internet + virus (moteur-de-recherche, son-avast, scanner, scan)

maxou1704

19 Septembre 2008 17:48:03

bonjour à tous ! je vous écrit en tant que novice de l'informatique. j'ai plusieurs problèmes avec mon ordi qui est infecté. 1er problème : il rame énormément quand il ne plante pas carrément! 2ème problème ; internet : lorsque je lance une recherche sur mon moteur de recherche ( google ou yahoo le problème est le même ) , il donne des résultats à ma recherche. jusqu'ici rien d'anormal. mais lorsque je clique sur un lien , il m'ouvre une fenêtre qui n'a rien à voir avec le site sur lequel je veux aller ! donc pour faire simple il m'est impossible de naviguer sur internet...j'ai également des pages de pub ( porno, voyance, etc...) qui s'ouvrent sans que je touche à rien. j'espère que vous avez bien compris mes problèmes et j'espère que quelqu'un pourra m'apporter de l'aide rapidement ! vous remerciant par avance. ci-joint mn adresse e-mail : **@hotmail.fr
Merci

Autres pages sur : internet virus

| Etre averti des réponses
| Alerter

Répondre à maxou1704

sam85

20 Septembre 2008 12:22:54

Ce sujet a été déplacé de la catégorie Internet-Reseaux vers la catégorie Sécurité - Virus par Sam85

| Alerter

Répondre à sam85

Angeldark

20 Septembre 2008 15:47:16

Bonjour,

Pas d'adresse mail merci.

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

&

Télécharge Catchme ([#ff0000]Gmer[/#f]) sur ton Bureau.

Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse.

| Alerter

Répondre à Angeldark

maxou1704

21 Septembre 2008 21:23:09

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:19:07, on 21/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\fsqh.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fsrw.exe
C:\Program Files\Pack Sécurité\FSPC\fspc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fssm32.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AntiSpywareExpert\ase.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\Iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: (no name) - {149F11BC-D5BF-4491-B94E-C72FB081F35D} - C:\WINDOWS\system32\vtUllMGv.dll
O2 - BHO: {9aeb2649-9554-42b9-eea4-26f2ad08242d} - {d24280da-2f62-4aee-9b24-45599462bea9} - C:\WINDOWS\system32\mkmppr.dll
O2 - BHO: (no name) - {F35DAC96-4E16-401A-8A28-73DE844849F9} - C:\WINDOWS\system32\opnnnKax.dll
O4 - HKLM\..\Run: [3408b0dd] rundll32.exe "C:\WINDOWS\system32\dqcjpbax.dll",b
O4 - HKLM\..\Run: [AntiSpywareExpert] C:\Program Files\AntiSpywareExpert\ase.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2032939501-2981657372-3798538060-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Invité')
O4 - HKUS\S-1-5-21-2032939501-2981657372-3798538060-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Invité')
O4 - S-1-5-21-2032939501-2981657372-3798538060-501 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Invité')
O4 - S-1-5-21-2032939501-2981657372-3798538060-501 User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Invité')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Pack Sécurité.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZUman000
O20 - AppInit_DLLs: mkmppr.dll
O20 - Winlogon Notify: vtUllMGv - C:\WINDOWS\SYSTEM32\vtUllMGv.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)

--
End of file - 5727 bytes

| Alerter

Répondre à maxou1704

maxou1704

22 Septembre 2008 06:11:55

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2008-09-22 08:11:41
Windows 5.1.2600 Service Pack 3

---- Threads - GMER 1.0.12 ----

Thread 4:348 F77DDD7E

---- Processes - GMER 1.0.12 ----

Process hidden process (*** hidden *** ) 2912

---- EOF - GMER 1.0.12 ----

| Alerter

Répondre à maxou1704

Angeldark

22 Septembre 2008 11:18:54

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur comboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

| Alerter

Répondre à Angeldark

maxou1704

22 Septembre 2008 16:07:38

quand je veux télécharger ComboFix, internet Explorer me met qu'il ne peut pas afficher la page web...de plus je suis toujours redirigé vers de mauvais et mon ordi n'arrête pas de planter... merci d'avace pour votre aide

| Alerter

Répondre à maxou1704

Angeldark

22 Septembre 2008 16:49:05

http://toolbarsd.googlepages.com/Combo-Fix.exe
Ce lien fonctionne ?

