Win32:Trojan-gen.Fermé

Question

Bonjour,
 
je me presente je suis un bille en info voila le topo j'ai choppé ce ver sur usenext (je pense)  Win32:Trojan-gen. comment faire pour m en separer 
j'ai tous essyer en vain avec avast ,norton 360 et meme win defender 

a l'aide MERCI A TOUS 
@+ 

voici le relever de HijackThis v2.0.2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:09, on 09/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Windows\System32undll32.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Rémi Céline Justin\AppData\Roaming\Microsoft\dtsc\5330.exe
C:\Windows\System32undll32.exe
C:\Windows\System32undll32.exe
C:\Windows\System32undll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Users\Rémi Céline Justin\AppData\Roaming\Microsoft\dtsc\5330.exe
C:\Windows\helppane.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\Rémi Céline Justin\Documents\AVAST\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\RMICLI~1\AppData\Local\Temp\pmnlkjIy.dll,#1
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Users\Rémi Céline Justin\AppData\Roaming\Microsoft\dtsc\5330.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\RMICLI~1\AppData\Local\Temp\awTLBTMF.dll,c
O4 - HKCU\..\Run: [71b56d51] rundll32.exe "C:\Users\RMICLI~1\AppData\Local\Temp\kduycjtf.dll",b
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0esources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

sKe69 · Answer

Salut,

1- désinstales proprement Norton avec ce-ci ( car 2 antivirus actifs = instabilité du système + grosse faille de sécurité )
 Télécharges Norton removal tool sur ton bureau :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe

Déconnectes toi . 
Ensuite désinstales Norton avec Norton removal tool :Tu doubles click dessus et te laisses guider : il faut bien le désinstaler ( fait la manipe 2 fois si possible ). 

2- Désactiver le contrôle des comptes utilisateurs ou UAC (le réactiver seulement à la fin de la désinfection) :
 
Aller dans démarrer puis panneau de configuration 
--->Double-Cliquer sur l'icône "Comptes d'utilisateurs" 
--->Cliquer ensuite sur "Activer ou désactiver le contrôle ..." .
--->Décocher la case "utlisiser le contrôle ..." et cliquer sur OK .
Puis redémarrer le PC quand il le vous saura demandé ... 

3- Télécharges : - CCleaner 
https://www.pcastuces.com/logitheque/ccleaner.htm 
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'installation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première.
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ). 

Un tuto ( aide ): 
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 

Utilisation:
vas dans "nettoyeur" : fait analyse puis nettoyage 
et vas dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) . 

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

4- Supprimes ton .exe Hijackthis et reprends exactement comme ce-ci :
Télécharges et installes le logiciel HijackThis : 
 
ici :ftp://ftp.commentcamarche.com/download/HJTInstall.exe
ou ici : http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

A-Cliquer sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'instalation .
A la fin tu doit avoir un raccouci sur ton bureau et aussi un cheminement comme : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe " .

Important :
Renommer le prg HijackThis : 
Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---cliques droit sur ce dernier et choisis "renommer" : tapes monjack et valide .

tuto pour utilisation 
Regardes ici, c'est parfaitement expliqué en images :
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm 

B-!!Déconnectes toi et fermes toute tes applications en cours !!

Cliques sur le raccourci du bureau,
Fais un scan monjack (ou HijackThis renommé) en cliquant sur : "Do a system scan and save a logfile" 

---> Postes le rapport généré pour analyse ...

rem71 · Answer

salut ske69 

j'ai fait ce que tu m a dit 

voici mon resultat sur monjack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:40, on 09/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Windows\System32undll32.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32undll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32undll32.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rémi Céline Justin\Desktop\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [71b56d51] rundll32.exe "C:\Users\RMICLI~1\AppData\Local\Temp\kduycjtf.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Users\Rémi Céline Justin\AppData\Roaming\Microsoft\dtsc\5330.exe
O4 - HKCU\..\Run: [71b56d51] rundll32.exe "C:\Users\RMICLI~1\AppData\Local\Temp\kduycjtf.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0esources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

sKe69 · Answer

1- crée un dossier sur ton bureau et nomme le ainsi : HijackThis
Puis glisses y monjack.exe  ( qui est aussi sur ton bureau ) à l'intérieur ...

2- Télécharges SmitfraudFix (de S!Ri, balltrap34 et moe31 ) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

!! Déconnectes toi, fermes toute tes applications et désactives tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !!

Installes le soft à la racine de C\ ( et pas ailleurs! --->"C\:SmitfraudFix.exe" ) .

Tuto ( aide ) : http://siri.urz.free.fr/Fix/SmitfraudFix.php
 
Utilisation ----> option 1 - Recherche : 
Double clique sur l'icône "Smitfraudfix.exe" et sélectionnes 1 pour créer un rapport des fichiers responsables de l'infection.
 
Postes le rapport ( "rapport.txt" qui se trouve sous C\: ) et attends la suite . 

(Attention : process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)

rem71 · Answer

rebonsoir ske69 

voici les rapports hijackthis et malwarebyte's

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:52, on 09/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32undll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Rémi Céline Justin\Desktop\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0esources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

sKe69 · Answer

bien ...

Fais exactement ce qui suit :

Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleur !): 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clik droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape CFix.exe et valide . 

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnectes toi,fermes tes applications en cours et DESACTIVES TOUTES TES DEFENCES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe : 
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après  !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-cliques CFix.exe ( = combofix.exe ) . 

Appuyes sur la touche Y (Yes) pour démarrer le scan . 

Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 
---> si un message d'erreur windows apparait à un momment  : clik sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... ) 

Le rapport sera crée dans: C:\Combofix.txt 
 
Postes le rapport Combofix accompagné d'un nouveau rapport hijackthis pour analyse ...

rem71 · Answer

voici les rapports ComboFix 08-07-08.9 - Rémi Céline Justin 2008-07-09 18:49:26.1 - NTFSx86 Endroit: C:\Users\Rémi Céline Justin\Documents\AVAST\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat C:\Windows\system32\KBL.LOG ----- BITS: Possible sites infect‚s ----- hxxp://theinstalls.com . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))))))) . 2008-07-09 17:36 . 2008-07-09 17:36 d-------- C:\Users\All Users\Malwarebytes 2008-07-09 17:36 . 2008-07-09 17:36 d-------- C:\ProgramData\Malwarebytes 2008-07-09 17:36 . 2008-07-09 17:36 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-09 17:36 . 2008-07-07 17:35 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys 2008-07-09 17:36 . 2008-07-07 17:35 17,144 --a------ C:\Windows\System32\drivers\mbam.sys 2008-07-09 17:01 . 2008-07-09 17:01 d-------- C:\Program Files\CCleaner 2008-07-09 13:56 . 2008-07-09 13:56 d-------- C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP 2008-07-09 13:46 . 2008-07-09 13:46 d-------- C:\Program Files\Alwil Software 2008-07-09 13:46 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-07-08 17:13 . 2008-07-08 17:13 d-------- C:\Windows\System32\N360_BACKUP 2008-07-08 14:15 . 2008-07-08 14:15 d-------- C:\Program Files\VirtualDJ 2008-07-08 12:52 . 2008-07-08 12:52 291 --a------ C:\VirtualDJ Local Database v5.xml 2008-07-07 21:46 . 2008-07-07 21:46 d-------- C:\Downloads 2008-06-28 20:25 . 2008-07-08 10:33 d-------- C:\Program Files\AtomixMP3 2008-06-24 20:11 . 2008-06-24 20:11 d-------- C:\Program Files\Capture By George! 2008-06-23 20:53 . 2008-06-23 20:53 d-------- C:\Users\All Users\Symantec Temporary Files 2008-06-23 20:53 . 2008-06-23 20:53 d-------- C:\ProgramData\Symantec Temporary Files 2008-06-22 20:48 . 2008-06-22 20:48 d-------- C:\Users\All Users\HP 2008-06-22 20:48 . 2008-06-22 20:48 d-------- C:\ProgramData\HP 2008-06-21 21:42 . 2008-06-21 21:42 d-------- C:\Users\All Users\Recisio 2008-06-21 21:42 . 2008-06-21 21:42 d-------- C:\ProgramData\Recisio 2008-06-21 21:42 . 2008-06-21 21:42 d-------- C:\Program Files\KaraFun 2008-06-14 16:29 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll 2008-06-14 16:29 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll 2008-06-14 16:29 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax 2008-06-14 16:29 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax 2008-06-11 21:29 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-06-11 21:29 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll 2008-06-11 21:29 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll 2008-06-11 21:29 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-09 14:57 --------- d-----w C:\ProgramData\NVIDIA 2008-07-09 14:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-07-08 19:03 --------- d-----w C:\ProgramData\Microsoft Help 2008-07-08 19:03 --------- d-----w C:\Program Files\Microsoft Works 2008-06-27 17:10 --------- d-----w C:\ProgramData\CyberLink 2008-06-21 19:35 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-20 19:59 --------- d-----w C:\Program Files\UseNeXT 2008-06-11 20:05 --------- d-----w C:\Program Files\Windows Mail 2008-06-01 14:29 --------- d-----w C:\Program Files\Mio Technology 2008-06-01 14:19 74,752 ----a-w C:\Windows\ST6UNST.EXE 2008-06-01 14:19 253,952 ------w C:\Windows\Setup1.exe 2008-06-01 14:15 --------- d-----w C:\Program Files\SpeedCams_Serveur 2008-05-22 13:26 --------- d-----w C:\ProgramData\WildTangent 2008-05-22 13:24 --------- d-----w C:\ProgramData\NETg 2008-05-18 06:27 --------- d-----w C:\Program Files\Java 2008-05-05 01:38 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 10:29 102400] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 15:34 634880] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 08:02 174616] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 20:34 181544] "UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 00:13 218408] "DpAgent"="C:\Program Files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 12:12 671744] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 09:47 480560] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 16:53 311296] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "OPTENET_GUI"="C:\PROGRA~1\CONTRO~1\bin\optgui.exe" [2006-12-05 19:51 400408] "SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2006-12-12 19:16 90112] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 22:05 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 22:05 8497696] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 22:05 81920] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 15:27 4702208 C:\Windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{4757DF27-BB99-458F-80CB-DB0364C8F28F}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{419E922C-2259-4F5C-8434-B5F1D2E96D3A}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{E0F9C7C3-CA1A-416F-A34C-0862127D6393}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{EB55CB69-2800-4DE8-A74E-01C74B7C84E3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{ECCE1CEF-E35A-4D98-B328-225A47D70E75}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{4E4C9BFC-A948-4199-ABF2-3BFEC46E8A3A}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play "{ABB5ACE7-4116-4535-9884-69DF85E3D7D1}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{2B83BB40-559D-4DBB-B21D-26D92F17F871}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{A2374141-D6D6-4919-A8D5-2BAD3C8BB0F0}C:\users\rémi céline justin\appdata\local\temp\wzse0.tmp\symnrt.exe"= UDP:C:\users\rémi céline justin\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe "UDP Query User{F45C3BE6-1344-45F4-BF6A-E7B3B0B78848}C:\users\rémi céline justin\appdata\local\temp\wzse0.tmp\symnrt.exe"= TCP:C:\users\rémi céline justin\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\QuickPlay\[u]0/u00.fcl [2007-09-30 20:34] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18] R2 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-05 18:55] R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 20:34] R2 QPSched;QuickPlay Task Scheduler (QTS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 20:34] R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 11:30] S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 01:33] S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9eeec55f-0fce-11dd-a5d0-001e68055f45}] \shell\Auto\command - H:\rhvqjqyiy.exe \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\rhvqjqyiy.exe . - - - - ORPHANS REMOVED - - - - HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-09 18:57:12 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\Windows\system32\lsass.exe -> C:\Program Files\Controle Parental\bin\lsp.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\DigitalPersona\Bin\DpHostW.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Windows\System32\conime.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\Controle Parental\bin\OPTGui.exe C:\Windows\System32\rundll32.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Windows\System32\rundll32.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\ehome\ehsched.exe C:\Windows\ehome\ehrecvr.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe . ************************************************************************** . Temps d'accomplissement: 2008-07-09 19:05:54 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-09 17:05:30 Pre-Run: 93,507,530,752 octets libres Post-Run: 93,219,835,904 octets libres 186 --- E O F --- 2008-06-26 09:58:11 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:47:39, on 09/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Hp\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Controle Parental\bin\OPTGui.exe C:\Program Files\OrangeHSS\Systray\SystrayApp.exe C:\Windows\System32\rundll32.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wuauclt.exe C:\Windows\Explorer.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Users\Rémi Céline Justin\Desktop\HijackThis\monjack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

sKe69 · Answer

On continue ...

