[LOGICIEL] [Centralisation] .:::: Hijackthis ::::.

[steve419]

Ok

Si ceci est fait ...

Coche et fixe ces lignes avec Hijackthis :

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

Désinstalle SweetIM , HbTools et EoRezo , si présents dans Ajout/suppr. des programmes .

... relance et poste un dernier rapport ComboFix .

le dernier rapport ComboFix :

ComboFix 08-10-21.05 - manu 2008-10-22 20:06:49.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.657 [GMT 2:00]

Lancé depuis: C:\temp\ComboFix.exe

* Un nouveau point de restauration a été créé

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

D:\Documents and Settings\manu\Application Data\HbTools . . . . impossible à supprimer

D:\Documents and Settings\manu\Application Data\HbTools_Icons . . . . impossible à supprimer

D:\Documents and Settings\marie\Application Data\HbTools . . . . impossible à supprimer

D:\Documents and Settings\marie\Application Data\HbTools_Icons . . . . impossible à supprimer

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-22 au 2008-10-22 ))))))))))))))))))))))))))))))))))))

.

2008-10-21 15:20 . 2008-10-21 16:45 <REP> d-------- C:\Program Files\Navilog1

2008-10-21 15:17 . 2008-10-21 15:17 571,687 --a------ C:\temp\Navilog1.exe

2008-10-21 14:37 . 2008-10-21 14:41 <REP> d-------- C:\fixwareout

2008-10-21 13:53 . 2008-10-22 20:06 2,993,922 -ra------ C:\temp\ComboFix.exe

2008-10-21 13:53 . 2008-10-21 13:45 486,449 --a------ C:\temp\Fixwareout.exe

2008-10-21 13:47 . 2008-10-21 13:35 254,604 --a------ C:\clean.cmd

2008-10-21 13:35 . 2008-10-21 13:35 254,604 --a------ C:\temp\clean.cmd

2008-10-21 12:12 . 2008-10-21 12:59 25,085,704 --a------ C:\temp\antivir_workstation_winu_en_h.exe

2008-10-21 10:06 . 2008-10-21 10:06 <REP> d-------- C:\Program Files\Trend Micro

2008-10-21 10:05 . 2008-10-21 10:06 812,344 --a------ C:\temp\hijackthis_hijackthis_2.02_anglais_17891.exe

2008-10-20 20:47 . 2007-01-17 17:31 1,200,490 --a------ C:\temp\wrar37b2.exe

2008-10-20 17:49 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-20 17:49 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-20 17:48 . 2008-10-20 17:48 8,580,384 --a------ C:\temp\SpywareTerminatorSetup.exe

2008-10-20 17:48 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-20 17:48 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-20 17:48 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-20 17:48 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-20 17:47 . 2008-10-20 17:50 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft

2008-10-20 17:46 . 2008-10-20 17:46 19,153,264 --a------ C:\temp\Lavasoft_Adaware_multi.exe

2008-10-20 17:39 . 2008-10-20 17:47 <REP> d-------- D:\Documents and Settings\manu.117734180318\Application Data\GetRightToGo

2008-10-20 17:38 . 2008-10-20 17:39 361,456 --a------ C:\temp\Download_SpySweeper5-5TrialSetup_FR_now.exe

2008-10-20 16:08 . 2008-10-20 16:08 <REP> d-------- D:\Documents and Settings\LocalService\Application Data\TeamViewer

2008-10-20 15:49 . 2008-10-20 15:52 22,386 --a------ C:\WINDOWS\wininit.ini

2008-10-20 15:29 . 2008-10-22 06:27 <REP> d-------- C:\temp\patricia

2008-10-20 15:18 . 2008-10-21 15:20 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-10-20 15:18 . 2008-10-21 15:20 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-10-20 14:47 . 2008-10-20 14:47 15,083,520 --a------ C:\temp\spybotsd160.exe

2008-10-20 13:51 . 2008-10-20 23:07 <REP> d-------- C:\Program Files\TeamViewer3

2008-10-20 13:29 . 2008-10-21 13:56 <REP> d-------- C:\temp\photos

2008-10-19 14:37 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg

2008-10-19 14:37 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg

2008-10-19 14:35 . 2008-10-19 14:35 <REP> d-------- D:\Documents and Settings\All Users\Application Data\ESET

2008-10-19 14:35 . 2008-10-19 14:35 <REP> d-------- C:\Program Files\ESET

2008-10-19 14:31 . 2008-10-19 14:43 <REP> d-------- C:\Program Files\JkDefrag

2008-10-19 14:31 . 2008-09-02 15:49 253,952 --a------ C:\WINDOWS\system32\JkDefragScreenSaver.exe

2008-10-19 14:31 . 2008-09-02 15:49 106,496 --a------ C:\WINDOWS\system32\JkDefragScreenSaver.scr

2008-10-19 14:29 . 2008-10-19 14:20 978,187 --a------ C:\temp\JkDefrag_3.36_full.exe

2008-10-19 14:10 . 2008-10-19 14:11 27,582,248 --a------ C:\temp\setupfre.exe

2008-10-19 14:10 . 2008-10-19 14:09 18,895,728 --a------ C:\temp\Install_Messenger.exe

2008-10-19 13:59 . 2008-10-19 13:59 <REP> d-------- C:\WINDOWS\system32\fr

2008-10-19 13:59 . 2008-10-19 13:59 <REP> d-------- C:\WINDOWS\system32\bits

2008-10-19 13:59 . 2008-10-19 13:59 <REP> d-------- C:\WINDOWS\l2schemas

2008-10-19 13:57 . 2008-10-19 13:59 <REP> d-------- C:\WINDOWS\ServicePackFiles

2008-10-19 13:49 . 2008-10-19 13:48 230,776 --a------ C:\temp\aswclear.exe

2008-10-19 13:28 . 2008-10-19 13:28 2 --a------ C:\WINDOWS\msoffice.ini

2008-10-19 13:06 . 2008-10-21 14:57 <REP> d-------- C:\Program Files\ItsLabel

2008-10-19 12:59 . 2008-10-19 13:22 <REP> d-------- C:\Program Files\CCleaner

2008-10-19 12:03 . 2008-10-19 12:03 <REP> d-------- D:\Documents and Settings\manu.117734180318\temp

2008-10-19 12:03 . 2008-10-20 15:32 <REP> d-------- D:\Documents and Settings\manu.117734180318\Application Data\TeamViewer

2008-10-18 09:15 . 2008-10-18 09:15 <REP> d-------- D:\Documents and Settings\manu.117734180318\Application Data\SPAMfighter

2008-09-22 18:20 . 2008-04-14 04:33 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll

2008-09-22 18:19 . 2008-04-14 04:33 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-22 17:40 --------- d-----w C:\Program Files\Wanadoo

2008-10-21 13:57 --------- d-----w D:\Documents and Settings\manu.117734180318\Application Data\EoRezo

2008-10-21 12:28 --------- d-----w C:\Program Files\GamesBar

2008-10-21 11:56 --------- d-----w C:\Program Files\Lexmark 1200 Series

2008-10-21 11:56 --------- d-----w C:\Program Files\FaxTools

2008-10-19 16:56 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller

2008-10-19 11:45 --------- d-----w C:\Program Files\EoRezo

2008-10-19 11:29 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL

2008-10-19 11:29 --------- d-----w C:\Program Files\Fichiers communs\AOL

2008-10-19 11:17 --------- d-----w C:\Program Files\SuperCopier2

2008-10-19 11:14 --------- d-----w C:\Program Files\Railroad Tycoon II

2008-10-19 11:02 --------- d-----w C:\Program Files\Windows Live

2008-10-19 10:49 --------- d-----w C:\Program Files\Google

2008-10-19 10:49 --------- d-----w C:\Program Files\Conduit

2008-10-19 10:49 --------- d-----w C:\Program Files\Binbango

2008-10-19 10:32 --------- d-----w C:\Program Files\Windows Live Toolbar

2008-10-19 10:20 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-19 10:14 --------- d-----w C:\Program Files\Gamenext

