Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Visa anti virus 2008 + supression de fichiers

Dernière réponse le 1 aoû 2008 à 02:23:47 Dr.G, le 31 jui 2008 à 19:29:22

Signaler ce message aux modérateurs

Bonjour,
Petit probleme qui me mène à vous. depuis hier maintenant, les choses ont empirer our mon pc: vista antivirus 2008 squatte le pc, antivirus XP 2008 pareil, dans mon menu démarrer, "tout programmes", poste de travail, images etc.. on disparu! de meme pour le panneau de configuration. tout a disparu et avec norton j'arrive a a peine virer tout les virus que j'ai.. 788 en tout si j'ai bien compris. aidez moi, ca va peut etre fair la 3eme réinstallation de mon systeme en 6 mois. merci de vos reponses futures

Configuration: Windows XP
Internet Explorer 7.0

Meilleures réponses pour « Visa anti virus 2008 + supression de fichiers » dans :

Supprimer "systeme anti virus 2008" ? Voir

Anti virus 2008 (Résolu) Voir

Desinstaller ca anti-virus 2008 Voir

Quel est le meilleur anti-virus ? VoirC'est une question qui est très souvent posée dans le forum et les débats sont très souvent animés. Certains pensent que les meilleurs anti-virus sont ceux ci-dessous : ANTIVIR AVAST AVG Gdata Bit Defender

Supprimer anti virus 2008 Voir

Mise a jour anti virus kaspersky (7.0.0.125) (Résolu) Voir

Supprimer définitivement norton (Résolu) Voir

Télécharger AVG Anti-Virus Voir

Télécharger Kaspersky Anti-Virus 2010 Voir

Télécharger Kaspersky Anti-Virus for Mac Voir

Posez votre question Répondre

g!rly, le 31 jui 2008 à 19:32:21

Salut,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

et

Télécharge HijackThis ici :

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post le rapport généré ici stp...

@+ What the heck ?

Répondre à g!rly

Dr.G, le 31 jui 2008 à 19:35:52

Merci de ta reponse ultra rapide =) mais c encore pire, j'avais hijack hier soir.. maintenant j'ai meme plus accès a mes disques durs. le gestionnaire a été désactivé, je sais plus quoi faire. je vais telecharger combofix mais bon, chuis pas sur que j'aurais accès au rapport

Répondre à Dr.G

g!rly, le 31 jui 2008 à 19:36:53

Ok passe combofix, normalement il va tout retablir ;) What the heck ?

Répondre à g!rly

Dr.G, le 31 jui 2008 à 19:38:02

J'espère =) merci encore c'est super qu'on me reponde avec serieux et gentilesse ^^

Répondre à Dr.G

g!rly, le 31 jui 2008 à 19:40:04

Croisons les doigts ;) What the heck ?

Répondre à g!rly

Dr.G, le 31 jui 2008 à 20:06:26

Comment te remercier? =)

ComboFix 08-07-30.02 - Administrateur 2008-07-31 19:43:47.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.159 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b /color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Application Data\rhcnejj0epfe
C:\Documents and Settings\Administrateur\Application Data\WeatherDPA
C:\Documents and Settings\Administrateur\Favoris\Error Cleaner.url
C:\Documents and Settings\Administrateur\Favoris\Privacy Protector.url
C:\Documents and Settings\Administrateur\Favoris\Spyware&Malware Protection.url
C:\Documents and Settings\Administrateur\Mes documents\My Documents.url
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\[u]0/u.exe
C:\Program Files\PCHealthCenter\[u]0/u.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\Program Files\rhcnejj0epfe
C:\Program Files\RichVideoCodec
C:\Program Files\RichVideoCodec\InstallRegerLib.dll
C:\Program Files\VAV
C:\Program Files\VAV\vav.cpl
C:\Program Files\VAV\vav.exe
C:\Program Files\VAV\vav.ooo
C:\Program Files\VAV\vav0.dat
C:\Program Files\VAV\vav1.dat
C:\Program Files\Web Technologies
C:\Program Files\Web Technologies\iebr.dll
C:\Program Files\Web Technologies\myd.ico
C:\Program Files\Web Technologies\mym.ico
C:\Program Files\Web Technologies\myp.ico
C:\Program Files\Web Technologies\myv.ico
C:\Program Files\Web Technologies\ot.ico
C:\Program Files\Web Technologies\ts.ico
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\erqe.exe
C:\WINDOWS\grswptdl.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\Sys56.exe
C:\WINDOWS\Sys5B.exe
C:\WINDOWS\Sys8.exe
C:\WINDOWS\system32\_000002_.tmp.dll
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000004_.tmp.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\_000019_.tmp.dll
C:\WINDOWS\system32\219725
C:\WINDOWS\system32\219725\219725.dll
C:\WINDOWS\system32\ddcApoNe.dll
C:\WINDOWS\system32\efcCuspP.dll
C:\WINDOWS\system32\efcDTKdC.dll
C:\WINDOWS\system32\ekglve.dll
C:\WINDOWS\system32\geBututq.dll
C:\WINDOWS\system32\hgGyxUoN.dll
C:\WINDOWS\system32\ljJYOEwV.dll
C:\WINDOWS\system32\lphcjejj0epfe.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pmnMdayw.dll
C:\WINDOWS\system32\pphcjejj0epfe.exe
C:\WINDOWS\system32\Qqtvvyay.ini
C:\WINDOWS\system32\Qqtvvyay.ini2
C:\WINDOWS\system32\richvideocodec.dll
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\system32\vdlljtex.dll
C:\WINDOWS\system32\vhgfil.dll
C:\WINDOWS\system32\xxyxXpNH.dll
C:\WINDOWS\system32\yayvvtqQ.dll
C:\WINDOWS\system32\ypqfndiy.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.

