[LOCK : RESOLU] Infection trojan alphabet + statbho - Sécurité - Virus
Ceci répond-il à votre question ? Oui | Non
Se connecter | Inscription
 

Ajouter une réponse



 Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : [LOCK : RESOLU] Infection trojan alphabet + statbho
 
Youlou23
Profil : IDNaute
Plus d'informations
n°276181
24-01-2008 à 10:36:09

Bonjour,

Mon PC est infecté par les trojans alphabet et satbho. Je suis équipé de avast comme antivirus et, bien que les reconaissant, il ne peut les supprimer.

J'ai également a²free mais c'est la même chose, les trojans sont toujours là.

Je n'arrive pas à en débarasser!!! Quelqu'un peut-il m'aider s'il vous plait???

je suis perdu... je ne sais plus quoi faire

En consultant les forums j'ai vu qu'il faut poster un log de hijack, alors le voici.

Merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:29, on 24/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
D:\Progz\Avast\aswUpdSv.exe
D:\Progz\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
d:\progz\a-squared free\a2service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\Progz\Avast\ashDisp.exe
D:\Progz\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Progz\ZoneAlarm\zlclient.exe
C:\WINDOWS\TEMP\win4A.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
D:\Progz\Avast\ashMaiSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
D:\Progz\Avast\ashWebSv.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijack\scan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmnno.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Progz\Adobe reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5A251CC4-A465-E952-826F-87DF0B6F0E47} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {87058178-9A47-43B3-A124-1D52EE1C4651} - C:\WINDOWS\system32\pmnno.dll (file missing)
O2 - BHO: (no name) - {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} - C:\WINDOWS\system32\cbxuuvw.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "D:\Progz\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] D:\Progz\Avast\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Progz\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Progz\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win4A.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [StupidFilm] C:\DOCUME~1\ben\APPLIC~1\mp3rulesecond\AdminJoy.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "D:\Progz\Adobe reader\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Progz\Adobe reader\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn. [...] nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 1672745625
O20 - Winlogon Notify: cbxuuvw - C:\WINDOWS\SYSTEM32\cbxuuvw.dll
O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\progz\a-squared free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Progz\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Progz\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Progz\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Progz\Avast\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ben/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 8859 bytes


Message édité par Youlou23 le 01-02-2008 à 09:48:14
Liens

Angeldark
Profil : Helper
Plus d'informations
n°276225
24-01-2008 à 13:29:42

Bonjour,

Désactive tes protections résidentes (antivirus, Spybot...) !

  • Télécharge Combofix (sUBs) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
Youlou23
Profil : IDNaute
Plus d'informations
n°276253
24-01-2008 à 16:49:43

Merci de te pencher sur mon cas Angeldark!!

Voici le rapport combofix:

ComboFix 08-01-23.2 - ben 2008-01-24 16:36:56.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.587 [GMT 1:00]
Endroit: C:\Documents and Settings\ben\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Helper
C:\Program Files\Helper\Helper9.dll
C:\Program Files\lsass.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OinFP.exe
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\smss.exe
C:\Program Files\spoolsv.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\mgrs.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\cbxuuvw.dll
C:\WINDOWS\system32\gebbxwt.dll
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\onnmp.ini2
C:\WINDOWS\system32\sstqo.dll
C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\winmfu32.dll
C:\WINDOWS\system32\xxyxyvw.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((((((( Fichiers créés 2007-12-24 to 2008-01-24 ))))))))))))))))))))))))))))))))))))
.

2008-01-24 16:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 12:20 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-22 20:31 . 2008-01-24 10:35 <REP> d-------- C:\Hijack
2008-01-22 16:45 . 2008-01-22 16:44 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-18 16:05 . 2008-01-24 16:42 3,729,440 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-18 16:05 . 2008-01-24 16:41 47,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-18 16:02 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-01-18 16:02 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-01-18 16:02 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-01-18 16:02 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-01-18 16:02 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-01-18 16:02 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-01-13 20:05 . 2008-01-13 20:05 <REP> d-------- C:\Program Files\Realtek AC97
2008-01-13 20:03 . 2006-04-14 20:08 101,888 --a------ C:\WINDOWS\system32\nvtcp.sys
2007-12-26 12:19 . 2008-01-22 16:41 <REP> d-------- C:\Garmin