2008-10-19 10:13 --------- d-----w C:\Program Files\IncrediMail

2008-10-19 10:12 --------- d-----w C:\Program Files\GameSpy Arcade

2008-10-19 10:09 --------- d-----w C:\Program Files\Astonsoft

2008-10-19 10:08 --------- d-----w C:\Program Files\Chevaliers&Camelots

2008-10-18 11:33 --------- d-----w D:\Documents and Settings\All Users\Application Data\GamesBar

2008-09-19 15:52 --------- d-----w C:\Program Files\Orange HSS

2008-09-13 19:06 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-09-13 19:00 --------- d-----w D:\Documents and Settings\All Users\Application Data\NOS

2008-09-13 19:00 --------- d-----w C:\Program Files\NOS

2008-09-11 19:51 --------- d-----w C:\Program Files\YesMessenger

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2007-07-16 08:36 47,360 -c--a-w D:\Documents and Settings\manu.117734180318\Application Data\pcouffin.sys

.

((((((((((((((((((((((((((((( snapshot@2008-10-21_14.33.50.23 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-10-21 12:31:28 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-10-22 18:09:15 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-10-21 12:31:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

+ 2008-10-22 18:09:15 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

- 2008-10-21 12:31:28 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-10-22 18:09:15 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- 2008-10-21 12:04:54 89,102 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-10-22 05:20:29 89,102 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-10-22 05:20:57 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

- 2008-08-26 11:28:14 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 7573504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

2006-01-30 08:53 49152 C:\APPS\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm

"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm

"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avast! Antivirus"=2 (0x2)

"aswUpdSv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%ProgramFiles%\\AOL 9.0\\aol.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\APPS\\skype\\phone\\Skype.exe"=

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 TeamViewer;TeamViewer 3;C:\Program Files\TeamViewer3\TeamViewer_Service.exe [2008-10-07 185640]

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-17 825600]

R3 SPC220NC;Philips SPC220NC Webcam;C:\WINDOWS\system32\DRIVERS\SPC220NC.SYS [2007-01-09 507136]

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 7040]

S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2004-08-10 3584]

S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

S3 jnv4_mib;jnv4_mib;D:\DOCUME~1\MANU~1.117\LOCALS~1\Temp\jnv4_mib.sys [ ]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

.

.

------- Examen supplémentaire -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.lo.st

R0 -: HKLM-Main,Start Page = hxxp://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9

R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore

O9 -: { - C:\Microgaming\Casino\platinumplay\casinogame.exe C:\Program Files\Messenger\msmsgs.exe

O9 -: {C:\Microgaming\Casino\platinumplay\casinogame.exe - C:\Program Files\Messenger\msmsgs.exe -

O17 -: HKLM\CCS\Interface\{11DA0033-0B53-45D5-8A14-697585EBAA87}: NameServer = 208.67.220.220,208.67.222.222

O17 -: HKLM\CCS\Interface\{15C4B963-9938-46EC-BAEE-17E495C4FB90}: NameServer = 208.67.220.220,208.67.222.222

O17 -: HKLM\CCS\Interface\{67581134-69CB-4559-9A47-3D40B91165C0}: NameServer = 208.67.220.220,208.67.222.222

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-22 20:09:29

Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\system32\winlogon.exe

-> C:\Apps\Softex\OmniPass\opxpgina.dll

.

------------------------ Autres processus actifs ------------------------

.

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\WINDOWS\system32\FTRTSVC.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\APPS\Softex\OmniPass\OmniServ.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\TeamViewer3\TeamViewer.exe

C:\WINDOWS\system32\dllhost.exe

C:\APPS\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Heure de fin: 2008-10-22 20:11:46 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-10-22 18:11:16

ComboFix2.txt 2008-10-21 13:00:14

ComboFix3.txt 2008-10-21 12:34:44

Avant-CF: 16 939 474 944 octets libres

Après-CF: 16,922,857,472 octets libres

217 --- E O F --- 2008-10-21 16:01:32

alors... kaspersky ou nod32 ?

[snooky]

Aucun des deux , le pc n'est pas clean .

Désinstalle Eset et autres antivirus , si tu en as installé ...

Fait ceci : ( AVZ )

Télécharge et dézippe AVZ sur ton Bureau :

http://www.z-oleg.com/avz4.zip

Lance AVZ.exe , puis va à :

File >System Analysis , puis coche Attach System Analysis log to ZIP et clique sur Start .

Upload le sysinfo.zip sur RapidShare.com et donne le lien dans ta réponse :

http://rapidshare.com/

[steve419]

ok, voila le zip : http://rapidshare.com/files/156685051/avz_sysinfo.zip.html

[snooky]

@ steve419 :

RAS le rapport AVZ

1) Télécharge :

http://securityresponse.symantec.com/avcenter/FxHotbar.exe

Ferme ton navigateur et lance ce fix ( FxHotbar.exe ) , puis poste le rapport créé.

2) Fait afficher les dossiers cachés :

http://www.informatruc.com/afficher_fichiers_caches.php

Recherche ensuite et supprime ces dossiers :

D:\Documents and Settings\manu\Application Data\HbTools

D:\Documents and Settings\manu\Application Data\HbTools_Icons

Utilise Unlocker au besoin pour supprimer ces dossiers .

3) Dis moi ce qu'il en est .

[Warher]

Salut à tous !

Je viens rechercher votre aide suite à un problème de nombreux processus lancés au démarrage sous Vista (90 ~, et le pc est tout récent).

J'ai utilisé HijackThis et analysé mon rapport en ligne mais un ami m'a conseillé de venir ici :)

Voilà le rapport.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:45:48, on 23/10/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\OrangeHSS\Launcher\Launcher.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Adrien\Program Files\DNA\btdna.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\OrangeHSS\systray\systrayapp.exe

C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe

C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Utilitaires\RegCleaner\RegCleanr.exe

C:\Utilitaires\RegCleaner\RegCleanr.exe

C:\Utilitaires\RegCleaner\RegCleanr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Utilitaires\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intraesl.edhec.asso.fr:8080/g3756.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [symLnch] "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe" "C:\PROGRA~1\COMMON~1\SYMANT~1\SymSetup\{C1C18~1\Setup.exe" " /X"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O15 - Trusted Zone: http://*.mappy.com

O15 - Trusted Zone: http://*.orange.fr

O15 - Trusted Zone: http://rw.search.ke.voila.fr

O15 - Trusted Zone: http://orange.weborama.fr

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\AddOns\Norton AddOn Pack\Engine\3.0.0.41\ccProxy.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 10371 bytes

Merci d'avance

[erelitcavel]

bonjour snooky

j'ai fait se que tu m'a dit avec le fichier cf sript et la fenêtre bleu est apparu

voici un scrieen :http://img381.imageshack us/my.php?image=probcmbfixfj3.jpg

la fenêtre bleu bleu est bien apparu mais je n' ai pas eu le choix entre 1et 2

j'ai cliquer sur non et le rapport est sorti. le voici :ComboFix 08-10-22.05 - Erel 2008-10-23 15:49:43.3 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.642 [GMT 2:00]

Lancé depuis: C:\Documents and Settings\Erel\Mes documents\Mes fichiers reçus\ComboFix.exe

Commutateurs utilisés :: C:\Documents and Settings\Erel\Mes documents\Mes fichiers reçus\CFScript.txt

* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::

C:\WINDOWS\WLXPGSS.SCR

C:\WINDOWS\system32\bits :#:

C:\WINDOWS\l2schemas :#:

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\Tasks\816153EF90D6FA33.job\

.