2008-07-31 14:31 . 2008-07-31 14:31 <REP> d-------- C:\Program Files\Windows Sidebar
2008-07-31 14:31 . 2008-07-31 14:40 <REP> d-------- C:\Program Files\Norton AntiVirus
2008-07-31 14:31 . 2008-07-31 14:32 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-31 14:31 . 2008-07-31 14:32 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-07-31 14:31 . 2008-07-31 14:32 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-31 14:31 . 2008-07-31 14:32 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-07-31 14:22 . 2008-07-31 14:22 <REP> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-07-31 14:08 . 2008-07-31 14:08 99,200 --a------ C:\WINDOWS\system32\hvwkuxxn.dll
2008-07-31 13:54 . 2008-07-31 14:18 1,100,473 --a------ C:\Run.exe
2008-07-31 13:48 . 2008-07-31 13:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-31 02:41 . 2008-07-31 02:41 <REP> d-------- C:\Program Files\AVG
2008-07-31 02:41 . 2008-07-31 03:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-31 02:06 . 2008-07-31 02:06 <REP> d-------- C:\Program Files\Trend Micro
2008-07-31 01:36 . 2008-07-31 19:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-31 01:36 . 2008-07-31 01:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-31 01:29 . 2008-07-31 01:30 <REP> d-------- C:\Program Files\QuickTime
2008-07-28 19:06 . 2008-07-28 19:06 <REP> d-------- C:\Program Files\MP3 Remix
2008-07-28 19:06 . 2008-07-28 19:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MP3 Remix
2008-07-21 03:19 . 2008-07-21 03:19 1,072 --a------ C:\WINDOWS\system32\MRT.INI
2008-07-20 20:29 . 2008-07-20 20:31 6,300 --a------ C:\CTMeasureTiming.ini
2008-07-18 06:51 . 2008-07-18 06:51 <REP> d-------- C:\WINDOWS\system32\fr
2008-07-18 06:51 . 2008-07-18 06:51 <REP> d-------- C:\WINDOWS\system32\bits
2008-07-18 06:51 . 2008-07-18 06:51 <REP> d-------- C:\WINDOWS\l2schemas
2008-07-18 06:45 . 2008-07-18 06:51 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-07-18 06:30 . 2004-08-03 22:29 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2008-07-18 06:30 . 2004-08-03 22:29 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2008-07-18 06:28 . 2004-08-04 00:38 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-18 05:57 . 2008-07-31 15:36 <REP> d-------- C:\Program Files\WAV
2008-07-18 05:26 . 2008-07-18 05:50 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-18 04:34 . 2008-07-18 04:34 <REP> d-------- C:\Program Files\iPod
2008-07-18 04:00 . 2008-07-18 04:00 268 --ah----- C:\sqmdata07.sqm
2008-07-18 04:00 . 2008-07-18 04:00 244 --ah----- C:\sqmnoopt07.sqm
2008-07-18 03:22 . 2008-07-18 03:22 268 --ah----- C:\sqmdata06.sqm
2008-07-18 03:22 . 2008-07-18 03:22 244 --ah----- C:\sqmnoopt06.sqm
2008-07-09 19:46 . 2008-07-09 19:46 268 --ah----- C:\sqmdata05.sqm
2008-07-09 19:46 . 2008-07-09 19:46 244 --ah----- C:\sqmnoopt05.sqm
2008-07-08 22:00 . 2008-07-08 22:00 172 --ah----- C:\sqmnoopt04.sqm
2008-07-08 22:00 . 2008-07-08 22:00 172 --ah----- C:\sqmdata04.sqm
2008-07-08 12:06 . 2008-07-08 12:06 268 --ah----- C:\sqmdata03.sqm
2008-07-08 12:06 . 2008-07-08 12:06 244 --ah----- C:\sqmnoopt03.sqm
2008-07-07 19:13 . 2008-07-07 19:13 268 --ah----- C:\sqmdata02.sqm
2008-07-07 19:13 . 2008-07-07 19:13 244 --ah----- C:\sqmnoopt02.sqm
2008-07-07 19:07 . 2008-07-07 19:07 268 --ah----- C:\sqmdata01.sqm
2008-07-07 19:07 . 2008-07-07 19:07 244 --ah----- C:\sqmnoopt01.sqm
2008-06-20 19:47 . 2008-06-20 19:47 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:47 . 2008-06-20 19:47 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 12:41 . 2008-06-15 12:41 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-06-15 11:48 . 2008-06-15 12:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AdobeUM
2008-06-14 17:24 . 2008-06-14 18:36 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Creative
2008-06-14 17:13 . 2000-05-22 02:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx
2008-06-14 17:13 . 2006-10-06 00:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
2008-06-14 17:12 . 2008-06-14 17:12 <REP> d-------- C:\Program Files\Audible
2008-06-14 17:12 . 2008-06-14 17:12 417,792 --a------ C:\WINDOWS\system32\awrdscdc.ax
2008-06-14 17:12 . 2001-08-17 22:43 24,576 --------- C:\WINDOWS\system32\msxml3a.dll
2008-06-14 17:10 . 2008-06-14 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-06-14 17:09 . 1999-12-12 19:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-06-14 17:09 . 1999-11-17 19:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-06-14 17:08 . 2008-06-14 17:08 <REP> d-------- C:\Program Files\Fichiers communs\Creative
2008-06-14 17:08 . 2008-06-14 17:10 <REP> d--h----- C:\Program Files\Creative Installation Information
2008-06-14 17:08 . 2008-06-14 17:13 <REP> d-------- C:\Program Files\Creative
2008-06-12 03:58 . 2008-06-12 03:58 144 --a------ C:\WINDOWS\Eudcedit.ini
2008-06-11 04:50 . 2008-07-29 11:08 <REP> d-------- C:\Program Files\Axis Communications
2008-06-10 23:27 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 23:25 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 23:25 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 02:56 . 2008-07-08 23:59 78 --a------ C:\WINDOWS\iPlayer.INI
2008-06-04 02:54 . 2008-06-04 02:54 <REP> d-------- C:\Program Files\InterActual
2008-06-04 00:59 . 2008-07-07 19:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\dvdcss
2008-06-02 05:15 . 2008-06-02 05:16 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-06-02 00:11 . 2008-06-02 00:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterVideo

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 17:51 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-31 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-31 12:32 --------- d-----w C:\Program Files\Symantec
2008-07-31 11:58 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-07-30 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-29 15:07 --------- d-----w C:\Program Files\LimeWire
2008-07-18 11:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 03:24 13,312 --s-a-w C:\WINDOWS\system32\cxbrk.dll
2008-07-18 02:35 --------- d-----w C:\Program Files\iTunes
2008-07-18 02:09 --------- d-----w C:\Program Files\Safari
2008-07-11 22:45 --------- d-----w C:\Program Files\IDoser v4
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-29 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-29 14:43 --------- d-----w C:\Program Files\ConvertEuro
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:55 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-09 10:55 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe
2008-05-07 05:11 1,294,336 ------w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:11 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
2008-04-14 02:32 86,073 ----a-w C:\WINDOWS\system32\dllcache\voicesub.dll
2008-04-14 02:31 97,792 ----a-w C:\WINDOWS\system32\dllcache\chtmbx.dll
2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 02:04 93,184 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 02:04 93,184 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:34 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-13 17:33 424,960 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 17:33 1,005,056 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:43 70,144 ----a-w C:\WINDOWS\system32\dllcache\pintlphr.exe
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2007-09-26 17:31 2,532,922 ----a-w C:\WINDOWS\inf\SET2C2.tmp
2007-09-26 17:31 2,532,922 ------w C:\WINDOWS\inf\SET181.tmp
2004-08-05 08:00 1,568,358 ----a-w C:\WINDOWS\inf\SET332.tmp
2004-08-05 08:00 1,568,358 ----a-w C:\WINDOWS\inf\SET1FF.tmp
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-26 21:47 68856]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 11:56 122880]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 05:20 122940]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 18:46 761948]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 14:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 14:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 14:17 118784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 10:49 454656]
"CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 20:12 17920]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 14:35 172094]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 16:51 1187840]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 17:38 806912]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 17:43 892928]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 12:59 184320]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 19:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 11:08 397312]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-26 03:47 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-07 08:49 718704]
"MsmqIntCert"="mqrt.dll" [2008-04-14 04:33 177152 C:\WINDOWS\system32\mqrt.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 20:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 ASChannel;Canal de communication local;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-01-26 03:47]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27bba3c1-0b41-11dd-85cb-0014a5fba491}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-07-31 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Administrateur.job
- C:\Program Files\Norton AntiVirus\Navw32.exe [2008-02-07 16:05]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6305A9FC-3EFC-43DC-8DFC-0C2A15C762C2} - C:\WINDOWS\nfavxwdbxqn.dll
Toolbar-{F486C881-8E8F-4C25-B89F-36E1268FACD2} - C:\WINDOWS\fdkowvbp.dll
HKCU-Run-AUTORUN_VAL - C:\Program Files\ASC 2.1\asc 2.1.exe
HKCU-Run-\Win11.exe - C:\Windows\system32\Win11.exe
HKCU-Run-\Win12.exe - C:\Windows\system32\Win12.exe
HKCU-Run-\Win13.exe - C:\Windows\system32\Win13.exe
HKCU-Run-\Win14.exe - C:\Windows\system32\Win14.exe
HKCU-Run-\WinE.exe - C:\Windows\system32\WinE.exe
HKCU-Run-\WinF.exe - C:\Windows\system32\WinF.exe
HKCU-Run-\Win10.exe - C:\Windows\system32\Win10.exe
HKLM-Run-asc32 - C:\Program Files\ASC 2.1\asc 2.1.exe
HKLM-Run-Antivirus - C:\Program Files\VAV\vav.exe
HKLM-Run-lphcjejj0epfe - C:\WINDOWS\system32\lphcjejj0epfe.exe
HKLM-Run-SMrhcnejj0epfe - C:\Program Files\rhcnejj0epfe\rhcnejj0epfe.exe
HKLM-Run-\Win11.exe - C:\Windows\system32\Win11.exe
HKLM-Run-\Win12.exe - C:\Windows\system32\Win12.exe
HKLM-Run-\Win13.exe - C:\Windows\system32\Win13.exe
HKLM-Run-\Win14.exe - C:\Windows\system32\Win14.exe
HKLM-Run-\WinE.exe - C:\Windows\system32\WinE.exe
HKLM-Run-\WinF.exe - C:\Windows\system32\WinF.exe
HKLM-Run-\Win10.exe - C:\Windows\system32\Win10.exe
SharedTaskScheduler-{c96395b8-ab09-46a4-b539-7ddf6e061808} - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R0 -: HKCU-Main,Default_Search_URL = hxxp://internetsearchservice.com
R0 -: HKLM-Main,Search Bar = hxxp://internetsearchservice.com/ie6.html
R0 -: HKLM-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R1 -: HKLM-Internet Explorer,SearchURL = hxxp://internetsearchservice.com