| Alerter

Répondre à Angeldark

maxou1704

22 Septembre 2008 18:28:27

j'ai utilisé NetMeeting avec un ami et le problème des mauvais liens internet semble résolu. mais l'ordi rame toujours énormément et il plante de nombreuses fois.

| Alerter

Répondre à maxou1704

Angeldark

22 Septembre 2008 18:35:59

Tu peux faire ce que j'ai dit ?

| Alerter

Répondre à Angeldark

maxou1704

23 Septembre 2008 11:13:19

ComboFix 08-09-20.05 - HP_Propri‚taire 2008-09-23 12:53:43.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.63 [GMT 2:00]
Lancé depuis: C:\Program Files\NetMeeting\fichiers re‡us\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MicroAV
C:\Program Files\MicroAV\MicroAV.ooo
C:\Program Files\MicroAV\MicroAV0.dat
C:\Program Files\MicroAV\MicroAV1.dat
C:\WINDOWS\b.exe
C:\WINDOWS\system32\cxfrtlddh.dat
C:\WINDOWS\system32\cxfrtlddh_navps.dat
C:\WINDOWS\system32\gfOWwyay.ini
C:\WINDOWS\system32\gfOWwyay.ini2
C:\WINDOWS\system32\KnnVyyay.ini
C:\WINDOWS\system32\KnnVyyay.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opnnnKax.dll
C:\WINDOWS\system32\psbpgl.dat
C:\WINDOWS\system32\psbpgl_nav.dat
C:\WINDOWS\system32\psbpgl_navps.dat
C:\WINDOWS\system32\qaaemf.dat
C:\WINDOWS\system32\qaaemf_nav.dat
C:\WINDOWS\system32\qaaemf_navps.dat
C:\WINDOWS\system32\qamrivtk.dllbox
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\tevnonri.dllbox
C:\WINDOWS\system32\vtUllMGv.dll
C:\WINDOWS\system32\wceaa.dat
C:\WINDOWS\system32\wceaa.exe
C:\WINDOWS\system32\wceaa_nav.dat
C:\WINDOWS\system32\wceaa_navps.dat
C:\WINDOWS\system32\wnstsicomsv.exe
C:\WINDOWS\system32\xaKnnnpo.ini
C:\WINDOWS\system32\xaKnnnpo.ini2
C:\WINDOWS\system32\yaywWOfg.dll
C:\WINDOWS\system32\yayyVnnK.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_TDSSSERV
-------\Legacy_WER32
-------\Service_MyWebSearchService
-------\Service_TDSSserv

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-23 au 2008-09-23 ))))))))))))))))))))))))))))))))))))
.