---- Previous Run -------

.

C:\Documents and Settings\All Users\Application Data\Frag great bend logo

C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Ref Hold.exe

C:\WINDOWS\WLXPGSS.SCR

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))

.

2008-10-17 18:29 . 2008-10-17 18:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\KONAMI

2008-10-17 18:17 . 2008-10-17 18:17 <REP> d-------- C:\Program Files\KONAMI

2008-10-17 18:08 . 2008-08-14 15:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-17 18:08 . 2008-08-14 15:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-17 18:08 . 2008-08-14 15:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-17 18:08 . 2008-08-14 15:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-17 18:08 . 2008-09-15 17:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-17 18:08 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-15 19:54 . 2008-10-15 19:54 <REP> d-------- C:\Program Files\Avira

2008-10-15 19:54 . 2008-10-15 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-10-15 19:07 . 2008-10-15 19:28 58 --a------ C:\SCRIPT.CLN

2008-10-13 21:35 . 2008-10-13 21:35 <REP> d-------- C:\WINDOWS\system32\fr-fr

2008-10-13 21:35 . 2008-10-13 21:35 <REP> d-------- C:\WINDOWS\system32\fr

2008-10-13 21:35 . 2008-10-13 21:35 <REP> d-------- C:\WINDOWS\system32\bits

2008-10-13 21:35 . 2008-10-13 21:35 <REP> d-------- C:\WINDOWS\l2schemas

2008-10-12 18:08 . 2008-10-12 18:12 <REP> d-------- C:\Documents and Settings\Erel\Application Data\U3

2008-09-27 02:26 . 2008-09-27 02:26 0 --a------ C:\Documents and Settings\Erel\jagex_runescape_preferences.dat

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-23 13:50 --------- d-----w C:\Documents and Settings\Erel\Application Data\Skype

2008-10-23 13:10 --------- d-----w C:\Documents and Settings\Erel\Application Data\skypePM

2008-10-19 20:41 --------- d-----w C:\Program Files\lx_cats

2008-10-17 16:41 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-10-15 18:12 --------- d-----w C:\Program Files\Circle Developement

2008-10-15 17:59 --------- d-----w C:\Documents and Settings\Erel\Application Data\Bags media support

2008-10-15 17:07 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-10-15 17:07 --------- d-----w C:\Program Files\Valve

2008-10-15 17:07 --------- d-----w C:\Program Files\Lexmark 3400 Series

2008-10-15 17:07 --------- d-----w C:\Documents and Settings\Erel\Application Data\LimeWire

2008-09-21 20:39 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-14 13:19 --------- d-----w C:\Program Files\Java

2008-09-13 22:46 --------- d-----w C:\Program Files\Zylom Games

2008-09-10 18:52 --------- d-----w C:\Program Files\Raw Modders Union

2008-09-09 20:33 --------- d-----w C:\Program Files\Google

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-08-31 18:07 --------- d-----w C:\Program Files\3DO

2008-08-31 18:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield

2008-08-31 18:06 --------- d-----w C:\Program Files\directx

2008-08-30 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-08-30 15:05 --------- d-----w C:\Program Files\Bags media support

2008-08-29 20:31 --------- d-----w C:\Documents and Settings\Erel\Application Data\Xfire

2008-08-28 21:11 9,472 ----a-w C:\WINDOWS\system32\drivers\lemsgt.sys

2008-08-28 21:11 137,344 ----a-w C:\WINDOWS\system32\drivers\hwpsgt.sys

2008-08-28 17:05 221,184 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2008-08-28 17:02 81,920 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2008-08-20 05:10 670,208 ----a-w C:\WINDOWS\system32\wininet.dll

2008-08-14 13:23 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:23 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

.

((((((((((((((((((((((((((((( snapshot@2008-10-15_19.35.08,64 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-10-04 18:16:46 1,887,080 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

+ 2008-08-14 13:23:44 2,147,328 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe

+ 2008-08-14 13:23:49 2,068,096 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

+ 2008-08-14 13:23:44 2,025,984 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe

+ 2008-08-14 13:23:49 2,191,232 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

- 2008-09-10 21:43:39 167,936 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe

+ 2008-10-17 20:27:11 167,936 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe

- 2008-09-10 21:43:39 2,560 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe

+ 2008-10-17 20:27:11 2,560 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe

- 2008-09-10 21:43:40 81,920 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe

+ 2008-10-17 20:27:11 81,920 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe

- 2008-09-10 21:43:39 34,304 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe

+ 2008-10-17 20:27:11 34,304 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe

- 2008-09-10 21:43:40 8,192 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe

+ 2008-10-17 20:27:11 8,192 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe

- 2008-09-10 21:43:40 3,584 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe

+ 2008-10-17 20:27:11 3,584 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe

- 2008-09-10 21:43:40 114,688 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe

+ 2008-10-17 20:27:11 114,688 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe

- 2008-09-10 21:43:39 16,384 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe

+ 2008-10-17 20:27:11 16,384 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe

- 2008-09-10 21:43:39 30,720 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe

+ 2008-10-17 20:27:11 30,720 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe

- 2008-09-10 21:43:40 22,528 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe

+ 2008-10-17 20:27:11 22,528 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe

- 2008-09-10 21:43:39 45,056 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe

+ 2008-10-17 20:27:11 45,056 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe

- 2008-09-10 21:43:39 90,112 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe

+ 2008-10-17 20:27:11 90,112 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe

+ 2008-10-17 16:36:25 38,943 ----a-r C:\WINDOWS\Installer\{A8DB611A-D80E-450D-85F6-3ACDD164BE31}\ARPPRODUCTICON.exe

+ 2008-10-17 16:36:25 81,920 ----a-r C:\WINDOWS\Installer\{A8DB611A-D80E-450D-85F6-3ACDD164BE31}\Shortcut_PES2009_E_19E2C126E9A346458082E1106EC36033.exe

+ 2008-10-17 16:36:25 86,016 ----a-r C:\WINDOWS\Installer\{A8DB611A-D80E-450D-85F6-3ACDD164BE31}\Shortcut_SETTINGS__E16DFE45D7AC4FBF87BBB412D05EFC15.exe

- 2008-06-20 11:40:08 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys

+ 2008-08-14 10:04:36 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys

- 2008-06-23 15:10:27 3,088,384 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-08-20 05:10:12 3,088,896 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2008-06-26 08:13:32 1,499,648 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll

+ 2008-08-20 05:10:11 1,499,648 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll

- 2008-06-26 08:13:32 620,544 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-08-20 05:10:11 620,544 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2008-06-23 15:10:27 670,208 -c----w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-08-20 05:10:11 670,208 -c----w C:\WINDOWS\system32\dllcache\wininet.dll

- 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

+ 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

+ 2008-05-09 11:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys

+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys

+ 2008-06-27 13:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys

+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys

- 2008-10-13 21:25:07 115,768 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-10-17 18:15:54 115,768 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-10-05 03:16:26 235,936 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe

- 2008-03-24 18:21:00 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

+ 2008-10-05 03:24:02 3,695,008 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

- 2008-03-24 18:21:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-10-05 03:24:04 235,936 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- 2008-05-30 21:13:02 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-10-15 18:04:56 89,102 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-10-22 22:01:32 84,661 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

- 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe

- 2008-06-23 15:10:27 3,088,384 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-08-20 05:10:12 3,088,896 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2008-06-26 08:13:32 1,499,648 ----a-w C:\WINDOWS\system32\shdocvw.dll

+ 2008-08-20 05:10:11 1,499,648 ----a-w C:\WINDOWS\system32\shdocvw.dll

- 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll

- 2008-06-26 08:13:32 620,544 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-08-20 05:10:11 620,544 ----a-w C:\WINDOWS\system32\urlmon.dll

.

