Tom's Guide > Forum > Sécurité - Virus > erreur de chargement de C:\windows\systeme32\wjuhaxur.dll

erreur de chargement de C:\windows\systeme32\wjuhaxur.dll

Forum Sécurité - Virus : erreur de chargement de C:\windows\systeme32\wjuhaxur.dll

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
elsheep   02-10-2008 à 19:09:07

bonsoir a tous,

(tout d'abord je voudrai signaler que je suis novice dans ce domaine)

a chaque foie que j' allume mon pc il m'affiche le message suivant:

Erreur de chargement de C:\windows\systeme32\wjuhaxur.dll le module spécifie est introuvable.

il faut savoir que j'étais infesté de virus vundo que j'ai supprimé avec mcaffe.

Cependant mon pc tourne assez bien je voudrai savoir comment supprimer ce message merci a tous

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Sham_Rock   02-10-2008 à 19:22:24
- 0 +

Bonsoir
c'est que ton antivirus n'as pas eu la totalité de l'infection. :)

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
elsheep   02-10-2008 à 20:49:30
- 0 +

il y a un problème, il m'est impossible de télécharger quoi que se soi,
mon navigateur échoue sur tous les sites que j'ai trouvé permettant le téléchargement de Hijackthis.

Répondre à elsheep
elsheep   02-10-2008 à 21:17:21
- 0 +

j'ai finalement réussi a télécharger Hijackthis
voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:59, on 02/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {07D03F2C-A17F-480A-AF77-11EEF13E87F8} - C:\WINDOWS\system32\vturo.dll (file missing)
O2 - BHO: (no name) - {0A81D54C-8E60-4EA3-8995-7DD4223A33AD} - (no file)
O2 - BHO: (no name) - {11AF8210-F039-4EF9-B36F-F4209FD10DA1} - (no file)
O2 - BHO: (no name) - {15060ff4-bd48-4542-84df-5c180bfa91ad} - (no file)
O2 - BHO: (no name) - {159E25D9-0053-48B8-A0D4-4394E4C7B8BC} - (no file)
O2 - BHO: (no name) - {1EB9D862-DB7D-4FC3-BC33-FCB8F3B6CAC1} - (no file)
O2 - BHO: (no name) - {1FBC90D7-9182-47E5-86D0-BBBC96B27481} - (no file)
O2 - BHO: (no name) - {2e652987-4eb8-402c-a549-59e0b291b9d6} - (no file)
O2 - BHO: (no name) - {4B868623-35EF-4199-852E-F66C45930AEA} - (no file)
O2 - BHO: (no name) - {621B3EF5-B5DE-4435-9AE8-93B6E9EA887F} - (no file)
O2 - BHO: (no name) - {62b543ee-ffe6-42b2-941c-57e9260d5764} - (no file)
O2 - BHO: (no name) - {695021b8-8f55-40c9-87eb-16e63ca3502c} - (no file)
O2 - BHO: (no name) - {6E25BCC0-FE84-4E09-AF4F-7FD554BAF997} - (no file)
O2 - BHO: (no name) - {6EB6FB08-7E51-4A57-A4FF-A3FF3F74D4A8} - C:\WINDOWS\system32\yayabyAq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7b3e6123-7fb2-4657-b7aa-f58522943fb7} - (no file)
O2 - BHO: (no name) - {7e6067d1-48e1-4c63-a714-cdc7bdb16f40} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A91A8AEE-7A07-4110-BA18-DE3636281801} - (no file)
O2 - BHO: (no name) - {B2E6FECA-8CB8-4723-A7B6-E257051A607B} - (no file)
O2 - BHO: (no name) - {B678BB25-F6A1-4535-A438-DFBD3AD7585A} - (no file)
O2 - BHO: (no name) - {BAEB5B4A-7DEF-41CA-BB3E-479BEF491ECA} - (no file)
O2 - BHO: (no name) - {C0DE7815-9EAD-4DEC-9251-F48D512934F9} - (no file)
O2 - BHO: (no name) - {CAA59A5A-5CA0-4853-9DA4-02C6EDE98C0F} - (no file)
O2 - BHO: (no name) - {D00D44AB-DE61-40A9-8AF3-0F122CFC8C60} - (no file)
O2 - BHO: (no name) - {D41A7DC5-A4A4-42B7-AD7F-1347E9F00D48} - (no file)
O2 - BHO: (no name) - {D89034CD-B0FB-4A22-B124-81154C4A21AE} - (no file)
O2 - BHO: (no name) - {DC0B4925-D684-4D88-B595-99D87C223ED9} - (no file)
O2 - BHO: (no name) - {DD1A060D-D56F-4EBE-A468-96F7755B2181} - (no file)
O2 - BHO: (no name) - {DE49EF6B-AA35-4A72-8163-15E435527635} - (no file)
O2 - BHO: (no name) - {e6316553-6662-4d0a-9c56-2f4d724a832e} - (no file)
O2 - BHO: (no name) - {F5720D68-205B-418C-9AFF-0118D56FF814} - (no file)
O2 - BHO: (no name) - {FC661BD2-D338-4DC9-8E4E-228C17BC1909} - (no file)
O2 - BHO: (no name) - {FDBC92BD-80E2-4512-BF3D-2EE0FCC4D955} - (no file)
O2 - BHO: (no name) - {fee943a3-cef4-47dd-956f-5fa63afe5ce1} - (no file)
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BMf337c27a] Rundll32.exe "C:\WINDOWS\system32\flpubvud.dll",s
O4 - HKLM\..\Run: [f004f1e6] rundll32.exe "C:\WINDOWS\system32\wjuhaxur.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
O4 - Global Startup: RFScheduler.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor [...] ebscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - AppInit_DLLs: tlgfxf.dll lkqnyp.dll
O20 - Winlogon Notify: ddcddaw - ddcddaw.dll (file missing)
O20 - Winlogon Notify: hgGyxVLE - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 13059 bytes

