encore un pb de fenêtres intempestives
Forum Sécurité - Virus : encore un pb de fenêtres intempestives
Bonjour,
J'ai fait plusieurs recherches sur le forum mais j'ai l'impression que chaque cas et particulier.
Voilà j'ai des pages internet qui s'ouvrent n'importe quand.
je ne suis pas experte c'est pourquoi je poste ici.
voici mon rapport hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 15:43:33, on 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\DOCUME~1\famille\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/251 [...] o-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bastiencakounet78.spaces.li [...] nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 6987780062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 0446062578
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JA [...] anager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66A226DA-16F7-40F7-9C89-38B9001F2785}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C10B8CA-3549-4CAC-A3FB-8D60904CB7BD}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{A16F2D5F-F007-4A08-9B26-6FF30B28E511}: NameServer = 212.30.96.108,213.203.124.146
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\gtpauuvo.exe (file missing)
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Merci à tous ceux qui voudront m'aider
je précise que j'ai avast
easy cleaner
avg antispyware
Bonjour,
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
- Double-clique VundoFix.exe afin de le lancer
- Clique sur le bouton Scan for Vundo
- Lorsque le scan est complété, clique sur le bouton Remove Vundo
- Une invite te demandera si tu veux supprimer les fichiers, clique YES
- Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
- Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
- Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Répondre à Angeldark
Message supprimé ! Chacun son sujet !
Répondre à Angeldark
voici le rapport vundo (je n'ai trouvé que ça)
C:\WINDOWS\system32\jkkhedc.dll
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini2
C:\WINDOWS\system32\ssqpn.dll
et le nouveau rapport hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 20:01:12, on 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\famille\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis_199.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/251 [...] o-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bastiencakounet78.spaces.li [...] nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 6987780062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 0446062578
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JA [...] anager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66A226DA-16F7-40F7-9C89-38B9001F2785}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C10B8CA-3549-4CAC-A3FB-8D60904CB7BD}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{A16F2D5F-F007-4A08-9B26-6FF30B28E511}: NameServer = 212.30.96.108,213.203.124.146
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\gtpauuvo.exe (file missing)
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
j'ai également avast qui me détecte au démarrage win32:TratBHO[trj]
merci pour votre aide
C'pas le bon rapport mais c'est pas grave.
Désactive tes protections résidentes (antivirus, Spybot...) !
- Télécharge Combofix (sUBs) sur ton Bureau.
- Double clique sur combofix.exe afin de le lancer.
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Répondre à Angeldark
désolée pour le rapport, je viens de m'en rendre compte. Ok je recommence en désactivant les protections.
encore merci
Ok 
Répondre à Angeldark
voilà le rapport. Merci
ComboFix 08-02.05.3 - famille 2008-02-05 21:05:35.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.208 [GMT 1:00]Endroit: C:\Documents and Settings\famille\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\eywxbtqk.ini
C:\WINDOWS\system32\flxcvjif.ini
C:\WINDOWS\system32\gorwwwoq.ini
C:\WINDOWS\system32\hfdnfkcx.ini
C:\WINDOWS\system32\jkkhedc.dll
C:\WINDOWS\system32\odrcvyqm.ini
C:\WINDOWS\system32\ohopfuvn.ini
C:\WINDOWS\system32\qtutv.ini
C:\WINDOWS\system32\qtutv.ini2
C:\WINDOWS\system32\vmtrgggb.ini
C:\WINDOWS\system32\vrvhflsj.ini
C:\WINDOWS\system32\vsbrxkds.ini
C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\wjvtwjma.ini
C:\WINDOWS\system32\wlseaceo.ini
C:\WINDOWS\system32\xelmvwdb.ini
C:\WINDOWS\system32\xltnltto.ini
C:\WINDOWS\system32\ygusvuvj.ini
C:\WINDOWS\system32\yxnixbyp.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers créés 2008-01-05 to 2008-02-05 ))))))))))))))))))))))))))))))))))))
.
2008-02-05 18:50 . 2008-02-05 18:50 <REP> d-------- C:\VundoFix Backups
2008-02-05 00:23 . 2008-02-05 00:23 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-05 00:12 . 2008-02-05 00:12 <REP> d-------- C:\Documents and Settings\famille\Application Data\Grisoft
2008-02-05 00:12 . 2008-02-05 00:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-05 00:12 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-05 00:11 . 2008-02-05 00:11 <REP> d-------- C:\Program Files\CCleaner
2008-02-05 00:10 . 2008-02-05 06:28 <REP> d-------- C:\SDFix
2008-02-04 22:31 . 2008-02-04 22:31 <REP> d-------- C:\Program Files\Yahoo!