-- Instantané actualisé --

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 106496]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk

backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

--a------ 2006-11-29 18:57 82864 C:\Program Files\Lexmark 3400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]

--a------ 2006-11-29 18:57 295856 C:\Program Files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

--a------ 2006-06-26 09:46 497200 C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

--a------ 2006-06-26 10:34 614960 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcymon.exe]

--a------ 2007-01-11 20:57 291760 C:\Program Files\Lexmark 3400 Series\lxcymon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\lxcycoms.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"D:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Valve\\hl.exe"=

"D:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"D:\\Program Files\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-11-29 537520]

R2 Start BT in service;Start BT in service;D:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]

S3 PciCon;PciCon;E:\PciCon.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2f94cdc-9877-11dd-8523-0017315f523b}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - TDPIPE

.

Contenu du dossier 'Tâches planifiées'

2008-08-30 C:\WINDOWS\Tasks\816153EF90D6FA33.job

- c:\docume~1\erel\applic~1\bagsme~1\PopFunkFork.exe []

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-23 15:50:51

Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCYCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

.

Heure de fin: 2008-10-23 15:51:47

ComboFix-quarantined-files.txt 2008-10-23 13:51:38

ComboFix2.txt 2008-10-15 17:35:30

Avant-CF: 10,398,703,616 octets libres

Après-CF: 10,393,137,152 octets libres

227 --- E O F --- 2008-10-17 20:27:14

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------

voici le log mbam:

Malwarebytes' Anti-Malware 1.30

Version de la base de données: 1309

Windows 5.1.2600 Service Pack 3

23/10/2008 16:23:42

mbam-log-2008-10-23 (16-23-42).txt

Type de recherche: Examen rapide

Eléments examinés: 43488

Temps écoulé: 5 minute(s), 57 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

merci snooky a bientôt

[snooky]

@ erelitcavel :

Supprime ce fichier :

C:\WINDOWS\Tasks\816153EF90D6FA33.job

Poste un nouveau rapport Hijackthis .

PS : as-tu encore des pubs intempestives ? ... ou un autre souci ?

[Napalm59]

Bonjour moi aussi j'ai un problème de page internet intempestives :/

voici mon rapport hijack :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:52:02, on 23/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\AlienGUIse\wbload.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Razer\Reclusa\razerhid.exe

C:\Program Files\Neuf\Kit\WiFi\9wifi.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Razer\Reclusa\razertra.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Mme TRACKOEN\Local Settings\Temp\exploner.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Vuze\Azureus.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Reclusa] C:\Program Files\Razer\Reclusa\razerhid.exe

O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] C:\Program Files\Neuf\Kit\WiFi\9wifi.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [9c585c31] rundll32.exe "C:\WINDOWS\system32\ivxmejul.dll",b

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [explozer] C:\Documents and Settings\Mme TRACKOEN\Local Settings\Temp\exploner.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Visit in &3D using ExitReality - http://3d.exitreality.com/TransmogrifyPage.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: wbsys.dll ydiybz.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 8442 bytes

je suis sous windows xp sp2

merci d'avance pour votre aide !

[snooky]

@ Napalm59 :

Désinstalle Avast .

Lance ComboFix et poste le rapport créé :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[Napalm59]

Voila combofix ma apparemment supprimer un rootkit .Voici le rapport

ComboFix 08-10-23.01 - Mme TRACKOEN 2008-10-23 22:16:28.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1567 [GMT 2:00]

Lancé depuis: C:\Documents and Settings\Mme TRACKOEN\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\WINDOWS\system32\awtqnNGv.dll

C:\WINDOWS\system32\awtqQKAp.dll

C:\WINDOWS\system32\drivers\TDSSmqlt.sys

C:\WINDOWS\system32\drivers\TDSSpqxt.sys

C:\WINDOWS\system32\ivxmejul.dll

C:\WINDOWS\system32\liqujbal.dll

C:\WINDOWS\system32\lujemxvi.ini

C:\WINDOWS\system32\mlJArroP.dll

C:\WINDOWS\system32\pmnmKExY.dll

C:\WINDOWS\system32\TDSSbrsr.dll

C:\WINDOWS\system32\TDSSbubv.log

C:\WINDOWS\system32\TDSShrxx.dll

C:\WINDOWS\system32\TDSSkhyp.dll

C:\WINDOWS\system32\TDSSkkai.log

C:\WINDOWS\system32\TDSSkkbi.log

C:\WINDOWS\system32\TDSSlxwp.dll

C:\WINDOWS\system32\TDSSmaxt.dat

C:\WINDOWS\system32\TDSSmtvd.dat

C:\WINDOWS\system32\TDSSnmxh.log

C:\WINDOWS\system32\TDSSnmxq.dll

C:\WINDOWS\system32\TDSSofxh.dll

C:\WINDOWS\system32\TDSSoiqh.dll

C:\WINDOWS\system32\TDSSoiqt.dll

C:\WINDOWS\system32\TDSSosvd.dll

C:\WINDOWS\system32\TDSSrhyp.log

C:\WINDOWS\system32\TDSSriqp.dll

C:\WINDOWS\system32\TDSSsahc.dll

C:\WINDOWS\system32\TDSSsihl.dll

C:\WINDOWS\system32\TDSSvkql.dll

C:\WINDOWS\system32\TDSSxfum.dll

C:\WINDOWS\system32\TDSSxfum.log

C:\WINDOWS\system32\tuvWQGaY.dll

C:\WINDOWS\system32\wfxhelp22.dll

C:\WINDOWS\system32\YaGQWvut.ini

C:\WINDOWS\system32\YaGQWvut.ini2

C:\WINDOWS\system32\ydiybz.dll

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))

.

2008-10-23 19:47 . 2008-10-23 19:47 <REP> d-------- C:\Program Files\Trend Micro

2008-10-22 13:43 . 2008-10-22 13:43 35,328 --a------ C:\WINDOWS\system32\TDSSotcv.dll

2008-10-22 13:11 . 2008-10-22 13:11 <REP> d-------- C:\Program Files\Adobe Photoshop CS3

2008-10-21 19:01 . 2008-10-21 19:02 <REP> d-------- C:\Program Files\mIRC

2008-10-21 19:01 . 2008-10-21 19:03 <REP> d-------- C:\Documents and Settings\Mme TRACKOEN\Application Data\mIRC

2008-10-18 19:05 . 2008-10-18 19:46 <REP> d-------- C:\Program Files\Phun

2008-10-18 18:31 . 2000-01-14 19:14 45,568 --a------ C:\WINDOWS\UniFish3.exe

2008-10-17 19:33 . 2008-10-17 19:33 <REP> d-------- C:\Graphics

2008-10-17 19:33 . 2005-11-13 02:28 238,080 --------- C:\WINDOWS\system32\mwgfx24.dll

2008-10-17 19:33 . 2008-09-29 10:03 188,928 --------- C:\WINDOWS\system32\mwgfx.dll

2008-10-17 19:33 . 2008-09-05 09:32 104,960 --------- C:\WINDOWS\system32\mwdds.dll

2008-10-17 19:33 . 2004-05-14 12:13 56,832 --------- C:\WINDOWS\system32\mwace.dll

2008-10-17 19:33 . 2007-08-19 10:37 28,672 --------- C:\WINDOWS\system32\mwgfxcopy.exe