Répondre à elsheep
Sham_Rock   02-10-2008 à 21:54:10
- 0 +

re

1

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

2
ajoute un nouveau log hijackthis stp

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
elsheep   06-10-2008 à 21:51:38
- 0 +

re
merci pour ta réponse

je n'ai pas réussi à relancer mon pc en mode sans échec je ne sait pas pourquoi il trouvait une erreur et ne voulait pas se lancer.

j' ai fait un scan avec MalwareByte's Anti-Malware en mode normal et voici le rapport:

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1234
Windows 5.1.2600 Service Pack 2

06/10/2008 21:21:40
mbam-log-2008-10-06 (21-21-40).txt

Type de recherche: Examen complet (C:\|O:\|)
Eléments examinés: 157307
Temps écoulé: 41 minute(s), 25 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 21

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\lkqnyp.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{fb00e2b8-f077-4e24-833f-140f6a66da28} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmf337c27a (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f004f1e6 (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdkwa.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\awmfdepb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bpedfmwa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ocjdgmyl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lymgdjco.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lkqnyp.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\TSM33RW6\kb678031[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\TSM33RW6\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\TSM33RW6\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QUARANTINE\nciiej.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QUARANTINE\tlgfxf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bodlpwvi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cjfrvonu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yuafle.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf337c27a.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf337c27a.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gbidpg_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gbidpg_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