2008-02-04 21:39 . 2004-08-05 14:00 2,032 --a------ C:\WINDOWS\system32\mouse.drv
2008-02-04 21:39 . 2004-08-05 14:00 2,032 --a------ C:\WINDOWS\system32\dllcache\mouse.drv
2008-02-04 21:39 . 2004-08-05 14:00 2,032 --a------ C:\WINDOWS\system\MOUSE.DRV
2008-02-04 17:50 . 2008-02-04 17:50 <REP> d-------- C:\Program Files\ToniArts
2008-02-04 15:26 . 2008-02-04 15:26 <REP> d-------- C:\Program Files\Alwil Software
2008-02-04 15:26 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-04 15:26 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-04 15:26 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-04 15:26 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-04 15:26 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-04 15:26 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-04 15:26 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-04 15:26 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-01 19:00 . 2008-02-01 19:00 <REP> d-------- C:\Downloads
2008-01-30 02:15 . 2008-01-30 02:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-01-30 02:13 . 2006-01-11 14:21 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-01-30 02:13 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-01-30 02:13 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-30 02:13 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-01-30 02:13 . 2008-02-04 22:29 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-30 02:13 . 2008-02-04 22:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-01-30 02:13 . 2008-02-04 22:01 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-01-30 02:13 . 2008-01-30 02:14 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
2008-01-30 02:13 . 2006-01-11 14:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-01-30 02:13 . 2006-01-11 14:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-01-29 22:24 . 2008-01-29 22:24 <REP> d-------- C:\Program Files\Smallvideosoft
2008-01-29 22:24 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-01-29 22:24 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll
2008-01-29 22:24 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-01-29 15:51 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2008-01-29 15:51 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2008-01-29 15:50 . 2008-02-05 13:06 <REP> d-------- C:\Program Files\Replay Converter
2008-01-29 15:50 . 2008-01-29 15:50 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-01-29 15:22 . 2008-01-30 18:46 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-29 15:22 . 2008-01-29 15:22 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-01-28 21:48 . 2007-06-13 14:22 1,097,279 --a------ C:\WINDOWS\gfslqhh.exe
2008-01-27 01:37 . 2008-01-27 01:37 <REP> d-------- C:\Documents and Settings\famille\childsplay
2008-01-27 01:35 . 2008-01-27 01:43 <REP> d-------- C:\Program Files\Childsplay
2008-01-27 01:17 . 2008-02-05 13:00 <REP> d-------- C:\demo_lestibidous3-5
2008-01-24 22:35 . 2008-01-24 22:35 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2008-01-19 18:05 . 2008-01-21 15:06 <REP> d-------- C:\Program Files\BitTorrent_DNA
2008-01-11 23:08 . 2008-01-11 23:08 <REP> d-------- C:\WINDOWS\system32\windows media
2008-01-11 23:08 . 2008-01-11 23:09 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-11 23:08 . 2008-01-11 23:08 <REP> d-------- C:\Program Files\Windows Media Components
2008-01-11 23:00 . 2008-02-01 14:11 <REP> d-------- C:\Program Files\Hitachi Software Engineering
2008-01-11 23:00 . 2008-01-11 23:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hitachi Software Engineering
2008-01-11 22:05 . 2008-02-04 21:59 <REP> d-a------ C:\WINDOWS\calib_da
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-04 21:29 --------- d-----w C:\Program Files\eMule
2008-02-04 21:29 --------- d-----w C:\Documents and Settings\famille\Application Data\EoRezo
2008-02-04 21:28 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-04 21:28 --------- d-----w C:\Program Files\EasyPHP1-8
2008-02-04 21:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-04 21:01 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2008-02-04 21:01 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-04 21:01 --------- d-----w C:\Program Files\Livret élève
2008-02-04 21:01 --------- d-----w C:\Program Files\DivX_32
2008-02-04 21:01 --------- d-----w C:\Program Files\DivX_311alpha
2008-02-04 21:01 --------- d-----w C:\Program Files\AOL 9.0
2008-02-04 21:01 --------- d-----w C:\Program Files\ACiD Sync
2008-02-04 16:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 13:57 --------- d-----w C:\Documents and Settings\famille\Application Data\OpenOffice.org2
2008-02-01 13:05 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-01-29 14:50 --------- d-----w C:\Documents and Settings\famille\Application Data\GetRightToGo
2008-01-19 17:08 --------- d-----w C:\Program Files\BitTorrent
2008-01-19 17:06 --------- d-----w C:\Documents and Settings\famille\Application Data\BitTorrent
2008-01-19 17:04 --------- d-----w C:\Program Files\GetRight
2008-01-11 21:16 --------- d-----w C:\Program Files\Electronic Arts
2008-01-08 16:52 --------- d-----w C:\Documents and Settings\famille\Application Data\Canon
2007-12-30 17:08 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2007-12-18 10:09 --------- d-----w C:\Program Files\7-Zip
2007-12-18 10:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-04 13:12 194,184 ----a-w C:\Documents and Settings\famille\Application Data\GDIPFONTCACHEV1.DAT
2007-11-26 17:18 6,632 ----a-w C:\Documents and Settings\famille\Application Data\ViewerApp.dat
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-02 19:32 1,521 --sh--r C:\Documents and Settings\famille\Application Data\SCPSS6.DLL
2007-10-24 11:58 1,992 ---h--w C:\Documents and Settings\famille\Application Data\SCPSP6.DLL