1- refais un coup de CCleaner ( registre compris )

2-Rends toi sur ce site : 

https://www.virustotal.com/gui/ 

Copies ce qui suit et colles le dans l'espace pour la recherche : 
C:\Program Files\DigitalPersona\Bin\dpagent.exe 

Clique sur Send File. 

Un rapport va s'élaborer ligne à ligne. 

Attends la fin. Il doit comprendre la taille du fichier envoyé. 

Sauvegarde le rapport avec le bloc-note. 

Copie le dans ta réponse. 

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )


Fais de même pour :
C:\Program Files\DigitalPersona\Bin\DpHostW.exe

---> postes moi donc ces deux rapports ( en précisant bien au début de chacun à quel fichier ils correspondent ) et attends la suite ...

rem71 · Answer

fichier dpagent.exe 1

File size: 671744 bytes 
MD5...: 09dc37198c663e9c4415f9251730ccdd 
SHA1..: 8ceb831854a532a372e27e8cc535700987d951e0 
SHA256: 806b5c0e4a4d2899720407dc5b6798e564bb2807af17176acb671f8a1a20801b 
SHA512: 791cbab69b403120f04040a9cbd150cd100f769f70a3798cd43f5e7c11f4c3cb
877b3e156c7f66ce6c4d0a2fd5702fc30b340c790eaee834c884bc3b8d91945d 
PEiD..: - 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x43c745
timedatestamp.....: 0x46f2b7ef (Thu Sep 20 18:11:59 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x581bb 0x59000 6.51 44b914a6655182dcd04aa0691efc7fdd
.rdata 0x5a000 0x138e6 0x14000 4.51 44386f9b0a14ac25525329412e54ba5e
.data 0x6e000 0x58a4 0x3000 3.71 7e2b223cf95d8488ff2fd1858411d8b5
.rsrc 0x74000 0x32884 0x33000 5.83 81e493d3c6b2741a308d339f06a0ef22

( 8 imports ) 
> Secur32.dll: GetUserNameExW
> KERNEL32.dll: FindClose, FindNextFileW, FindFirstFileW, OpenMutexW, SetConsoleTextAttribute, GetCurrentProcessId, CreateDirectoryW, GlobalAddAtomW, OpenFileMappingW, SetEvent, CreateEventW, UnregisterWait, FlushInstructionCache, DeleteTimerQueueTimer, ResetEvent, CreateTimerQueueTimer, Sleep, OpenThread, TerminateThread, RegisterWaitForSingleObject, DeleteFileW, CreateProcessW, WaitForMultipleObjects, lstrcpynW, lstrcpyW, IsValidLocale, EnumSystemLocalesA, GetUserDefaultLCID, QueryPerformanceCounter, GetCommandLineW, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, GetOEMCP, TlsFree, TlsSetValue, CreateConsoleScreenBuffer, TlsGetValue, GetStdHandle, ExitProcess, HeapCreate, MoveFileExW, GetStringTypeW, GetStringTypeA, GetCPInfo, LCMapStringW, LCMapStringA, GetStartupInfoW, CreateThread, ExitThread, VirtualQuery, GetSystemInfo, VirtualProtect, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, RtlUnwind, GetSystemTimeAsFileTime, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, InterlockedCompareExchange, GetProcessHeap, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, HeapDestroy, GetThreadLocale, GetLocaleInfoA, GetACP, ReadFile, CompareStringA, CompareStringW, SetEnvironmentVariableA, SetConsoleActiveScreenBuffer, GetConsoleScreenBufferInfo, SetConsoleScreenBufferSize, SetConsoleCtrlHandler, FormatMessageW, lstrlenA, WriteConsoleW, GetComputerNameA, CreateFileW, lstrcmpiW, GetConsoleCP, GetConsoleMode, GetLocaleInfoW, SetStdHandle, FlushFileBuffers, GetShortPathNameW, GetWindowsDirectoryA, CreateFileA, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, SetEndOfFile, WideCharToMultiByte, LockResource, FreeResource, GetEnvironmentVariableW, LoadResource, SizeofResource, AllocConsole, GetTimeZoneInformation, FreeConsole, InterlockedDecrement, lstrlenW, LoadLibraryExW, LoadLibraryA, GetCurrentThreadId, OutputDebugStringA, GetModuleFileNameW, SetLastError, LoadLibraryW, GetCurrentThread, GetCurrentProcess, FreeLibrary, FindResourceExW, GetUserDefaultUILanguage, FindResourceW, CreateMutexW, InterlockedIncrement, Beep, GetConsoleTitleW, SetConsoleTitleW, GetModuleFileNameA, WriteFile, GetVersionExA, SetFilePointer, GetFileSize, InterlockedExchange, GetTickCount, GetLocalTime, ReleaseMutex, WaitForSingleObject, GetVersionExW, CloseHandle, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, GetLastError, RaiseException, MultiByteToWideChar, LocalFree, LocalAlloc, GetVersion, GetFileAttributesW, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetConsoleOutputCP, TlsAlloc, IsValidCodePage, WriteConsoleA
> USER32.dll: LoadImageW, OpenDesktopW, SetThreadDesktop, CloseDesktop, GetWindow, ReleaseCapture, GetSystemMetrics, ShowWindow, ClientToScreen, MoveWindow, MsgWaitForMultipleObjects, GetClientRect, GetWindowRect, GetParent, GetUserObjectSecurity, MapWindowPoints, IntersectRect, SetWindowPos, UpdateLayeredWindow, GetDC, ReleaseDC, GetAsyncKeyState, MessageBoxW, GetForegroundWindow, ReplyMessage, SystemParametersInfoW, FindWindowW, PostQuitMessage, CallWindowProcW, GetWindowLongW, GetCursorPos, SetTimer, LoadMenuW, GetSubMenu, DeleteMenu, AppendMenuW, SetMenuDefaultItem, TrackPopupMenu, DestroyMenu, IsWindow, GetClassNameW, GetWindowTextLengthW, GetWindowTextW, GetDesktopWindow, DefWindowProcW, PostThreadMessageW, LockWorkStation, KillTimer, PeekMessageW, GetMessageW, TranslateMessage, DispatchMessageW, CreateWindowExW, GetClassInfoExW, RegisterClassExW, SendMessageTimeoutW, LoadCursorW, GetWindowThreadProcessId, AttachThreadInput, SetForegroundWindow, GetMessageTime, GetDoubleClickTime, SetFocus, SendMessageW, SetWindowLongW, PostMessageW, GetPropW, BroadcastSystemMessageW, RegisterWindowMessageW, LoadStringW, DestroyWindow, CharNextW, wsprintfW, SetCapture, UnregisterClassA
> GDI32.dll: GetCurrentObject, SetStretchBltMode, CreateDIBSection, StretchBlt, BitBlt, GetObjectW, CreatePalette, DeleteObject, DeleteDC, CreateCompatibleDC, GdiFlush, SelectObject, SelectPalette, RealizePalette, GetDIBColorTable
> ADVAPI32.dll: ConvertStringSidToSidW, ImpersonateSelf, RevertToSelf, SetThreadToken, EqualSid, ReportEventW, GetSidLengthRequired, InitializeSid, GetTokenInformation, RegEnumKeyExW, RegQueryInfoKeyW, RegSetValueExW, RegCreateKeyExW, RegDeleteValueW, RegDeleteKeyW, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, CopySid, IsValidSid, GetSidSubAuthorityCount, GetSidSubAuthority, GetLengthSid, OpenThreadToken, OpenProcessToken, GetSecurityDescriptorLength, MakeSelfRelativeSD, InitializeSecurityDescriptor, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, MakeAbsoluteSD, GetSecurityDescriptorControl, GetAclInformation, InitializeAcl, AddAce, CloseEventLog, DeregisterEventSource, OpenEventLogW, RegOpenKeyExA, RegEnumKeyA, RegQueryValueExA, RegEnumValueA, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, LookupAccountNameW, GetUserNameW, LookupAccountSidW, SetSecurityInfo, ConvertStringSecurityDescriptorToSecurityDescriptorW, IsValidSecurityDescriptor, SetSecurityDescriptorSacl, AddAccessAllowedAceEx, IsValidAcl, GetAce, RegEnumValueW
> SHELL32.dll: Shell_NotifyIconW
> ole32.dll: CoInitialize, CLSIDFromString, StringFromCLSID, CoInitializeEx, CoUninitialize, CoTaskMemFree, CoCreateInstance, CoTaskMemRealloc, CoTaskMemAlloc, StringFromGUID2
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -

( 0 exports ) 
 





DpHostW.exe
File size: 299008 bytes 
MD5...: 876c4144ef6f1107c04a092ca03f89e0 
SHA1..: 8fbaf595c4c4d4bb4f1c107341c83547d8410359 
SHA256: b2dba77987d944622f8cdb48736e777f36ace647ec6cbc1c7f9babc900bc1a27 
SHA512: 80d89b720000c6484349b2c7de9cd4fb0e7123533fda4ec8dadd45c0abfc42e4
9f753c90914d5ace3239b24f95964bc108f874e3d21354cb73aae20c5843fb18 
PEiD..: - 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x42352a
timedatestamp.....: 0x46f2b5d1 (Thu Sep 20 18:02:57 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x32fae 0x33000 6.61 1621c882788a00d887f850691d5055fb
.rdata 0x34000 0x109e0 0x11000 4.54 afcee17ff5817d546f0b1dcdf2743340
.data 0x45000 0x3e80 0x3000 3.23 a74971c914da48cfc0d4e286a7df4706
.rsrc 0x49000 0x6bc 0x1000 4.02 c91f3c5126da906bfafd721e8066dc93

( 10 imports ) 
> WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -
> DNSAPI.dll: DnsQueryConfig
> RPCRT4.dll: RpcImpersonateClient, RpcRevertToSelf
> KERNEL32.dll: TlsAlloc, TlsGetValue, GetStartupInfoA, GetProcessHeap, GetCommandLineA, GetVersionExW, GetSystemTimeAsFileTime, GetCommandLineW, ExitProcess, WideCharToMultiByte, GetSystemDirectoryW, IsDebuggerPresent, LoadLibraryExW, FindResourceW, LoadResource, SizeofResource, SetLastError, CreateFileW, GetFileSize, GetComputerNameA, FormatMessageW, lstrlenA, GetCurrentProcess, GetModuleFileNameA, InterlockedExchange, CreateDirectoryW, FindFirstFileW, FindClose, lstrcmpiW, GetCurrentThread, SetFilePointer, GetCurrentThreadId, GetModuleFileNameW, GetModuleHandleW, TlsSetValue, CreateMutexW, GetLocalTime, WriteFile, ProcessIdToSessionId, GetVersionExA, GetCurrentProcessId, RaiseException, lstrlenW, MultiByteToWideChar, QueueUserWorkItem, InterlockedDecrement, InterlockedIncrement, CreateTimerQueueTimer, HeapReAlloc, CreateEventW, GetTickCount, Sleep, GetComputerNameExW, ResetEvent, WaitForSingleObject, SetEvent, CloseHandle, GetCPInfo, LoadLibraryW, FreeLibrary, LocalAlloc, GetLastError, LocalFree, DeleteTimerQueueTimer, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualQuery, GetSystemInfo, GetModuleHandleA, ReleaseMutex, TlsFree, LoadLibraryA, VirtualFree, GetConsoleMode, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, QueryPerformanceCounter, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, HeapSize, GetStdHandle, HeapCreate, HeapDestroy, VirtualAlloc, VirtualProtect, HeapFree, HeapAlloc, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, RtlUnwind, GetThreadLocale, GetLocaleInfoA, GetACP, GetOEMCP, LCMapStringA, LCMapStringW, GetProcAddress, GetConsoleCP
> USER32.dll: UnregisterClassA, CharNextW, CloseWindowStation, CloseDesktop, OpenWindowStationW, OpenDesktopW, MessageBoxW, LoadStringW, SetProcessWindowStation, SetThreadDesktop, GetMessageW, DispatchMessageW, PostThreadMessageW
> ADVAPI32.dll: ReportEventW, SetTokenInformation, CreatePrivateObjectSecurity, DestroyPrivateObjectSecurity, ImpersonateAnonymousToken, CryptCreateHash, CryptDeriveKey, CryptSetProvParam, CryptHashData, CryptDestroyHash, CryptEncrypt, MapGenericMask, GetSecurityDescriptorDacl, IsValidAcl, GetSecurityDescriptorSacl, SetSecurityDescriptorSacl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, IsValidSecurityDescriptor, LookupAccountSidW, ConvertStringSidToSidW, LookupAccountNameW, ConvertSidToStringSidW, GetUserNameW, CryptImportKey, CryptGetUserKey, CryptDecrypt, CryptDuplicateKey, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerExW, ControlService, DeleteService, CreateServiceW, ChangeServiceConfig2W, RegEnumKeyW, SetServiceStatus, SetSecurityInfo, GetSidSubAuthority, GetSidLengthRequired, InitializeSid, RegQueryInfoKeyW, RegDeleteValueW, SetSecurityDescriptorDacl, AdjustTokenPrivileges, OpenThreadToken, RegEnumKeyExW, CryptGetProvParam, CryptGenKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, InitializeAcl, AddAccessAllowedAceEx, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, OpenProcessToken, GetTokenInformation, ImpersonateSelf, RevertToSelf, SetThreadToken, LookupPrivilegeValueW, EqualSid, IsValidSid, GetLengthSid, CopySid, CloseEventLog, DeregisterEventSource, OpenEventLogW, RegOpenKeyExA, RegQueryValueExA, RegEnumKeyA, RegEnumValueW, RegSetValueExW, RegDeleteKeyW, OpenSCManagerW, OpenServiceW, QueryServiceConfigW, QueryServiceStatus, CloseServiceHandle, RegQueryValueExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey
> ole32.dll: CoSetProxyBlanket, CoCreateInstance, CoRevokeClassObject, StringFromCLSID, CoTaskMemFree, CoRegisterClassObject, StringFromGUID2, CoTaskMemAlloc, CoTaskMemRealloc, CoCreateGuid, CoUninitialize, CoFreeUnusedLibraries, CoInitializeSecurity, CoInitializeEx, CoRevertToSelf, CoImpersonateClient, CLSIDFromString, CoDisconnectObject, OleRun
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -
> NETAPI32.dll: NetApiBufferFree, NetUserGetInfo
> CRYPT32.dll: CryptEncodeObject, CryptVerifyCertificateSignature, CryptExportPublicKeyInfo, CryptSignCertificate, CryptDecodeObject

( 0 exports )

sKe69 · Answer

Il manque la première partie sur les deux rapports ( très important ... ) ; peux-tu les reposter complets svp ...

microbus33 · Answer

j'ai le meme virus j'en suis au meme moment du programme de désinféction ;) mais j'ai toujour le virus !!!!!

rem71 · Answer

Fichier DpHostW.exe_ reçu le 2008.07.09 20:26:05 (CET)
Situation actuelle: terminé 

Résultat: 0/33 (0.00%)
 Formaté Impression des résultats  
Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 2008.7.10.0 2008.07.09 - 
AntiVir 7.8.0.64 2008.07.09 - 
Authentium 5.1.0.4 2008.07.08 - 
Avast 4.8.1195.0 2008.07.09 - 
AVG 7.5.0.516 2008.07.09 - 
BitDefender 7.2 2008.07.09 - 
CAT-QuickHeal 9.50 2008.07.09 - 
ClamAV 0.93.1 2008.07.09 - 
DrWeb 4.44.0.09170 2008.07.09 - 
eSafe 7.0.17.0 2008.07.08 - 
eTrust-Vet 31.6.5940 2008.07.09 - 
Ewido 4.0 2008.07.09 - 
F-Prot 4.4.4.56 2008.07.08 - 
F-Secure 7.60.13501.0 2008.07.08 - 
Fortinet 3.14.0.0 2008.07.09 - 
GData 2.0.7306.1023 2008.07.09 - 
Ikarus T3.1.1.26.0 2008.07.09 - 
Kaspersky 7.0.0.125 2008.07.09 - 
McAfee 5335 2008.07.09 - 
Microsoft 1.3704 2008.07.09 - 
NOD32v2 3255 2008.07.09 - 
Norman 5.80.02 2008.07.09 - 
Panda 9.0.0.4 2008.07.09 - 
Prevx1 V2 2008.07.09 - 
Rising 20.52.22.00 2008.07.09 - 
Sophos 4.31.0 2008.07.09 - 
Sunbelt 3.1.1509.1 2008.07.04 - 
Symantec 10 2008.07.09 - 
TheHacker 6.2.96.374 2008.07.07 - 
TrendMicro 8.700.0.1004 2008.07.09 - 
VBA32 3.12.6.8 2008.07.08 - 
VirusBuster 4.5.11.0 2008.07.09 - 
Webwasher-Gateway 6.6.2 2008.07.09 - 
Information additionnelle 
File size: 299008 bytes 
MD5...: 876c4144ef6f1107c04a092ca03f89e0 
SHA1..: 8fbaf595c4c4d4bb4f1c107341c83547d8410359 
SHA256: b2dba77987d944622f8cdb48736e777f36ace647ec6cbc1c7f9babc900bc1a27 
SHA512: 80d89b720000c6484349b2c7de9cd4fb0e7123533fda4ec8dadd45c0abfc42e4
9f753c90914d5ace3239b24f95964bc108f874e3d21354cb73aae20c5843fb18 
PEiD..: - 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x42352a
timedatestamp.....: 0x46f2b5d1 (Thu Sep 20 18:02:57 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x32fae 0x33000 6.61 1621c882788a00d887f850691d5055fb
.rdata 0x34000 0x109e0 0x11000 4.54 afcee17ff5817d546f0b1dcdf2743340
.data 0x45000 0x3e80 0x3000 3.23 a74971c914da48cfc0d4e286a7df4706
.rsrc 0x49000 0x6bc 0x1000 4.02 c91f3c5126da906bfafd721e8066dc93