et voila le nouveau log hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:28, on 06/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {07D03F2C-A17F-480A-AF77-11EEF13E87F8} - C:\WINDOWS\system32\vturo.dll (file missing)
O2 - BHO: (no name) - {0A81D54C-8E60-4EA3-8995-7DD4223A33AD} - (no file)
O2 - BHO: (no name) - {11AF8210-F039-4EF9-B36F-F4209FD10DA1} - (no file)
O2 - BHO: (no name) - {15060ff4-bd48-4542-84df-5c180bfa91ad} - (no file)
O2 - BHO: (no name) - {159E25D9-0053-48B8-A0D4-4394E4C7B8BC} - (no file)
O2 - BHO: (no name) - {1EB9D862-DB7D-4FC3-BC33-FCB8F3B6CAC1} - (no file)
O2 - BHO: (no name) - {1FBC90D7-9182-47E5-86D0-BBBC96B27481} - (no file)
O2 - BHO: (no name) - {2e652987-4eb8-402c-a549-59e0b291b9d6} - (no file)
O2 - BHO: (no name) - {4B868623-35EF-4199-852E-F66C45930AEA} - (no file)
O2 - BHO: (no name) - {621B3EF5-B5DE-4435-9AE8-93B6E9EA887F} - (no file)
O2 - BHO: (no name) - {62b543ee-ffe6-42b2-941c-57e9260d5764} - (no file)
O2 - BHO: (no name) - {695021b8-8f55-40c9-87eb-16e63ca3502c} - (no file)
O2 - BHO: (no name) - {6E25BCC0-FE84-4E09-AF4F-7FD554BAF997} - (no file)
O2 - BHO: (no name) - {6EB6FB08-7E51-4A57-A4FF-A3FF3F74D4A8} - C:\WINDOWS\system32\yayabyAq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7b3e6123-7fb2-4657-b7aa-f58522943fb7} - (no file)
O2 - BHO: (no name) - {7e6067d1-48e1-4c63-a714-cdc7bdb16f40} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A91A8AEE-7A07-4110-BA18-DE3636281801} - (no file)
O2 - BHO: (no name) - {B2E6FECA-8CB8-4723-A7B6-E257051A607B} - (no file)
O2 - BHO: (no name) - {B678BB25-F6A1-4535-A438-DFBD3AD7585A} - (no file)
O2 - BHO: (no name) - {BAEB5B4A-7DEF-41CA-BB3E-479BEF491ECA} - (no file)
O2 - BHO: (no name) - {C0DE7815-9EAD-4DEC-9251-F48D512934F9} - (no file)
O2 - BHO: (no name) - {CAA59A5A-5CA0-4853-9DA4-02C6EDE98C0F} - (no file)
O2 - BHO: (no name) - {D00D44AB-DE61-40A9-8AF3-0F122CFC8C60} - (no file)
O2 - BHO: (no name) - {D41A7DC5-A4A4-42B7-AD7F-1347E9F00D48} - (no file)
O2 - BHO: (no name) - {D89034CD-B0FB-4A22-B124-81154C4A21AE} - (no file)
O2 - BHO: (no name) - {DC0B4925-D684-4D88-B595-99D87C223ED9} - (no file)
O2 - BHO: (no name) - {DD1A060D-D56F-4EBE-A468-96F7755B2181} - (no file)
O2 - BHO: (no name) - {DE49EF6B-AA35-4A72-8163-15E435527635} - (no file)
O2 - BHO: (no name) - {e6316553-6662-4d0a-9c56-2f4d724a832e} - (no file)
O2 - BHO: (no name) - {F5720D68-205B-418C-9AFF-0118D56FF814} - (no file)
O2 - BHO: (no name) - {FC661BD2-D338-4DC9-8E4E-228C17BC1909} - (no file)
O2 - BHO: (no name) - {FDBC92BD-80E2-4512-BF3D-2EE0FCC4D955} - (no file)
O2 - BHO: (no name) - {fee943a3-cef4-47dd-956f-5fa63afe5ce1} - (no file)
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
O4 - Global Startup: RFScheduler.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor [...] ebscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - AppInit_DLLs: tlgfxf.dll lkqnyp.dll
O20 - Winlogon Notify: ddcddaw - ddcddaw.dll (file missing)
O20 - Winlogon Notify: hgGyxVLE - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 12600 bytes

PS: mon pc ne me met plus le message d'erreur au demarage.