2007-05-22 19:01 2,995,368 ----a-w C:\Documents and Settings\famille\SVGView.exe
2006-10-25 11:46 81,920 ----a-w C:\Documents and Settings\famille\Application Data\ezpinst.exe
2006-10-25 11:46 47,360 ----a-w C:\Documents and Settings\famille\Application Data\pcouffin.sys
2006-01-11 13:49 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EE0EB0D-9641-4329-9652-60BC920712C0}]
C:\WINDOWS\system32\vtsqo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28BF3945-BD67-4B2A-8016-AE5FAA16DE95}]
C:\WINDOWS\system32\vturo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9B815BF-9D78-4FF2-996D-6C3E01B2DF3D}]
C:\WINDOWS\system32\ssqpn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 11:45 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 12:06 181752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^famille^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\famille\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7c89f850]
C:\WINDOWS\system32\pybxinxy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-08-12 21:10 339968 C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autoconfigurateur WiFi Neuf]
--a------ 2007-02-14 12:06 181752 C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckMedi8or]
C:\Program Files\Mediator 7 Pro\CheckNewUser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-26 20:45 1211176 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-05-04 19:51 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a------ 2004-05-05 10:48 491520 C:\WINDOWS\system32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
--a------ 2004-04-01 16:03 49152 c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 14:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2005-01-28 11:10 110740 c:\Apps\Powercinema\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiler]
--a------ 2005-10-18 14:34 163840 C:\Program Files\Saitek\Software\ProfilerU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-07-15 14:36 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
--a------ 2005-11-03 11:09 126976 C:\Program Files\Saitek\Software\SaiMfd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StarBoardCtrlBox]
C:\Program Files\Hitachi Software Engineering\StarBoard Software\StarBoardControlBox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-06-03 02:52 36975 C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-25 11:45 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-06-21 18:14 35328 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]
R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys [2004-09-22 11:55]
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 13:55]
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 14:26]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
S1 sonypvd3;Sony DVD Handycam;C:\WINDOWS\system32\DRIVERS\sonypvd3.sys [2004-12-07 15:00]
S3 SaiH5F0D;SaiH5F0D;C:\WINDOWS\system32\DRIVERS\SaiH5F0D.sys [2006-02-28 11:52]
S3 SaiU5F0D;SaiU5F0D;C:\WINDOWS\system32\DRIVERS\SaiU5F0D.sys [2006-02-28 11:52]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-03-21 16:28]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-05 18:14:03 C:\WINDOWS\Tasks\HP Usg Daily.job"
- c:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
"2008-02-05 19:35:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-04 23:00:01 C:\WINDOWS\Tasks\{DA8BBDB1-816C-4786-A2AD-4506738B1CFC}_SN404410980004_famille.job"
- C:\WINDOWS\system32\mobsync.exeK /Schedule=
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 21:08:35
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-05 21:09:20
ComboFix-quarantined-files.txt 2008-02-05 20:08:58
.
2008-01-29 12:35:20 --- E O F ---
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of HijackThis v1.99.1
Scan saved at 22:25:23, on 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\famille\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis_199.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1EE0EB0D-9641-4329-9652-60BC920712C0} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O2 - BHO: (no name) - {28BF3945-BD67-4B2A-8016-AE5FAA16DE95} - C:\WINDOWS\system32\vturo.dll (file missing)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C9B815BF-9D78-4FF2-996D-6C3E01B2DF3D} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/251 [...] o-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bastiencakounet78.spaces.li [...] nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 6987780062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 0446062578
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JA [...] anager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66A226DA-16F7-40F7-9C89-38B9001F2785}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C10B8CA-3549-4CAC-A3FB-8D60904CB7BD}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{A16F2D5F-F007-4A08-9B26-6FF30B28E511}: NameServer = 212.30.96.108,213.203.124.146
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
merci pour tout
Re,
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Répondre à Angeldark
le rapport d'antivir, bonne soirée
AntiVir PersonalEdition Classic
Report file date: mardi 5 février 2008 22:55
Scanning for 1093948 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: SN404410980004
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:53:12
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 21:53:12
ANTIVIR3.VDF : 7.0.2.96 321024 Bytes 05/02/2008 21:53:12
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 05/02/2008 21:53:14
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 05/02/2008 21:53:14
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 5 février 2008 22:55
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process '9wifi.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'HidService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '16' files ).