2008-09-23 12:20 . 2008-09-23 13:07 855,497 ---hs---- C:\WINDOWS\system32\mnnewtgk.ini
2008-09-23 12:20 . 2008-09-23 12:20 137,344 --a------ C:\WINDOWS\system32\txssqtmw.dll
2008-09-23 12:20 . 2008-09-23 12:20 137,344 --a------ C:\WINDOWS\system32\jzorku.dll
2008-09-23 12:20 . 2008-09-23 12:20 104,064 --a------ C:\WINDOWS\system32\kgtwennm.dll
2008-09-22 20:53 . 2008-09-22 21:04 855,471 ---hs---- C:\WINDOWS\system32\wykdloav.ini
2008-09-22 20:53 . 2008-09-22 20:53 103,552 --a------ C:\WINDOWS\system32\vaoldkyw.dll
2008-09-22 19:35 . 2008-09-22 20:03 <REP> d-------- C:\Program Files\NoSpam
2008-09-22 18:15 . 2008-09-22 18:15 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-22 16:29 . 2008-09-22 16:31 <REP> d-------- C:\Program Files\Power Defrag
2008-09-22 16:29 . 2008-09-22 16:29 796,672 --a------ C:\WINDOWS\GPInstall.exe
2008-09-22 08:07 . 2008-09-22 16:24 250 --a------ C:\WINDOWS\gmer.ini
2008-09-22 07:59 . 2008-09-22 07:59 136,832 --a------ C:\WINDOWS\system32\wbghtnfk.dll
2008-09-22 07:59 . 2008-09-22 07:59 136,832 --a------ C:\WINDOWS\system32\lejknl.dll
2008-09-22 07:57 . 2008-09-22 14:54 978,485 ---hs---- C:\WINDOWS\system32\xtqwgqrx.ini
2008-09-22 07:57 . 2008-09-22 07:57 103,552 --a------ C:\WINDOWS\system32\xrqgwqtx.dll
2008-09-19 12:14 . 2008-09-22 07:56 977,781 ---hs---- C:\WINDOWS\system32\xabpjcqd.ini
2008-09-19 12:13 . 2008-09-19 12:13 137,344 --a------ C:\WINDOWS\system32\mkmppr.dll
2008-09-19 12:13 . 2008-09-19 12:13 137,344 --a------ C:\WINDOWS\system32\bcptunyf.dll
2008-09-17 15:54 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-09-17 15:54 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-09-17 15:54 . 2008-09-17 15:54 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-09-17 15:54 . 2008-09-17 15:54 3,120 --a------ C:\WINDOWS\118294.78
2008-09-17 15:54 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-09-17 12:17 . 2008-09-17 12:17 253,952 --a------ C:\WINDOWS\system32\owkamus.exe
2008-09-16 19:39 . 2008-09-16 19:39 136,832 --a------ C:\WINDOWS\system32\ypkajc.dll
2008-09-16 19:39 . 2008-09-16 19:39 136,832 --a------ C:\WINDOWS\system32\meqolipi.dll
2008-09-16 19:37 . 2008-09-16 19:37 979,900 ---hs---- C:\WINDOWS\system32\sdhokopa.ini
2008-09-16 19:37 . 2008-09-16 19:37 104,064 --a------ C:\WINDOWS\system32\apokohds.dll
2008-09-16 19:17 . 2008-09-16 19:33 979,840 ---hs---- C:\WINDOWS\system32\shrhhdmd.ini
2008-09-16 19:14 . 2008-09-16 19:14 136,832 --a------ C:\WINDOWS\system32\lfoxcbkn.dll
2008-09-16 19:14 . 2008-09-16 19:14 136,832 --a------ C:\WINDOWS\system32\fdvfdv.dll
2008-09-16 14:40 . 2008-09-16 14:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\iolo
2008-09-16 14:33 . 2005-10-20 21:05 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-16 14:33 . 2005-10-20 21:05 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-16 14:33 . 2005-10-27 00:35 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
2008-09-16 14:33 . 2005-10-27 00:35 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-16 14:33 . 2005-10-27 00:35 <REP> d-------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-16 14:33 . 2006-05-26 14:16 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-16 14:33 . 2005-10-20 21:05 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-16 14:33 . 2008-09-16 14:33 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-14 20:41 . 2008-09-16 19:05 230,506 --ahs---- C:\WINDOWS\system32\OUCLUvut.ini
2008-09-14 20:41 . 2008-09-16 19:02 229,907 --ahs---- C:\WINDOWS\system32\OUCLUvut.ini2
2008-09-14 19:16 . 2008-09-14 19:16 65 --a------ C:\WINDOWS\system32\3408a253
2008-09-10 14:24 . <REP> C:\Documents and Settings\HP_Propriétaire\Application Data\iolo
2008-09-09 17:07 . 2008-09-09 17:07 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-09-09 17:06 . 2008-09-09 17:06 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-09-09 17:05 . 2008-09-09 17:05 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-09-09 17:04 . 2008-09-09 17:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-08-28 09:45 . 2008-08-28 09:45 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-28 09:45 . 2008-08-28 09:45 <REP> d-------- C:\WINDOWS\system32\bits
2008-08-28 09:45 . 2008-08-28 09:45 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-28 09:42 . 2008-08-28 09:46 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-28 09:32 . 2008-08-28 09:32 <REP> d-------- C:\WINDOWS\EHome
2008-08-25 11:23 . 2008-08-25 11:23 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-08-25 11:21 . 2008-08-25 11:21 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-08-25 11:21 . 2008-08-25 11:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-08-23 22:45 . 2004-08-04 00:38 327,168 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 16:46 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\vlc
2008-09-22 16:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-22 13:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 13:16 3,516 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
2008-09-16 16:21 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-09-15 17:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-14 14:37 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-09-01 13:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-30 10:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-08-27 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-08-25 09:21 --------- d-----w C:\Program Files\Skype
2008-08-02 09:38 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla
2008-08-02 09:38 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\DMV Technologies
2008-08-01 18:28 --------- d-----w C:\Program Files\DMV
2008-07-31 19:13 --------- d-----w C:\Documents and Settings\Invité\Application Data\Macromedia
2008-07-31 19:12 --------- d-----w C:\Documents and Settings\Invité\Application Data\Adobe
2008-07-29 17:04 --------- d-----w C:\Program Files\Nosibay
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2004-09-28 03:00 26,240 -c--a-w C:\WINDOWS\inf\RAMDSK.SYS
2008-01-25 15:51 359,774 -csha-w C:\WINDOWS\system32\kmllm.ini2
.