Répondre à elsheep
Sham_Rock   07-10-2008 à 20:49:51
- 0 +

bonsoir

Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

ajoute un nouveau rapport Hijackthis.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
elsheep   15-10-2008 à 17:40:07
- 0 +

bonjour et merci pour tes conseils

j'ai fait se que tu m'as dit de faire voici le rapport de combofix:

ComboFix 08-10-14.03 - alex 2008-10-15 17:09:50.1 - NTFSx86
Lancé depuis: C:\Documents and Settings\alex\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pack.epk
C:\WINDOWS\system32\aobcavwd.ini
C:\WINDOWS\system32\dnigkblf.ini
C:\WINDOWS\system32\ewqfeage.ini
C:\WINDOWS\system32\ikcsuvje.ini
C:\WINDOWS\system32\iwwecdlr.ini
C:\WINDOWS\system32\qAybayay.ini
C:\WINDOWS\system32\qAybayay.ini2
C:\WINDOWS\system32\qjbkehxd.ini
C:\WINDOWS\system32\roodeaqj.ini
C:\WINDOWS\system32\ruxahujw.ini
C:\WINDOWS\system32\svreckyb.ini
C:\WINDOWS\system32\vqocmttd.ini
C:\WINDOWS\system32\yiupjbdc.ini
O:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-15 au 2008-10-15 ))))))))))))))))))))))))))))))))))))
.

2008-10-14 18:15 . 2008-10-14 18:15 <REP> d-------- C:\Program Files\iTunes
2008-10-14 18:15 . 2008-10-14 18:15 <REP> d-------- C:\Program Files\iPod
2008-10-14 18:15 . 2008-10-14 18:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-14 18:13 . 2008-10-14 18:14 <REP> d-------- C:\Program Files\QuickTime
2008-10-14 18:04 . 2008-10-14 18:04 <REP> d-------- C:\Program Files\Bonjour
2008-10-06 18:33 . 2008-10-06 18:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-06 18:33 . 2008-10-06 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-06 18:33 . 2008-10-06 18:33 <REP> d-------- C:\Documents and Settings\alex\Application Data\Malwarebytes
2008-10-06 18:33 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-06 18:33 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-02 21:03 . 2008-10-02 21:03 <REP> d-------- C:\Program Files\Trend Micro
2008-10-01 18:46 . 2008-10-01 19:44 151 --a------ C:\WINDOWS\wininit.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 16:13 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-10-14 16:06 --------- d-----w C:\Program Files\Safari
2008-10-09 20:00 --------- d-----w C:\Documents and Settings\alex\Application Data\Azureus
2008-10-06 16:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-06 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-01 11:01 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-09-10 14:54 --------- d-----w C:\Documents and Settings\alex\Application Data\Viewpoint
2008-09-03 09:59 --------- d-----w C:\Program Files\Lavasoft
2008-09-03 09:58 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-03 09:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-03 09:49 --------- d-----w C:\Documents and Settings\alex\Application Data\Lavasoft
2008-09-03 09:25 --------- d-----w C:\Documents and Settings\chirtian\Application Data\Lavasoft
2008-09-03 09:21 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-31 16:48 --------- d-----w C:\Program Files\Azureus
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-24 10:23 --------- d-----w C:\Program Files\HP
2008-08-22 15:47 --------- d-----w C:\Documents and Settings\alex\Application Data\Hamachi
2008-08-18 10:15 --------- d-----w C:\Program Files\Apple Software Update
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-11-03 09:33 1 ----a-w C:\Documents and Settings\alex\SI.bin
2006-11-05 18:43 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-08-24 13:24 392 ------w C:\Program Files\Setup.ini
2006-08-10 15:14 1,676,288 ------w C:\Program Files\ABBYY PDF Transformer 2.0.msi
2006-08-10 05:26 99,840 ------w C:\Program Files\1031.mst
2006-08-10 05:26 99,840 ------w C:\Program Files\1029.mst
2006-08-10 05:26 97,792 ------w C:\Program Files\1040.mst
2006-08-10 05:26 97,280 ------w C:\Program Files\1051.mst
2006-08-10 05:26 96,256 ------w C:\Program Files\1045.mst
2006-08-10 05:26 95,744 ------w C:\Program Files\1036.mst
2006-08-10 05:26 94,720 ------w C:\Program Files\1034.mst
2006-08-10 05:26 91,136 ------w C:\Program Files\1043.mst
2006-08-10 05:26 3,584 ------w C:\Program Files\1033.mst
2006-08-10 05:26 159,744 ------w C:\Program Files\1049.mst
2006-08-10 05:26 102,400 ------w C:\Program Files\1038.mst
2006-05-10 18:45 1,230 ----a-w C:\Program Files\liste.rfm
2003-04-21 13:09 245,408 ------w C:\Program Files\unicows.dll
2002-03-11 10:06 1,822,520 ------w C:\Program Files\instmsiw.exe
1995-09-20 13:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
2007-09-12 09:19 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-09-12 09:22 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2005-07-11 18:58 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 81920]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-06-20 180269]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2003-03-21 90182]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-02-26 139347]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-10 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 C:\WINDOWS\ALCWZRD.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 C:\WINDOWS\system32\bthprops.cpl]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-07-03 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Philips FunCam Monitor.lnk - C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe [2005-09-28 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=tlgfxf.dll lkqnyp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3478:UDP"= 3478:UDP:stun
"3479:UDP"= 3479:UDP:stun 2
"6112:UDP"= 6112:UDP:stun 3
"5730:UDP"= 5730:UDP:game
"5739:UDP"= 5739:UDP:game 1
"9001:TCP"= 9001:TCP:game 2
"11881:TCP"= 11881:TCP:game 3