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 15:41 --------- d-----w C:\Program Files\QuickTime
2008-01-22 15:41 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-22 15:41 --------- d-----w C:\Program Files\iTunes
2008-01-22 15:41 --------- d-----w C:\Program Files\HOTALBUMMyBOX
2008-01-22 15:17 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-22 14:50 --------- d-----w C:\Program Files\MSN Messenger
2008-01-14 20:43 1,602,048 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-01-10 16:52 1,598,464 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-01-08 08:21 2,515,877 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 11:33 15,172 ----a-w C:\WINDOWS\system32\drivers\PzWDM.sys
2007-12-04 11:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 11:33 --------- d-----w C:\Program Files\CASIO
2007-12-03 18:18 --------- d-----w C:\Program Files\KODAK
2007-11-16 16:14 2,667,008 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2006-08-10 17:06 901 -c--a-w C:\Program Files\INSTALL.LOG
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
.

Code :
  1. <pre>
  2. ----a-w          131,072 2008-01-22 15:41:41  C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray .exe
  3. </pre>




((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87058178-9A47-43B3-A124-1D52EE1C4651}]
C:\WINDOWS\system32\pmnno.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"StupidFilm"="C:\DOCUME~1\ben\APPLIC~1\mp3rulesecond\AdminJoy.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2008-01-22 18:01 401491]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"updateMgr"="D:\Progz\Adobe reader\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"gStart"="C:\Garmin\gStart.exe" [2008-01-22 18:00 1891416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 13:47 7311360]
"nwiz"="nwiz.exe" [2005-11-11 13:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2008-01-22 18:01 131072]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 13:47 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2008-01-22 18:00 892928]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-01-22 18:01 155648]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-22 18:00 180269]
"BDSwitchAgent"="C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-22 18:01 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-22 18:01 155648]
"WinampAgent"="D:\Progz\Winamp\Winampa.exe" [ ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-09-15 09:12 37888 C:\WINDOWS\KHALMNPR.Exe]
"avast!"="D:\Progz\Avast\ashDisp.exe" [2007-12-04 14:00 79224]
"DAEMON Tools"="D:\Progz\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"MBBalloon"="C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe" [2008-01-22 18:00 787096]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"ZoneAlarm Client"="D:\Progz\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"!AVG Anti-Spyware"="D:\Progz\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-19 16:07 54888]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2007-12-04 12:33]
R3 AnetG;AnetG Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\AnetG.sys [2003-11-04 09:36]
R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter;C:\WINDOWS\system32\Drivers\LUsbKbd.Sys [2004-09-01 15:57]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2005-03-02 18:44]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 09:50]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 16:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 16:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 16:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3e968e-7d29-11da-a82c-806d6172696f}]
\Shell\AutoRun\command - I:\arun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b13980c4-73db-11da-9dd6-0015f2542a74}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3b4df84-731e-11da-92e5-806d6172696f}]
\Shell\AutoRun\command - E:\install.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-22 09:11:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1173604249.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2008-01-24 09:58:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1180256016.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2007-09-27 18:18:07 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1180461957.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-01-22 19:27:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1180463245.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-01-24 15:44:01 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 16:43:05
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.

Je te porte également un nouveau rapport hijack, au cas ou...

Le voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49, on 2008-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Progz\Avast\aswUpdSv.exe
D:\Progz\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\Progz\Avast\ashDisp.exe
D:\Progz\DAEMON Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Progz\ZoneAlarm\zlclient.exe
D:\Progz\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
d:\progz\a-squared free\a2service.exe
D:\Progz\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Progz\Avast\ashMaiSv.exe
D:\Progz\Avast\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijack\scan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Progz\Adobe reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {87058178-9A47-43B3-A124-1D52EE1C4651} - C:\WINDOWS\system32\pmnno.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "D:\Progz\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] D:\Progz\Avast\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Progz\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Progz\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Progz\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [StupidFilm] C:\DOCUME~1\ben\APPLIC~1\mp3rulesecond\AdminJoy.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "D:\Progz\Adobe reader\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Progz\Adobe reader\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn. [...] nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 1672745625
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\progz\a-squared free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Progz\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Progz\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Progz\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Progz\Avast\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Progz\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ben/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 8550 bytes

Youlou23
Profil : IDNaute
Plus d'informations
n°276254
24-01-2008 à 16:51:59

Je ne pourrai pas revenir avant samedi matin.

Donc si tu peux me donner la prochaine étape à faire, je posterai ce qu'il faut dès samedi, pour que l'on puisse reprendre le processus de guérison de mon Ordi.

