sebast1180

Bonjour, Pendant environ 4 minutes, iexplore.exe s'éxécute automatiquement au démarrage de windows XP. Il prend le reste de la disponibilité en cpu. J'ai fait tourné antivir et spybot : rien n'a été trouvé. Voici le hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:08:04, on 28/03/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\RunDLL32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\taskmgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\LVComsX.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Documents and Settings\Jean-Louis\Bureau\HiJackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [info sect setup online] C:\Documents and Settings\All Users\Application Data\ABOUT TEAM INFO SECT\tick store.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe -- End of file - 5605 bytes

J'ai l'impression que mon PC est bien plus rapide au démarrage et pendant l'utilisation ! Merci pour votre service. il y a toujours ShopperReports qui veut charger une dll qui n'existe plus... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:57:40, on 16/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM') O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Global Startup: Raccourci vers OptT3STA.exe.lnk = C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} - O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) - O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5657 bytes

résultat blanc avec btfix. et voici Hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:41:45, on 29/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Windows Live\Contrôle parental\fssui.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ESTsoft\ALZip\ALZip.exe C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\_AZTMP1_\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [seaMonkey Quick Launch] "C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM') O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Global Startup: Raccourci vers OptT3STA.exe.lnk = C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} - O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) - O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6524 bytes

voilà voilà : (pour emule, c'est pas moi qui l'utilise...est-ce qu'il y a des p2p safe?) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:43:16, on 27/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe C:\Program Files\Windows Live\Contrôle parental\fssui.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe C:\Program Files\ESTsoft\ALZip\ALZip.exe C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\_AZTMP1_\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM') O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Global Startup: Raccourci vers OptT3STA.exe.lnk = C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6032 bytes

Voici le rapport de Kaspersky en ligne : ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, February 26, 2008 9:52:25 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 26/02/2008 Kaspersky Anti-Virus database records: 582103 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan Statistics: Total number of scanned objects: 95636 Number of viruses found: 4 Number of infected objects: 12 Number of suspicious objects: 0 Duration of the scan process: 01:48:18 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\HP_Propriétaire\Cookies\index.dat Object is locked skipped C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\HP_Propriétaire\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\HP_Propriétaire\Local Settings\Historique\History.IE5\MSHist012008022620080227\index.dat Object is locked skipped C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\HP_Propriétaire\NTUSER.DAT Object is locked skipped C:\Documents and Settings\HP_Propriétaire\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Program Files\Secured eMule\SecuredEmule_new08.exe Infected: not-a-virus:AdWare.Win32.Shopper.r skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP218\A0077244.dll Infected: not-a-virus:AdWare.Win32.Lop.bo skipped C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP221\A0078402.dll Infected: not-a-virus:AdWare.Win32.Shopper.q skipped C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP239\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{88B121AF-AFA0-484A-919D-7585DE29A63C}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_5b0.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\vnc-4_1_2-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped D:\vnc-4_1_2-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped D:\vnc-4_1_2-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped D:\vnc-4_1_2-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped D:\vnc-4_1_2-x86_win32.exe Inno: infected - 4 skipped Scan process completed.