Starting the file scan:
Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\jeux\Le Seigneur Des Anneaux La Bataille Pour La Terre Du Milieu. JEUX PC COMPLET FR avec crack.rar
[0] Archive type: RAR
--> Le Seigneur Des Anneaux La Bataille Pour La Terre Du Milieu\Comment Gagner gros sur internet by ANGE.zip
[1] Archive type: ZIP
--> Comment Gagner gros sur internet by ANGE/La 1Šre astuce pour tricher avec eurobarre.zip
[2] Archive type: ZIP
--> La 1Šre astuce pour tricher avec eurobarre/Eurofake.exe
[DETECTION] Contains detection pattern of the worm WORM/MSN.Kelvir.AC
[INFO] The file was moved to '47c8e156.qua'!
C:\Program Files\eMule\Incoming\Adiboudchou_a_la_mer_-_Nero_-_Fr.par.ace
[0] Archive type: ACE
--> Kidz - Adiboud'chou … la mer - Fr.nrg
[WARNING] Error creating the file
[WARNING] Error creating the file
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkhedc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4813e728.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vtutq.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481de738.qua'!
C:\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/NTSpool.exe
[DETECTION] Is the Trojan horse TR/Inject.UY
[INFO] The file was moved to '480be73c.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000466.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e72f.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000467.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e731.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000468.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e734.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000469.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e737.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000470.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e73a.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000471.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e73c.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000472.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e73e.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000473.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e73f.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000474.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e741.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000475.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e743.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000476.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e746.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000477.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e749.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000478.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e74a.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000479.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4647b6cb.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000480.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e74c.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000481.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e74b.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000482.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4647b6cc.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000483.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e74d.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000484.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4647b6ce.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000485.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4647b6cd.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000486.dll
[DETECTION] Is the Trojan horse TR/Virtumod.PB
[INFO] The file was moved to '47d8e74e.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000487.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4647b6cf.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000488.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e750.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000489.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e74f.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000490.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4647b6d0.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000491.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e751.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000492.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4647b6d2.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000493.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4647b6d1.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0000494.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e752.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0001615.exe
[DETECTION] Is the Trojan horse TR/Inject.UY
[INFO] The file was moved to '47d8e753.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0001649.exe
[DETECTION] Is the Trojan horse TR/Inject.UY
[INFO] The file was moved to '4647b6d3.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0001913.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e75d.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1\A0001914.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4647b6de.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP2\A0001994.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d8e760.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP2\A0001995.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4647b6e1.qua'!
C:\VundoFix Backups\jkkhedc.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4813e7a4.qua'!
C:\VundoFix Backups\ssqpn.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4819e7ad.qua'!
C:\WINDOWS\gfslqhh.exe
[DETECTION] Is the Trojan horse TR/Patched.BL.3
[INFO] The file was moved to '481be7a4.qua'!
End of the scan: mardi 5 février 2008 23:57
Used time: 1:02:15 min
The scan has been done completely.
7731 Scanning directories
300600 Files were scanned
42 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
42 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
300558 Files not concerned
8152 Archives were scanned
4 Warnings
35 Notes
Reposte un rapport Hijackthis.
Répondre à Angeldark
je n'ai plus de fenêtres bizarres qui s'ouvrent, voici le rapport. Merci
Logfile of HijackThis v1.99.1
Scan saved at 16:49:26, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\famille\LOCALS~1\Temp\Répertoire temporaire 3 pour hijackthis_199.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1EE0EB0D-9641-4329-9652-60BC920712C0} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O2 - BHO: (no name) - {28BF3945-BD67-4B2A-8016-AE5FAA16DE95} - C:\WINDOWS\system32\vturo.dll (file missing)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C9B815BF-9D78-4FF2-996D-6C3E01B2DF3D} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/251 [...] o-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bastiencakounet78.spaces.li [...] nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 6987780062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 0446062578
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JA [...] anager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66A226DA-16F7-40F7-9C89-38B9001F2785}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C10B8CA-3549-4CAC-A3FB-8D60904CB7BD}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{A16F2D5F-F007-4A08-9B26-6FF30B28E511}: NameServer = 212.30.96.108,213.203.124.146
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Refais un scan Combofix.
Répondre à Angeldark
le rapport combofix. encore merci
ComboFix 08-02.05.3 - famille 2008-02-06 18:01:22.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.171 [GMT 1:00]Endroit: C:\Documents and Settings\famille\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))))))))
.