Merci beaucoup!!!

Angeldark
Profil : Helper
Plus d'informations
n°276304
24-01-2008 à 20:38:40

Re,

Télécharge Lop S&D.exe sur ton Bureau.

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
  • Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré (C:\lopR.txt)


(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
Youlou23
Profil : IDNaute
Plus d'informations
n°276709
26-01-2008 à 11:58:52

Bonjour,

Voilà comme prévu je t'envoie le rapport Lop_S&D.


-----------------------------[ Lop S&D 2.1.5 ]---------------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : ben ] [ "C:\Program Files\Lop SD" ]
[ 2008-01-26 | 11:52:52.85 ] [ PC : ORDI ]
[ MAJ : 24-01-2008 | 00:09 ]

-------------[ Listing des dossiers dans Application Data ]------------

[2005-12-22|21:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
[2005-12-22|21:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
[2005-12-22|21:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[2006-01-17|10:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[2008-01-24|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[2008-01-24|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[2006-09-15|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2006-02-22|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2005-12-22|21:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[2006-08-22|23:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grey Third Intra Long
[2008-01-24|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[2007-03-11|10:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[2007-01-12|00:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[2008-01-18|16:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[2007-10-28|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2005-12-22|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[2007-11-28|11:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[2006-01-04|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[2006-06-28|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2005-12-26|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[2006-05-21|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[2008-01-24|12:20] C:\DOCUME~1\ben\APPLIC~1\.
[2008-01-24|12:20] C:\DOCUME~1\ben\APPLIC~1\..
[2007-12-10|10:05] C:\DOCUME~1\ben\APPLIC~1\Adobe
[2007-02-09|18:53] C:\DOCUME~1\ben\APPLIC~1\AdobeUM
[2006-08-28|17:49] C:\DOCUME~1\ben\APPLIC~1\Ahead
[2007-01-09|19:46] C:\DOCUME~1\ben\APPLIC~1\Anvil Studio
[2006-04-27|13:08] C:\DOCUME~1\ben\APPLIC~1\Apple Computer
[2007-10-28|12:47] C:\DOCUME~1\ben\APPLIC~1\ArcSoft
[2007-12-10|10:33] C:\DOCUME~1\ben\APPLIC~1\Azureus
[2006-01-04|16:18] C:\DOCUME~1\ben\APPLIC~1\BitDefender
[2006-10-15|12:29] C:\DOCUME~1\ben\APPLIC~1\ConvertTemp
[2005-12-22|21:03] C:\DOCUME~1\ben\APPLIC~1\desktop.ini
[2007-11-12|12:44] C:\DOCUME~1\ben\APPLIC~1\dvdcss
[2006-08-22|23:02] C:\DOCUME~1\ben\APPLIC~1\Flag Memo
[2007-10-30|20:17] C:\DOCUME~1\ben\APPLIC~1\GrabIt
[2008-01-24|12:20] C:\DOCUME~1\ben\APPLIC~1\Grisoft
[2006-03-30|19:42] C:\DOCUME~1\ben\APPLIC~1\Help
[2005-12-23|18:57] C:\DOCUME~1\ben\APPLIC~1\Hewlett-Packard
[2006-05-21|11:17] C:\DOCUME~1\ben\APPLIC~1\Identities
[2007-10-28|12:36] C:\DOCUME~1\ben\APPLIC~1\InstallShield
[2006-06-05|17:25] C:\DOCUME~1\ben\APPLIC~1\Logitech
[2008-01-13|19:51] C:\DOCUME~1\ben\APPLIC~1\ma-config.com
[2006-03-02|18:30] C:\DOCUME~1\ben\APPLIC~1\Macromedia
[2007-12-26|12:19] C:\DOCUME~1\ben\APPLIC~1\Microsoft
[2005-12-22|20:55] C:\DOCUME~1\ben\APPLIC~1\Mozilla
[2006-08-22|23:02] C:\DOCUME~1\ben\APPLIC~1\mp3rulesecond
[2007-11-13|22:11] C:\DOCUME~1\ben\APPLIC~1\NewsLeecher
[2005-12-28|23:50] C:\DOCUME~1\ben\APPLIC~1\Real
[2006-10-15|12:26] C:\DOCUME~1\ben\APPLIC~1\Samsung
[2005-12-23|16:33] C:\DOCUME~1\ben\APPLIC~1\Sun
[2005-12-23|11:48] C:\DOCUME~1\ben\APPLIC~1\Symantec
[2006-01-19|12:21] C:\DOCUME~1\ben\APPLIC~1\Talkback
[2007-06-19|17:57] C:\DOCUME~1\ben\APPLIC~1\Temporary
[2007-04-05|20:28] C:\DOCUME~1\ben\APPLIC~1\TransRender
[2006-01-08|23:31] C:\DOCUME~1\ben\APPLIC~1\vlc
[2006-05-21|11:17] C:\DOCUME~1\ben\APPLIC~1\Zylom

