOFIX


VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 15:21:55 11/07/2007

Listing files found while scanning....

C:\windows\system32\lgrpsocw.dll
C:\WINDOWS\System32\orutv.bak1
C:\WINDOWS\System32\orutv.bak2
C:\WINDOWS\System32\orutv.ini
C:\WINDOWS\System32\vturo.dll
C:\windows\system32\wcosprgl.ini

Beginning removal...

Attempting to delete C:\windows\system32\lgrpsocw.dll
C:\windows\system32\lgrpsocw.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\orutv.bak1
C:\WINDOWS\System32\orutv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\orutv.bak2
C:\WINDOWS\System32\orutv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\orutv.ini
C:\WINDOWS\System32\orutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\vturo.dll
C:\WINDOWS\System32\vturo.dll Has been deleted!

Attempting to delete C:\windows\system32\wcosprgl.ini
C:\windows\system32\wcosprgl.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnlihf.dll
C:\WINDOWS\system32\pmnlihf.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\sstqn.dll
C:\WINDOWS\System32\sstqn.dll Has been deleted!

Performing Repairs to the registry.
Done!

Bonjour


Encore quelques corrections.


Relance un scan HijackThis et coche les lignes ci-dessous :

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {B06017E2-B704-44AD-9541-1E07462FF800} - C:\WINDOWS\System32\sstqn.dll (file missing)

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt  aste List of Files/Folders to be moved.

C:\WINDOWS\system32\qmpecqvu.dll
C:\WINDOWS\system32\xbbbamwd.exe
C:\WINDOWS\system32\gmuvvxwx.exe
C:\WINDOWS\system32\nqtss.bak2
C:\WINDOWS\system32\nqtss.bak1

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.


Poste le rapport situé dans C:\_OTMoveIt\MovedFiles avec un nouveau Hijackthis.

OTMOVEIT :
C:\WINDOWS\system32\qmpecqvu.dll
C:\WINDOWS\system32\xbbbamwd.exe
C:\WINDOWS\system32\gmuvvxwx.exe
C:\WINDOWS\system32\nqtss.bak2
C:\WINDOWS\system32\nqtss.bak1

HIJACK

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 08:01, on 17/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\EasyBox\apache\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\EasyBox\apache\apache.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\OTMoveIt.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: MagicTune 3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1A7DE6D-D28D-4E5A-BA94-80D287298A36}: NameServer = 212.27.32.5,213.228.0.168
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EasyModApache - Apache Software Foundation - C:\Program Files\EasyBox\apache\apache.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 9340 bytes

Bonjour


Hijackthis est propre.

Ce n'est pas le bon rapport D'OTMoveIt. Poste le.
Si tu n'en as pas d'autre, recommence la manip et poste son rapport.

nawak moi, le voici et merci pour tout!
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qmpecqvu.dll
C:\WINDOWS\system32\qmpecqvu.dll NOT unregistered.
C:\WINDOWS\system32\qmpecqvu.dll moved successfully.
C:\WINDOWS\system32\xbbbamwd.exe moved successfully.
C:\WINDOWS\system32\gmuvvxwx.exe moved successfully.
C:\WINDOWS\system32\nqtss.bak2 moved successfully.
C:\WINDOWS\system32\nqtss.bak1 moved successfully.

Created on 07/17/2007 08:01:30

Il me plait mieux.


Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.

Ca fait du monde !

Total d'objets analysés 138850
Nombre de virus trouvés 13
Nombre d'objets infectés 27 / 0
Nombre d'objets suspects 0
Durée de l'analyse 03:33:25