<pre>

-c--a-w            68,856 2008-01-25 14:22:48  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe

-c--a-w         1,694,208 2008-01-25 14:22:49  C:\Program Files\Messenger\msmsgs .exe

----a-w         5,728,112 2008-01-17 14:47:40  C:\Program Files\Windows Live\Messenger\msnmsgr   .exe

----a-w         5,724,184 2008-01-19 20:48:19  C:\Program Files\Windows Live\Messenger\msnmsgr  .exe

-c--a-w            15,360 2008-01-19 14:57:12  C:\WINDOWS\system32\ctfmon .exe

</pre>

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ab490dc-634e-4687-a4a7-d0c88eb20cbb}]
2008-09-23 12:20 137344 --a------ C:\WINDOWS\system32\jzorku.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NoSpam"="" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3408b0dd"="C:\WINDOWS\system32\kgtwennm.dll" [2008-09-23 104064]
"PCDrProfiler"="" [N/A]

C:\Documents and Settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 27136]

C:\Documents and Settings\Juju\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lejknl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr .exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr .exe"=
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Program Files\\DMV\\MaxTV4\\maxtv.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9592:TCP"= 9592:TCP:BitComet 9592 TCP
"9592:UDP"= 9592:UDP:BitComet 9592 UDP

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2006-06-08 55712]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 BackWeb Plug-in - 361343;Pack Sécurité;C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE [2007-04-21 32807]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys [ ]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-17 381312]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-17 381312]
S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2006-08-14 69120]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Pack Sécurité\Anti-Virus\Win2K\FSfilter.sys [ ]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Pack Sécurité\Anti-Virus\Win2K\FSrec.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f1a982b-7a28-11dc-8673-0060b3dca92e}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{149F11BC-D5BF-4491-B94E-C72FB081F35D} - C:\WINDOWS\system32\vtUllMGv.dll
BHO-{BB23DA0E-6DE5-47AE-8201-647BE3F8D8EA} - C:\WINDOWS\system32\opnnnKax.dll
ShellExecuteHooks-{149F11BC-D5BF-4491-B94E-C72FB081F35D} - C:\WINDOWS\system32\vtUllMGv.dll

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 13:06:22
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\kgtwennm.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fsqh.exe
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\fsrw.exe
C:\Program Files\Pack Sécurité\FSPC\fspc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Sécurité\FWES\program\fsdfwd.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2008-09-23 13:11:20 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-23 11:11:02

Avant-CF: 110ÿ009ÿ298ÿ944 octets libres
Après-CF: 109,934,903,296 octets libres

294 --- E O F --- 2008-09-10 10:22:28

| Alerter

Répondre à maxou1704

Angeldark

23 Septembre 2008 11:46:03

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

RenV::