O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://62.49.26.13/activex/AMC.cab
C:\WINDOWS\Downloaded Program Files\setup.inf

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://65.7.199.200:7000/activex/AMC.cab
C:\WINDOWS\Downloaded Program Files\setup.inf

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 19:51:58
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????^??????P??|?????? ??4B??????????????hB? ????^?

Balayage des fichiers cach‚s ...

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\Win11.exe"="C:\\Windows\\system32\\Win11.exe"
"\\Win12.exe"="C:\\Windows\\system32\\Win12.exe"
"\\Win13.exe"="C:\\Windows\\system32\\Win13.exe"
"\\Win14.exe"="C:\\Windows\\system32\\Win14.exe"
"\\WinE.exe"="C:\\Windows\\system32\\WinE.exe"
"\\WinF.exe"="C:\\Windows\\system32\\WinF.exe"
"\\Win10.exe"="C:\\Windows\\system32\\Win10.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HPQ\IAM\Bin\asghost.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-31 19:59:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-31 17:58:26

Pre-Run: 13,648,220,160 octets libres
Post-Run: 14,227,873,792 octets libres

413 --- E O F --- 2008-07-25 01:01:09

Répondre à Dr.G

g!rly, le 31 jui 2008 à 20:07:54

Un merci suffi ;)

post un hijack this maintenant stp

@+ What the heck ?

Répondre à g!rly

Dr.G, le 31 jui 2008 à 20:09:22

Oui mam'zelle! et bien sur Merci infiniment

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08, on 31/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [\Win11.exe] C:\Windows\system32\Win11.exe
O4 - HKLM\..\Run: [\Win12.exe] C:\Windows\system32\Win12.exe
O4 - HKLM\..\Run: [\Win13.exe] C:\Windows\system32\Win13.exe
O4 - HKLM\..\Run: [\Win14.exe] C:\Windows\system32\Win14.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [\WinE.exe] C:\Windows\system32\WinE.exe
O4 - HKLM\..\Run: [\WinF.exe] C:\Windows\system32\WinF.exe
O4 - HKLM\..\Run: [\Win10.exe] C:\Windows\system32\Win10.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [\Win11.exe] C:\Windows\system32\Win11.exe
O4 - HKCU\..\Run: [\Win12.exe] C:\Windows\system32\Win12.exe
O4 - HKCU\..\Run: [\Win13.exe] C:\Windows\system32\Win13.exe
O4 - HKCU\..\Run: [\Win14.exe] C:\Windows\system32\Win14.exe
O4 - HKCU\..\Run: [\WinE.exe] C:\Windows\system32\WinE.exe
O4 - HKCU\..\Run: [\WinF.exe] C:\Windows\system32\WinF.exe
O4 - HKCU\..\Run: [\Win10.exe] C:\Windows\system32\Win10.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://62.49.26.13/activex/AMC.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://65.7.199.200:7000/activex/AMC.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
End of file - 12801 bytes

