Paraiso

Merci Pear, Je vous enverrais les différents rapports demain. Bonne soirée.

Bonsoir, Je vous envoie ci-joint le rapport hijackthis de l'ordinateur de travail de ma femme qui est infecté afin de bénéficier de votre aide pour sa désinfection. Je précise que cet ordinateur n'est pas connecté directement à internet mais que certains de ses collègues viennent avec des clés USB ou des disques durs externes pour y travailler. Merci de votre aide. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:53:36, on 22/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\AvidSDMService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe C:\DOCUME~1\MONTAG~1\LOCALS~1\Temp\EACDownload\wc_bundle_ng.exe C:\Program Files\AWS\MiniBug\minibug.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\Prolific\One Button\OneBtn.exe C:\Program Files\HP DVD\Umbrella\DVDTray.exe C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\Documents and Settings\MontageAVID\Bureau\HiJackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\MontageAVID\Application Data\U3\00001770C961622F\LaunchPad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=4679596257990922620940451303:1319 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL F2 - REG:system.ini: UserInit=Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Eac_Rvndl] C:\DOCUME~1\MONTAG~1\LOCALS~1\Temp\EACDownload\wc_bundle_ng.exe audiogalaxy O4 - HKLM\..\Run: [Tray Temperature] C:\Program Files\AWS\MiniBug\minibug.exe 1 O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [Prolific_OneButton] C:\Program Files\Prolific\One Button\OneBtn.exe O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI O4 - HKLM\..\Run: [bron-Spizaetus-cnirkvpy] "C:\WINDOWS\ShellNew\bbm-ypvkrinc.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [system12] C:\WINDOWS\system32\ne0kS.exe O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\uvPL.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [Tok-Cirrhatus-3708] "C:\Documents and Settings\MontageAVID\Local Settings\Application Data\br8439on.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [i just want to say I love Milko and I need a drink] C:\Documents and Settings\MontageAVID\Local Settings\Application Data\svchost.exe O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing) O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing) O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Senvisn5an - Rainbow Technologies, Inc. - (no file) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 10930 bytes

Bonjour, J'ai mis Java à jour et j'ai aussi choisi l'option de désactiver totalement spyware doctoc. En tout cas ma machine fonctionne bien actuellement et je vous remercie de m'avoir consacré un peu de votre temps. Bonne continuation à toute l'équipe de sécurité de Zebulon.

Ok, il serait mieux que je désinstalle spyware doctor?

Bonjour Pear, Ma machine se comporte mieux qu'avant même si je note parfois un certain ralentissement quand j'essaie d'ouvrir d'autres fenêtres : c'est comme si la machine se fige, je clique en vain, et ça peut durer des minutes. A toutes fins utiles je t'envoie ci-dessous un nouveau rapport hijackthis pour vérification. Un petit coucou à tes petits enfants, c'est normal qu'ils profitent de leur papi. Je vous informe aussi que j'ai voulu faire un scan en ligne le mardi avec kaspersky mais une coupure d'électricité à mis fin à cette analyse (eh oui! j'habite dans un pays sous-developpé). Merci et à bientôt. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:55 , on 17/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\System32\msdtc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\iOpus\AC-Plug\acplug.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe O1 - Hosts: 91.121.188.81 forum.zebulon.fr O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: 42 AC Plug.lnk = C:\Program Files\iOpus\AC-Plug\acplug.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://onecare.live.com O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166607385045 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...016/mcfscan.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15034/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 8500 bytes

Bonsoir Pear, Je suis toujours sans nouvelles de vous bien que j'ai posté le rapport de eScan depuis le jeudi 10 juillet 2008. Je voudrais savoir si la désinfection de ma machine est terminée où bien il y'a d'autres procédures à effectuer. Merci de me répondre afin de faire cesser mon inquiétude.

Bonjour Pear, J'ai posté le rapport de eScan Antivirus Toolkit et je suis dans l'attente de votre de votre réaction. J'espère que votre emploi de temps vous permettra d'y jeter un coup d'oeil afin de me permettre de désynfecter totalement ma machine et de regouter au plaisir de naviguer sans lenteur excessive. Merci et à bientôt.

Bonjour, Je vous envoie ci-dessous le rapport généré par eScan Antivirus Toolkit après avoir suivi la procédure indiquée dans votre réponse. Merci encore de me consacrer un bout de votre temps. File C:\Documents and Settings\utilisateur\Bureau\Navilog1.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\Documents and Settings\utilisateur\Bureau\SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{0EE0B20D-BEF6-48A1-8D41-A8DA85477055} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{14555A7F-E703-40C7-BB32-800E56A73B4A} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{17F99835-23BD-4F19-BD92-7975CC0EAE56} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{1ECB7441-C023-4930-8C84-AB4C92D74E60} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{31835A87-AAC1-4E28-B9B5-1CBDC57C494E} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{352F90B6-844F-4C27-AEBF-94E98F134ADA} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{376EA8B0-9B74-4BF5-9655-89D92DB90B94} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{41B95297-DD5B-4142-A6CD-2138D68C48EA} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{43C08898-B61C-40CC-9099-DABFA79B4D26} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{4757BACD-4287-47D8-946E-11B7F23A3150} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{4BF82E14-F6D6-4892-86CC-631342535DD0} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{545B8A35-5CC0-4523-A520-DC5962F2C7D9} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{583D241D-3B0D-4F73-B1DE-FBCD345B331F} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{593D3855-0E15-4104-A67B-C53F9667BB26} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5E3A6A2F-083C-4CB8-ADBB-C02C9DD6D1FA} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5F3C7B59-30B7-4C86-B505-6AA98DE7D13D} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{60BC7A50-4A0A-4BF2-AA4B-4D4C7EE42ADE} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{681F64A4-E349-45AF-8AC2-619CEB5A790B} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{6973F18B-2386-417A-A37E-37EB1865905C} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{73979AF8-DD2D-4578-8856-A37DCB83AA95} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{75B1C2F6-9126-4CE2-B670-6E4BB75DFAB8} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{79F30CED-472D-4212-9FAA-1D683E447E7A} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{7BC50796-6F57-4451-A507-EB69452463A6} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{7E5A0050-6115-439C-AC16-A0E57BA89446} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{8D190C1D-74A6-4057-8B5C-F5020A85DEAD} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{8FD9BC6B-F9D2-4443-9432-C5EFDA223A7C} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{92A6671D-2E52-48D7-A813-2310BE0A8CC1} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{952CAAF2-4088-4398-8B76-EDB994BB3C92} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{96061BA4-DD51-41BB-931F-687437AD3598} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{96ACE470-62F5-44EE-B8E0-722F6B71C3FA} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{99D73214-49D3-488A-9E89-9B1D87703B72} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{A50E83E9-7EFA-4FA5-8BEF-7C2791BD4F21} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{A538235A-36AA-4DF8-A3E4-EAA6999D2CB9} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{AB3B2023-91D4-46ED-A49A-5C0597A6D24C} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{B2A88945-5E48-4807-BD59-C585B7F0AEF5} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{B4919275-8F81-44CE-B683-7748ABFDE673} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{BA6789CE-C420-4E8A-83F6-C81860597C61} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{C21297FF-AF50-4604-8D05-80D4D21A5270} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{C5BB3088-19C6-4467-AD29-DD9A0EE5418C} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{C7BE1281-5F71-40ED-A30F-7818466961DF} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{C8A99556-D90E-49A4-9964-39DB04768F12} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CA899CCE-FE10-4A12-A9DE-5FCF4739902E} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CD41DA4B-8B46-4FE2-88F3-C840F5761280} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CD8AE063-426B-4EE3-A0BC-46816D7F8BCF} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D04740D0-0E02-44CF-BF3A-C34DBC664F41} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D5E9C705-7818-48B5-BB34-5AD7C4A17A05} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D893A230-4D3E-4A1C-9DDB-3951F59CF24D} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{E186EC2F-5A4E-4F2C-993E-5B7D9D194939} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{E6827976-2A20-4136-B8B3-BC65ED885048} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{E8723A9E-76B5-4D43-BD1A-839295CEC20B} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{EBB8B9BA-8DC6-4C3F-B0A6-7108BEA3D5B1} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{EBF3816A-3356-4FC1-AAE3-6F5E34FEC8C5} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{EBF3AA35-7CDF-4EC9-9719-F845F5B7C18C} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{EFE19A2C-89CF-4A59-8485-73863C7EB972} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{FA08E533-3041-4435-9293-C829B5C4D0BD} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{FA67A710-18CF-47FB-B7A6-4C3EF903DA93} infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\WINDOWS\system32\drivers\etc\hosts.20060921-195116.backup infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted. File C:\WINDOWS\system32\drivers\etc\hosts.20060921-195117.backup infected by "Trojan.Win32.Qhost.gv" Virus. Action Taken: File Deleted.

Bonjour, Après avoir suivi la procédure indiquée, je vous envoi ci-dessous le rapport de SDFix comme vous m'avez demandé. SDFix: Version 1.204 Run by utilisateur on 09/07/2008 at 12:11 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-09 12:37:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE" "C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)" "C:\\PROGRAM FILES\\LIVESTATION\\1.0.73.1\\LIVESTATION.EXE"="C:\\Program Files\\Livestation\\1.0.73.1\\Livestation.exe" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"="C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe:*:Enabled:Apache HTTP Server" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\PROGRAM FILES\\LIVESTATION\\1.0.73.1\\LIVESTATION.EXE"="C:\\Program Files\\Livestation\\1.0.73.1\\Livestation.exe" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : Files with Hidden Attributes : Fri 22 Sep 2006 45,120 ..SHR --- "C:\WINDOWS\j6429422.exe" Fri 22 Sep 2006 45,120 ..SHR --- "C:\WINDOWS\o4429427.exe" Fri 22 Sep 2006 45,120 ..SHR --- "C:\WINDOWS\_default42942.pif" Mon 12 May 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe" Fri 22 Sep 2006 45,120 ..SHR --- "C:\WINDOWS\system32\s8523\zh592035884y.exe" Sat 19 Aug 2006 45,120 ..SHR --- "C:\Documents and Settings\Invit‚\Local Settings\Application Data\smss.exe" Fri 22 Sep 2006 45,120 ..SHR --- "C:\Documents and Settings\utilisateur\Local Settings\Application Data\dv6203580x\yesbron.com" Finished!

Bonjour, Je vous soumets ci-joint le rapport hijackthis de mon ordinateur de bureau qui est devenu trop lent depuis un certain temps. Merci aux bonnes volontés présentes sur ce site qui apportent leurs contributions aux novices en informatique comme moi. Paraiso Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:48 , on 08/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32\alg.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\msdtc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\iOpus\AC-Plug\acplug.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Program Files\DAP\DAP.exe C:\Program Files\Creative\MediaSource5\CTCMSu.exe C:\Program Files\Creative\MediaSource5\CtDetctu.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell= F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: 42 AC Plug.lnk = C:\Program Files\iOpus\AC-Plug\acplug.exe O4 - Global Startup: AutorunsDisabled O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://onecare.live.com O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166607385045 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...016/mcfscan.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15034/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 9896 bytes