2008-10-17 19:31 . 2008-10-17 19:36 <REP> d-------- C:\Documents and Settings\Mme TRACKOEN\.gimp-2.6

2008-10-17 19:31 . 2008-10-17 19:31 <REP> d-------- C:\Documents and Settings\Mme TRACKOEN\.gegl-0.0

2008-10-16 22:22 . 2008-10-19 22:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania

2008-10-16 16:24 . 2008-10-16 16:25 <REP> d-------- C:\Program Files\Microsoft Digital Image 10

2008-10-14 16:32 . 2004-01-28 15:03 21,456 --a------ C:\WINDOWS\system32\drivers\SilvrLnk.sys

2008-10-14 16:31 . 2008-10-14 16:32 <REP> d-------- C:\Program Files\TI Education

2008-10-14 16:31 . 2008-10-14 16:31 <REP> d-------- C:\Program Files\Fichiers communs\TI Shared

2008-10-12 18:06 . 2008-10-12 18:06 0 --a------ C:\WINDOWS\windowfx3.ini

2008-10-12 18:06 . 2008-10-12 18:06 0 --a------ C:\WINDOWS\windowfx2.ini

2008-10-12 18:04 . 2008-10-12 18:04 <REP> d-------- C:\Program Files\Stardock

2008-10-12 18:03 . 2008-10-12 18:03 <REP> d-------- C:\Documents and Settings\Mme TRACKOEN\Application Data\OtakuSoftware

2008-10-12 18:02 . 2008-10-17 17:23 <REP> d-------- C:\Program Files\DeskSpace

2008-10-11 12:49 . 2008-10-11 12:49 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd

2008-10-11 12:49 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll

2008-10-09 16:30 . 2008-10-09 16:30 <REP> d-------- C:\Program Files\DAEMON Tools Lite

2008-10-08 22:57 . 2008-10-08 22:58 <REP> d-------- C:\Documents and Settings\Mme TRACKOEN\Application Data\SPORE

2008-10-08 17:47 . 2008-10-08 22:12 <REP> d-------- C:\Program Files\StarCraft

2008-10-08 17:47 . 2008-10-08 17:59 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment

2008-10-07 22:38 . 2008-10-07 22:38 <REP> d-------- C:\Documents and Settings\Mme TRACKOEN\Application Data\DAEMON Tools

2008-10-07 22:38 . 2008-10-07 22:38 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-10-07 22:21 . 2008-10-07 22:21 268 --ah----- C:\sqmdata13.sqm

2008-10-07 22:21 . 2008-10-07 22:21 244 --ah----- C:\sqmnoopt13.sqm

2008-10-07 21:49 . 2008-10-07 21:50 <REP> d-------- C:\Program Files\no$gba (version 2.6a)

2008-10-05 15:28 . 2008-10-05 15:28 143,707 --a------ C:\WINDOWS\system32\nvapps.xml

2008-10-05 15:27 . 2008-10-05 15:27 <REP> d-------- C:\WINDOWS\nview

2008-10-05 15:27 . 2007-10-09 08:36 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-10-05 15:27 . 2007-10-09 08:36 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-10-05 15:26 . 2007-10-09 09:45 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-10-04 23:37 . 2008-10-04 23:37 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia

2008-10-02 18:49 . 2008-10-02 18:49 <REP> d-------- C:\Documents and Settings\Mme TRACKOEN\Application Data\DivX

2008-10-02 18:48 . 2008-10-02 18:48 <REP> d-------- C:\Program Files\HyCam2

2008-09-24 19:52 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe

2008-09-24 18:35 . 2008-10-20 21:29 <REP> d-------- C:\Documents and Settings\Mme TRACKOEN\Application Data\OpenOffice.org2

2008-09-23 18:55 . 2008-09-23 18:55 <REP> d-------- C:\Program Files\OpenOffice.org 2.4

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-23 20:02 --------- d-----w C:\Documents and Settings\Mme TRACKOEN\Application Data\Azureus

2008-10-23 19:49 --------- d-----w C:\Documents and Settings\Mme TRACKOEN\Application Data\Skype

2008-10-23 18:33 --------- d-----w C:\Program Files\Steam

2008-10-23 16:28 --------- d-----w C:\Documents and Settings\Mme TRACKOEN\Application Data\skypePM

2008-10-22 12:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-10-22 11:51 --------- d-----w C:\Program Files\SpeedFan

2008-10-19 17:01 --------- d-----w C:\Documents and Settings\Mme TRACKOEN\Application Data\Hamachi

2008-10-16 18:37 --------- d-----w C:\Program Files\ExitReality

2008-10-16 18:36 --------- d-----w C:\Program Files\NVIDIA Corporation

2008-10-16 18:35 --------- d-----w C:\Program Files\Real Desktop

2008-10-16 18:35 --------- d-----w C:\Program Files\Netdevil

2008-10-16 18:34 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-16 18:34 --------- d-----w C:\Program Files\SuperCopier2

2008-10-16 18:34 --------- d-----w C:\Program Files\EA GAMES

2008-10-14 14:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-10-11 10:49 --------- d-----w C:\Program Files\Fichiers communs\Logitech

2008-10-08 20:53 --------- d-----w C:\Program Files\Electronic Arts

2008-10-02 19:30 139,664 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-10-02 19:30 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-10-01 13:25 --------- d-----w C:\Program Files\AGEIA Technologies

2008-09-23 16:54 --------- d-----w C:\Program Files\Java

2008-09-22 19:01 --------- d-----w C:\Program Files\Bonjour

2008-09-22 18:51 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help

2008-09-22 18:40 --------- d-----w C:\Program Files\MSXML 4.0

2008-09-19 21:13 --------- d-----w C:\Program Files\InterActual

2008-09-18 19:55 --------- d-----w C:\Program Files\Lavalys

2008-09-18 18:02 --------- d-----w C:\Program Files\SystemRequirementsLab

2008-09-18 18:01 --------- d-----w C:\Documents and Settings\Mme TRACKOEN\Application Data\SystemRequirementsLab

2008-09-16 20:24 --------- d--h--w C:\Documents and Settings\Mme TRACKOEN\Application Data\ijjigame

2008-09-14 17:14 --------- d-----w C:\Program Files\Common Files

2008-09-14 14:38 --------- d-----w C:\Program Files\NHN USA

2008-09-08 15:51 --------- d-----w C:\Program Files\DivX

2008-09-08 15:37 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-09-04 07:31 288,024 ----a-w C:\WINDOWS\system32\PhysXCplUI.exe

2008-09-03 11:12 --------- d-----w C:\Program Files\MSBuild

2008-09-03 11:12 --------- d-----w C:\Program Files\Microsoft Works

2008-09-03 11:11 --------- d-----w C:\Program Files\Microsoft.NET

2008-09-02 00:27 --------- d-----w C:\Program Files\AlienGUIse

2008-09-01 23:06 --------- d-----w C:\Program Files\iTunes

2008-09-01 23:06 --------- d-----w C:\Documents and Settings\Mme TRACKOEN\Application Data\Apple Computer

2008-09-01 23:05 --------- d-----w C:\Program Files\QuickTime

2008-09-01 23:05 --------- d-----w C:\Program Files\iPod

2008-09-01 23:05 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

2008-09-01 23:04 --------- d-----w C:\Program Files\Fichiers communs\Apple

2008-09-01 23:04 --------- d-----w C:\Program Files\Apple Software Update

2008-09-01 23:04 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

2008-09-01 19:10 --------- d-----w C:\Program Files\Google

2008-08-31 17:13 --------- d-----w C:\Program Files\Skype

2008-08-31 17:13 --------- d-----w C:\Program Files\Fichiers communs\Skype

2008-08-31 17:13 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

2008-08-27 20:35 --------- d-----w C:\Documents and Settings\Mme TRACKOEN\Application Data\Samsung

2008-08-15 22:44 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-08-14 23:47 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-08-08 16:24 315,392 -c--a-w C:\WINDOWS\HideWin.exe

2008-08-08 15:55 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe

2008-08-01 09:05 70,936 ----a-w C:\WINDOWS\system32\PhysXLoader.dll

2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll

2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll

2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll

2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

.