( 10 imports ) 
> WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -
> DNSAPI.dll: DnsQueryConfig
> RPCRT4.dll: RpcImpersonateClient, RpcRevertToSelf
> KERNEL32.dll: TlsAlloc, TlsGetValue, GetStartupInfoA, GetProcessHeap, GetCommandLineA, GetVersionExW, GetSystemTimeAsFileTime, GetCommandLineW, ExitProcess, WideCharToMultiByte, GetSystemDirectoryW, IsDebuggerPresent, LoadLibraryExW, FindResourceW, LoadResource, SizeofResource, SetLastError, CreateFileW, GetFileSize, GetComputerNameA, FormatMessageW, lstrlenA, GetCurrentProcess, GetModuleFileNameA, InterlockedExchange, CreateDirectoryW, FindFirstFileW, FindClose, lstrcmpiW, GetCurrentThread, SetFilePointer, GetCurrentThreadId, GetModuleFileNameW, GetModuleHandleW, TlsSetValue, CreateMutexW, GetLocalTime, WriteFile, ProcessIdToSessionId, GetVersionExA, GetCurrentProcessId, RaiseException, lstrlenW, MultiByteToWideChar, QueueUserWorkItem, InterlockedDecrement, InterlockedIncrement, CreateTimerQueueTimer, HeapReAlloc, CreateEventW, GetTickCount, Sleep, GetComputerNameExW, ResetEvent, WaitForSingleObject, SetEvent, CloseHandle, GetCPInfo, LoadLibraryW, FreeLibrary, LocalAlloc, GetLastError, LocalFree, DeleteTimerQueueTimer, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualQuery, GetSystemInfo, GetModuleHandleA, ReleaseMutex, TlsFree, LoadLibraryA, VirtualFree, GetConsoleMode, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, QueryPerformanceCounter, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, HeapSize, GetStdHandle, HeapCreate, HeapDestroy, VirtualAlloc, VirtualProtect, HeapFree, HeapAlloc, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, RtlUnwind, GetThreadLocale, GetLocaleInfoA, GetACP, GetOEMCP, LCMapStringA, LCMapStringW, GetProcAddress, GetConsoleCP
> USER32.dll: UnregisterClassA, CharNextW, CloseWindowStation, CloseDesktop, OpenWindowStationW, OpenDesktopW, MessageBoxW, LoadStringW, SetProcessWindowStation, SetThreadDesktop, GetMessageW, DispatchMessageW, PostThreadMessageW
> ADVAPI32.dll: ReportEventW, SetTokenInformation, CreatePrivateObjectSecurity, DestroyPrivateObjectSecurity, ImpersonateAnonymousToken, CryptCreateHash, CryptDeriveKey, CryptSetProvParam, CryptHashData, CryptDestroyHash, CryptEncrypt, MapGenericMask, GetSecurityDescriptorDacl, IsValidAcl, GetSecurityDescriptorSacl, SetSecurityDescriptorSacl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, IsValidSecurityDescriptor, LookupAccountSidW, ConvertStringSidToSidW, LookupAccountNameW, ConvertSidToStringSidW, GetUserNameW, CryptImportKey, CryptGetUserKey, CryptDecrypt, CryptDuplicateKey, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerExW, ControlService, DeleteService, CreateServiceW, ChangeServiceConfig2W, RegEnumKeyW, SetServiceStatus, SetSecurityInfo, GetSidSubAuthority, GetSidLengthRequired, InitializeSid, RegQueryInfoKeyW, RegDeleteValueW, SetSecurityDescriptorDacl, AdjustTokenPrivileges, OpenThreadToken, RegEnumKeyExW, CryptGetProvParam, CryptGenKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, InitializeAcl, AddAccessAllowedAceEx, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, OpenProcessToken, GetTokenInformation, ImpersonateSelf, RevertToSelf, SetThreadToken, LookupPrivilegeValueW, EqualSid, IsValidSid, GetLengthSid, CopySid, CloseEventLog, DeregisterEventSource, OpenEventLogW, RegOpenKeyExA, RegQueryValueExA, RegEnumKeyA, RegEnumValueW, RegSetValueExW, RegDeleteKeyW, OpenSCManagerW, OpenServiceW, QueryServiceConfigW, QueryServiceStatus, CloseServiceHandle, RegQueryValueExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey
> ole32.dll: CoSetProxyBlanket, CoCreateInstance, CoRevokeClassObject, StringFromCLSID, CoTaskMemFree, CoRegisterClassObject, StringFromGUID2, CoTaskMemAlloc, CoTaskMemRealloc, CoCreateGuid, CoUninitialize, CoFreeUnusedLibraries, CoInitializeSecurity, CoInitializeEx, CoRevertToSelf, CoImpersonateClient, CLSIDFromString, CoDisconnectObject, OleRun
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -
> NETAPI32.dll: NetApiBufferFree, NetUserGetInfo
> CRYPT32.dll: CryptEncodeObject, CryptVerifyCertificateSignature, CryptExportPublicKeyInfo, CryptSignCertificate, CryptDecodeObject

( 0 exports ) 
 
Fichier dpagent.exe_ reçu le 2008.07.09 20:21:47 (CET)
Situation actuelle: terminé 