2008-02-05 22:50 . 2008-02-05 22:50 <REP> d-------- C:\Program Files\Avira
2008-02-05 22:50 . 2008-02-05 22:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-05 18:50 . 2008-02-05 23:46 <REP> d-------- C:\VundoFix Backups
2008-02-05 00:23 . 2008-02-05 00:23 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-05 00:12 . 2008-02-05 00:12 <REP> d-------- C:\Documents and Settings\famille\Application Data\Grisoft
2008-02-05 00:12 . 2008-02-05 00:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-05 00:12 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-05 00:11 . 2008-02-05 00:11 <REP> d-------- C:\Program Files\CCleaner
2008-02-05 00:10 . 2008-02-05 06:28 <REP> d-------- C:\SDFix
2008-02-04 22:31 . 2008-02-04 22:31 <REP> d-------- C:\Program Files\Yahoo!
2008-02-04 21:39 . 2004-08-05 14:00 2,032 --a------ C:\WINDOWS\system32\mouse.drv
2008-02-04 21:39 . 2004-08-05 14:00 2,032 --a------ C:\WINDOWS\system32\dllcache\mouse.drv
2008-02-04 21:39 . 2004-08-05 14:00 2,032 --a------ C:\WINDOWS\system\MOUSE.DRV
2008-02-04 17:50 . 2008-02-04 17:50 <REP> d-------- C:\Program Files\ToniArts
2008-02-04 15:26 . 2008-02-04 15:26 <REP> d-------- C:\Program Files\Alwil Software
2008-02-01 19:00 . 2008-02-01 19:00 <REP> d-------- C:\Downloads
2008-01-30 02:15 . 2008-01-30 02:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-01-30 02:13 . 2006-01-11 14:21 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-01-30 02:13 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-01-30 02:13 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-30 02:13 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-01-30 02:13 . 2008-02-04 22:29 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-30 02:13 . 2008-02-04 22:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-01-30 02:13 . 2008-02-04 22:01 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-01-30 02:13 . 2008-01-30 02:14 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
2008-01-30 02:13 . 2006-01-11 14:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-01-30 02:13 . 2006-01-11 14:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-01-29 22:24 . 2008-01-29 22:24 <REP> d-------- C:\Program Files\Smallvideosoft
2008-01-29 22:24 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-01-29 22:24 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll
2008-01-29 22:24 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-01-29 15:51 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2008-01-29 15:51 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2008-01-29 15:50 . 2008-02-05 13:06 <REP> d-------- C:\Program Files\Replay Converter
2008-01-29 15:50 . 2008-01-29 15:50 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-01-29 15:22 . 2008-01-30 18:46 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-29 15:22 . 2008-01-29 15:22 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-01-27 01:37 . 2008-01-27 01:37 <REP> d-------- C:\Documents and Settings\famille\childsplay
2008-01-27 01:35 . 2008-01-27 01:43 <REP> d-------- C:\Program Files\Childsplay
2008-01-27 01:17 . 2008-02-05 13:00 <REP> d-------- C:\demo_lestibidous3-5
2008-01-24 22:35 . 2008-01-24 22:35 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2008-01-19 18:05 . 2008-01-21 15:06 <REP> d-------- C:\Program Files\BitTorrent_DNA
2008-01-11 23:08 . 2008-01-11 23:08 <REP> d-------- C:\WINDOWS\system32\windows media
2008-01-11 23:08 . 2008-01-11 23:09 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-11 23:08 . 2008-01-11 23:08 <REP> d-------- C:\Program Files\Windows Media Components
2008-01-11 23:00 . 2008-02-01 14:11 <REP> d-------- C:\Program Files\Hitachi Software Engineering
2008-01-11 23:00 . 2008-01-11 23:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hitachi Software Engineering
2008-01-11 22:05 . 2008-02-04 21:59 <REP> d-a------ C:\WINDOWS\calib_da
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-04 21:29 --------- d-----w C:\Program Files\eMule
2008-02-04 21:29 --------- d-----w C:\Documents and Settings\famille\Application Data\EoRezo
2008-02-04 21:28 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-04 21:28 --------- d-----w C:\Program Files\EasyPHP1-8
2008-02-04 21:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-04 21:01 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2008-02-04 21:01 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-04 21:01 --------- d-----w C:\Program Files\Livret élève
2008-02-04 21:01 --------- d-----w C:\Program Files\DivX_32
2008-02-04 21:01 --------- d-----w C:\Program Files\DivX_311alpha
2008-02-04 21:01 --------- d-----w C:\Program Files\AOL 9.0
2008-02-04 21:01 --------- d-----w C:\Program Files\ACiD Sync
2008-02-04 16:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 13:57 --------- d-----w C:\Documents and Settings\famille\Application Data\OpenOffice.org2
2008-02-01 13:05 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-01-29 14:50 --------- d-----w C:\Documents and Settings\famille\Application Data\GetRightToGo
2008-01-19 17:08 --------- d-----w C:\Program Files\BitTorrent
2008-01-19 17:06 --------- d-----w C:\Documents and Settings\famille\Application Data\BitTorrent