------- Sigcheck -------

2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\winlogon.exe

2008-08-08 17:55 506368 3efd602a3fd0f9ee82c297636679fec9 C:\WINDOWS\system32\winlogon.exe

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"Reclusa"="C:\Program Files\Razer\Reclusa\razerhid.exe" [2007-06-18 167936]

"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2006-07-06 122880]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-09 185896]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-09 8527872]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-09 81920]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 C:\WINDOWS\RTHDCPL.exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]

"nwiz"="nwiz.exe" [2007-10-09 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-10-11 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"= 1 (0x1)

"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll ydiybz.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Warcraft III\\Warcraft III\\Warcraft III.exe"=

"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-17 381312]

R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]

R3 RecFltr;Reclusa Keyboard;C:\WINDOWS\system32\Drivers\RecFltr.sys [2007-01-18 41984]

.

- - - - ORPHELINS SUPPRIMES - - - -

BHO-{42AE1DA1-FF60-4435-A81F-9B6538F865A6} - C:\WINDOWS\system32\awtqnNGv.dll

BHO-{84025d4a-99f0-48c0-a3c0-5744bdafb07e} - C:\WINDOWS\system32\ydiybz.dll

BHO-{86864630-D930-466F-A141-BA96F307453E} - C:\WINDOWS\system32\tuvWQGaY.dll

HKCU-Run-explozer - C:\Documents and Settings\Mme TRACKOEN\Local Settings\Temp\exploner.exe

HKLM-Run-9c585c31 - C:\WINDOWS\system32\ivxmejul.dll

ShellExecuteHooks-{42AE1DA1-FF60-4435-A81F-9B6538F865A6} - C:\WINDOWS\system32\awtqnNGv.dll

SafeBoot-TDSSmqlt.sys

.

------- Examen supplémentaire -------

.

FireFox -: Profile - C:\DOCUME~1\MMETRA~1\APPLIC~1\Mozilla\Firefox\Profiles\n4vaqnjg.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-23 22:17:15

Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

.

Heure de fin: 2008-10-23 22:18:06

ComboFix-quarantined-files.txt 2008-10-23 20:17:56

Avant-CF: 121,559,609,344 octets libres

Après-CF: 121,547,497,472 octets libres

262 --- E O F --- 2008-09-22 18:51:51

[snooky]

@ Napalm59 :

Lance Navilog1 , option 1 et poste le rapport créé :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

PS : n'installe rien d'autre pour le moment

[Napalm59]

Voila :

Search Navipromo version 3.6.7 commencé le 23/10/2008 à 22:50:41,48

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!

!!! Postez ce rapport sur le forum pour le faire analyser !!!

!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Session actuelle : "Mme TRACKOEN"

Mise à jour le 22.10.2008 à 20h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]

Internet Explorer : 7.0.5730.13

Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Mme TRACKOEN\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Mme TRACKOEN\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Mme TRACKOEN\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***

pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***

!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!

!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Mme TRACKOEN\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***

(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\Mme TRACKOEN\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !

Certificat Electronic-Group absent !

Certificat Montorgueil absent !

Certificat OOO-Favorit absent !

Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

*** Analyse terminée le 23/10/2008 à 22:53:56,15 ***

[snooky]

Ok

Lance Tools Cleaner , puis Recherche , et supprime ce qu'il a trouvé :

http://www.pcinpact.com/forum/index.php?showtopic=132517

Lance Clean v2.0 by FRUiT , procédure 1. ( vise ma signature )

Redémarre le pc ( ne tient pas compte du message Windows , remet ton wallpaper en place )

Redémarre le pc .

Installe MBAM et lance une analyse complète après avoir mis à jour les bases virales . ( vise ma signature )

Poste le rapport créé par MBAM .

[Napalm59]

voila le mbam :

Malwarebytes' Anti-Malware 1.30

Version de la base de données: 1310

Windows 5.1.2600 Service Pack 2

23/10/2008 23:52:31

mbam-log-2008-10-23 (23-52-24).txt

Type de recherche: Examen complet (C:\|)

Eléments examinés: 114324

Temps écoulé: 28 minute(s), 44 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 9

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

C:\System Volume Information\_restore{D71BAB1D-2CFB-4390-8F42-9FDE88C952CD}\RP99\A0021973.dll (Trojan.Vundo) -> No action taken.

C:\System Volume Information\_restore{D71BAB1D-2CFB-4390-8F42-9FDE88C952CD}\RP99\A0021974.dll (Trojan.Vundo) -> No action taken.

C:\System Volume Information\_restore{D71BAB1D-2CFB-4390-8F42-9FDE88C952CD}\RP99\A0021975.dll (Trojan.Vundo) -> No action taken.

C:\System Volume Information\_restore{D71BAB1D-2CFB-4390-8F42-9FDE88C952CD}\RP99\A0021976.dll (Trojan.Vundo) -> No action taken.

C:\System Volume Information\_restore{D71BAB1D-2CFB-4390-8F42-9FDE88C952CD}\RP99\A0021978.dll (Trojan.Vundo) -> No action taken.

C:\System Volume Information\_restore{D71BAB1D-2CFB-4390-8F42-9FDE88C952CD}\RP99\A0021979.dll (Trojan.Vundo) -> No action taken.

C:\System Volume Information\_restore{D71BAB1D-2CFB-4390-8F42-9FDE88C952CD}\RP99\A0021980.dll (Trojan.Vundo) -> No action taken.

C:\System Volume Information\_restore{D71BAB1D-2CFB-4390-8F42-9FDE88C952CD}\RP99\A0021981.dll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\TDSSotcv.dll (Rootkit.Agent) -> No action taken.

[snooky]

@ Napalm59 :

1) Désactive la restauration système .

2) Analyse le pc avec VundoFix : ( poste le rapport )

http://vundofix.atribune.org/

3) Coche et Fixe toutes les lignes 04 avec Hijackthis et poste le rapport .

4) Télécharge à nouveau ComboFix .

5) Copie (Ctrl+C) le texte ci-dessous :

File::

C:\WINDOWS\system32\TDSSotcv.dll

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.

Sauvegarde ce fichier sous le nom de CFScript.txt

Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe

Une fenêtre bleue va apparaître ... au message qui apparaît ( Type 1 to continue, or 2 to abort ) , tape 1 puis valide.

Ne touche à rien tant que le scan n'est pas terminé.

Poste le nouveau rapport créé par ComboFix .

[steve419]

@ steve419 :

RAS le rapport AVZ

1) Télécharge :

http://securityresponse.symantec.com/avcenter/FxHotbar.exe

Ferme ton navigateur et lance ce fix ( FxHotbar.exe ) , puis poste le rapport créé.

2) Fait afficher les dossiers cachés :

http://www.informatruc.com/afficher_fichiers_caches.php

Recherche ensuite et supprime ces dossiers :

D:\Documents and Settings\manu\Application Data\HbTools

D:\Documents and Settings\manu\Application Data\HbTools_Icons

Utilise Unlocker au besoin pour supprimer ces dossiers .