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\WINDOWS\system32\ctfmon .exe

File::
C:\WINDOWS\system32\mnnewtgk.ini
C:\WINDOWS\system32\txssqtmw.dll
C:\WINDOWS\system32\jzorku.dll
C:\WINDOWS\system32\kgtwennm.dll
C:\WINDOWS\system32\wykdloav.ini
C:\WINDOWS\system32\vaoldkyw.dll
C:\WINDOWS\system32\wbghtnfk.dll
C:\WINDOWS\system32\lejknl.dll
C:\WINDOWS\system32\xtqwgqrx.ini
C:\WINDOWS\system32\xrqgwqtx.dll
C:\WINDOWS\system32\xabpjcqd.ini
C:\WINDOWS\system32\mkmppr.dll
C:\WINDOWS\system32\bcptunyf.dll
C:\WINDOWS\system32\owkamus.exe
C:\WINDOWS\system32\ypkajc.dll
C:\WINDOWS\system32\meqolipi.dll
C:\WINDOWS\system32\sdhokopa.ini
C:\WINDOWS\system32\apokohds.dll
C:\WINDOWS\system32\shrhhdmd.ini
C:\WINDOWS\system32\lfoxcbkn.dll
C:\WINDOWS\system32\fdvfdv.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ab490dc-634e-4687-a4a7-d0c88eb20cbb}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3408b0dd"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]

| Alerter

Répondre à Angeldark

maxou1704

23 Septembre 2008 14:12:25

ComboFix 08-09-20.05 - HP_Propri‚taire 2008-09-23 15:57:36.2 - NTFSx86
Lancé depuis: C:\Program Files\NetMeeting\fichiers re‡us\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\HP_Propri‚taire\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
* Resident AV is active

FILE ::
C:\WINDOWS\system32\apokohds.dll
C:\WINDOWS\system32\bcptunyf.dll
C:\WINDOWS\system32\fdvfdv.dll
C:\WINDOWS\system32\jzorku.dll
C:\WINDOWS\system32\kgtwennm.dll
C:\WINDOWS\system32\lejknl.dll
C:\WINDOWS\system32\lfoxcbkn.dll
C:\WINDOWS\system32\meqolipi.dll
C:\WINDOWS\system32\mkmppr.dll
C:\WINDOWS\system32\mnnewtgk.ini
C:\WINDOWS\system32\owkamus.exe
C:\WINDOWS\system32\sdhokopa.ini
C:\WINDOWS\system32\shrhhdmd.ini
C:\WINDOWS\system32\txssqtmw.dll
C:\WINDOWS\system32\vaoldkyw.dll
C:\WINDOWS\system32\wbghtnfk.dll
C:\WINDOWS\system32\wykdloav.ini
C:\WINDOWS\system32\xabpjcqd.ini
C:\WINDOWS\system32\xrqgwqtx.dll
C:\WINDOWS\system32\xtqwgqrx.ini
C:\WINDOWS\system32\ypkajc.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\apokohds.dll
C:\WINDOWS\system32\bcptunyf.dll
C:\WINDOWS\system32\fdvfdv.dll
C:\WINDOWS\system32\jzorku.dll
C:\WINDOWS\system32\kgtwennm.dll
C:\WINDOWS\system32\lejknl.dll
C:\WINDOWS\system32\lfoxcbkn.dll
C:\WINDOWS\system32\meqolipi.dll
C:\WINDOWS\system32\mkmppr.dll
C:\WINDOWS\system32\mnnewtgk.ini
C:\WINDOWS\system32\owkamus.exe
C:\WINDOWS\system32\sdhokopa.ini
C:\WINDOWS\system32\shrhhdmd.ini
C:\WINDOWS\system32\txssqtmw.dll
C:\WINDOWS\system32\vaoldkyw.dll
C:\WINDOWS\system32\wbghtnfk.dll
C:\WINDOWS\system32\wykdloav.ini
C:\WINDOWS\system32\xabpjcqd.ini
C:\WINDOWS\system32\xrqgwqtx.dll
C:\WINDOWS\system32\xtqwgqrx.ini
C:\WINDOWS\system32\ypkajc.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-23 au 2008-09-23 ))))))))))))))))))))))))))))))))))))
.