Résultat: 0/33 (0.00%)
 Formaté Impression des résultats  
Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 2008.7.10.0 2008.07.09 - 
AntiVir 7.8.0.64 2008.07.09 - 
Authentium 5.1.0.4 2008.07.08 - 
Avast 4.8.1195.0 2008.07.09 - 
AVG 7.5.0.516 2008.07.09 - 
BitDefender 7.2 2008.07.09 - 
CAT-QuickHeal 9.50 2008.07.09 - 
ClamAV 0.93.1 2008.07.09 - 
DrWeb 4.44.0.09170 2008.07.09 - 
eSafe 7.0.17.0 2008.07.08 - 
eTrust-Vet 31.6.5940 2008.07.09 - 
Ewido 4.0 2008.07.09 - 
F-Prot 4.4.4.56 2008.07.08 - 
F-Secure 7.60.13501.0 2008.07.08 - 
Fortinet 3.14.0.0 2008.07.09 - 
GData 2.0.7306.1023 2008.07.09 - 
Ikarus T3.1.1.26.0 2008.07.09 - 
Kaspersky 7.0.0.125 2008.07.09 - 
McAfee 5335 2008.07.09 - 
Microsoft 1.3704 2008.07.09 - 
NOD32v2 3255 2008.07.09 - 
Norman 5.80.02 2008.07.09 - 
Panda 9.0.0.4 2008.07.09 - 
Prevx1 V2 2008.07.09 - 
Rising 20.52.22.00 2008.07.09 - 
Sophos 4.31.0 2008.07.09 - 
Sunbelt 3.1.1509.1 2008.07.04 - 
Symantec 10 2008.07.09 - 
TheHacker 6.2.96.374 2008.07.07 - 
TrendMicro 8.700.0.1004 2008.07.09 - 
VBA32 3.12.6.8 2008.07.08 - 
VirusBuster 4.5.11.0 2008.07.09 - 
Webwasher-Gateway 6.6.2 2008.07.09 - 
Information additionnelle 
File size: 671744 bytes 
MD5...: 09dc37198c663e9c4415f9251730ccdd 
SHA1..: 8ceb831854a532a372e27e8cc535700987d951e0 
SHA256: 806b5c0e4a4d2899720407dc5b6798e564bb2807af17176acb671f8a1a20801b 
SHA512: 791cbab69b403120f04040a9cbd150cd100f769f70a3798cd43f5e7c11f4c3cb
877b3e156c7f66ce6c4d0a2fd5702fc30b340c790eaee834c884bc3b8d91945d 
PEiD..: - 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x43c745
timedatestamp.....: 0x46f2b7ef (Thu Sep 20 18:11:59 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x581bb 0x59000 6.51 44b914a6655182dcd04aa0691efc7fdd
.rdata 0x5a000 0x138e6 0x14000 4.51 44386f9b0a14ac25525329412e54ba5e
.data 0x6e000 0x58a4 0x3000 3.71 7e2b223cf95d8488ff2fd1858411d8b5
.rsrc 0x74000 0x32884 0x33000 5.83 81e493d3c6b2741a308d339f06a0ef22

( 8 imports ) 
> Secur32.dll: GetUserNameExW
> KERNEL32.dll: FindClose, FindNextFileW, FindFirstFileW, OpenMutexW, SetConsoleTextAttribute, GetCurrentProcessId, CreateDirectoryW, GlobalAddAtomW, OpenFileMappingW, SetEvent, CreateEventW, UnregisterWait, FlushInstructionCache, DeleteTimerQueueTimer, ResetEvent, CreateTimerQueueTimer, Sleep, OpenThread, TerminateThread, RegisterWaitForSingleObject, DeleteFileW, CreateProcessW, WaitForMultipleObjects, lstrcpynW, lstrcpyW, IsValidLocale, EnumSystemLocalesA, GetUserDefaultLCID, QueryPerformanceCounter, GetCommandLineW, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, GetOEMCP, TlsFree, TlsSetValue, CreateConsoleScreenBuffer, TlsGetValue, GetStdHandle, ExitProcess, HeapCreate, MoveFileExW, GetStringTypeW, GetStringTypeA, GetCPInfo, LCMapStringW, LCMapStringA, GetStartupInfoW, CreateThread, ExitThread, VirtualQuery, GetSystemInfo, VirtualProtect, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, RtlUnwind, GetSystemTimeAsFileTime, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, InterlockedCompareExchange, GetProcessHeap, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, HeapDestroy, GetThreadLocale, GetLocaleInfoA, GetACP, ReadFile, CompareStringA, CompareStringW, SetEnvironmentVariableA, SetConsoleActiveScreenBuffer, GetConsoleScreenBufferInfo, SetConsoleScreenBufferSize, SetConsoleCtrlHandler, FormatMessageW, lstrlenA, WriteConsoleW, GetComputerNameA, CreateFileW, lstrcmpiW, GetConsoleCP, GetConsoleMode, GetLocaleInfoW, SetStdHandle, FlushFileBuffers, GetShortPathNameW, GetWindowsDirectoryA, CreateFileA, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, SetEndOfFile, WideCharToMultiByte, LockResource, FreeResource, GetEnvironmentVariableW, LoadResource, SizeofResource, AllocConsole, GetTimeZoneInformation, FreeConsole, InterlockedDecrement, lstrlenW, LoadLibraryExW, LoadLibraryA, GetCurrentThreadId, OutputDebugStringA, GetModuleFileNameW, SetLastError, LoadLibraryW, GetCurrentThread, GetCurrentProcess, FreeLibrary, FindResourceExW, GetUserDefaultUILanguage, FindResourceW, CreateMutexW, InterlockedIncrement, Beep, GetConsoleTitleW, SetConsoleTitleW, GetModuleFileNameA, WriteFile, GetVersionExA, SetFilePointer, GetFileSize, InterlockedExchange, GetTickCount, GetLocalTime, ReleaseMutex, WaitForSingleObject, GetVersionExW, CloseHandle, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, GetLastError, RaiseException, MultiByteToWideChar, LocalFree, LocalAlloc, GetVersion, GetFileAttributesW, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetConsoleOutputCP, TlsAlloc, IsValidCodePage, WriteConsoleA
> USER32.dll: LoadImageW, OpenDesktopW, SetThreadDesktop, CloseDesktop, GetWindow, ReleaseCapture, GetSystemMetrics, ShowWindow, ClientToScreen, MoveWindow, MsgWaitForMultipleObjects, GetClientRect, GetWindowRect, GetParent, GetUserObjectSecurity, MapWindowPoints, IntersectRect, SetWindowPos, UpdateLayeredWindow, GetDC, ReleaseDC, GetAsyncKeyState, MessageBoxW, GetForegroundWindow, ReplyMessage, SystemParametersInfoW, FindWindowW, PostQuitMessage, CallWindowProcW, GetWindowLongW, GetCursorPos, SetTimer, LoadMenuW, GetSubMenu, DeleteMenu, AppendMenuW, SetMenuDefaultItem, TrackPopupMenu, DestroyMenu, IsWindow, GetClassNameW, GetWindowTextLengthW, GetWindowTextW, GetDesktopWindow, DefWindowProcW, PostThreadMessageW, LockWorkStation, KillTimer, PeekMessageW, GetMessageW, TranslateMessage, DispatchMessageW, CreateWindowExW, GetClassInfoExW, RegisterClassExW, SendMessageTimeoutW, LoadCursorW, GetWindowThreadProcessId, AttachThreadInput, SetForegroundWindow, GetMessageTime, GetDoubleClickTime, SetFocus, SendMessageW, SetWindowLongW, PostMessageW, GetPropW, BroadcastSystemMessageW, RegisterWindowMessageW, LoadStringW, DestroyWindow, CharNextW, wsprintfW, SetCapture, UnregisterClassA
> GDI32.dll: GetCurrentObject, SetStretchBltMode, CreateDIBSection, StretchBlt, BitBlt, GetObjectW, CreatePalette, DeleteObject, DeleteDC, CreateCompatibleDC, GdiFlush, SelectObject, SelectPalette, RealizePalette, GetDIBColorTable
> ADVAPI32.dll: ConvertStringSidToSidW, ImpersonateSelf, RevertToSelf, SetThreadToken, EqualSid, ReportEventW, GetSidLengthRequired, InitializeSid, GetTokenInformation, RegEnumKeyExW, RegQueryInfoKeyW, RegSetValueExW, RegCreateKeyExW, RegDeleteValueW, RegDeleteKeyW, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, CopySid, IsValidSid, GetSidSubAuthorityCount, GetSidSubAuthority, GetLengthSid, OpenThreadToken, OpenProcessToken, GetSecurityDescriptorLength, MakeSelfRelativeSD, InitializeSecurityDescriptor, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, MakeAbsoluteSD, GetSecurityDescriptorControl, GetAclInformation, InitializeAcl, AddAce, CloseEventLog, DeregisterEventSource, OpenEventLogW, RegOpenKeyExA, RegEnumKeyA, RegQueryValueExA, RegEnumValueA, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, LookupAccountNameW, GetUserNameW, LookupAccountSidW, SetSecurityInfo, ConvertStringSecurityDescriptorToSecurityDescriptorW, IsValidSecurityDescriptor, SetSecurityDescriptorSacl, AddAccessAllowedAceEx, IsValidAcl, GetAce, RegEnumValueW
> SHELL32.dll: Shell_NotifyIconW
> ole32.dll: CoInitialize, CLSIDFromString, StringFromCLSID, CoInitializeEx, CoUninitialize, CoTaskMemFree, CoCreateInstance, CoTaskMemRealloc, CoTaskMemAlloc, StringFromGUID2
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -

( 0 exports )

microbus33 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:37, on 09/07/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINNT\system32egsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ManyCam 2.1\ManyCam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Wireless LAN Utility\SiSCFG.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.250:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.1\ManyCam.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32
wprovau.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://birdieboutique.viewnetcam.com:87/kxhcm10.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msoclip1/01/clip_image002.gif

rem71 · Answer

slt 
attend une 10 ene de mins pour la suite 

ou cree un forum pour de plus enple information 

j'attent une reponce de zeb69

car je suis un naz en info 


@+

sKe69 · Answer

Rem71 ,

Ok très bien ... rien de malicieux de ce côté ... ^^

1- Fermes toutes tes applications et déconnectes toi .

Relances Hijackthis mais click sur " Do a scan only " 
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide . 
Tu vas cliquer sur les carrés des lignes suivantes : 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab 

Tu cliques en bas sur le bouton FIX CHECKED et valides .

2- Télécharge DiagHelp.zip sur ton bureau :

http://www.malekal.com/download/DiagHelp.zip

!! déconnectes toi et fermes toutes tes applications en cours !!  

Fais un clic droit sur le fichier et extraire tout .

--> Un nouveau dossier va être créé : "DiagHelp"  
Ouvres le et double-clic sur go.cmd et pas sur autre chose ! (le .cmd peut ne pas apparaître )
 
--> Une fenêtre va s'ouvrir, choisis l'option 1 
L'analyse va commencer, ce-ci peut durer quelques minutes, laisses faire et appuies sur une touche quand on te le demandera : 
une page IE va s'ouvrir , fermes la . 
Re-appuis sur une touche, le bloc-note s'ouvre : 
Sauvegardes ce rapport de façon à le retrouver et postes tout son contenu dans ta prochaine réponse ...

rem71 · Answer

slt ske 69 

ton denier truc marche pa s*


@+

rem71 · Answer

qd je fait go

et option 1 

il me dit acces refuser *
erreur 52 et  75

comment faire 

merci

rem71 · Answer

ca marque ca


Lancement de chercher...

DiagHelp option 1.
------------------

DiagHelp analyse votre ordinateur pour determiner les elements presents et
detecter la presence d'elements nefastes.
A l'issu du scan, un rapport sera genere, vous devez copier/coller le contenu
sur le forum d'aide.

Le scan se fait en plusieurs parties, a la fin du scan, des fichiers infectieux
peuvent etre collectes et envoyer pour analyse.
Si ces elements sont mal detectes, ils seront envoyes aux editeurs d'antiviris.
Ceci peut prendre PLUSIEURS MINUTES, merci d'attendre jusqu'au bout.


Pour commencer le scan..
Appuyez sur une touche pour continuer...
Accès refusé.
Accès refusé.

Accès refusé.
Accès refusé.
Liste les derniers fichiers des repertoires Windows...
Accès refusé.
Le fichier spécifié est introuvable.


et c'est tout

@+

Win32:Trojan-gen.

17 réponses

Discussions similaires

Newsletters