[2005-12-22|21:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[2005-12-22|21:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[2005-12-22|21:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[2005-12-22|20:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2006-08-10|18:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[2006-08-10|18:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[2006-08-10|18:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\BitDefender
[2005-12-22|20:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2005-12-22|20:34] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[2005-12-22|20:34] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[2005-12-22|20:34] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[2008-01-22 20:27][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1180463245.job [--386--]
[2007-09-27 19:18][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1180461957.job [--338--]
[2008-01-24 10:58][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1180256016.job [--386--]
[2008-01-22 10:11][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1173604249.job [--386--]
[2008-01-26 11:47][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job [--408--]
[2008-01-26 11:46][--ah-----] C:\WINDOWS\tasks\SA.DAT [--6--]
[2002-09-07 00:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [--65--]

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[2008-01-26|11:52] C:\Program Files\Lop SD
[2008-01-26|11:52] C:\Program Files\..
[2008-01-26|11:52] C:\Program Files\.
[2008-01-26|11:48] C:\Program Files\Mozilla Firefox
[2008-01-22|16:41] C:\Program Files\HOTALBUMMyBOX
[2008-01-22|16:41] C:\Program Files\QuickTime
[2008-01-22|16:41] C:\Program Files\iTunes
[2008-01-22|16:41] C:\Program Files\Microsoft ActiveSync
[2008-01-22|16:17] C:\Program Files\Windows Media Connect 2
[2008-01-22|15:50] C:\Program Files\MSN Messenger
[2008-01-13|20:05] C:\Program Files\Realtek AC97
[2007-12-14|16:53] C:\Program Files\Internet Explorer
[2007-12-04|12:33] C:\Program Files\CASIO
[2007-12-04|12:33] C:\Program Files\InstallShield Installation Information
[2007-12-03|19:18] C:\Program Files\KODAK
[2007-11-09|11:28] C:\Program Files\ISOpen
[2007-10-28|12:42] C:\Program Files\Fichiers communs
[2007-10-28|12:39] C:\Program Files\Windows Media Player
[2007-10-28|12:36] C:\Program Files\Philips
[2007-10-10|12:29] C:\Program Files\Java
[2007-06-12|22:25] C:\Program Files\Outlook Express
[2007-01-12|00:21] C:\Program Files\AviSynth 2.5
[2007-01-09|19:34] C:\Program Files\PSM5
[2007-01-07|21:53] C:\Program Files\Samsung
[2006-11-19|17:34] C:\Program Files\MSXML 4.0
[2006-10-30|20:44] C:\Program Files\Navman
[2006-10-30|18:59] C:\Program Files\AvantGo Connect
[2006-10-30|18:57] C:\Program Files\Common Files
[2006-08-10|18:06] C:\Program Files\INSTALL.LOG
[2006-06-29|14:38] C:\Program Files\MSN Games
[2006-06-05|17:23] C:\Program Files\Logitech
[2006-05-22|11:17] C:\Program Files\mp3rulesecond
[2006-02-22|17:48] C:\Program Files\iPod
[2006-01-10|15:56] C:\Program Files\Messenger
[2006-01-05|17:25] C:\Program Files\Microsoft Office
[2006-01-04|16:18] C:\Program Files\Symantec
[2006-01-04|16:09] C:\Program Files\Softwin
[2005-12-28|23:49] C:\Program Files\Real
[2005-12-26|15:26] C:\Program Files\Adobe
[2005-12-26|15:25] C:\Program Files\Yahoo!
[2005-12-23|20:58] C:\Program Files\Ahead
[2005-12-23|18:57] C:\Program Files\Hewlett-Packard
[2005-12-23|13:12] C:\Program Files\NVIDIA Corporation
[2005-12-23|12:22] C:\Program Files\WinRAR
[2005-12-22|20:51] C:\Program Files\AMD
[2005-12-22|20:50] C:\Program Files\Realtek Sound Manager
[2005-12-22|20:50] C:\Program Files\AvRack
[2005-12-22|20:36] C:\Program Files\Uninstall Information
[2005-12-22|20:31] C:\Program Files\xerox
[2005-12-22|20:31] C:\Program Files\microsoft frontpage
[2005-12-22|20:29] C:\Program Files\WindowsUpdate
[2005-12-22|20:29] C:\Program Files\Services en ligne
[2005-12-22|20:28] C:\Program Files\NetMeeting
[2005-12-22|20:28] C:\Program Files\Movie Maker
[2005-12-22|20:27] C:\Program Files\ComPlus Applications
[2005-12-22|20:27] C:\Program Files\Online Services
[2005-12-22|20:27] C:\Program Files\MSN Gaming Zone
[2005-12-22|20:27] C:\Program Files\Windows NT
[2005-12-22|20:27] C:\Program Files\MSN