Répondre à Dr.G

g!rly, le 31 jui 2008 à 20:24:07

Ok

la suite :

Copie le texte ci-dessous :

File::
C:\Windows\system32\Win11.exe
C:\Windows\system32\Win12.exe
C:\Windows\system32\Win13.exe
C:\\Windows\system32\Win14.exe
C:Windows\system32\WinE.exe
C:\Windows\system32\WinF.exe
C:\Windows\system32\Win10.exe
C:\WINDOWS\system32\hvwkuxxn.dll
C:\Run.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\Win11.exe"=-
"\Win12.exe"=-
"\Win13.exe"=-
"\Win14.exe"=-
"\WinE.exe"=-
"\WinF.exe"=-
"\Win10.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\Win11.exe"=-
"\Win12.exe"=-
"\Win13.exe"=-
"\Win14.exe"=-
"\WinE.exe"=-
"\WinF.exe"=-
"\Win10.exe"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+ What the heck ?

Répondre à g!rly

Dr.G, le 31 jui 2008 à 20:40:26

ComboFix 08-07-30.02 - Administrateur 2008-07-31 20:28:11.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.106 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b /color

FILE ::
C:\\Windows\system32\Win14.exe
C:\Run.exe
C:\WINDOWS\system32\hvwkuxxn.dll
C:\Windows\system32\Win10.exe
C:\Windows\system32\Win11.exe
C:\Windows\system32\Win12.exe
C:\Windows\system32\Win13.exe
C:\Windows\system32\WinF.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Run.exe
C:\WINDOWS\system32\hvwkuxxn.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.