2008-01-19 17:04 --------- d-----w C:\Program Files\GetRight
2008-01-11 21:16 --------- d-----w C:\Program Files\Electronic Arts
2008-01-08 16:52 --------- d-----w C:\Documents and Settings\famille\Application Data\Canon
2007-12-30 17:08 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2007-12-18 10:09 --------- d-----w C:\Program Files\7-Zip
2007-12-18 10:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-04 13:12 194,184 ----a-w C:\Documents and Settings\famille\Application Data\GDIPFONTCACHEV1.DAT
2007-11-26 17:18 6,632 ----a-w C:\Documents and Settings\famille\Application Data\ViewerApp.dat
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-02 19:32 1,521 --sh--r C:\Documents and Settings\famille\Application Data\SCPSS6.DLL
2007-10-24 11:58 1,992 ---h--w C:\Documents and Settings\famille\Application Data\SCPSP6.DLL
2007-05-22 19:01 2,995,368 ----a-w C:\Documents and Settings\famille\SVGView.exe
2006-10-25 11:46 81,920 ----a-w C:\Documents and Settings\famille\Application Data\ezpinst.exe
2006-10-25 11:46 47,360 ----a-w C:\Documents and Settings\famille\Application Data\pcouffin.sys
2006-01-11 13:49 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EE0EB0D-9641-4329-9652-60BC920712C0}]
C:\WINDOWS\system32\vtsqo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28BF3945-BD67-4B2A-8016-AE5FAA16DE95}]
C:\WINDOWS\system32\vturo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9B815BF-9D78-4FF2-996D-6C3E01B2DF3D}]
C:\WINDOWS\system32\ssqpn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 11:45 68856]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 12:06 181752]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-15 14:36 98304]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-05 22:53 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^famille^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\famille\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7c89f850]
C:\WINDOWS\system32\pybxinxy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-08-12 21:10 339968 C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autoconfigurateur WiFi Neuf]
--a------ 2007-02-14 12:06 181752 C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckMedi8or]
C:\Program Files\Mediator 7 Pro\CheckNewUser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-26 20:45 1211176 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-05-04 19:51 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a------ 2004-05-05 10:48 491520 C:\WINDOWS\system32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
--a------ 2004-04-01 16:03 49152 c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 14:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2005-01-28 11:10 110740 c:\Apps\Powercinema\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiler]
--a------ 2005-10-18 14:34 163840 C:\Program Files\Saitek\Software\ProfilerU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-07-15 14:36 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
--a------ 2005-11-03 11:09 126976 C:\Program Files\Saitek\Software\SaiMfd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StarBoardCtrlBox]
C:\Program Files\Hitachi Software Engineering\StarBoard Software\StarBoardControlBox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-06-03 02:52 36975 C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-25 11:45 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-06-21 18:14 35328 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]
R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys [2004-09-22 11:55]
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 13:55]
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 14:26]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
S1 sonypvd3;Sony DVD Handycam;C:\WINDOWS\system32\DRIVERS\sonypvd3.sys [2004-12-07 15:00]
S3 SaiH5F0D;SaiH5F0D;C:\WINDOWS\system32\DRIVERS\SaiH5F0D.sys [2006-02-28 11:52]
S3 SaiU5F0D;SaiU5F0D;C:\WINDOWS\system32\DRIVERS\SaiU5F0D.sys [2006-02-28 11:52]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-03-21 16:28]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-06 06:14:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- c:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
"2008-02-06 16:35:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-05 23:00:00 C:\WINDOWS\Tasks\{DA8BBDB1-816C-4786-A2AD-4506738B1CFC}_SN404410980004_famille.job"
- C:\WINDOWS\system32\mobsync.exeK /Schedule=
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 18:04:55
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-06 18:05:37
ComboFix-quarantined-files.txt 2008-02-06 17:05:22
ComboFix2.txt 2008-02-05 20:09:21
.
2008-01-29 12:35:20 --- E O F ---
Re,
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
1er rapport
ComboFix 08-02.05.3 - famille 2008-02-06 20:20:17.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.200 [GMT 1:00]Endroit: C:\Documents and Settings\famille\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\famille\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE
C:\WINDOWS\iun6002.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\iun6002.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))))))))
.