2008-09-22 19:35 . 2008-09-22 20:03 <REP> d-------- C:\Program Files\NoSpam
2008-09-22 18:15 . 2008-09-22 18:15 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-22 16:29 . 2008-09-22 16:31 <REP> d-------- C:\Program Files\Power Defrag
2008-09-22 16:29 . 2008-09-22 16:29 796,672 --a------ C:\WINDOWS\GPInstall.exe
2008-09-22 08:07 . 2008-09-22 16:24 250 --a------ C:\WINDOWS\gmer.ini
2008-09-17 15:54 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-09-17 15:54 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-09-17 15:54 . 2008-09-17 15:54 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-09-17 15:54 . 2008-09-17 15:54 3,120 --a------ C:\WINDOWS\118294.78
2008-09-17 15:54 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-09-16 14:40 . 2008-09-16 14:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\iolo
2008-09-16 14:33 . 2005-10-20 21:05 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-16 14:33 . 2005-10-20 21:05 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-16 14:33 . 2005-10-27 00:35 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
2008-09-16 14:33 . 2005-10-27 00:35 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-16 14:33 . 2005-10-27 00:35 <REP> d-------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-16 14:33 . 2006-05-26 14:16 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-16 14:33 . 2005-10-20 21:05 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-16 14:33 . 2008-09-16 14:33 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-14 20:41 . 2008-09-16 19:05 230,506 --ahs---- C:\WINDOWS\system32\OUCLUvut.ini
2008-09-14 20:41 . 2008-09-16 19:02 229,907 --ahs---- C:\WINDOWS\system32\OUCLUvut.ini2
2008-09-14 19:16 . 2008-09-14 19:16 65 --a------ C:\WINDOWS\system32\3408a253
2008-09-10 14:24 . <REP> C:\Documents and Settings\HP_Propriétaire\Application Data\iolo
2008-09-09 17:07 . 2008-09-09 17:07 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-09-09 17:06 . 2008-09-09 17:06 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-09-09 17:05 . 2008-09-09 17:05 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-09-09 17:04 . 2008-09-09 17:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-08-28 09:45 . 2008-08-28 09:45 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-28 09:45 . 2008-08-28 09:45 <REP> d-------- C:\WINDOWS\system32\bits
2008-08-28 09:45 . 2008-08-28 09:45 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-28 09:42 . 2008-08-28 09:46 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-28 09:32 . 2008-08-28 09:32 <REP> d-------- C:\WINDOWS\EHome
2008-08-25 11:23 . 2008-08-25 11:23 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-08-25 11:21 . 2008-08-25 11:21 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-08-25 11:21 . 2008-08-25 11:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-08-23 22:45 . 2004-08-04 00:38 327,168 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 16:46 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\vlc
2008-09-22 16:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-22 13:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 13:16 3,516 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
2008-09-16 16:21 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-09-15 17:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-14 14:37 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-09-01 13:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-30 10:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-08-27 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-08-25 09:21 --------- d-----w C:\Program Files\Skype
2008-08-02 09:38 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla
2008-08-02 09:38 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\DMV Technologies
2008-08-01 18:28 --------- d-----w C:\Program Files\DMV
2008-07-31 19:13 --------- d-----w C:\Documents and Settings\Invité\Application Data\Macromedia
2008-07-31 19:12 --------- d-----w C:\Documents and Settings\Invité\Application Data\Adobe
2008-07-29 17:04 --------- d-----w C:\Program Files\Nosibay
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:44 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:21 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2004-09-28 03:00 26,240 -c--a-w C:\WINDOWS\inf\RAMDSK.SYS
2008-01-25 15:51 359,774 -csha-w C:\WINDOWS\system32\kmllm.ini2
.