2008-07-31 14:31 . 2008-07-31 14:31 <REP> d-------- C:\Program Files\Windows Sidebar
2008-07-31 14:31 . 2008-07-31 14:40 <REP> d-------- C:\Program Files\Norton AntiVirus
2008-07-31 14:31 . 2008-07-31 14:32 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-31 14:31 . 2008-07-31 14:32 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-07-31 14:31 . 2008-07-31 14:32 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-31 14:31 . 2008-07-31 14:32 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-07-31 14:22 . 2008-07-31 14:22 <REP> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-07-31 13:48 . 2008-07-31 13:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-31 02:41 . 2008-07-31 02:41 <REP> d-------- C:\Program Files\AVG
2008-07-31 02:41 . 2008-07-31 03:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-31 02:06 . 2008-07-31 02:06 <REP> d-------- C:\Program Files\Trend Micro
2008-07-31 01:36 . 2008-07-31 19:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-31 01:36 . 2008-07-31 01:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-31 01:29 . 2008-07-31 01:30 <REP> d-------- C:\Program Files\QuickTime
2008-07-28 19:06 . 2008-07-28 19:06 <REP> d-------- C:\Program Files\MP3 Remix
2008-07-28 19:06 . 2008-07-28 19:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MP3 Remix
2008-07-21 03:19 . 2008-07-21 03:19 1,072 --a------ C:\WINDOWS\system32\MRT.INI
2008-07-20 20:29 . 2008-07-20 20:31 6,300 --a------ C:\CTMeasureTiming.ini
2008-07-18 06:51 . 2008-07-18 06:51 <REP> d-------- C:\WINDOWS\system32\fr
2008-07-18 06:51 . 2008-07-18 06:51 <REP> d-------- C:\WINDOWS\system32\bits
2008-07-18 06:51 . 2008-07-18 06:51 <REP> d-------- C:\WINDOWS\l2schemas
2008-07-18 06:45 . 2008-07-18 06:51 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-07-18 06:30 . 2004-08-03 22:29 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2008-07-18 06:30 . 2004-08-03 22:29 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2008-07-18 06:28 . 2004-08-04 00:38 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-18 05:57 . 2008-07-31 15:36 <REP> d-------- C:\Program Files\WAV
2008-07-18 05:26 . 2008-07-18 05:50 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-18 04:34 . 2008-07-18 04:34 <REP> d-------- C:\Program Files\iPod
2008-07-18 04:00 . 2008-07-18 04:00 268 --ah----- C:\sqmdata07.sqm
2008-07-18 04:00 . 2008-07-18 04:00 244 --ah----- C:\sqmnoopt07.sqm
2008-07-18 03:22 . 2008-07-18 03:22 268 --ah----- C:\sqmdata06.sqm
2008-07-18 03:22 . 2008-07-18 03:22 244 --ah----- C:\sqmnoopt06.sqm
2008-07-09 19:46 . 2008-07-09 19:46 268 --ah----- C:\sqmdata05.sqm
2008-07-09 19:46 . 2008-07-09 19:46 244 --ah----- C:\sqmnoopt05.sqm
2008-07-08 22:00 . 2008-07-08 22:00 172 --ah----- C:\sqmnoopt04.sqm
2008-07-08 22:00 . 2008-07-08 22:00 172 --ah----- C:\sqmdata04.sqm
2008-07-08 12:06 . 2008-07-08 12:06 268 --ah----- C:\sqmdata03.sqm
2008-07-08 12:06 . 2008-07-08 12:06 244 --ah----- C:\sqmnoopt03.sqm
2008-07-07 19:13 . 2008-07-07 19:13 268 --ah----- C:\sqmdata02.sqm
2008-07-07 19:13 . 2008-07-07 19:13 244 --ah----- C:\sqmnoopt02.sqm
2008-07-07 19:07 . 2008-07-07 19:07 268 --ah----- C:\sqmdata01.sqm
2008-07-07 19:07 . 2008-07-07 19:07 244 --ah----- C:\sqmnoopt01.sqm
2008-06-20 19:47 . 2008-06-20 19:47 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:47 . 2008-06-20 19:47 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 12:41 . 2008-06-15 12:41 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-06-15 11:48 . 2008-06-15 12:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AdobeUM
2008-06-14 17:24 . 2008-06-14 18:36 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Creative
2008-06-14 17:13 . 2000-05-22 02:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx
2008-06-14 17:13 . 2006-10-06 00:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
2008-06-14 17:12 . 2008-06-14 17:12 <REP> d-------- C:\Program Files\Audible
2008-06-14 17:12 . 2008-06-14 17:12 417,792 --a------ C:\WINDOWS\system32\awrdscdc.ax
2008-06-14 17:12 . 2001-08-17 22:43 24,576 --------- C:\WINDOWS\system32\msxml3a.dll
2008-06-14 17:10 . 2008-06-14 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-06-14 17:09 . 1999-12-12 19:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-06-14 17:09 . 1999-11-17 19:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-06-14 17:08 . 2008-06-14 17:08 <REP> d-------- C:\Program Files\Fichiers communs\Creative
2008-06-14 17:08 . 2008-06-14 17:10 <REP> d--h----- C:\Program Files\Creative Installation Information
2008-06-14 17:08 . 2008-06-14 17:13 <REP> d-------- C:\Program Files\Creative
2008-06-12 03:58 . 2008-06-12 03:58 144 --a------ C:\WINDOWS\Eudcedit.ini
2008-06-11 04:50 . 2008-07-29 11:08 <REP> d-------- C:\Program Files\Axis Communications
2008-06-10 23:27 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 23:25 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 23:25 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 02:56 . 2008-07-08 23:59 78 --a------ C:\WINDOWS\iPlayer.INI
2008-06-04 02:54 . 2008-06-04 02:54 <REP> d-------- C:\Program Files\InterActual
2008-06-04 00:59 . 2008-07-07 19:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\dvdcss
2008-06-02 05:15 . 2008-06-02 05:16 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-06-02 00:11 . 2008-06-02 00:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterVideo

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 18:01 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-31 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-31 12:32 --------- d-----w C:\Program Files\Symantec
2008-07-31 11:58 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-07-30 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-29 15:07 --------- d-----w C:\Program Files\LimeWire
2008-07-18 11:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 02:35 --------- d-----w C:\Program Files\iTunes
2008-07-18 02:09 --------- d-----w C:\Program Files\Safari
2008-07-11 22:45 --------- d-----w C:\Program Files\IDoser v4
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-29 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-29 14:43 --------- d-----w C:\Program Files\ConvertEuro
2008-04-14 02:34 70,656 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 02:34 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 02:34 288,256 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 02:34 153,088 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 02:34 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 02:34 1,037,824 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 02:33 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 02:33 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 02:33 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 02:33 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 02:33 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 02:33 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 02:33 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-26 21:47 68856]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 11:56 122880]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 05:20 122940]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 18:46 761948]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 14:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 14:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 14:17 118784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 10:49 454656]
"CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 20:12 17920]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 14:35 172094]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 16:51 1187840]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 17:38 806912]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 17:43 892928]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 12:59 184320]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 19:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 11:08 397312]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-26 03:47 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-07 08:49 718704]
"MsmqIntCert"="mqrt.dll" [2008-04-14 04:33 177152 C:\WINDOWS\system32\mqrt.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-03-25 19:19:27 184320]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 20:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 ASChannel;Canal de communication local;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-01-26 03:47]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27bba3c1-0b41-11dd-85cb-0014a5fba491}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-07-31 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Administrateur.job
- C:\Program Files\Norton AntiVirus\Navw32.exe [2008-02-07 16:05]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-\Win11.exe - C:\Windows\system32\Win11.exe
HKCU-Run-\Win12.exe - C:\Windows\system32\Win12.exe
HKCU-Run-\Win13.exe - C:\Windows\system32\Win13.exe
HKCU-Run-\Win14.exe - C:\Windows\system32\Win14.exe
HKCU-Run-\WinE.exe - C:\Windows\system32\WinE.exe
HKCU-Run-\WinF.exe - C:\Windows\system32\WinF.exe
HKCU-Run-\Win10.exe - C:\Windows\system32\Win10.exe
HKLM-Run-\Win11.exe - C:\Windows\system32\Win11.exe
HKLM-Run-\Win12.exe - C:\Windows\system32\Win12.exe
HKLM-Run-\Win13.exe - C:\Windows\system32\Win13.exe
HKLM-Run-\Win14.exe - C:\Windows\system32\Win14.exe
HKLM-Run-\WinE.exe - C:\Windows\system32\WinE.exe
HKLM-Run-\WinF.exe - C:\Windows\system32\WinF.exe
HKLM-Run-\Win10.exe - C:\Windows\system32\Win10.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 20:32:24
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????^??????P??|?????? ??4B??????????????hB? ????^?