2008-02-06 18:01 . 2004-08-05 14:00 400,896 --a------ C:\kmd.exe
2008-02-05 22:50 . 2008-02-05 22:50 <REP> d-------- C:\Program Files\Avira
2008-02-05 22:50 . 2008-02-05 22:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-05 18:50 . 2008-02-05 23:46 <REP> d-------- C:\VundoFix Backups
2008-02-05 00:23 . 2008-02-05 00:23 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-05 00:12 . 2008-02-05 00:12 <REP> d-------- C:\Documents and Settings\famille\Application Data\Grisoft
2008-02-05 00:12 . 2008-02-05 00:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-05 00:12 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-05 00:11 . 2008-02-05 00:11 <REP> d-------- C:\Program Files\CCleaner
2008-02-05 00:10 . 2008-02-05 06:28 <REP> d-------- C:\SDFix
2008-02-04 22:31 . 2008-02-04 22:31 <REP> d-------- C:\Program Files\Yahoo!
2008-02-04 21:39 . 2004-08-05 14:00 2,032 --a------ C:\WINDOWS\system32\mouse.drv
2008-02-04 21:39 . 2004-08-05 14:00 2,032 --a------ C:\WINDOWS\system32\dllcache\mouse.drv
2008-02-04 21:39 . 2004-08-05 14:00 2,032 --a------ C:\WINDOWS\system\MOUSE.DRV
2008-02-04 17:50 . 2008-02-04 17:50 <REP> d-------- C:\Program Files\ToniArts
2008-02-04 15:26 . 2008-02-04 15:26 <REP> d-------- C:\Program Files\Alwil Software
2008-02-01 19:00 . 2008-02-01 19:00 <REP> d-------- C:\Downloads
2008-01-30 02:15 . 2008-01-30 02:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-01-30 02:13 . 2006-01-11 14:21 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-01-30 02:13 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-01-30 02:13 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-30 02:13 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-01-30 02:13 . 2008-02-04 22:29 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-30 02:13 . 2008-02-04 22:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-01-30 02:13 . 2008-02-04 22:01 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-01-30 02:13 . 2008-01-30 02:14 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
2008-01-30 02:13 . 2006-01-11 14:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-01-30 02:13 . 2006-01-11 14:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-01-29 22:24 . 2008-01-29 22:24 <REP> d-------- C:\Program Files\Smallvideosoft
2008-01-29 22:24 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-01-29 22:24 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll
2008-01-29 22:24 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-01-29 15:51 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2008-01-29 15:51 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2008-01-29 15:50 . 2008-02-05 13:06 <REP> d-------- C:\Program Files\Replay Converter
2008-01-29 15:22 . 2008-01-30 18:46 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-29 15:22 . 2008-01-29 15:22 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-01-27 01:37 . 2008-01-27 01:37 <REP> d-------- C:\Documents and Settings\famille\childsplay
2008-01-27 01:35 . 2008-01-27 01:43 <REP> d-------- C:\Program Files\Childsplay
2008-01-27 01:17 . 2008-02-05 13:00 <REP> d-------- C:\demo_lestibidous3-5
2008-01-24 22:35 . 2008-01-24 22:35 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2008-01-19 18:05 . 2008-01-21 15:06 <REP> d-------- C:\Program Files\BitTorrent_DNA
2008-01-11 23:08 . 2008-01-11 23:08 <REP> d-------- C:\WINDOWS\system32\windows media
2008-01-11 23:08 . 2008-01-11 23:09 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-11 23:08 . 2008-01-11 23:08 <REP> d-------- C:\Program Files\Windows Media Components
2008-01-11 23:00 . 2008-02-01 14:11 <REP> d-------- C:\Program Files\Hitachi Software Engineering
2008-01-11 23:00 . 2008-01-11 23:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hitachi Software Engineering
2008-01-11 22:05 . 2008-02-04 21:59 <REP> d-a------ C:\WINDOWS\calib_da
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-04 21:29 --------- d-----w C:\Program Files\eMule
2008-02-04 21:29 --------- d-----w C:\Documents and Settings\famille\Application Data\EoRezo
2008-02-04 21:28 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-04 21:28 --------- d-----w C:\Program Files\EasyPHP1-8
2008-02-04 21:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-04 21:01 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2008-02-04 21:01 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-04 21:01 --------- d-----w C:\Program Files\Livret élève
2008-02-04 21:01 --------- d-----w C:\Program Files\DivX_32
2008-02-04 21:01 --------- d-----w C:\Program Files\DivX_311alpha
2008-02-04 21:01 --------- d-----w C:\Program Files\AOL 9.0
2008-02-04 21:01 --------- d-----w C:\Program Files\ACiD Sync
2008-02-04 16:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 13:57 --------- d-----w C:\Documents and Settings\famille\Application Data\OpenOffice.org2
2008-02-01 13:05 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-01-29 14:50 --------- d-----w C:\Documents and Settings\famille\Application Data\GetRightToGo
2008-01-19 17:08 --------- d-----w C:\Program Files\BitTorrent
2008-01-19 17:06 --------- d-----w C:\Documents and Settings\famille\Application Data\BitTorrent
2008-01-19 17:04 --------- d-----w C:\Program Files\GetRight
2008-01-11 21:16 --------- d-----w C:\Program Files\Electronic Arts