<pre>

----a-w         5,728,112 2008-01-17 14:47:40  C:\Program Files\Windows Live\Messenger\msnmsgr   .exe

----a-w         5,724,184 2008-01-19 20:48:19  C:\Program Files\Windows Live\Messenger\msnmsgr  .exe

</pre>

((((((((((((((((((((((((((((( snapshot@2008-09-23_13.10.15.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 02:33:59 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
+ 2008-01-19 14:57:12 15,360 -c--a-w C:\WINDOWS\system32\ctfmon.exe
+ 2008-01-19 14:57:12 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-19 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-25 1694208]
"NoSpam"="" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"="" [N/A]

C:\Documents and Settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 27136]

C:\Documents and Settings\Juju\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr .exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr .exe"=
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Program Files\\DMV\\MaxTV4\\maxtv.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9592:TCP"= 9592:TCP:BitComet 9592 TCP
"9592:UDP"= 9592:UDP:BitComet 9592 UDP

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2006-06-08 55712]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 BackWeb Plug-in - 361343;Pack Sécurité;C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE [2007-04-21 32807]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys [ ]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-17 381312]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-17 381312]
S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2006-08-14 69120]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Pack Sécurité\Anti-Virus\Win2K\FSfilter.sys [ ]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Pack Sécurité\Anti-Virus\Win2K\FSrec.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f1a982b-7a28-11dc-8673-0060b3dca92e}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
.
Contenu du dossier 'Tâches planifiées'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 16:05:35
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32.exe
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fsqh.exe
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\fsrw.exe
C:\Program Files\Pack Sécurité\FSPC\fspc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Sécurité\FWES\program\fsdfwd.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fssm32.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Heure de fin: 2008-09-23 16:10:36 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-23 14:10:17
ComboFix2.txt 2008-09-23 11:11:22

Avant-CF: 109ÿ899ÿ767ÿ808 octets libres
Après-CF: 109,894,967,296 octets libres

264 --- E O F --- 2008-09-10 10:22:28

| Alerter

Répondre à maxou1704

maxou1704

23 Septembre 2008 14:15:10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:03, on 23/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\FSGK32.EXE
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fsqh.exe
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\fsrw.exe
C:\Program Files\Pack Sécurité\FSPC\fspc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fsav32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Pack Sécurité.lnk = ?
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

--
End of file - 4469 bytes

| Alerter

Répondre à maxou1704

Angeldark

23 Septembre 2008 17:38:13

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

| Alerter

Répondre à Angeldark

maxou1704

24 Septembre 2008 13:41:13

Malwarebytes' Anti-Malware 1.28
Database version: 1200
Windows 5.1.2600 Service Pack 3

24/09/2008 15:39:52
mbam-log-2008-09-24 (15-39-52).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 177855
Time elapsed: 3 hour(s), 23 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 41

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\PetIte JujU\Local Settings\Temporary Internet Files\Content.IE5\67YI34XJ\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\PetIte JujU\Local Settings\Temporary Internet Files\Content.IE5\EESRBXZC\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\PetIte JujU\Local Settings\Temporary Internet Files\Content.IE5\EESRBXZC\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\PetIte JujU\Local Settings\Temporary Internet Files\Content.IE5\TU02RY9A\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP661\A0258919.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP661\A0258916.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP661\A0258917.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP661\A0258918.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259010.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259011.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259012.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259013.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259014.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259015.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259016.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259029.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259038.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259040.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259035.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080914-175327-290.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080916-202512-150.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080916-202512-578.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080916-202512-931.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080916-202631-274.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080916-202631-435.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\opnnnKax.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\bcptunyf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\fdvfdv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jzorku.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kgtwennm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\lejknl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\lfoxcbkn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mkmppr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\txssqtmw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUllMGv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wbghtnfk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xrqgwqtx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\yaywWOfg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\yayyVnnK.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ypkajc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusHeal 4.1.lnk (Rogue.VirusHeal) -> Quarantined and deleted successfully.

| Alerter

Répondre à maxou1704

Angeldark

24 Septembre 2008 17:21:54

Re,

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

| Alerter

Répondre à Angeldark

maxou1704

27 Septembre 2008 17:22:40

Avira AntiVir Personal
Report file date: samedi 27 septembre 2008 17:04

Scanning for 1645581 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: NOM-EB85C523610

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 15:03:25
ANTIVIR3.VDF : 7.0.6.218 2048 Bytes 26/09/2008 15:03:25
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 27/09/2008 15:03:34
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 27/09/2008 15:03:34
AEPACK.DLL : 8.1.2.3 364918 Bytes 27/09/2008 15:03:33
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 27/09/2008 15:03:32
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 27/09/2008 15:03:31
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 27/09/2008 15:03:28
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 27/09/2008 15:03:27
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 27/09/2008 15:03:26
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 27 septembre 2008 17:04

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'fsav32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'fssm32.exe' - '1' Module(s) have been scanned
Scan process 'fsdfwd.exe' - '1' Module(s) have been scanned
Scan process 'fspc.exe' - '1' Module(s) have been scanned
Scan process 'fsrw.exe' - '1' Module(s) have been scanned
Scan process 'fsqh.exe' - '1' Module(s) have been scanned
Scan process 'FAMEH32.EXE' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FCH32.EXE' - '1' Module(s) have been scanned
Scan process 'FSMB32.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'fsgk32.exe' - '1' Module(s) have been scanned
Scan process 'FSMA32.EXE' - '1' Module(s) have been scanned
Scan process 'fsgk32st.exe' - '1' Module(s) have been scanned
Scan process 'SERVIC~1.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '50' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\catchme2008-09-23_160517.71.zip
[0] Archive type: ZIP
--> Documents and Settings/HP_Propri￩taire/Bureau/catchme.zip
[1] Archive type: ZIP
--> apokohds.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> meqolipi.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> vaoldkyw.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> apokohds.dll.1
[DETECTION] Is the TR/Trash.Gen Trojan
--> meqolipi.dll.1
[DETECTION] Is the TR/Trash.Gen Trojan
--> vaoldkyw.dll.1
[DETECTION] Is the TR/Trash.Gen Trojan
--> apokohds.dll.2
[DETECTION] Is the TR/Trash.Gen Trojan
--> meqolipi.dll.2
[DETECTION] Is the TR/Trash.Gen Trojan
--> vaoldkyw.dll.2
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\apokohds.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\meqolipi.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\tdssadw.dll.vir
[DETECTION] Contains recognition pattern of the RKIT/Clbd.JY root kit
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\tdssl.dll.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/UltimateDefender.17920 back-door program
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\tdsslog.dll.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.rfv back-door program
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\tdssmain.dll.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.rfw back-door program
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\tdssserf.dll.vir
[DETECTION] Is the TR/Dldr.FraudLoad.vbxt Trojan
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\vaoldkyw.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP660\A0257854.sys
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.roc back-door program
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP661\A0258906.dll
[DETECTION] Contains recognition pattern of the RKIT/Clbd.JY root kit
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP661\A0258908.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/UltimateDefender.17920 back-door program
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP661\A0258909.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.rfw back-door program
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP661\A0258910.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.rfv back-door program
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP661\A0258911.dll
[DETECTION] Is the TR/Dldr.FraudLoad.vbxt Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259048.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259049.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259206.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259207.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259208.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259209.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259210.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP662\A0259211.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\' <HP_RECOVERY>

End of the scan: samedi 27 septembre 2008 19:19
Used time: 2:14:57 Hour(s)

The scan has been done completely.

11412 Scanning directories
535172 Files were scanned
31 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
23 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
535139 Files not concerned
16249 Archives were scanned
6 Warnings
23 Notes

| Alerter

Répondre à maxou1704

Angeldark

28 Septembre 2008 19:51:45

Reposte un rapport Hijackthis.

| Alerter

Répondre à Angeldark

maxou1704

29 Septembre 2008 10:05:22

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:21, on 29/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\FSGK32.EXE
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\fsqh.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fsrw.exe
C:\Program Files\Pack Sécurité\FSPC\fspc.exe
C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Pack Sécurité.lnk = ?
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

--
End of file - 4509 bytes