3) Dis moi ce qu'il en est .

le FxHotbar a rien trouvé

J'ai réussi a supprimer HbTools_Icons, par contre quand j'essaie de supprimer HbTools, le répertoire est locké. J'ai essayé de l'effacer avec unlocker, cela ne fonctionne pas, même après reboot. Le répertoire est en lecture seule, si j'essaie de lui retirer la lecture seule, le changement est non autorisé.

[snooky]

@ steve419 :

Décoche la lecture seule de ce dossier ( clic droit / Propriétés )

Essaye de supprimer via Unlocker en mode sans échec .

Tu peux également utiliser Hijackthis pour " supprimer au reboot " :

Config / Misc Tool / " Delete a file on reboot "

... ou KillBox .

http://www.assistepc.com/eliminer_virus/killbox.htm

[DelOrio]

voila suite à problème expliquer sur le topic d'Antivir:

voir içi

Logfile of HijackThis v1.99.1

Scan saved at 13:22:17, on 24/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\PROGRA~1\FDD_FM~1\CZFMDSER.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Kerio\Personal Firewall\persfw.exe

C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/runonce2.aspx

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199489539278

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: CZFMDSER.EXE - Unknown owner - C:\PROGRA~1\FDD_FM~1\CZFMDSER.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

[snooky]

@ DelOrio :

Services.msc à taper dans Démarrer / Exécuter , puis arrête et désactive ces services , puis redémarre le pc et teste un moment ...

Dis nous ce qu'il en est .

O23 - Service: CZFMDSER.EXE - Unknown owner - C:\PROGRA~1\FDD_FM~1\CZFMDSER.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

[Napalm59]

vundofix ne ma pas fait de rapport mais il na pas trouver de fichier infecté.

voila le hijack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:22:43, on 24/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\AlienGUIse\wbload.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Razer\Reclusa\razertra.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Vuze\Azureus.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Visit in &3D using ExitReality - http://3d.exitreality.com/TransmogrifyPage.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: wbsys.dll ydiybz.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 5091 bytes

je fait donc maintenant le combofix avec le fichier que tu ma donné

voila le combofix:

ComboFix 08-10-23.01 - Mme TRACKOEN 2008-10-24 17:31:08.4 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1474 [GMT 2:00]

Lancé depuis: C:\Documents and Settings\Mme TRACKOEN\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\WINDOWS\system32\TDSSotcv.dll

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-24 au 2008-10-24 ))))))))))))))))))))))))))))))))))))

.

2008-10-24 00:13 . 2008-10-24 00:13 <REP> d-------- C:\VundoFix Backups

2008-10-23 23:20 . 2008-10-23 23:20 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-10-23 23:20 . 2008-10-23 23:20 <REP> d-------- C:\Documents and Settings\Mme TRACKOEN\Application Data\Malwarebytes

2008-10-23 23:20 . 2008-10-23 23:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-10-23 23:20 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-23 23:20 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-23 23:11 . 2008-10-23 23:11 58 --a------ C:\SCRIPT.CLN

2008-10-23 19:47 . 2008-10-24 07:16 <REP> d-------- C:\Program Files\Trend Micro

2008-10-21 19:01 . 2008-10-21 19:02 <REP> d-------- C:\Program Files\mIRC

2008-10-21 19:01 . 2008-10-21 19:03 <REP> d-------- C:\Documents and Settings\Mme TRACKOEN\Application Data\mIRC

2008-10-18 19:05 . 2008-10-18 19:46 <REP> d-------- C:\Program Files\Phun

2008-10-18 18:31 . 2000-01-14 19:14 45,568 --a------ C:\WINDOWS\UniFish3.exe

2008-10-17 19:33 . 2008-10-17 19:33 <REP> d-------- C:\Graphics

2008-10-17 19:33 . 2005-11-13 02:28 238,080 --------- C:\WINDOWS\system32\mwgfx24.dll

2008-10-17 19:33 . 2008-09-29 10:03 188,928 --------- C:\WINDOWS\system32\mwgfx.dll

2008-10-17 19:33 . 2008-09-05 09:32 104,960 --------- C:\WINDOWS\system32\mwdds.dll

2008-10-17 19:33 . 2004-05-14 12:13 56,832 --------- C:\WINDOWS\system32\mwace.dll

2008-10-17 19:33 . 2007-08-19 10:37 28,672 --------- C:\WINDOWS\system32\mwgfxcopy.exe

2008-10-17 19:31 . 2008-10-17 19:36 <REP> d-------- C:\Documents and Settings\Mme TRACKOEN\.gimp-2.6

2008-10-17 19:31 . 2008-10-17 19:31 <REP> d-------- C:\Documents and Settings\Mme TRACKOEN\.gegl-0.0

2008-10-16 22:22 . 2008-10-19 22:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania

2008-10-16 16:24 . 2008-10-16 16:25 <REP> d-------- C:\Program Files\Microsoft Digital Image 10

2008-10-14 16:32 . 2004-01-28 15:03 21,456 --a------ C:\WINDOWS\system32\drivers\SilvrLnk.sys

2008-10-14 16:31 . 2008-10-14 16:32 <REP> d-------- C:\Program Files\TI Education

2008-10-14 16:31 . 2008-10-14 16:31 <REP> d-------- C:\Program Files\Fichiers communs\TI Shared

2008-10-12 18:06 . 2008-10-12 18:06 0 --a------ C:\WINDOWS\windowfx3.ini

2008-10-12 18:06 . 2008-10-12 18:06 0 --a------ C:\WINDOWS\windowfx2.ini

2008-10-12 18:04 . 2008-10-12 18:04 <REP> d-------- C:\Program Files\Stardock

2008-10-12 18:03 . 2008-10-12 18:03 <REP> d-------- C:\Documents and Settings\Mme TRACKOEN\Application Data\OtakuSoftware

2008-10-12 18:02 . 2008-10-17 17:23 <REP> d-------- C:\Program Files\DeskSpace

2008-10-11 12:49 . 2008-10-11 12:49 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd

2008-10-11 12:49 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll

2008-10-09 16:30 . 2008-10-09 16:30 <REP> d-------- C:\Program Files\DAEMON Tools Lite

2008-10-08 22:57 . 2008-10-08 22:58 <REP> d-------- C:\Documents and Settings\Mme TRACKOEN\Application Data\SPORE

2008-10-08 17:47 . 2008-10-23 23:11 <REP> d-------- C:\Program Files\StarCraft

2008-10-08 17:47 . 2008-10-08 17:59 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment

2008-10-07 22:38 . 2008-10-07 22:38 <REP> d-------- C:\Documents and Settings\Mme TRACKOEN\Application Data\DAEMON Tools

2008-10-07 22:38 . 2008-10-07 22:38 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-10-07 22:21 . 2008-10-07 22:21 268 --ah----- C:\sqmdata13.sqm

2008-10-07 22:21 . 2008-10-07 22:21 244 --ah----- C:\sqmnoopt13.sqm

2008-10-07 21:49 . 2008-10-07 21:50 <REP> d-------- C:\Program Files\no$gba (version 2.6a)

2008-10-05 15:28 . 2008-10-05 15:28 143,707 --a------ C:\WINDOWS\system32\nvapps.xml

2008-10-05 15:27 . 2008-10-05 15:27 <REP> d-------- C:\WINDOWS\nview

2008-10-05 15:27 . 2007-10-09 08:36 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-10-05 15:27 . 2007-10-09 08:36 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-10-05 15:26 . 2007-10-09 09:45 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-10-04 23:37 . 2008-10-04 23:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia

2008-10-02 18:49 . 2008-10-02 18:49 <REP> d-------- C:\Documents and Settings\Mme TRACKOEN\Application Data\DivX