R2 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys [1999-04-18 9152]
R3 SNDM360;Philips FunCam;C:\WINDOWS\system32\DRIVERS\sndm360.sys [2003-12-08 229760]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [ ]
S3 FT8591;FT8591 Filter;C:\WINDOWS\system32\DRIVERS\FT8591.sys [2005-12-22 30021]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys [2006-12-24 27904]
.
Contenu du dossier 'Tâches planifiées'

2008-08-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2005-06-20 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-05 14:00]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{07D03F2C-A17F-480A-AF77-11EEF13E87F8} - C:\WINDOWS\system32\vturo.dll
BHO-{0A81D54C-8E60-4EA3-8995-7DD4223A33AD} - (no file)
BHO-{11AF8210-F039-4EF9-B36F-F4209FD10DA1} - (no file)
BHO-{15060ff4-bd48-4542-84df-5c180bfa91ad} - (no file)
BHO-{159E25D9-0053-48B8-A0D4-4394E4C7B8BC} - (no file)
BHO-{1EB9D862-DB7D-4FC3-BC33-FCB8F3B6CAC1} - (no file)
BHO-{1FBC90D7-9182-47E5-86D0-BBBC96B27481} - (no file)
BHO-{2e652987-4eb8-402c-a549-59e0b291b9d6} - (no file)
BHO-{4B868623-35EF-4199-852E-F66C45930AEA} - (no file)
BHO-{621B3EF5-B5DE-4435-9AE8-93B6E9EA887F} - (no file)
BHO-{62b543ee-ffe6-42b2-941c-57e9260d5764} - (no file)
BHO-{695021b8-8f55-40c9-87eb-16e63ca3502c} - (no file)
BHO-{6E25BCC0-FE84-4E09-AF4F-7FD554BAF997} - (no file)
BHO-{6EB6FB08-7E51-4A57-A4FF-A3FF3F74D4A8} - C:\WINDOWS\system32\yayabyAq.dll
BHO-{7b3e6123-7fb2-4657-b7aa-f58522943fb7} - (no file)
BHO-{7e6067d1-48e1-4c63-a714-cdc7bdb16f40} - (no file)
BHO-{A91A8AEE-7A07-4110-BA18-DE3636281801} - (no file)
BHO-{B2E6FECA-8CB8-4723-A7B6-E257051A607B} - (no file)
BHO-{B678BB25-F6A1-4535-A438-DFBD3AD7585A} - (no file)
BHO-{BAEB5B4A-7DEF-41CA-BB3E-479BEF491ECA} - (no file)
BHO-{C0DE7815-9EAD-4DEC-9251-F48D512934F9} - (no file)
BHO-{CAA59A5A-5CA0-4853-9DA4-02C6EDE98C0F} - (no file)
BHO-{D00D44AB-DE61-40A9-8AF3-0F122CFC8C60} - (no file)
BHO-{D41A7DC5-A4A4-42B7-AD7F-1347E9F00D48} - (no file)
BHO-{D89034CD-B0FB-4A22-B124-81154C4A21AE} - (no file)
BHO-{DC0B4925-D684-4D88-B595-99D87C223ED9} - (no file)
BHO-{DD1A060D-D56F-4EBE-A468-96F7755B2181} - (no file)
BHO-{DE49EF6B-AA35-4A72-8163-15E435527635} - (no file)
BHO-{e6316553-6662-4d0a-9c56-2f4d724a832e} - (no file)
BHO-{F5720D68-205B-418C-9AFF-0118D56FF814} - (no file)
BHO-{FC661BD2-D338-4DC9-8E4E-228C17BC1909} - (no file)
BHO-{FDBC92BD-80E2-4512-BF3D-2EE0FCC4D955} - (no file)
BHO-{fee943a3-cef4-47dd-956f-5fa63afe5ce1} - (no file)
HKCU-Run-WOOKIT - C:\PROGRA~1\Wanadoo\Shell.exe
HKCU-Run-Skype - C:\Program Files\Skype\Phone\Skype.exe
HKCU-Run-Update Service - C:\Program Files\Fichiers communs\Teknum Systems\update.exe
HKLM-Run-LogMeIn GUI - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
ShellExecuteHooks-{CAA59A5A-5CA0-4853-9DA4-02C6EDE98C0F} - (no file)
Notify-ddcddaw - ddcddaw.dll
Notify-hgGyxVLE - (no file)
Notify-LMIinit - LMIinit.dll