Je garde avast pour savoir que j'envoi toujours des spams. voici les rapports : - le rapport de OtMoveIt2 C:\WINDOWS\System32\ixfppizmxf.exe moved successfully. C:\WINDOWS\System32\exmewtgsxiej.exe moved successfully. C:\Program Files\AdwareAlert moved successfully. File/Folder C:\Program Files\ShoppingReport not found. [Custom Input] < EmptyTemp > File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\JETB28.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\JETEC2.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\JETED2.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5a8.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. OTMoveIt2 v1.0.20 log created on 02252008_193015 - le rapport de SDFix SDFix: Version 1.146 Run by Administrateur on lun. 25/02/2008 at 20:55 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Name: ekeeymid1z5 Path: C:\WINDOWS\system32\exmewtgsxiej.exe /service ekeeymid1z5 - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-25 21:01:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{383A68CA-7FE4-1D9B-4B47-F4E182A11604}] "fahggkoifamo"=hex:66,61,66,6a,64,6e,6d,67,6b,62,63,63,00,00 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 209 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Disabled:AOL France" "C:\\Program Files\\Codemasters\\DiRT Demo\\DiRTDemo.exe"="C:\\Program Files\\Codemasters\\DiRT Demo\\DiRTDemo.exe:*:Disabled:DiRT Demo Executable" "C:\\Program Files\\filezilla\\FileZilla-3.0.5.2\\filezilla.exe"="C:\\Program Files\\filezilla\\FileZilla-3.0.5.2\\filezilla.exe:*:Disabled:FileZilla FTP Client" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes" "C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Disabled:Logiciel de transfert de fichiers" "C:\\Program Files\\Net2Phone CommCenter\\CommCtr.exe"="C:\\Program Files\\Net2Phone CommCenter\\CommCtr.exe:*:Disabled:Net2Phone CommCenter Client GUI Module" "E:\\SetupUtil.exe"="E:\\SetupUtil.exe:*:Disabled:SetupUtil" "C:\\Documents and Settings\\HP_Propri‚taire\\Mes documents\\SetupUtil.exe"="C:\\Documents and Settings\\HP_Propri‚taire\\Mes documents\\SetupUtil.exe:*:Disabled:SetupUtil" "C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Disabled:Torrent P2P application" "C:\\Program Files\\Zapu\\Zapu\\wDivi.exe"="C:\\Program Files\\Zapu\\Zapu\\wDivi.exe:*:Disabled:Zapu Control" "C:\\Program Files\\PacketTrap Networks\\ToolSuite\\PacketTrapToolkit.exe"="C:\\Program Files\\PacketTrap Networks\\ToolSuite\\PacketTrapToolkit.exe:*:Enabled:pt360 Tool Suite" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : Files with Hidden Attributes : Sat 9 Jun 2007 218 A.SHR --- "C:\BOOT.BAK" Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Mon 2 Jul 2007 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys" Sun 24 Jun 2007 9 A..H. --- "C:\WINDOWS\system32\wxmmin.dll" Mon 9 Jul 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 1 Aug 2005 79,360 A..H. --- "C:\Swsetup\Monitors\SP31061\hpinsx64.exe" Wed 11 Jan 2006 1,764,352 A..H. --- "C:\disque_L\photo\photo_numerique\100K7430\~WRL0005.tmp" Sun 17 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp" Finished! - le nouveau rapport hijackthis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:05:22, on 25/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Contrôle parental\fssui.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe C:\Program Files\ESTsoft\ALZip\ALZip.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\_AZTMP0_\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll O4 - HKLM\..\Run: [exmewtgsxiej] C:\WINDOWS\system32\exmewtgsxiej.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\RunServices: [exmewtgsxiej] C:\WINDOWS\system32\exmewtgsxiej.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM') O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Global Startup: Raccourci vers OptT3STA.exe.lnk = C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5266 bytes

Après tout cela et réinstallation de AVAST!, je reçois à nouveau des messages. Aurriez vous un utilitaire qui permette de bloquer les emails provenant d'un poste client systématiquement?

voici le résultat ave diaghelp : DiagHelp version v1.4 - http://www.malekal.com excute le dim. 24/02/2008 à 17:54:51,65 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->24/02/2008 17:54:23 C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf -->24/02/2008 17:53:46 C:\WINDOWS\prefetch\ALZIP.EXE-272162D8.pf -->24/02/2008 17:53:41 C:\WINDOWS\prefetch\ACRORD32.EXE-1CE22EA3.pf -->24/02/2008 17:53:05 C:\WINDOWS\prefetch\QTTASK.EXE-1876A1A1.pf -->24/02/2008 17:52:56 C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf -->24/02/2008 17:45:38 C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-090074F0.pf -->24/02/2008 17:43:05 C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf -->24/02/2008 17:43:03 C:\WINDOWS\prefetch\HIJACKTHIS.EXE-2429F241.pf -->24/02/2008 17:42:09 C:\WINDOWS\prefetch\SKYPEPM.EXE-082BC99E.pf -->24/02/2008 17:41:23 C:\WINDOWS\System32\drivers\avipbb.sys -->24/02/2008 12:41:19 C:\WINDOWS\System32\drivers\pcouffin.sys -->26/01/2008 20:49:47 C:\WINDOWS\System32\drivers\mrxdav.sys -->18/12/2007 10:51:35 C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54 C:\WINDOWS\System32\drivers\tcpip.sys -->30/10/2007 18:20:55 C:\WINDOWS\System32\drivers\fssfltr.sys -->17/10/2007 13:53:16 C:\WINDOWS\System32\drivers\hotcore3.sys -->16/10/2007 13:45:40 C:\WINDOWS\System32\PerfStringBackup.INI -->24/02/2008 17:41:32 C:\WINDOWS\System32\perfh00C.dat -->24/02/2008 17:41:32 C:\WINDOWS\System32\perfh009.dat -->24/02/2008 17:41:32 C:\WINDOWS\System32\perfc00C.dat -->24/02/2008 17:41:32 C:\WINDOWS\System32\perfc009.dat -->24/02/2008 17:41:32 C:\WINDOWS\System32\nvapps.xml -->24/02/2008 17:40:41 C:\WINDOWS\System32\wpa.dbl -->24/02/2008 17:37:11 C:\WINDOWS\System32\CONFIG.NT -->24/02/2008 13:29:47 C:\WINDOWS\System32\ANIWZCSUSERNAME -->24/02/2008 11:59:01 C:\WINDOWS\System32\FNTCACHE.DAT -->20/02/2008 18:09:08 C:\WINDOWS\System32\ixfppizmxf.exe -->19/02/2008 19:56:28 C:\WINDOWS\System32\exmewtgsxiej.exe -->19/02/2008 19:56:28 C:\WINDOWS\System32\d3d9caps.dat -->18/02/2008 18:46:25 C:\WINDOWS\System32\BufferZone.CSV -->12/02/2008 15:58:57 C:\WINDOWS\System32\MRT.exe -->5/02/2008 0:09:46 C:\WINDOWS\System32\ANIWZCSUSERNAME{9D333F30-A7A6-4E11-8FBD-97ABEE2D7786} -->4/02/2008 12:37:35 C:\WINDOWS\System32\SIntfNT.dll -->19/01/2008 9:26:25 C:\WINDOWS\System32\SIntf32.dll -->19/01/2008 9:26:25 C:\WINDOWS\System32\SIntf16.dll -->19/01/2008 9:26:25 C:\WINDOWS\System32\QuickTimeVR.qtx -->10/01/2008 15:27:46 C:\WINDOWS\System32\QuickTime.qts -->10/01/2008 15:27:44 C:\WINDOWS\System32\TZLog.log -->12/12/2007 22:21:22 C:\WINDOWS\System32\mshtml.dll -->7/12/2007 15:37:06 C:\WINDOWS\System32\wininet.dll -->7/12/2007 2:07:05 C:\WINDOWS\System32\urlmon.dll -->7/12/2007 2:07:05 C:\WINDOWS\WindowsUpdate.log -->24/02/2008 17:37:52 C:\WINDOWS.log -->24/02/2008 17:36:53 C:\WINDOWS\wiadebug.log -->24/02/2008 17:36:50 C:\WINDOWS\wiaservc.log -->24/02/2008 17:36:49 C:\WINDOWS\bootstat.dat -->24/02/2008 17:36:30 C:\WINDOWS\ntbtlog.txt -->24/02/2008 17:33:10 C:\WINDOWS\SchedLgU.Txt -->24/02/2008 17:26:32 C:\WINDOWS\QTFont.qfn -->24/02/2008 11:59:20 C:\WINDOWS\unins000.dat -->23/02/2008 11:31:00 C:\WINDOWS\unins000.exe -->23/02/2008 11:30:10 C:\WINDOWS\win.ini -->23/02/2008 10:25:54 C:\WINDOWS\ALCFDRTM.VER -->23/02/2008 9:57:10 C:\WINDOWS\_MSRSTRT.EXE -->20/02/2008 18:32:57 C:\WINDOWS\marscam.ini -->17/02/2008 13:36:45 C:\WINDOWS\QTFont.for -->22/01/2008 20:34:28 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1772 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll ------------------------------------------------------------------------------ explorer.exe pid: 6804 Command line: "C:\WINDOWS\Explorer.EXE" /IDLIST,:636:1772,/E,/S Base Size Version Path 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x62350000 0x53000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll 0x60400000 0x18000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll 0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\OpenOffice.org 2.3\program\MSVCR71.dll 0x61e70000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\OpenOffice.org 2.3\program\MSVCP71.dll 0x10000000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x01580000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 648 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x01220000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 3C22-43D3 Répertoire de C:\WINDOWS\system 07/05/1998 17:04 52.736 hpsysdrv.exe 19/12/1994 12:00 4.128 qtnotify.exe 2 fichier(s) 56.864 octets 0 Rép(s) 202.026.745.856 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 3C22-43D3 Répertoire de C:\WINDOWS\system32 05/08/2004 19:00 6.144 csrss.exe 1 fichier(s) 6.144 octets 0 Rép(s) 202.026.745.856 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 3C22-43D3 Répertoire de C:\WINDOWS\Downloaded Program Files 24/02/2008 12:58 <REP> . 24/02/2008 12:58 <REP> .. 23/11/2004 22:20 65 desktop.ini 25/07/2002 18:13 24.576 dwusplay.dll 25/07/2002 18:13 196.608 dwusplay.exe 11/04/2007 14:55 1.292 erma.inf 16/06/2004 06:02 323.584 isusweb.dll 14/02/2007 15:30 144 setup.inf 17/06/2007 11:18 23.600 tvichw32.sys 7 fichier(s) 569.869 octets Total des fichiers listés : 7 fichier(s) 569.869 octets 2 Rép(s) 202.026.741.760 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues C:\Program Files\BitDownload présent! Possible infection : lop.com Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Disabled:AOL France" "C:\\Program Files\\Codemasters\\DiRT Demo\\DiRTDemo.exe"="C:\\Program Files\\Codemasters\\DiRT Demo\\DiRTDemo.exe:*:Disabled:DiRT Demo Executable" "C:\\Program Files\\filezilla\\FileZilla-3.0.5.2\\filezilla.exe"="C:\\Program Files\\filezilla\\FileZilla-3.0.5.2\\filezilla.exe:*:Disabled:FileZilla FTP Client" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes" "C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Disabled:Logiciel de transfert de fichiers" "C:\\Program Files\\Net2Phone CommCenter\\CommCtr.exe"="C:\\Program Files\\Net2Phone CommCenter\\CommCtr.exe:*:Disabled:Net2Phone CommCenter Client GUI Module" "E:\\SetupUtil.exe"="E:\\SetupUtil.exe:*:Disabled:SetupUtil" "C:\\Documents and Settings\\HP_Propriétaire\\Mes documents\\SetupUtil.exe"="C:\\Documents and Settings\\HP_Propriétaire\\Mes documents\\SetupUtil.exe:*:Disabled:SetupUtil" "C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Disabled:Torrent P2P application" "C:\\Program Files\\Zapu\\Zapu\\wDivi.exe"="C:\\Program Files\\Zapu\\Zapu\\wDivi.exe:*:Disabled:Zapu Control" "C:\\Program Files\\PacketTrap Networks\\ToolSuite\\PacketTrapToolkit.exe"="C:\\Program Files\\PacketTrap Networks\\ToolSuite\\PacketTrapToolkit.exe:*:Enabled:pt360 Tool Suite" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-24 17:56:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... IPC error: 2 Le fichier spécifié est introuvable. scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{383A68CA-7FE4-1D9B-4B47-F4E182A11604}] "fahggkoifamo"=hex:66,61,66,6a,64,6e,6d,67,6b,62,63,63,00,00 scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 620 - csrss.exe 648 - winlogon.exe 692 - services.exe 704 - lsass.exe 848 - svchost.exe 924 - svchost.exe 960 - svchost.exe 1016 - svchost.exe 1064 - svchost.exe 1476 - avguard.exe 1772 - explorer.exe 1836 - ANIWZCSdS.exe 1912 - sched.exe 2280 - DTSRVC.exe 2508 - fsssvc.exe 4376 - nvsvc32.exe 4600 - svchost.exe 5016 - IEXPLORE.EXE 5284 - alg.exe 5588 - skypePM.exe 5696 - exmewtgsxiej.ex 5716 - Skype.exe 5744 - msnmsgr.exe 5864 - ALZip.exe 6340 - ALZip.exe 6804 - explorer.exe 7648 - cmd.exe 7696 - AcroRd32.exe Total number of processes = 29 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806CE000 - \WINDOWS\system32\hal.dll F8B65000 - \WINDOWS\system32\KDCOM.DLL F8A75000 - \WINDOWS\system32\BOOTVID.dll F8535000 - ACPI.sys F8B67000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F8524000 - pci.sys F8665000 - isapnp.sys F8675000 - ohci1394.sys F8685000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F8B69000 - intelide.sys F88E5000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F8695000 - MountMgr.sys F8505000 - ftdisk.sys F88ED000 - PartMgr.sys F88F5000 - hotcore3.sys F86A5000 - VolSnap.sys F84ED000 - atapi.sys F86B5000 - disk.sys F86C5000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F84CD000 - fltMgr.sys F84BB000 - sr.sys F86D5000 - PxHelp20.sys F84A4000 - KSecDD.sys F8417000 - Ntfs.sys F83EA000 - NDIS.sys F83CF000 - Mup.sys F86E5000 - gagp30kx.sys F8735000 - \SystemRoot\system32\DRIVERS\nic1394.sys F7B4C000 - \SystemRoot\system32\DRIVERS\intelppm.sys F774E000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys F773A000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F7714000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F89F5000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F76F1000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F89FD000 - \SystemRoot\system32\DRIVERS\usbehci.sys F769F000 - \SystemRoot\system32\DRIVERS\Cap7134.sys F7B3C000 - \SystemRoot\system32\DRIVERS\STREAM.SYS F767C000 - \SystemRoot\system32\DRIVERS\ks.sys F7631000 - \SystemRoot\system32\DRIVERS\PCTELSAP.SYS F761D000 - \SystemRoot\system32\DRIVERS\parport.sys F7B2C000 - \SystemRoot\system32\DRIVERS\imapi.sys F8B59000 - \SystemRoot\system32\drivers\pfc.sys F8A05000 - \SystemRoot\system32\drivers\iviaspi.sys F7B1C000 - \SystemRoot\system32\DRIVERS\cdrom.sys F8755000 - \SystemRoot\system32\DRIVERS\redbook.sys F8A0D000 - \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys F8D81000 - \SystemRoot\system32\DRIVERS\audstub.sys F8765000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F83AB000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F7606000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F8775000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F8785000 - \SystemRoot\system32\DRIVERS\raspptp.sys F8A15000 - \SystemRoot\system32\DRIVERS\TDI.SYS F75F5000 - \SystemRoot\system32\DRIVERS\psched.sys F8795000 - \SystemRoot\system32\DRIVERS\msgpc.sys F8A1D000 - \SystemRoot\system32\DRIVERS\ptilink.sys F8A25000 - \SystemRoot\system32\DRIVERS\raspti.sys F839B000 - \SystemRoot\System32\Drivers\PdiPorts.sys F87A5000 - \SystemRoot\system32\DRIVERS\termdd.sys F8A2D000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F8A35000 - \SystemRoot\system32\DRIVERS\mouclass.sys F8BA5000 - \SystemRoot\system32\DRIVERS\swenum.sys F759C000 - \SystemRoot\system32\DRIVERS\update.sys F8397000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F87B5000 - \SystemRoot\System32\Drivers\NDProxy.SYS F51C2000 - \SystemRoot\system32\drivers\RtkHDAud.sys F519E000 - \SystemRoot\system32\drivers\portcls.sys F87C5000 - \SystemRoot\system32\drivers\drmk.sys F87D5000 - \SystemRoot\system32\DRIVERS\usbhub.sys F8BA9000 - \SystemRoot\system32\DRIVERS\USBD.SYS F8A4D000 - \SystemRoot\system32\DRIVERS\PhTVTune.sys F8BAD000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F8C8D000 - \SystemRoot\System32\Drivers\Null.SYS F8BAF000 - \SystemRoot\System32\Drivers\Beep.SYS F8A5D000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F8A65000 - \SystemRoot\System32\drivers\vga.sys F8BB1000 - \SystemRoot\System32\Drivers\mnmdd.SYS F8BB3000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F8A6D000 - \SystemRoot\System32\Drivers\Msfs.SYS F8925000 - \SystemRoot\System32\Drivers\Npfs.SYS F8B1D000 - \SystemRoot\system32\DRIVERS\rasacd.sys F5143000 - \SystemRoot\system32\DRIVERS\ipsec.sys F50EB000 - \SystemRoot\system32\DRIVERS\tcpip.sys F50C3000 - \SystemRoot\system32\DRIVERS\netbt.sys F50A1000 - \SystemRoot\System32\drivers\afd.sys F87F5000 - \SystemRoot\system32\DRIVERS\netbios.sys F8935000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys F5080000 - \SystemRoot\system32\DRIVERS\ipnat.sys F8815000 - \SystemRoot\system32\DRIVERS\wanarp.sys F893D000 - \SystemRoot\system32\DRIVERS\usbccgp.sys F5055000 - \SystemRoot\system32\DRIVERS\rdbss.sys F4FE6000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F8825000 - \SystemRoot\System32\Drivers\Fips.SYS F8835000 - \SystemRoot\system32\DRIVERS\arp1394.sys F8845000 - \SystemRoot\system32\DRIVERS\avipbb.sys F8BB5000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys F4F9B000 - \SystemRoot\System32\Drivers\Fastfat.SYS F8B45000 - \SystemRoot\system32\DRIVERS\hidusb.sys F8885000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F8965000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS F5408000 - \SystemRoot\system32\DRIVERS\mouhid.sys F5404000 - \SystemRoot\system32\DRIVERS\kbdhid.sys F4F83000 - \SystemRoot\System32\Drivers\dump_atapi.sys F8BD5000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F5192000 - \SystemRoot\System32\drivers\Dxapi.sys F8975000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F8D4D000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll F87E5000 - \SystemRoot\system32\DRIVERS\fssfltr.sys BAD00000 - \SystemRoot\system32\DRIVERS\ndisuio.sys B9A8C000 - \SystemRoot\system32\DRIVERS\mrxdav.sys B9A27000 - \SystemRoot\system32\drivers\wdmaud.sys BABD8000 - \SystemRoot\system32\drivers\sysaudio.sys B98FE000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys F894D000 - \??\C:\WINDOWS\system32\ANIO.SYS B976C000 - \SystemRoot\system32\DRIVERS\srv.sys F89DD000 - \??\C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\catchme.sys B96B4000 - \SystemRoot\System32\Drivers\Cdfs.SYS B92CE000 - \SystemRoot\System32\Drivers\HTTP.sys B7ABE000 - \SystemRoot\system32\drivers\kmixer.sys F8D78000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 124 Liste des programmes installes 1310 1310_Help 1310Tour 1310Trb Adobe Acrobat 5.0 Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Photoshop v3.0 Adobe Reader 7.0 - Français Adobe Shockwave Player AiO_Scan AiOSoftware AirPlus G ALZip ANIO Service ANIWZCS2 Service Assistant de connexion Windows Live Audacity 1.2.6 Avira AntiVir PersonalEdition Classic BitDownload version 3.2.0.0 Blender (remove only) BufferChm CameraDrivers CCleaner (remove only) Copy Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows XP (KB935448) Correctif Windows XP - KB873339 Correctif Windows XP - KB883667 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB887742 Correctif Windows XP - KB888302 Correctif Windows XP - KB890175 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 CP_AtenaShokunin1Config cp_dwSharkTaleAlbums1 cp_dwSharkTaleCards1 cp_dwShrek2Albums1 cp_dwShrek2Cards1 CP_PLSBusinessFlyers CreativeProjects CreativeProjectsTemplates CueTour Destinations Director DivxToDVD 0.5.2 DocProc DocumentViewer DVD Shrink 3.2 DVDFab HD Decrypter 3.2.1.0 eMule eMusic - 50 Free MP3 offer Enhanced Multimedia Keyboard Solution EVEREST Home Edition v2.20 Fax Feu Vert pour le permis de conduire Firebird SQL Server - MAGIX Edition (F) Galerie de photos Windows Live Help and Support Additions HijackThis 2.0.2 Home Theater Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB926239) HP Appareils photos Photosmart 4.0 HP Deskjet Preloaded Printer Drivers HP Diagnostic Assistant HP Image Zone 4.5.3 HP Image Zone Plus 4.5.3 HP My Display HP PSC & OfficeJet 4.0 HP Software Update HPIZplus450 HPODiscovery HpSdpAppCoreApp ImgBurn (Remove Only) Indeo® software InstantShare InterVideo DiscLabel InterVideo Home Theater InterVideo WinDVD Creator InterVideo WinDVD Creator InterVideo WinDVD Player InterVideo WinDVD Player iTunes IZArc 3.6 Java 2 Runtime Environment, SE v1.4.2_03 Java 6 Update 2 Java 6 Update 3 Java SE Runtime Environment 6 Update 1 Le Monde de Nemo Le Monde de Nemo Lecteur Windows Media 11 LightScribe 1.4.84.1 Living 3D Dolphins Full Screen Saver MAGIX music maker 2006 demo (F) MAGIX Photo Manager 2006 (F) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft XML Parser Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734) Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB929969) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931768) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933566) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB937143) Mise à jour de sécurité pour Windows XP (KB938127) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB939653) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB941568) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB941644) Mise à jour de sécurité pour Windows XP (KB942615) Mise à jour de sécurité pour Windows XP (KB943055) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour de sécurité pour Windows XP (KB943485) Mise à jour de sécurité pour Windows XP (KB944533) Mise à jour de sécurité pour Windows XP (KB944653) Mise à jour de sécurité pour Windows XP (KB946026) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) Mise à jour pour Windows XP (KB942763) Mise à jour pour Windows XP (KB942840) Mise à jour pour Windows XP (KB946627) Mozilla Thunderbird (2.0.0.9) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) NVIDIA Drivers OpdiTracker OpenOffice.org 2.3 PacketTrap pt360 Tool Suite PanoStandAlone Paragon Hard Disk Manager 2008 Suite Trial PC-Doctor for Windows PC-Doctor for Windows Philips ToUcam Fun Camera Photo Viewer PhotoGallery Photosmart 320,370,7400,8100,8400 Series (fra) PrintScreen ProductContext PSPrinters06 Python 2.2 pywin32 extensions (build 203) Python 2.2.3 QFolder QuickPar 0.9 QuickProjects QuickTime Readme RealPlayer REALTEK GbE & FE Ethernet PCI NIC Driver Realtek High Definition Audio Driver Scan SeaMonkey (1.1.2) Secured eMule Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update pour Microsoft .NET Framework 2.0 (KB928365) Services Off-line de Home'Bank SkinsHP1 Skype™ 3.6 Sonic Express Labeler Sonic RecordNow! Spybot - Search & Destroy Spybot - Search & Destroy 1.5.2.20 Talk to Me TeamSpeak 2 RC2 Text-To-Speech-Runtime TrayApp Unload VNC Free Edition 4.1.2 WebFldrs XP WebReg Winamp WinArchiv' 6.66b Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0) Windows Genuine Advantage Notifications (KB905474) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Live installer Windows Live Mail Windows Live Messenger Windows Live OneCare Contrôle parental Windows Live Writer Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 World of Warcraft Wow Cartographe 1.07 XnView 1.91.1 Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 3C22-43D3 Répertoire de C:\Program Files 24/02/2008 13:39 <REP> . 