C:\Documents and Settings\Administrateur\Bureau\backups\backup-20070711-212526-905.dll Infecté : Trojan.Win32.BHO.bd ignoré
C:\Documents and Settings\Administrateur\Bureau\backups\backup-20070714-221258-713.dll Infecté : Trojan.Win32.BHO.bd ignoré
C:\Documents and Settings\Administrateur\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\zewolf@hotmail.com\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\zewolf@hotmail.com\SharingMetadata\pending.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\zewolf@hotmail.com\SharingMetadata\Working\database_120C_E441_C70E_CFC1\dfsr.db L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\zewolf@hotmail.com\SharingMetadata\Working\database_120C_E441_C70E_CFC1\fsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\zewolf@hotmail.com\SharingMetadata\Working\database_120C_E441_C70E_CFC1\fsrtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\zewolf@hotmail.com\SharingMetadata\Working\database_120C_E441_C70E_CFC1\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\zewolf@hotmail.com\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\zewolf@hotmail.com\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temp\~DF3F8C.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temp\~DF49BB.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temp\~DFACEF.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temp\~DFAF0C.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\Program Files\EasyBox\apache\logs\error.log L'objet est verrouillé ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\winmbj32.dll.vir Infecté : Trojan.Win32.Dialer.qn ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\xjcypxyv.exe.vir Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{DA2199BE-F2C5-4A5E-8307-EEBB68228C2F}\RP215\A0053221.exe Infecté : Trojan-Downloader.Win32.Small.eqn ignoré
C:\System Volume Information\_restore{DA2199BE-F2C5-4A5E-8307-EEBB68228C2F}\RP215\A0053704.exe Infecté : Trojan-Downloader.Win32.Alphabet.h ignoré
C:\System Volume Information\_restore{DA2199BE-F2C5-4A5E-8307-EEBB68228C2F}\RP215\A0053714.exe Infecté : Trojan-Downloader.Win32.Alphabet.h ignoré
C:\System Volume Information\_restore{DA2199BE-F2C5-4A5E-8307-EEBB68228C2F}\RP215\A0053717.exe Infecté : Trojan.Win32.Dialer.qn ignoré
C:\System Volume Information\_restore{DA2199BE-F2C5-4A5E-8307-EEBB68228C2F}\RP215\A0053720.exe Infecté : Trojan.Win32.Dialer.qn ignoré
C:\System Volume Information\_restore{DA2199BE-F2C5-4A5E-8307-EEBB68228C2F}\RP215\A0053722.exe Infecté : Trojan.Win32.Dialer.qn ignoré
C:\System Volume Information\_restore{DA2199BE-F2C5-4A5E-8307-EEBB68228C2F}\RP215\A0053795.exe Infecté : Trojan-Downloader.Win32.Small.euu ignoré
C:\System Volume Information\_restore{DA2199BE-F2C5-4A5E-8307-EEBB68228C2F}\RP216\A0053862.exe Infecté : Trojan.Win32.Agent.aoy ignoré
C:\System Volume Information\_restore{DA2199BE-F2C5-4A5E-8307-EEBB68228C2F}\RP216\A0053908.dll Infecté : Trojan.Win32.Dialer.qn ignoré
C:\System Volume Information\_restore{DA2199BE-F2C5-4A5E-8307-EEBB68228C2F}\RP216\A0056158.dll Infecté : Trojan.Win32.BHO.bd ignoré
C:\System Volume Information\_restore{DA2199BE-F2C5-4A5E-8307-EEBB68228C2F}\RP216\A0057198.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{DA2199BE-F2C5-4A5E-8307-EEBB68228C2F}\RP217\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\oakley.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\EventCache\{6C3F3DB9-EBE3-4229-931D-60903C925D7D}.bin L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\DEFAULT.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SOFTWARE.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SYSTEM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_698.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\vgyhkrjm.dll Infecté : Trojan.Win32.BHO.bd ignoré

Bonjour


Ce rapport n'est pas complet, mais je pense que le reste se trouce dans la sauvegarde d'OTMoveIt.


Supprime ce dossier
C:\Documents and Settings\Administrateur\Bureau\backups

Vide la corbeille


Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du systéme - Cocher la case Désactiver la restauration du systéme et cliquer sur Appliquer.


Lance OTmoveIT.

Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargé).
NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder a internet, Autorise le.

Une liste apparait dans la partie gauche d'OTmoveIT.

Un message apparait pour confirmer le nettoyage. Confirme


Redémarre le PC


Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du systéme - Décocher la case Désactiver la restauration du systéme et cliquer sur Appliquer.


As tu encore des dysfonctionnements ?

ca a l'air bon, merci beaucoup beaucoup beaucoup beaucoup beaucoup !!!

Encore deux choses.


Clique sur ce lien pour mieux sécuriser ton PC
http://www.infos-du-net.com/forum/267223-11-securiser-o...


Edite ton premier message et ajoute Résolu à côté de ton titre.