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\rc1g4d2b.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 17:16:34
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


C:\Documents and Settings\alex\Local Settings\Application Data\Microsoft\Messenger\alexmasse@hotmail.com\SharingMetadata\jenniferpatu@msn.com\DFSR\Staging\CS{700587A0-A542-DC8E-287D-C38DE392AE33}\00\100-{8AB3F6FE-BA7A-4A8D-96B5-3B786ED005EB}-v100-{8AB3F6FE-BA7A-4A8D-96B5-3B786ED005EB}-v100-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 43446 bytes executable hidden from API

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MysqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\verclsid.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-10-15 17:26:57 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-15 15:26:47

Avant-CF: 71 249 457 152 octets libres
Après-CF: 71,409,750,016 octets libres

298 --- E O F --- 2008-10-09 20:01:00



de plus voile le nouveau rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:02, on 15/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
O4 - Global Startup: RFScheduler.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor [...] ebscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - AppInit_DLLs: tlgfxf.dll lkqnyp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 9369 bytes

merci et a bientot.

Répondre à elsheep
elsheep   15-10-2008 à 20:40:09
- 0 +

est ce que j'en est fini avec mon infection? ou faut il encore faire quelque chose?
quels logiciels vous pourriez me conseiller pour éviter les contamination a l'avenir?

a bientôt

Répondre à elsheep
Sham_Rock   15-10-2008 à 22:54:41
- 0 +

re

Citation :

est ce que j'en est fini avec mon infection? ou faut il encore faire quelque chose?
quels logiciels vous pourriez me conseiller pour éviter les contamination a l'avenir?


ce n'est pas terminé. pour l'avenir, ce ne sont pas les logiciels qui importent mais ton comportement sur le net. ;O)
je t'expliquerai à la fin.



~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - AppInit_DLLs: tlgfxf.dll lkqnyp.dll



Clique sur Fix checked (en bas à gauche)


+++++++++++++

~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://www.kaspersky.com/kos/eng/p [...] bscan.html

* Clique sur Accept
* Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
* clique une nouvelle fois sur "Accept"
* Les bases de mises à jour vont s'installer, patiente un moment
* Clique sur Next.
* Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
* Poste le rapport de scan.


------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
 Répondre à Sham_Rock
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > erreur de chargement de C:\windows\systeme32\wjuhaxur.dll
Aller à :

Il y a 2276 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,641 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens