prob spyware secure and coFermé

Question

Bonjour,
depuis 3 jours j'ai de gros problème d'affichage de fenêtres avec spyware secure et probablement d'autres.
Quelqu'un peut-ilm'aider à résoudre cela ?
voici mon rapport hijack this.
Merci d'avance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:39, on 08/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1000106.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\xmjvfevx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32undll32.exe
C:\Documents and Settings\Admin\Mes documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\oycxqiur.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [90a8fffe] rundll32.exe "C:\WINDOWS\system32\cqorfjld.dll",b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'Default user')
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0030399.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService -   - C:\WINDOWS\system32\xmjvfevx.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

clownface · Answer

Bonsoir,

    * Faire un clic droit sur ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
    * Enregistrez la cible (du lien) sous... et enregistrez-le sur le bureau.
    * Faire un clic droit sur navilog1.zip et choisir "tout extraire"
    * Double-cliquez sur navilog1.bat
    * Arriver au menu principal, choisir l'option 1 et valider.
    * Patientez jusqu'au message : Analyse Termine le ...
    * Le rapport sera en outre sauvegardé à la racine du disque (fixnavi.txt) 
copie/colle ce rapport dans ta prochaine reponse

faabhyo · Answer

Search Navipromo version 3.3.4 commencé le 08/11/2007 à 21:01:16,10

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13 


*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Admin\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun fichier trouvé dans :

- C:\WINDOWS\system32
- C:\DOCUME~1\ADMIN\LOCALS~1\APPLIC~1



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans C:\DOCUME~1\ADMIN\LOCALS~1\APPLIC~1 *



*** Recherche fichiers *** 


C:\WINDOWS\pack.epk trouvé !

Salut clownface, merci de t'occuper de mon cas !

voila le rapport.


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé ! 

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:
C:\WINDOWS\system32\ijkmp.bak1 trouvé ! infection Vundo possible non traitée par cet outil !

2)Recherche Heuristique :

C:\WINDOWS\system32\jzmuwkfyn.dat trouvé !
C:\WINDOWS\system32\jzmuwkfyn_nav.dat trouvé !


3)Recherche Certificats :

Certificat Egroup trouvé !


*** Analyse terminée le 08/11/2007 à 21:02:09,81 ***

clownface · Answer

*
          o relances navilog
          o Arriver au menu principal, choisir l'option 2 et valider.
          o Indiquer le mode de nettoyage "automatique"
          o Répondre aux questions éventuelles, le bureau disparaîtra, c'est normal !
          o Patienter jusqu'au message : Nettoyage Termine le ...
          o Sauvegarder le rapport de manière à le retrouver, puis fermer le blocnote, le bureau réapparaîtra
          o Le rapport sera en outre sauvegardé à la racine du disque (cleannavi.txt)

NB : Si le bureau ne réapparaît pas, faire CTRL+ALT+SUPPR pour ouvrir le gestionnaire de tâches.
Choisir l'onglet processus. Cliquer en haut à gauche sur fichiers et choisir exécuter,
Taper explorer et valider.

faabhyo · Answer

Resalut clownface, nettoyage terminé avec rapport suivant mais est-ce normal que j'ai toujours des messages d'informations de système infecté security alert???
Merci pour ton soutien.
 

Clean Navipromo version 3.3.4 commencé le 08/11/2007 à 21:23:26,93

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13

Mode suppression automatique 


 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *


* Suppression dans C:\DOCUME~1\ADMIN\LOCALS~1\APPLIC~1 *



*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\Admin\Application Data ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Admin\Local Settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\ijkmp.bak1 trouvé ! infection Vundo possible non traitée par cet outil !

2)Recherche, création sauvegardes et suppression Heuristique :

C:\WINDOWS\System32\jzmuwkfyn.dat trouvé !
Copie C:\WINDOWS\system32\jzmuwkfyn.dat réalisé avec succès !
C:\WINDOWS\system32\jzmuwkfyn.dat supprimé !

C:\WINDOWS\System32\jzmuwkfyn_nav.dat trouvé !
Copie C:\WINDOWS\system32\jzmuwkfyn_nav.dat réalisé avec succès !
C:\WINDOWS\system32\jzmuwkfyn_nav.dat supprimé !


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisé avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !

*** Nettoyage terminé le 08/11/2007 à 21:27:05,68 ***

clownface · Answer

oui c'est normal, on a supprimé qu'une partie du problème...

voici la suite : http://www.commentcamarche.net/faq/sujet 6862 supprimer le trojan vundo virtumonde#1er m thode vundofix

suis ces manip, et postes les rapports au fur et à mesure

faabhyo · Answer

ok sorry suis un petit peu trop impatient !!
 je continue les manip

faabhyo · Answer

voila les derniers rapports vundo et hijack :

VundoFix V6.5.11

Checking Java version...

Scan started at 21:50:24 08/11/2007

Listing files found while scanning....

C:\WINDOWS\system32\oycxqiur.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\oycxqiur.dll
C:\WINDOWS\system32\oycxqiur.dll Has been deleted!

Performing Repairs to the registry.
Done!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:39, on 08/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\Mes documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [90a8fffe] rundll32.exe "C:\WINDOWS\system32\cqorfjld.dll",b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'Default user')
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0030399.dat
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\xmjvfevx.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

clownface · Answer

il faut continuer, il y a encore du monde...
fais un combofix

faabhyo · Answer

Et voila le rapport ! heureusement que t'es là ! ComboFix 07-11-08.1 - Admin 2007-11-08 22:14:41.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.596 [GMT 1:00] Running from: C:\Documents and Settings\Admin\Mes documents\Mes fichiers reçus\ComboFix.exe * Created a new restore point . Incapable d'obtenir les privilèges Système (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Admin\Bureau\Live Safety Center.lnk C:\Documents and Settings\Admin\Bureau\Online Security Guide.lnk C:\Documents and Settings\Admin\Favoris\Online Security Guide.lnk C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk C:\Program Files\Temporary C:\Program Files\Temporary\wininstall.exe C:\Program Files\WinAble C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\WINDOWS\system32\__c0030399.dat C:\WINDOWS\system32\__c0039404.dat C:\WINDOWS\system32\__c00BB084.dat C:\WINDOWS\system32\b3 C:\WINDOWS\system32\e1 C:\WINDOWS\system32\ijkmp.bak1 C:\WINDOWS\system32\ijkmp.ini C:\WINDOWS\system32\jdnrvxel.dll C:\WINDOWS\system32\jzmuwkfyn_navps.dat C:\WINDOWS\system32\knnquums.dll C:\WINDOWS\system32\oycxqiur.dllbox C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\pmkji.dll C:\WINDOWS\system32\qreunorn.dllbox C:\WINDOWS\system32\u4 C:\WINDOWS\system32\wvhnnpgj.dll C:\z.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))))))) . 2007-11-08 22:11 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-08 21:50 d-------- C:\VundoFix Backups 2007-11-08 21:31 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-08 19:49 d-------- C:\Program Files\CCleaner 2007-11-08 19:45 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-08 19:22 d-------- C:\Program Files\a-squared Free 2007-11-08 18:34 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-08 18:34 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-08 18:34 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-08 18:34 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-08 18:34 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-08 18:34 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-08 18:34 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-08 18:34 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-08 18:31 d-------- C:\WINDOWS\system32\fr-fr 2007-11-08 18:10 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2007-11-07 21:24 d-------- C:\WINDOWS\BDOSCAN8 2007-11-07 21:06 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2007-11-07 20:47 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll 2007-11-07 20:47 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys 2007-11-07 20:47 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys 2007-11-07 20:47 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys 2007-11-07 20:47 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys 2007-11-07 20:47 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys 2007-11-07 20:47 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys 2007-11-07 18:53 79,936 --a------ C:\WINDOWS\system32\eaiyikrv.dll 2007-11-07 18:52 35,328 --a------ C:\WINDOWS\system32\ddcdcaw.dll 2007-11-07 18:51 145,984 --a------ C:\WINDOWS\system32\miaryrld.dll 2007-11-07 18:45 d-------- C:\WINDOWS\10B446B34DF44489A1688A98F7CD807E.TMP 2007-11-07 08:07 35,328 --a------ C:\WINDOWS\system32\opnnmmn.dll 2007-11-06 23:02 d-------- C:\Program Files\Spyware Doctor 2007-11-06 22:46 145,984 --a------ C:\WINDOWS\system32\qreunorn.dll 2007-11-06 20:29 d-------- C:\Program Files\Evariste 2007-11-05 20:07 d-------- C:\Program Files\Sygate 2007-11-05 18:22 85,568 --a------ C:\WINDOWS\system32\cqorfjld.dll 2007-11-05 18:22 83,008 --a------ C:\WINDOWS\system32\dtcisefy.dll 2007-11-05 17:25 d-------- C:\Program Files\Codemasters 2007-11-05 08:29 786 --a------ C:\7664.bat 2007-11-05 08:29 82 --a------ C: .bat 2007-11-05 08:29 0 --a------ C:\z.dat 2007-11-05 08:28 35,328 --a------ C:\WINDOWS\system32\hgghfec.dll 2007-11-04 21:22 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-11-04 21:22 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-11-04 21:22 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-11-04 21:22 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-11-04 21:22 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-11-04 21:22 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-11-04 21:22 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-11-04 21:22 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-11-04 21:02 d-------- C:\Program Files\THQ 2007-11-02 18:36 d-------- C:\Program Files\ContextTool 2007-11-02 15:49 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-11-02 15:46 d-------- C:\WINDOWS\system32\Mz18r 2007-11-02 15:46 d-------- C:\Temp\mZOr 2007-11-02 15:46 d-------- C:\Temp 2007-10-26 21:36 d-------- C:\Program Files\Ubisoft 2007-10-25 22:58 d-------- C:\WINDOWS\system32\Data 2007-10-25 22:58 24,576 --a------ C:\WINDOWS\INRES.DLL 2007-10-24 18:23 d-------- C:\Program Files\Windows Media Connect 2 2007-10-24 07:59 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-10-23 22:36 d-------- C:\Documents and Settings\Admin\Application Data\Reasonable Software House Ltd 2007-10-23 22:35 d-------- C:\Program Files\Reasonable NoClone 2007 Home 2007-10-22 18:27 d-------- C:\Program Files\Micro Application 2007-10-22 18:26 d-------- C:\Documents and Settings\Admin\Application Data\InstallShield 2007-10-22 17:19 d-------- C:\Program Files\AML Products 2007-10-22 17:19 2,535,424 --a------ C:\WINDOWS\system32\agsaamj.dll 2007-10-22 17:19 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2007-10-22 17:19 610,304 --a------ C:\WINDOWS\system32\agsaamg.dll 2007-10-22 17:19 372,736 --a------ C:\WINDOWS\system32\agsaamc.dll 2007-10-22 17:19 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll 2007-10-22 17:19 90,112 --a------ C:\WINDOWS\system32\agsaami.dll 2007-10-22 17:19 53,760 --a------ C:\WINDOWS\system\ppacklib.dll 2007-10-22 17:19 77 --a------ C:\WINDOWS\system32\winitn.dll 2007-10-22 17:19 1 --a------ C:\WINDOWS\audi20.dat 2007-10-21 19:46 d-------- C:\WINDOWS\system\color 2007-10-21 19:46 d-------- C:\Program Files\Fichiers communs\FotoWire 2007-10-21 19:46 d-------- C:\Program Files\AGFAnet 2007-10-21 19:46 36,864 --a------ C:\WINDOWS\system32\agusbsti.dll 2007-10-21 19:46 32,768 --a------ C:\WINDOWS\system32\Snape25.bin 2007-10-21 19:45 d-------- C:\Program Files\Agfa 2007-10-21 11:52 d-------- C:\Documents and Settings\Admin\Application Data\Legends of pirates 2007-10-21 11:01 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-19 01:02 d-------- C:\Program Files\Free Audio Pack 2007-10-19 01:02 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL 2007-10-19 01:02 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL 2007-10-19 01:02 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll 2007-10-19 01:02 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL 2007-10-19 01:02 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL 2007-10-19 01:02 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL 2007-10-16 10:09 22,752 --a------ C:\WINDOWS\system32\drivers\bumxmidi.sys 2007-10-16 09:19 368,640 --a------ C:\WINDOWS\system32\ReWire.dll 2007-10-16 09:19 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll 2007-10-10 06:42 d-------- C:\Program Files\Stardock 2007-10-10 06:41 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll 2007-10-09 21:44 d-------- C:\Documents and Settings\Admin\Application Data\MAGIX 2007-10-09 21:42 d-------- C:\ConvertTemp 2007-10-09 20:34 d-------- C:\WINDOWS\system32\Samsung_USB_Drivers 2007-10-09 20:34 137,884 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys 2007-10-09 20:34 80,272 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys 2007-10-09 20:34 11,877 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-08 21:01 --------- d-----w C:\Documents and Settings\Admin\Application Data\LimeWire 2007-11-08 20:32 --------- d-----w C:\Program Files\Navilog1 2007-11-08 19:42 --------- d-----w C:\Documents and Settings\Admin\Application Data\AdobeUM 2007-11-08 08:40 --------- d-----w C:\Program Files\BitComet 2007-11-08 07:09 278,536 ----a-w C:\WINDOWS\Fonts\Setup.exe 2007-11-07 19:46 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-11-05 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-05 07:08 --------- d-----w C:\Program Files\TuneUp Utilities 2007 2007-11-04 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-11-03 17:45 --------- d-----w C:\Program Files\easycleaner 2007-11-02 14:44 278,535 --sh--w C:\WINDOWS\Fonts\svchost.exe 2007-10-16 08:10 --------- d-----w C:\Program Files\Propellerhead 2007-10-09 16:11 --------- d-----w C:\Program Files\Microsoft Money 2005 2007-10-08 17:58 --------- d-----w C:\Program Files\MSN Messenger 2007-10-07 17:32 --------- d-----w C:\Program Files\ZOOM 2007-10-07 16:57 --------- d-----w C:\Program Files\Microsoft Etudes 2007-10-07 16:53 --------- d-----w C:\Program Files\Learning Essentials 2007-10-07 15:56 --------- d-----w C:\Program Files\SelectSoft 2007-10-06 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2007-10-06 10:28 --------- d-----w C:\Documents and Settings\Admin\Application Data\TuneUp Software 2007-10-06 10:11 --------- d-----w C:\Program Files\RegCleaner 2007-10-06 10:01 --------- d-----w C:\Program Files\Alwil Software 2007-10-05 16:13 --------- d-----w C:\Documents and Settings\Admin\Application Data\Hamachi 2007-10-05 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia 2007-10-04 22:17 --------- d-----w C:\Documents and Settings\Admin\Application Data\Steinberg 2007-10-04 22:03 --------- d-----w C:\Program Files\Steinberg 2007-10-04 21:33 --------- d-----w C:\Program Files\Hamachi 2007-10-04 21:32 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-10-04 21:18 --------- d-----w C:\Program Files\Lavasoft 2007-10-04 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-10-04 21:14 --------- d-----w C:\Documents and Settings\Admin\Application Data\Creative 2007-10-04 20:57 --------- d-----w C:\Program Files\Creative 2007-10-04 20:34 --------- d-----w C:\Program Files\Syncrosoft 2007-10-04 20:30 101,376 ----a-w C:\WINDOWS\system32\drivers\ACEDRV07.sys 2007-10-04 20:30 --------- d-----w C:\Program Files\Fichiers communs\MAGIX Shared 2007-10-04 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX 2007-10-04 20:15 --------- d-----w C:\Documents and Settings\Admin\Application Data\Propellerhead Software 2007-10-04 20:13 --------- d-----w C:\Program Files\flatout 2 2007-10-04 17:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Propellerhead Software 2007-10-04 17:19 --------- d-----w C:\Documents and Settings\Admin\Application Data\ATI 2007-10-04 17:17 --------- d-----w C:\Program Files\ATI Technologies 2007-10-04 16:56 --------- d-----w C:\Program Files\Electronic Arts 2007-10-04 15:17 --------- d-----w C:\Program Files\ADS Tech 2007-01-07 20:19:34 5 --sha-w C:\WINDOWS\system32\accee9_s.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}] 2007-06-27 21:27 1044480 --a------ C:\Program Files\ContextTool\ContextTool-2.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{491E7725-E304-45FE-B185-305708BCDBC6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58EC40FE-F687-4338-8362-675DB0ABFEDF}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5d0fcfd7-52ee-4c87-a30a-6cddc1dcb7b2}] 2007-11-07 18:53 79936 --a------ C:\WINDOWS\system32\eaiyikrv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BC1E5A1-66EC-4A10-B6D5-8613267C621E}] C:\Program Files\Internet Explorer\hokevC:\WINDOWS\system32\e1\caws83122.exe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73A6C36C-2DE9-4C74-80BE-76376EA46F7A}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A23E8655-61ED-4FE9-AF75-886B72915DA7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B60028C3-8774-4446-8DBC-727AA62CE784}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2C8BDCD-C436-4EBC-A6DE-A7C422DB3F28}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E07DC0F6-C621-4E33-8B77-8BB5C5C95A9D}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE55E42B-53B1-4D8C-9FE5-AEF550581F38}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-10-30 16:25] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 11:54] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 20:05] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-31 00:40] "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 23:00] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06] "Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-11-02 15:44] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40] "90a8fffe"="C:\WINDOWS\system32\cqorfjld.dll" [2007-11-05 18:22] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:21] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] [HKEY_USERS\.default\software\microsoft\windows\currentversion unonce] "Config"=%systemroot%\system32 un.cmd "tscuninstall"=%systemroot%\system32 scupgrd.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"=1 (0x1) "NoSMHelp"=1 (0x1) "MemCheckBoxInRunDlg"=1 (0x1) "NoSMBalloonTip"=1 (0x1) "NoDesktopCleanupWizard"=1 (0x1) "NoWelcomeScreen"=1 (0x1) "NoAutoUpdate"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"=1 (0x1) "NoSMHelp"=1 (0x1) "MemCheckBoxInRunDlg"=1 (0x1) "NoSMBalloonTip"=1 (0x1) "NoDesktopCleanupWizard"=1 (0x1) "NoWelcomeScreen"=1 (0x1) "NoAutoUpdate"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\WINDOWS\system32\logonuiX.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkji.dll R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs R3 BCUMXMIDI;BCUMXMIDI;C:\WINDOWS\system32\Drivers\bumxmidi.sys R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys R3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys R3 P17;Creative SB Audigy LS;C:\WINDOWS\system32\drivers\P17.sys R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys S0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f97bced0-91f4-11db-bfb2-000b6a8a9ad4}] \Shell\AutoRun\command - G:\GETMYPIX.EXE . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-10-19 15:17:16 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-08 22:23:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-08 22:26:39 - machine was rebooted . --- E O F ---

clownface · Answer

il y en a encore... http://www.commentcamarche.net/faq/sujet 6862 supprimer le trojan vundo virtumonde#2 me m thode virtumundobegone

faabhyo · Answer

[11/08/2007, 22:41:22] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Admin\Mes documents\Mes fichiers reçus\VirtumundoBeGone.exe" )
[11/08/2007, 22:41:26] - Detected System Information:
[11/08/2007, 22:41:26] -  Windows Version: 5.1.2600, Service Pack 2
[11/08/2007, 22:41:26] -  Current Username: Admin (Admin)
[11/08/2007, 22:41:26] -  Windows is in NORMAL mode.
[11/08/2007, 22:41:26] - Searching for Browser Helper Objects:
[11/08/2007, 22:41:26] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[11/08/2007, 22:41:26] -  BHO 2: {0D39A900-0F3A-4C29-A254-3E65244FDC34} (ContextHelper)
[11/08/2007, 22:41:26] -  BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[11/08/2007, 22:41:26] -  BHO 4: {491E7725-E304-45FE-B185-305708BCDBC6} ()
[11/08/2007, 22:41:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 22:41:26] -  No filename found. Continuing.
[11/08/2007, 22:41:26] -  BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[11/08/2007, 22:41:26] -  BHO 6: {58EC40FE-F687-4338-8362-675DB0ABFEDF} ()
[11/08/2007, 22:41:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 22:41:27] -  No filename found. Continuing.
[11/08/2007, 22:41:27] -  BHO 7: {5d0fcfd7-52ee-4c87-a30a-6cddc1dcb7b2} ()
[11/08/2007, 22:41:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 22:41:27] -  Checking for HKLM\...\Winlogon\Notify\eaiyikrv
[11/08/2007, 22:41:27] -  Key not found: HKLM\...\Winlogon\Notify\eaiyikrv, continuing.
[11/08/2007, 22:41:27] -  BHO 8: {6BC1E5A1-66EC-4A10-B6D5-8613267C621E} ()
[11/08/2007, 22:41:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 22:41:27] -  Checking for HKLM\...\Winlogon\Notify\caws83122.exe
[11/08/2007, 22:41:27] -  Key not found: HKLM\...\Winlogon\Notify\caws83122.exe, continuing.
[11/08/2007, 22:41:27] -  BHO 9: {73A6C36C-2DE9-4C74-80BE-76376EA46F7A} ()
[11/08/2007, 22:41:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 22:41:27] -  No filename found. Continuing.
[11/08/2007, 22:41:27] -  BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/08/2007, 22:41:27] -  BHO 11: {955BE0B8-BC85-4CAF-856E-8E0D8B610560} (BHO pour Compagnon Web Encarta)
[11/08/2007, 22:41:27] -  BHO 12: {A23E8655-61ED-4FE9-AF75-886B72915DA7} ()
[11/08/2007, 22:41:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 22:41:27] -  No filename found. Continuing.
[11/08/2007, 22:41:27] -  BHO 13: {B60028C3-8774-4446-8DBC-727AA62CE784} ()
[11/08/2007, 22:41:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 22:41:27] -  No filename found. Continuing.
[11/08/2007, 22:41:27] -  BHO 14: {D2C8BDCD-C436-4EBC-A6DE-A7C422DB3F28} ()
[11/08/2007, 22:41:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 22:41:27] -  No filename found. Continuing.
[11/08/2007, 22:41:27] -  BHO 15: {E07DC0F6-C621-4E33-8B77-8BB5C5C95A9D} ()
[11/08/2007, 22:41:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 22:41:27] -  No filename found. Continuing.
[11/08/2007, 22:41:27] -  BHO 16: {FE55E42B-53B1-4D8C-9FE5-AEF550581F38} ()
[11/08/2007, 22:41:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/08/2007, 22:41:27] -  No filename found. Continuing.
[11/08/2007, 22:41:27] - Finished Searching Browser Helper Objects
[11/08/2007, 22:41:27] - Finishing up...
[11/08/2007, 22:41:27] - Nothing found! Exiting...

faabhyo · Answer

A ton avis clownface, mon système est ok ou bien il y a encore des indésirables qui trainent !

Merci vraiment pour ton aide, c'est vraiment sympa d'avoir du soutien dans ces moments là !!

Tiens-moi au courant sinon je te dis encore merci !

PS : je pensais vraiment pas que mon pc était si vulnérable j'ai pourtant pas mal de protection !!
comme quoi rien n'est jamais vraiment acquis !!!

clownface · Answer

je vois que tu as a2free, ad aware et spybot
les as-tu mis à jour, lancé et supprimé tout ce qu'ils ont trouvé ?

télécharge smitfraudfix : http://www.commentcamarche.net/telecharger/telecharger 230 smitfraudfix
tuto : https://www.zebulon.fr/dossiers/tutoriaux/66-smitfraudfix.html
fais l'option 1 et postes le rapport

faabhyo · Answer

Pour les protections, c'est clair que c'est jamais gagné!
Pour a2free, adware et spybot je les mets régulièrement à jour.

SmitFraudFix v2.239

Rapport fait à 23:15:45,18, 08/11/2007
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Admin\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2816D2AF-0C07-4837-847D-0AFDFEFBDB81}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2816D2AF-0C07-4837-847D-0AFDFEFBDB81}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2816D2AF-0C07-4837-847D-0AFDFEFBDB81}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

clownface · Answer

ok supprimes tous les programmes de desinfection qu'on a utilisé,

si ta restauration systeme est activé désactive là, redemarre, puis réactives là ensuite

fais un scan en ligne avec bitdefender : https://www.bitdefender.com/toolbox/
un avg antispyware en  mode sasn echec
puis un nouvel hijackthis (a la fin)

faabhyo · Answer

j'ai pas eu le temps de faire le scan en ligen ! ja'i de nouveau les messages d'alertes qui s'affichent ! je continue la manip avec scan bitdefender et avg mode sans echec ?

c'est dingue ça !!

clownface · Answer

oui continues
je veux voir ce qu'ils nous trouvent

faabhyo · Answer

pour le scan en ligne, il va y en avoir pour un bout de temps..
tu préconises que je fasse avg en mode sans echec en attendant

apparement c'est un site en particulier ykeeper.bestsellerantivirus.com. et sygate a bloque locussoftware installer

A ton avis je fais quoi

clownface · Answer

pour moi il commence à se faire tard, je dois me lever demain..
donc fais comme tu le sens, tu mettras les rapports quand tu auras eu le temps de les faire,
je serai de retour demain soir.

vérifie aussi que tu n'aies pas de cid dans tes programmes : explications --> http://www.commentcamarche.net/faq/sujet 5996 comment bloquer les fenetres cid
s'il y en a supprimes les (ça ne change rien au besoin de faire les deux scans avg et bitdefender)

faabhyo · Answer

ok merci pour tout et surtout pour ta patience, pareil me lève demain matin, vais voir si je peux être là demain.

Vais faire les dernières manip et je vois ce que ça donne.

Bon courage.

A +

clownface · Answer

je viens de regarder ton locussoftware correspond à un malware... superantispyware pourra s'en charger si avg ne le fait pas.. 
mais tu as déjà pas mal de logiciel antispy donc on verra ça demain.

bon courage à toi,
A+

faabhyo · Answer

Salut clownface, je ne sais pas si tu es connecté ce soir, mais j'ai bien suivi ton conseil avec superantispyware et locussoftware a bien disparu.
J'ai refais un scan en ligne avec bitdefender, un avec a-squared free et un hijackthis.

Je te mets les 3 rapports si tu as le temps dis-moi si toutes les manips ont été bénefiques.

En tout cas plus de fenêtres intempestives !! ouf...

Ya pas a dire apparement tu as été drôlement (ahahah marrant pour un clownface) efficace !!

Bonne contiuation, j'hésiterais pas à faire appel à toi si j'ai de nouveaux soucis de ce genre.

Merci de ta réactivité et continu sur cette voie ...

Faabhyo.

En espérant que les rapports ne soient pas trop indigestes.

Je te mets les rapports dans l'orde suivant :
1- hijackthis
2- a-squared free
3- bitdefender.

1-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:45, on 09/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO.dll
O2 - BHO: (no name) - {491E7725-E304-45FE-B185-305708BCDBC6} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {58EC40FE-F687-4338-8362-675DB0ABFEDF} - (no file)
O2 - BHO: (no name) - {6BC1E5A1-66EC-4A10-B6D5-8613267C621E} - (no file)
O2 - BHO: (no name) - {73A6C36C-2DE9-4C74-80BE-76376EA46F7A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: (no name) - {A23E8655-61ED-4FE9-AF75-886B72915DA7} - (no file)
O2 - BHO: (no name) - {B60028C3-8774-4446-8DBC-727AA62CE784} - (no file)
O2 - BHO: (no name) - {D2C8BDCD-C436-4EBC-A6DE-A7C422DB3F28} - (no file)
O2 - BHO: (no name) - {E07DC0F6-C621-4E33-8B77-8BB5C5C95A9D} - (no file)
O2 - BHO: (no name) - {FE55E42B-53B1-4D8C-9FE5-AEF550581F38} - (no file)
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [90a8fffe] rundll32.exe "C:\WINDOWS\system32\cqorfjld.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'Default user')
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\hjalydxg.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

clownface · Answer

Bonsoir,

redemarres en mode sans echec, 
relances hijackthis, et coches ces lignes :

O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll
O2 - BHO: (no name) - {491E7725-E304-45FE-B185-305708BCDBC6} - (no file)
O2 - BHO: (no name) - {58EC40FE-F687-4338-8362-675DB0ABFEDF} - (no file)
O2 - BHO: (no name) - {6BC1E5A1-66EC-4A10-B6D5-8613267C621E} - (no file)
O2 - BHO: (no name) - {73A6C36C-2DE9-4C74-80BE-76376EA46F7A} - (no file)
O2 - BHO: (no name) - {A23E8655-61ED-4FE9-AF75-886B72915DA7} - (no file)
O2 - BHO: (no name) - {B60028C3-8774-4446-8DBC-727AA62CE784} - (no file)
O2 - BHO: (no name) - {D2C8BDCD-C436-4EBC-A6DE-A7C422DB3F28} - (no file)
O2 - BHO: (no name) - {E07DC0F6-C621-4E33-8B77-8BB5C5C95A9D} - (no file)
O2 - BHO: (no name) - {FE55E42B-53B1-4D8C-9FE5-AEF550581F38} - (no file)
O4 - HKLM\..\Run: [90a8fffe] rundll32.exe "C:\WINDOWS\system32\cqorfjld.dll",b
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user') 
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\hjalydxg.exe (file missing)

cliques sur fix checked

supprimes ensuite ces fichiers / dossiers (en gras) : 

C:\Program Files\ContextTool
C:\WINDOWS\system32\cqorfjld.dll

redemarres en mode normal, refais un scan bitdefender.. j'veux voir s'il en reste.

faabhyo · Answer

voila le dernier rapport bitdefender et je mets un rapport hijack au cous où.



BitDefender Online Scanner
	

 
	

 

Rapport d'analyse généré à: Fri, Nov 09, 2007 - 23:50:03

 
	

 
	

 

Voie d'analyse: A:\;C:\;D:\;E:\;F:\;
	

 
	

 

 
	

 
	

 

Statistiques

Temps
	

01:42:11

Fichiers
	

380515

Directoires
	

6022

Secteurs de boot
	

4

Archives
	

1753

Paquets programmes
	

20126
	

 
	

 

Résultats

Virus identifiés
	

1

Fichiers infectés
	

1

Fichiers suspects
	

0

Avertissements
	

0

Désinfectés
	

0

Fichiers effacés
	

1
	

 
	

 

Info sur les moteurs

Définition virus
	

860818

Version des moteurs
	

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins
	

14

Archive des plugins
	

38

Unpack des plugins
	

7

E-mail plugins
	

6

Système plugins
	

1
	

 
	

 

Paramètres d'analyse

Première action
	

Désinfecté

Seconde Action
	

Supprimé

Heuristique
	

Oui

Acceptez les avertissements
	

Oui

Extensions analysées
	

*;

Excludez les extensions
	

 

Analyse d'emails
	

Oui

Analyse des Archives
	

Oui

Analyser paquets programmes
	

Oui

Analyse des fichiers
	

Oui

Analyse de boot
	

Oui
	

 
	

 
 

Fichier analysé
	

 Statut

C:\System Volume Information\_restore{DB71B960-C923-49EB-AEA5-668180EE695A}\RP2\A0002464.exe
	

Infecté par: Trojan.Generic.64484

C:\System Volume Information\_restore{DB71B960-C923-49EB-AEA5-668180EE695A}\RP2\A0002464.exe
	

Echec de la désinfection

C:\System Volume Information\_restore{DB71B960-C923-49EB-AEA5-668180EE695A}\RP2\A0002464.exe
	

Supprimé
	

 

 
	

 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:52:14, on 09/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'Default user')
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

clownface · Answer

on va faire un sdfix : http://mickael.barroux.free.fr/securite/sdfix.php
il y a encore des petites choses qui me chiffonnent...

faabhyo · Answer

SDFix: Version 1.114

Run by Administrateur on 10/11/2007 at 00:10

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:
.bat  - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 00:16:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\hjalydxg.exe"="C:\WINDOWS\system32\hja"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun  7 Jan 2007     1,835,008 A..H. --- "C:\Documents and Settings\Admin\NTUSER.DAT.bak_jv16pt"
Sun  7 Jan 2007             5 A.SH. --- "C:\WINDOWS\system32\accee9_s.dll"
Fri  9 Nov 2007        20,640 ..SH. --- "C:\WINDOWS\system32\olorcarx.dllbox"
Fri  9 Nov 2007        12,148 ..SH. --- "C:\WINDOWS\system32tvwa.tmp"
Thu  8 Nov 2007         6,505 ..SH. --- "C:\WINDOWS\system32tvwa.bak1"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico1.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico12.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico13.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico14.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico15.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico16.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico17.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico18.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico19.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico1A.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico1B.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico2.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico2F.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico3.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico30.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico31.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico32.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico33.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico34.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico35.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico36.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico37.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico38.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico39.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico3A.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico3B.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico3C.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico3D.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico4.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico42.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico43.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico44.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico45.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico46.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico5.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico51.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico52.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico53.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico54.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico55.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico58.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico59.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico5A.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico5B.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico5C.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico6.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico7.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico8.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico9.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoA.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoB.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoC.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoD.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoE.tmp"
Fri  9 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoF.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoF5.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoF6.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoF7.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoF8.tmp"
Thu  8 Nov 2007         4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoF9.tmp"
Wed 24 Oct 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri  5 Jan 2007       262,144 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.bak_jv16pt"
Fri 22 Dec 2006       262,144 A..H. --- "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.bak_jv16pt"
Fri 22 Dec 2006       262,144 A..H. --- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.bak_jv16pt"

Finished!

faabhyo · Answer

Clownface tu penses qu'on est arrivé au bout de cette désinfection ou bien il y a encore des anomalies.

Quoi qu'il en soit heureusement que t'es là parce que sinon je ne sais vraiment pas comment j'aurais fait pour m'en sortir.

clownface · Answer

en ce qui me concerne je file pour ce soir.
on ferra ensuite un scan  f-secure : https://www.malekal.com/tutorial-f-secure-blacklight/

faabhyo · Answer

ok merci pour ta patience et pour le temps passé à me donner tes explications.

Passe une bonne soirée.
A bientôt.

faabhyo · Answer

salut clownface, je n'ai pas réussi à récupérer f-secure blacklight (url n'existe plus) mais j'ai fait un scan en ligne, je te joins le rapport et je refais un hijackthis.
Dis-moi ce que tu en penses.

Merci d'avance.

Scanning Report
Saturday, November 10, 2007 10:03:43 - 11:12:38

Computer name: XPSP2-62B04009C
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 3 malware found
Tracking Cookie (spyware)

    * System (Disinfected)
    * System
    * System 

Statistics
Scanned:

    * Files: 61622
    * System: 4477
    * Not scanned: 6 

Actions:

    * Disinfected: 1
    * Renamed: 0
    * Deleted: 0
    * None: 2
    * Submitted: 0 

Files not scanned:

    * C:\PAGEFILE.SYS
    * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    * C:\WINDOWS\SYSTEM32\CONFIG\SAM
    * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM 

Options
Scanning engines:

    * F-Secure Libra: 2.4.2, 2007-11-09
    * F-Secure AVP: 7.0.171, 2007-11-09
    * F-Secure Orion: 1.2.37, 2007-11-09
    * F-Secure Blacklight: 1.0.64
    * F-Secure Draco: 1.0.35, 2007-10-30
    * F-Secure Pegasus: 1.19.0, 2007-10-06 

Scanning options:

    * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
    * Use Advanced heuristics 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:13, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'Default user')
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

clownface · Answer

Bonjour,

Computer name: XPSP2-62B04009C
Scanning type: Scan system for viruses, rootkits, spyware

Result: 3 malware found

Actions:

* Disinfected: 1

* None: 2 <-- nulle part on te dit quels sont ces fichiers ??

O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')  <-- il y  a toujours ça qui ne me plait pas..

peux-tu refaire un combofix ?  http://www.commentcamarche.net/faq/sujet 6862 supprimer le trojan vundo virtumonde#3 me m thode combofix

faabhyo · Answer

voila le hijackthis après combofix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:01:06, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Admin\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'Default user')
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

clownface · Answer

montres moi le rapport de combofix

faabhyo · Answer

ComboFix 07-11-08.1 - Administrateur 2007-11-10 17:39:45.3 - NTFSx86 MINIMAL Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\Admin\Bureau\Live Safety Center.lnk C:\Documents and Settings\Admin\Bureau\Online Security Guide.lnk C:\Documents and Settings\Admin\Favoris\Online Security Guide.lnk C:\Documents and Settings\Administrateur\Bureau\Live Safety Center.lnk C:\Documents and Settings\Administrateur\Bureau\Online Security Guide.lnk C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk C:\WINDOWS\system32\olorcarx.dllbox . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE ((((((((((((((((((((((((((((( Fichiers créés 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))))))) . 2007-11-10 00:07 d-------- C:\WINDOWS\ERUNT 2007-11-09 08:38 12,148 ---hs---- C:\WINDOWS\system32 tvwa.ini2 2007-11-09 08:23 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-11-09 08:22 d-------- C:\Program Files\SUPERAntiSpyware 2007-11-09 08:22 d-------- C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com 2007-11-09 00:17 d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft 2007-11-09 00:15 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2007-11-09 00:15 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-09 00:15 d--h----- C:\Documents and Settings\Administrateur\Modèles 2007-11-09 00:15 d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-09 00:15 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2007-11-09 00:15 d-------- C:\Documents and Settings\Administrateur\Favoris 2007-11-09 00:15 d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-08 23:42 6,505 ---hs---- C:\WINDOWS\system32 tvwa.bak1 2007-11-08 22:46 d-------- C:\Documents and Settings\Admin\Application Data\Grisoft 2007-11-08 22:40 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-08 22:40 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-08 22:26 128 --a------ C:\winlogon.exe 2007-11-08 22:11 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-08 21:50 d-------- C:\VundoFix Backups 2007-11-08 19:49 d-------- C:\Program Files\CCleaner 2007-11-08 19:45 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-08 19:22 d-------- C:\Program Files\a-squared Free 2007-11-08 18:34 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-08 18:34 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-08 18:34 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-08 18:34 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-08 18:34 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-08 18:34 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-08 18:34 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-08 18:34 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-08 18:31 d-------- C:\WINDOWS\system32\fr-fr 2007-11-08 18:10 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2007-11-07 21:24 d-------- C:\WINDOWS\BDOSCAN8 2007-11-07 21:06 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2007-11-07 20:47 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll 2007-11-07 20:47 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys 2007-11-07 20:47 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys 2007-11-07 20:47 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys 2007-11-07 20:47 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys 2007-11-07 20:47 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys 2007-11-07 20:47 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys 2007-11-07 18:45 d-------- C:\WINDOWS\10B446B34DF44489A1688A98F7CD807E.TMP 2007-11-06 23:02 d-------- C:\Program Files\Spyware Doctor 2007-11-06 20:29 d-------- C:\Program Files\Evariste 2007-11-05 20:07 d-------- C:\Program Files\Sygate 2007-11-05 17:25 d-------- C:\Program Files\Codemasters 2007-11-05 08:29 786 --a------ C:\7664.bat 2007-11-05 08:29 0 --a------ C:\z.dat 2007-11-04 21:22 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-11-04 21:22 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-11-04 21:22 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-11-04 21:22 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-11-04 21:22 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-11-04 21:22 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-11-04 21:22 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-11-04 21:22 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-11-04 21:02 d-------- C:\Program Files\THQ 2007-11-02 15:49 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-11-02 15:46 d-------- C:\WINDOWS\system32\Mz18r 2007-11-02 15:46 d-------- C:\Temp\mZOr 2007-11-02 15:46 d-------- C:\Temp 2007-10-26 21:36 d-------- C:\Program Files\Ubisoft 2007-10-25 22:58 d-------- C:\WINDOWS\system32\Data 2007-10-25 22:58 24,576 --a------ C:\WINDOWS\INRES.DLL 2007-10-24 18:23 d-------- C:\Program Files\Windows Media Connect 2 2007-10-24 07:59 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-10-23 22:36 d-------- C:\Documents and Settings\Admin\Application Data\Reasonable Software House Ltd 2007-10-23 22:35 d-------- C:\Program Files\Reasonable NoClone 2007 Home 2007-10-22 18:27 d-------- C:\Program Files\Micro Application 2007-10-22 18:26 d-------- C:\Documents and Settings\Admin\Application Data\InstallShield 2007-10-22 17:19 d-------- C:\Program Files\AML Products 2007-10-22 17:19 2,535,424 --a------ C:\WINDOWS\system32\agsaamj.dll 2007-10-22 17:19 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2007-10-22 17:19 610,304 --a------ C:\WINDOWS\system32\agsaamg.dll 2007-10-22 17:19 372,736 --a------ C:\WINDOWS\system32\agsaamc.dll 2007-10-22 17:19 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll 2007-10-22 17:19 90,112 --a------ C:\WINDOWS\system32\agsaami.dll 2007-10-22 17:19 53,760 --a------ C:\WINDOWS\system\ppacklib.dll 2007-10-22 17:19 77 --a------ C:\WINDOWS\system32\winitn.dll 2007-10-22 17:19 1 --a------ C:\WINDOWS\audi20.dat 2007-10-21 19:46 d-------- C:\WINDOWS\system\color 2007-10-21 19:46 d-------- C:\Program Files\Fichiers communs\FotoWire 2007-10-21 19:46 d-------- C:\Program Files\AGFAnet 2007-10-21 19:46 36,864 --a------ C:\WINDOWS\system32\agusbsti.dll 2007-10-21 19:46 32,768 --a------ C:\WINDOWS\system32\Snape25.bin 2007-10-21 19:45 d-------- C:\Program Files\Agfa 2007-10-21 11:52 d-------- C:\Documents and Settings\Admin\Application Data\Legends of pirates 2007-10-21 11:01 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-19 01:02 d-------- C:\Program Files\Free Audio Pack 2007-10-19 01:02 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL 2007-10-19 01:02 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL 2007-10-19 01:02 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll 2007-10-19 01:02 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL 2007-10-19 01:02 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL 2007-10-19 01:02 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL 2007-10-16 10:09 22,752 --a------ C:\WINDOWS\system32\drivers\bumxmidi.sys 2007-10-16 09:19 368,640 --a------ C:\WINDOWS\system32\ReWire.dll 2007-10-16 09:19 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll 2007-10-10 06:42 d-------- C:\Program Files\Stardock . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-10 03:19 --------- d-----w C:\Program Files\BitComet 2007-11-09 19:40 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-11-09 19:40 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-11-09 19:03 --------- d-----w C:\Program Files\Navilog1 2007-11-09 16:55 22 ----a-w C:\WINDOWS\Fonts\a.zip 2007-11-09 07:22 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-11-09 07:10 --------- d-----w C:\Documents and Settings\Admin\Application Data\LimeWire 2007-11-08 19:42 --------- d-----w C:\Documents and Settings\Admin\Application Data\AdobeUM 2007-11-05 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-05 07:08 --------- d-----w C:\Program Files\TuneUp Utilities 2007 2007-11-04 20:23 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-11-04 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-11-03 17:45 --------- d-----w C:\Program Files\easycleaner 2007-10-16 08:10 --------- d-----w C:\Program Files\Propellerhead 2007-10-10 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2007-10-10 05:48 1,014,784 ----a-w C:\WINDOWS\system32\logonuiX.exe 2007-10-09 20:44 --------- d-----w C:\Documents and Settings\Admin\Application Data\MAGIX 2007-10-09 16:11 --------- d-----w C:\Program Files\Microsoft Money 2005 2007-10-08 20:44 --------- d-----w C:\Program Files\MSXML 6.0 2007-10-08 20:35 --------- d-----w C:\Program Files\MSXML 4.0 2007-10-08 19:56 --------- d-----w C:\Documents and Settings\Admin\Application Data\Skype 2007-10-08 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-08 17:58 --------- d-----w C:\Program Files\Windows Live 2007-10-08 17:58 --------- d-----w C:\Program Files\MSN Messenger 2007-10-08 17:58 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-10-08 17:43 --------- d-----w C:\Program Files\Easy Video Splitter 2007-10-08 17:42 --------- d-----w C:\Program Files\Easy Video Joiner 2007-10-08 17:38 --------- d-----w C:\Program Files\Skype 2007-10-08 17:38 --------- d-----w C:\Program Files\Fichiers communs\Skype 2007-10-08 17:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-10-07 17:32 --------- d-----w C:\Program Files\ZOOM 2007-10-07 16:57 --------- d-----w C:\Program Files\Microsoft Etudes 2007-10-07 16:53 --------- d-----w C:\Program Files\Learning Essentials 2007-10-07 15:56 --------- d-----w C:\Program Files\SelectSoft 2007-10-06 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2007-10-06 10:28 --------- d-----w C:\Documents and Settings\Admin\Application Data\TuneUp Software 2007-10-06 10:11 --------- d-----w C:\Program Files\RegCleaner 2007-10-06 10:01 --------- d-----w C:\Program Files\Alwil Software 2007-10-05 16:13 --------- d-----w C:\Documents and Settings\Admin\Application Data\Hamachi 2007-10-05 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia 2007-10-04 22:17 --------- d-----w C:\Documents and Settings\Admin\Application Data\Steinberg 2007-10-04 22:03 --------- d-----w C:\Program Files\Steinberg 2007-10-04 21:33 --------- d-----w C:\Program Files\Hamachi 2007-10-04 21:32 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-10-04 21:18 --------- d-----w C:\Program Files\Lavasoft 2007-10-04 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-10-04 21:14 --------- d-----w C:\Documents and Settings\Admin\Application Data\Creative 2007-10-04 20:57 --------- d-----w C:\Program Files\Creative 2007-10-04 20:34 --------- d-----w C:\Program Files\Syncrosoft 2007-10-04 20:30 101,376 ----a-w C:\WINDOWS\system32\drivers\ACEDRV07.sys 2007-10-04 20:30 --------- d-----w C:\Program Files\Fichiers communs\MAGIX Shared 2007-10-04 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX 2007-10-04 20:15 --------- d-----w C:\Documents and Settings\Admin\Application Data\Propellerhead Software 2007-10-04 20:13 --------- d-----w C:\Program Files\flatout 2 2007-10-04 17:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Propellerhead Software 2007-10-04 17:19 --------- d-----w C:\Documents and Settings\Admin\Application Data\ATI 2007-10-04 17:17 --------- d-----w C:\Program Files\ATI Technologies 2007-10-04 16:56 --------- d-----w C:\Program Files\Electronic Arts 2007-10-04 15:17 --------- d-----w C:\Program Files\ADS Tech 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-13 17:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll 2007-08-13 17:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll 2007-08-13 17:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll 2007-08-13 17:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll 2007-08-13 17:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll 2007-08-13 17:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll 2007-08-13 17:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll 2007-08-13 17:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe 2007-08-13 17:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll 2007-01-07 20:19:34 5 --sha-w C:\WINDOWS\system32\accee9_s.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-10-30 16:25] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 20:05] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-31 00:40] "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 23:00] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-09 18:32] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion unonce] "Config"=%systemroot%\system32 un.cmd "nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" "tscuninstall"=%systemroot%\system32 scupgrd.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion unonce] "tscuninstall"=%systemroot%\system32 scupgrd.exe C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Barre d'‚tat systŠme d'ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-31 00:40:36] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2005-09-23 22:05:26] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"=1 (0x1) "NoSMHelp"=1 (0x1) "MemCheckBoxInRunDlg"=1 (0x1) "NoSMBalloonTip"=1 (0x1) "NoDesktopCleanupWizard"=1 (0x1) "NoWelcomeScreen"=1 (0x1) "NoAutoUpdate"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"=1 (0x1) "NoSMHelp"=1 (0x1) "MemCheckBoxInRunDlg"=1 (0x1) "NoSMBalloonTip"=1 (0x1) "NoDesktopCleanupWizard"=1 (0x1) "NoWelcomeScreen"=1 (0x1) "NoAutoUpdate"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\WINDOWS\system32\logonuiX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys S0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys S2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs S3 BCUMXMIDI;BCUMXMIDI;C:\WINDOWS\system32\Drivers\bumxmidi.sys S3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe S3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys S3 P17;Creative SB Audigy LS;C:\WINDOWS\system32\drivers\P17.sys S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-11-09 16:49:30 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-10 17:44:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-10 17:45:26 . --- E O F ---

clownface · Answer

Vérifie si ces fichiers existent encore et si oui supprimes les :

C:\WINDOWS\system32\rtvwa.ini2 
C:\WINDOWS\system32\rtvwa.bak1 
C:\7664.bat 
C:\z.dat 

Télécharge clean.zip

http://www2.malekal.com/download/clean.zip

Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 1.

Poste le rapport qui se trouve ici C:\rapport_clean.txt

faabhyo · Answer

10/11/2007 a 22:20:17,85 
 
*** Recherche des fichiers dans C: 
 
*** Recherche des fichiers dans C:\WINDOWS\ 
 
*** Recherche des fichiers dans C:\WINDOWS\system32 
 
*** Recherche des fichiers dans C:\Program Files 
"C:\Program Files\DivX\Google\Firefox\ffinstaller.exe" FOUND

clownface · Answer

ok
lance l'option2
puis fais un nettoyage avec ccleaner (nettoyeur et erreurs)
remet enfin un rapport hijackthis

faabhyo · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:16, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

clownface · Answer

bon 

fais scanner ce fichier  run.cmd (dans c:\system32)  sur virustotal : https://www.virustotal.com/gui/
montres le resultat.

faabhyo · Answer

voila le bloc-note et le resultat de virustotal

@ECHO OFF
CMDOW @ /HID
TITLE Ne pas fermer
DEL /f /q "%USERPROFILE%\Favoris/Guide des stations de radio.url"
DEL /f /q "%USERPROFILE%\Favoris/MSN.com.url"
RD /s /q "%USERPROFILE%\Favoris/Liens"
DEL /f /q "%ALLUSERPROFILE%\Menudm~1\config~1.lnk"
RD /s /q "%USERPROFILE%\Favoris/Liens"
regedit.exe \S %SystemRoot%\system32\reguser.reg

Fichier run.cmd reçu le 2007.11.11 00:52:42 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)

Antivirus  	Version  	Dernière mise à jour  	Résultat
AhnLab-V3	2007.11.10.0	2007.11.09	-
AntiVir	7.6.0.34	2007.11.09	-
Authentium	4.93.8	2007.11.10	-
Avast	4.7.1074.0	2007.11.10	-
AVG	7.5.0.503	2007.11.10	-
BitDefender	7.2	2007.11.11	-
CAT-QuickHeal	9.00	2007.11.10	-
ClamAV	0.91.2	2007.11.11	-
DrWeb	4.44.0.09170	2007.11.10	-
eSafe	7.0.15.0	2007.11.08	-
eTrust-Vet	31.2.5284	2007.11.09	-
Ewido	4.0	2007.11.10	-
FileAdvisor	1	2007.11.11	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.4.2.54	2007.11.10	-
F-Secure	6.70.13030.0	2007.11.10	-
Ikarus	T3.1.1.12	2007.11.10	-
Kaspersky	7.0.0.125	2007.11.11	-
McAfee	5160	2007.11.09	-
Microsoft	1.3007	2007.11.11	-
NOD32v2	2651	2007.11.10	-
Norman	5.80.02	2007.11.09	-
Panda	9.0.0.4	2007.11.10	-
Prevx1	V2	2007.11.11	-
Rising	20.17.52.00	2007.11.10	-
Sophos	4.23.0	2007.11.11	-
Sunbelt	2.2.907.0	2007.11.09	-
Symantec	10	2007.11.10	-
TheHacker	6.2.9.123	2007.11.10	-
VBA32	3.12.2.4	2007.11.08	-
VirusBuster	4.3.26:9	2007.11.10	-
Webwasher-Gateway	6.0.1	2007.11.11	-
Information additionnelle
File size: 341 bytes
MD5: 0bbde38daa7413555b415eaf7febdc2f
SHA1: ec03b7c6920ddfc7669d481d90276b0c33984a62

clownface · Answer

bonsoir,

tu vas aller dans demarrer/executer, tapes "msconfig"
dans l'onglet démarrer, décoches la ligne qui correspond à 
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
(j'espère qu'il y a ?)
redemarres et postes un nouvel hijackthis

faabhyo · Answer

bonsoir clownface,j'ai fait comme tu m'as demandé mais pas de ligne "O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL') " dans l'onglet demarrer du msconfig.

Qu'est-ce que je dois faire à ton avis ?

clownface · Answer

renommes le fichier run.cmd en run.cmd.old
relances hijackthis et coches et fixes cette ligne O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL') 

redemarres
refais un hijackthis

faabhyo · Answer

voila le dernier rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:50, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

clownface · Answer

ok :)
tout va bien avec ton pc ?

en ce qui me concerne je ne vois plus rien qui me gène.. si  ce n'est ta version de java : pour info : http://www.commentcamarche.net/forum/affich 3711157 maj critique java par jalobservateur#0

faabhyo · Answer

Un grand merci pour tout le temps que tu as passé.

Mon PC fonctionne carrement mieux. je vais faire la mise à jour java comme tu dis.
Petite question :
Est-ce qu'il faut que je partitionne mon disque avec partition magic pour éviter une infection comme j'ai eu ou bien tu as d'autres solution ?

En tout cas encore merci pour ton efficacité.

clownface · Answer

evites les questions trop techniques stp ! lol

a mon avis, la meilleure protection est la prudence... ne pas télécharger de sites douteux, réfléchir un peu avant de cliquer ...
voir + en détail : http://www.commentcamarche.net/faq/sujet 1630 se premunir des virus et autres saletes pas si complique

faabhyo · Answer

ok je comprends, en tout cas merci pour ton soutien dans ces moments difficiles.

Je ne pensais pas que c'était aussi compliqué à enlever toutes ces saletés.
Continue à aider les novices en la matière (comme moi) c'est tout à ton honneur.

Bonne soirée.

A+

clownface · Answer

Merci bonne soirée à toi aussi.

Prob spyware secure and co

49 réponses

Discussions similaires

Newsletters