2008-01-08 16:52 --------- d-----w C:\Documents and Settings\famille\Application Data\Canon
2007-12-30 17:08 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2007-12-18 10:09 --------- d-----w C:\Program Files\7-Zip
2007-12-18 10:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-04 13:12 194,184 ----a-w C:\Documents and Settings\famille\Application Data\GDIPFONTCACHEV1.DAT
2007-11-26 17:18 6,632 ----a-w C:\Documents and Settings\famille\Application Data\ViewerApp.dat
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-02 19:32 1,521 --sh--r C:\Documents and Settings\famille\Application Data\SCPSS6.DLL
2007-10-24 11:58 1,992 ---h--w C:\Documents and Settings\famille\Application Data\SCPSP6.DLL
2007-05-22 19:01 2,995,368 ----a-w C:\Documents and Settings\famille\SVGView.exe
2006-10-25 11:46 81,920 ----a-w C:\Documents and Settings\famille\Application Data\ezpinst.exe
2006-10-25 11:46 47,360 ----a-w C:\Documents and Settings\famille\Application Data\pcouffin.sys
2006-01-11 13:49 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 11:45 68856]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37 2321600]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 20:45 1211176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 12:06 181752]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-15 14:36 98304]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-05 22:53 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^famille^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\famille\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-08-12 21:10 339968 C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autoconfigurateur WiFi Neuf]
--a------ 2007-02-14 12:06 181752 C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckMedi8or]
C:\Program Files\Mediator 7 Pro\CheckNewUser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-26 20:45 1211176 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-05-04 19:51 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a------ 2004-05-05 10:48 491520 C:\WINDOWS\system32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
--a------ 2004-04-01 16:03 49152 c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 14:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2005-01-28 11:10 110740 c:\Apps\Powercinema\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiler]
--a------ 2005-10-18 14:34 163840 C:\Program Files\Saitek\Software\ProfilerU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-07-15 14:36 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
--a------ 2005-11-03 11:09 126976 C:\Program Files\Saitek\Software\SaiMfd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StarBoardCtrlBox]
C:\Program Files\Hitachi Software Engineering\StarBoard Software\StarBoardControlBox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-06-03 02:52 36975 C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-25 11:45 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-06-21 18:14 35328 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]
R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys [2004-09-22 11:55]
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 13:55]
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 14:26]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
S1 sonypvd3;Sony DVD Handycam;C:\WINDOWS\system32\DRIVERS\sonypvd3.sys [2004-12-07 15:00]
S3 SaiH5F0D;SaiH5F0D;C:\WINDOWS\system32\DRIVERS\SaiH5F0D.sys [2006-02-28 11:52]
S3 SaiU5F0D;SaiU5F0D;C:\WINDOWS\system32\DRIVERS\SaiU5F0D.sys [2006-02-28 11:52]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-03-21 16:28]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-06 18:14:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- c:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
"2008-02-06 18:35:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-05 23:00:00 C:\WINDOWS\Tasks\{DA8BBDB1-816C-4786-A2AD-4506738B1CFC}_SN404410980004_famille.job"
- C:\WINDOWS\system32\mobsync.exeK /Schedule=
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 20:23:34
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-06 20:24:16
ComboFix-quarantined-files.txt 2008-02-06 19:23:54
ComboFix2.txt 2008-02-06 17:05:37
ComboFix3.txt 2008-02-05 20:09:21
.
2008-01-29 12:35:20 --- E O F ---
2ème rapport
Logfile of HijackThis v1.99.1
Scan saved at 20:27:01, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\famille\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/251 [...] o-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bastiencakounet78.spaces.li [...] nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 6987780062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 0446062578
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JA [...] anager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66A226DA-16F7-40F7-9C89-38B9001F2785}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C10B8CA-3549-4CAC-A3FB-8D60904CB7BD}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{A16F2D5F-F007-4A08-9B26-6FF30B28E511}: NameServer = 212.30.96.108,213.203.124.146
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
merci
C'est mieux non ?
Répondre à Angeldark
oui beaucoup mieux, encore merci pour ton aide et surtout ta rapidité.
De rien 
Répondre à Angeldark
Il y a 1073 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