Balayage des fichiers cachés ...

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\Win11.exe"="C:\\Windows\\system32\\Win11.exe"
"\\Win12.exe"="C:\\Windows\\system32\\Win12.exe"
"\\Win13.exe"="C:\\Windows\\system32\\Win13.exe"
"\\Win14.exe"="C:\\Windows\\system32\\Win14.exe"
"\\WinE.exe"="C:\\Windows\\system32\\WinE.exe"
"\\WinF.exe"="C:\\Windows\\system32\\WinF.exe"
"\\Win10.exe"="C:\\Windows\\system32\\Win10.exe"
.
Temps d'accomplissement: 2008-07-31 20:38:53
ComboFix-quarantined-files.txt 2008-07-31 18:37:46
ComboFix2.txt 2008-07-31 17:59:54

Pre-Run: 14,211,330,048 octets libres
Post-Run: 14,198,231,040 octets libres

249 --- E O F --- 2008-07-25 01:01:09

Répondre à Dr.G

g!rly, le 31 jui 2008 à 20:41:47

Bizare

peux tu reposter un hijack this stp

@+ What the heck ?

Répondre à g!rly

Dr.G, le 31 jui 2008 à 23:02:22

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09, on 31/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [\Win11.exe] C:\Windows\system32\Win11.exe
O4 - HKLM\..\Run: [\Win12.exe] C:\Windows\system32\Win12.exe
O4 - HKLM\..\Run: [\Win13.exe] C:\Windows\system32\Win13.exe
O4 - HKLM\..\Run: [\Win14.exe] C:\Windows\system32\Win14.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [\WinE.exe] C:\Windows\system32\WinE.exe
O4 - HKLM\..\Run: [\WinF.exe] C:\Windows\system32\WinF.exe
O4 - HKLM\..\Run: [\Win10.exe] C:\Windows\system32\Win10.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [\Win11.exe] C:\Windows\system32\Win11.exe
O4 - HKCU\..\Run: [\Win12.exe] C:\Windows\system32\Win12.exe
O4 - HKCU\..\Run: [\Win13.exe] C:\Windows\system32\Win13.exe
O4 - HKCU\..\Run: [\Win14.exe] C:\Windows\system32\Win14.exe
O4 - HKCU\..\Run: [\WinE.exe] C:\Windows\system32\WinE.exe
O4 - HKCU\..\Run: [\WinF.exe] C:\Windows\system32\WinF.exe
O4 - HKCU\..\Run: [\Win10.exe] C:\Windows\system32\Win10.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://62.49.26.13/activex/AMC.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://65.7.199.200:7000/activex/AMC.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
End of file - 12416 bytes

Répondre à Dr.G

g!rly, le 31 jui 2008 à 23:07:34

A l´aide de hijack this coche et fix :

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [\Win11.exe] C:\Windows\system32\Win11.exe
O4 - HKLM\..\Run: [\Win12.exe] C:\Windows\system32\Win12.exe
O4 - HKLM\..\Run: [\Win13.exe] C:\Windows\system32\Win13.exe
O4 - HKLM\..\Run: [\Win14.exe] C:\Windows\system32\Win14.exe
O4 - HKCU\..\Run: [\Win11.exe] C:\Windows\system32\Win11.exe
O4 - HKCU\..\Run: [\Win12.exe] C:\Windows\system32\Win12.exe
O4 - HKCU\..\Run: [\Win13.exe] C:\Windows\system32\Win13.exe
O4 - HKCU\..\Run: [\Win14.exe] C:\Windows\system32\Win14.exe
O4 - HKCU\..\Run: [\WinE.exe] C:\Windows\system32\WinE.exe
O4 - HKCU\..\Run: [\WinF.exe] C:\Windows\system32\WinF.exe
O4 - HKCU\..\Run: [\Win10.exe] C:\Windows\system32\Win10.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://62.49.26.13/activex/AMC.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://65.7.199.200:7000/activex/AMC.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

vas voir dans le system32 si tu voie pas ces fichiers :