2008-10-02 18:48 . 2008-10-02 18:48 <REP> d-------- C:\Program Files\HyCam2

2008-09-24 19:52 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe

2008-09-24 18:35 . 2008-10-20 21:29 <REP> d-------- C:\Documents and Settings\Mme TRACKOEN\Application Data\OpenOffice.org2

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-24 15:31 --------- d-----w C:\Documents and Settings\Mme TRACKOEN\Application Data\Azureus

2008-10-23 21:11 --------- d-----w C:\Program Files\Yod

2008-10-23 19:49 --------- d-----w C:\Documents and Settings\Mme TRACKOEN\Application Data\Skype

2008-10-23 18:33 --------- d-----w C:\Program Files\Steam

2008-10-23 16:28 --------- d-----w C:\Documents and Settings\Mme TRACKOEN\Application Data\skypePM

2008-10-22 12:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-10-22 11:51 --------- d-----w C:\Program Files\SpeedFan

2008-10-19 17:01 --------- d-----w C:\Documents and Settings\Mme TRACKOEN\Application Data\Hamachi

2008-10-16 18:37 --------- d-----w C:\Program Files\ExitReality

2008-10-16 18:36 --------- d-----w C:\Program Files\NVIDIA Corporation

2008-10-16 18:35 --------- d-----w C:\Program Files\Real Desktop

2008-10-16 18:35 --------- d-----w C:\Program Files\Netdevil

2008-10-16 18:34 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-16 18:34 --------- d-----w C:\Program Files\SuperCopier2

2008-10-16 18:34 --------- d-----w C:\Program Files\EA GAMES

2008-10-14 14:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-10-11 10:49 --------- d-----w C:\Program Files\Fichiers communs\Logitech

2008-10-08 20:53 --------- d-----w C:\Program Files\Electronic Arts

2008-10-02 19:30 139,664 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-10-02 19:30 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-10-01 13:25 --------- d-----w C:\Program Files\AGEIA Technologies

2008-09-23 16:55 --------- d-----w C:\Program Files\OpenOffice.org 2.4

2008-09-23 16:54 --------- d-----w C:\Program Files\Java

2008-09-22 19:01 --------- d-----w C:\Program Files\Bonjour

2008-09-22 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-09-22 18:40 --------- d-----w C:\Program Files\MSXML 4.0

2008-09-19 21:13 --------- d-----w C:\Program Files\InterActual

2008-09-18 19:55 --------- d-----w C:\Program Files\Lavalys

2008-09-18 18:02 --------- d-----w C:\Program Files\SystemRequirementsLab

2008-09-18 18:01 --------- d-----w C:\Documents and Settings\Mme TRACKOEN\Application Data\SystemRequirementsLab

2008-09-16 20:24 --------- d--h--w C:\Documents and Settings\Mme TRACKOEN\Application Data\ijjigame

2008-09-14 17:14 --------- d-----w C:\Program Files\Common Files

2008-09-14 14:38 --------- d-----w C:\Program Files\NHN USA

2008-09-08 15:51 --------- d-----w C:\Program Files\DivX

2008-09-08 15:37 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-09-04 07:31 288,024 ----a-w C:\WINDOWS\system32\PhysXCplUI.exe

2008-09-03 11:12 --------- d-----w C:\Program Files\MSBuild

2008-09-03 11:12 --------- d-----w C:\Program Files\Microsoft Works

2008-09-03 11:11 --------- d-----w C:\Program Files\Microsoft.NET

2008-09-02 00:27 --------- d-----w C:\Program Files\AlienGUIse

2008-09-01 23:06 --------- d-----w C:\Program Files\iTunes

2008-09-01 23:06 --------- d-----w C:\Documents and Settings\Mme TRACKOEN\Application Data\Apple Computer

2008-09-01 23:05 --------- d-----w C:\Program Files\QuickTime

2008-09-01 23:05 --------- d-----w C:\Program Files\iPod

2008-09-01 23:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-09-01 23:04 --------- d-----w C:\Program Files\Fichiers communs\Apple

2008-09-01 23:04 --------- d-----w C:\Program Files\Apple Software Update

2008-09-01 23:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple

2008-09-01 19:10 --------- d-----w C:\Program Files\Google

2008-08-31 17:13 --------- d-----w C:\Program Files\Skype

2008-08-31 17:13 --------- d-----w C:\Program Files\Fichiers communs\Skype

2008-08-31 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype

2008-08-27 20:35 --------- d-----w C:\Documents and Settings\Mme TRACKOEN\Application Data\Samsung

2008-08-15 22:44 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-08-14 23:47 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-08-08 16:24 315,392 -c--a-w C:\WINDOWS\HideWin.exe

2008-08-08 15:55 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe

2008-08-01 09:05 70,936 ----a-w C:\WINDOWS\system32\PhysXLoader.dll

2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll

2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll

2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll

2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

.

------- Sigcheck -------

2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\winlogon.exe

2008-08-08 17:55 506368 3efd602a3fd0f9ee82c297636679fec9 C:\WINDOWS\system32\winlogon.exe

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"= 1 (0x1)

"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll ydiybz.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Warcraft III\\Warcraft III\\Warcraft III.exe"=

"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-10-22 38496]

R3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-17 381312]

R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]

R3 RecFltr;Reclusa Keyboard;C:\WINDOWS\system32\Drivers\RecFltr.sys [2007-01-18 41984]

*Newly Created Service* - MBAMSWISSARMY

.

.

------- Examen supplémentaire -------

.

FireFox -: Profile - C:\Documents and Settings\Mme TRACKOEN\Application Data\Mozilla\Firefox\Profiles\n4vaqnjg.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-24 17:31:48

Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

.

Heure de fin: 2008-10-24 17:32:22

ComboFix-quarantined-files.txt 2008-10-24 15:32:17

Avant-CF: 121,812,881,408 octets libres

Après-CF: 121,804,144,640 octets libres

198 --- E O F --- 2008-09-22 18:51:51

PS: depuis la première mise en marche de combofix les fenêtre n'ont plus l'air d'apparaitre !

[snooky]

Lance Tools Cleaner > Recherche , puis Supprimer .

http://www.pcinpact.com/forum/index.php?sh...l=tools+cleaner

Installe Antivir et lance une analyse complète après avoir mis à jour les bases virales .

Redémarre le pc et poste un nouveau rapport Hijackthis .

[Napalm59]

Voici le hijack :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:53:06, on 24/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\AlienGUIse\wbload.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Visit in &3D using ExitReality - http://3d.exitreality.com/TransmogrifyPage.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: wbsys.dll ydiybz.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 5791 bytes

[snooky]

Ligne à fixer :

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

Avec Autoruns , onglet Appinit , supprime les fichiers présents .

celà doit correspondre à ceci :

O20 - AppInit_DLLs: wbsys.dll ydiybz.dll

Cette ligne ne doit plus être présentes dans Hijackthis .

Vérifie .

Sinon , le pc se comporte bien ?

[Napalm59]

oui oui le PC se comporte bien la seul chose c'est que toute les applications qui se lancaient au démarrage baa elles ne se lancent plus comme le pilote de ma souris et ceux du clavier rien de méchant

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:05:11, on 24/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\AlienGUIse\wbload.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Visit in &3D using ExitReality - http://3d.exitreality.com/TransmogrifyPage.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 5593 bytes

voila apparemment les lignes que tu a signaler n'apparaissent plus

Et un grand merci pour avoir consacré un peu de ton temps a m'aider !

[snooky]

Dans Hijackthis , tu peux restaurer ces processus .( souris + clavier )

Ne remet que les indispensables via :

Config / Sauvés / Restaurer .

Config / backup / Restore

Edit : je crois bien que Tools Cleaner à supprimer Hijackthis et le dossier Backup avec ! .