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[2007-10-28|12:42] C:\Program Files\Fichiers communs\..
[2007-10-28|12:42] C:\Program Files\Fichiers communs\ArcSoft
[2007-10-28|12:42] C:\Program Files\Fichiers communs\.
[2007-06-12|22:25] C:\Program Files\Fichiers communs\System
[2007-02-03|13:33] C:\Program Files\Fichiers communs\Adobe
[2006-10-22|11:45] C:\Program Files\Fichiers communs\Softwin
[2006-06-05|17:23] C:\Program Files\Fichiers communs\Logitech
[2006-01-05|17:25] C:\Program Files\Fichiers communs\Microsoft Shared
[2006-01-05|17:25] C:\Program Files\Fichiers communs\DESIGNER
[2006-01-04|16:18] C:\Program Files\Fichiers communs\Symantec Shared
[2005-12-28|23:49] C:\Program Files\Fichiers communs\xing shared
[2005-12-28|23:49] C:\Program Files\Fichiers communs\Real
[2005-12-24|17:04] C:\Program Files\Fichiers communs\ebbmdbpu
[2005-12-23|20:58] C:\Program Files\Fichiers communs\Ahead
[2005-12-23|18:44] C:\Program Files\Fichiers communs\Hewlett-Packard
[2005-12-23|16:30] C:\Program Files\Fichiers communs\Java
[2005-12-23|13:12] C:\Program Files\Fichiers communs\NVIDIA Shared
[2005-12-22|21:03] C:\Program Files\Fichiers communs\ODBC
[2005-12-22|21:03] C:\Program Files\Fichiers communs\SpeechEngines
[2005-12-22|20:50] C:\Program Files\Fichiers communs\InstallShield
[2005-12-22|20:28] C:\Program Files\Fichiers communs\Services
[2005-12-22|20:28] C:\Program Files\Fichiers communs\MSSoap

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 11:55:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

/!\ [Fich:406][Doss:29] C:\DOCUME~1\ben\LOCALS~1\Temp
/!\ [Fich:5][Doss:0] C:\DOCUME~1\ben\Cookies
/!\ [Fich:12][Doss:4] C:\DOCUME~1\ben\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 11:55:33.31 ]----------------------

Angeldark
Profil : Helper
Plus d'informations
n°276734
26-01-2008 à 13:19:19

Reposte un rapport Hijackthis.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
Youlou23
Profil : IDNaute
Plus d'informations
n°276747
26-01-2008 à 13:46:41

Voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:46, on 2008-01-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Progz\Avast\aswUpdSv.exe
D:\Progz\Avast\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\Progz\Avast\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Progz\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
d:\progz\a-squared free\a2service.exe
D:\Progz\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Progz\Avast\ashMaiSv.exe
D:\Progz\Avast\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Hijack\scan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Progz\Adobe reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {87058178-9A47-43B3-A124-1D52EE1C4651} - C:\WINDOWS\system32\pmnno.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "D:\Progz\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] D:\Progz\Avast\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Progz\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Progz\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Progz\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [StupidFilm] C:\DOCUME~1\ben\APPLIC~1\mp3rulesecond\AdminJoy.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "D:\Progz\Adobe reader\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Progz\Adobe reader\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn. [...] nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 1672745625
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\progz\a-squared free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Progz\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Progz\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Progz\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Progz\Avast\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Progz\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ben/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 8475 bytes

Angeldark
Profil : Helper
Plus d'informations
n°276768
26-01-2008 à 14:12:37