C:\Windows\system32\Win11.exe
C:\Windows\system32\Win12.exe
C:\Windows\system32\Win13.exe
C:\Windows\system32\Win14.exe
C:\Windows\system32\WinE.exe
C:\Windows\system32\WinF.exe
C:\Windows\system32\Win10.exe

dis moi

puis

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

@+ What the heck ?

Répondre à g!rly

Dr.G, le 31 jui 2008 à 23:21:38

Jte mets le rapport dans 5 minutes.. mais pas de traces de ce que tuu m'as dii dan mon system32

Répondre à Dr.G

g!rly, le 31 jui 2008 à 23:23:10

Tant mieux ;) What the heck ?

Répondre à g!rly

Dr.G, le 1 aoû 2008 à 00:47:19

Tiens, je pose le rapport avant le redemarrage et y as 3 Hkey_local qui ont pas été supp' donc c'est pour ça que je dois redemarrer

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1013
Windows 5.1.2600 Service Pack 3

00:45:25 01/08/2008
mbam-log-8-1-2008 (00-45-25).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 104964
Temps écoulé: 1 hour(s), 19 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 25

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ascwarning32.warningbho (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ascwarning32.warningbho.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcnejj0epfe (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcnejj0epfe (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\asc 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.bvge (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.65.0 (Adware.Zango) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\WAV (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\RichVideoCodec\InstallRegerLib.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\erqe.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\Sys56.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\Sys5B.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\RichVideoCodec.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\219725\219725.dll.vir (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP119\A0045664.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP119\A0045665.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP119\A0046675.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP119\A0046677.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP119\A0046678.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP119\A0046692.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP119\A0046716.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP120\A0046803.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP120\A0046821.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP120\A0046838.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP120\A0046852.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP120\A0046853.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP120\A0046854.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP120\A0046818.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP96\A0038061.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP96\A0038062.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\WAV\wav0.dat (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\WAV\wav1.dat (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.

Répondre à Dr.G

g!rly, le 1 aoû 2008 à 00:51:28

Ok redemarre ;-)

et post un nouveau rapport hijack this stp

@+ What the heck ?

Répondre à g!rly

Dr.G, le 1 aoû 2008 à 00:55:27

Encore?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:55, on 01/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [\WinE.exe] C:\Windows\system32\WinE.exe
O4 - HKLM\..\Run: [\WinF.exe] C:\Windows\system32\WinF.exe
O4 - HKLM\..\Run: [\Win10.exe] C:\Windows\system32\Win10.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
End of file - 10065 bytes

Répondre à Dr.G

g!rly, le 1 aoû 2008 à 01:46:17

Re,

coche et fix :

O4 - HKLM\..\Run: [\WinE.exe] C:\Windows\system32\WinE.exe
O4 - HKLM\..\Run: [\WinF.exe] C:\Windows\system32\WinF.exe
O4 - HKLM\..\Run: [\Win10.exe] C:\Windows\system32\Win10.exe

et fais un scan en ligne ici :

Scan en ligne bitdefender :

http://www.bitdefender.com/scan8/ie.html

Clicker sur " I agree " et suivre les indications

A faire imperativement sous internet explorer, en acceptant l´activ x

tutoriel en image en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

ou

Fais un scan en ligne Kaspersky avec Internet Explorer :
http://webscanner.kaspersky.fr/
-> Click sur Démarrer Online-Scanner
-> Click maintenant sur J'accepte.
-> Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
-> Patiente pendant l'installation des Mises à jour.
-> Choisis par la suite l'analyse du Poste de travail.
-> Sauvegarde puis colle le rapport généré en fin d'analyse.

post le rapport

bon courrage

@+ What the heck ?

Répondre à g!rly

Dr.G, le 1 aoû 2008 à 01:53:30

J'étais tenter deux faire les deux mais bon, kaspersky es dans mes favoris et pareil pour bitdefender ^^ jte donn' le rapport dans une 15aine de minutes ^^^^^

Répondre à Dr.G

g!rly, le 1 aoû 2008 à 01:56:26

Ok

@+ What the heck ?

Répondre à g!rly

Dr.G, le 1 aoû 2008 à 02:13:50

Oups... ça va prendr' plus de temps, + d'une heur'! arrrrrrrrrgh

Répondre à Dr.G

27 réponses 12 Suivant

Posez votre question Répondre