24/02/2008 13:39 <REP> .. 24/06/2007 04:23 <REP> Acoustica Mixcraft 3 15/02/2008 20:48 <REP> Adobe 21/02/2008 21:33 <REP> AdwareAlert 12/07/2007 16:32 <REP> Alwil Software 04/02/2008 12:35 <REP> ANI 24/06/2007 03:40 <REP> Audacity 24/02/2008 12:39 <REP> Avira 22/02/2008 06:45 <REP> BitDownload 20/07/2007 17:26 <REP> BitTorrent Fastest Tool 05/09/2007 18:35 <REP> Blender Foundation 20/02/2008 15:05 <REP> CCleaner 17/10/2007 18:59 <REP> Cisco Systems 24/02/2008 08:58 <REP> Colasoft Ping Tool 1.1 10/06/2007 07:55 <REP> ComPlus Applications 24/02/2008 08:44 <REP> Comptes et Budget Free V5.0 15/02/2008 20:46 <REP> DIFX 26/01/2008 22:44 <REP> DivX 04/02/2008 12:35 <REP> D-Link 10/06/2007 18:23 <REP> DVD Shrink 04/11/2007 18:25 <REP> DVDFab HD Decrypter 3 20/02/2008 17:43 <REP> Easy Internet signup 20/02/2008 21:58 <REP> eMule 10/07/2007 13:10 <REP> ESTsoft 07/07/2007 16:09 <REP> Feuvert 24/02/2008 13:07 <REP> Fichiers communs 28/01/2008 22:15 <REP> filezilla 10/06/2007 07:55 <REP> Help and Support Additions 10/06/2007 07:55 <REP> Hewlett-Packard 17/06/2007 10:39 <REP> HP 13/01/2008 09:55 <REP> IDA 10/06/2007 18:29 <REP> ImgBurn 16/06/2007 14:35 <REP> ING 19/01/2008 09:23 <REP> Intel 13/02/2008 22:11 <REP> Internet Explorer 17/06/2007 07:05 <REP> InterVideo 22/01/2008 20:33 <REP> iPod 22/01/2008 20:34 <REP> iTunes 07/07/2007 11:23 <REP> IZArc 22/11/2007 22:02 <REP> Java 24/06/2007 03:59 <REP> Jeskola Buzz 17/06/2007 11:38 <REP> Lavalys 10/06/2007 08:00 <REP> Macrovision Corp 10/06/2007 09:54 <REP> Messenger 20/06/2007 11:47 <REP> Microsoft CAPICOM 2.1.0.2 10/06/2007 08:00 <REP> microsoft frontpage 24/02/2008 13:39 <REP> Microsoft SQL Server Compact Edition 24/06/2007 11:57 <REP> Microsoft Visual Studio .NET 2003 10/06/2007 08:00 <REP> Movie Maker 24/02/2008 09:09 <REP> Mozilla Thunderbird 04/07/2007 12:08 <REP> mozilla.org 24/02/2008 11:54 <REP> MSN 10/06/2007 08:00 <REP> MSN Gaming Zone 10/06/2007 09:34 <REP> MSXML 4.0 20/02/2008 18:34 <REP> Net2Phone CommCenter 10/06/2007 08:00 <REP> NetMeeting 10/06/2007 08:00 <REP> Online Services 24/06/2007 11:55 <REP> Opdicom 12/12/2007 22:27 <REP> OpenOffice.org 2.2 12/12/2007 22:27 <REP> OpenOffice.org 2.3 23/02/2008 23:17 <REP> option 13/06/2007 02:01 <REP> Outlook Express 21/02/2008 13:21 <REP> PacketTrap Networks 28/01/2008 21:54 <REP> Paragon Software 10/06/2007 08:00 <REP> PC-Doctor for Windows 23/09/2007 18:25 <REP> Philips ToUcam Camera 18/08/2007 17:22 <REP> Portrait Displays 10/07/2007 13:28 <REP> QuickPar 22/01/2008 20:32 <REP> QuickTime 20/06/2007 12:10 <REP> Real 17/06/2007 11:42 <REP> Realtek 09/07/2007 14:44 <REP> RealVNC 20/09/2007 14:38 <REP> Saxo 23/12/2007 15:09 <REP> ScreenSaver.com 28/01/2008 21:06 <REP> Secured eMule 10/06/2007 08:00 <REP> Services en ligne 24/02/2008 13:07 <REP> Skype 10/06/2007 08:01 <REP> Sonic 10/06/2007 08:01 <REP> Sonic RecordNow! 24/06/2007 04:27 <REP> Sony Setup 23/02/2008 11:33 <REP> Spybot - Search & Destroy 03/09/2007 19:48 <REP> Symantec 02/01/2008 19:06 <REP> Teamspeak2_RC2 18/08/2007 17:33 <REP> THQ 21/02/2008 13:08 <REP> Tools4ever 10/06/2007 08:01 <REP> Uninstall Information 26/01/2008 22:46 <REP> VSO 17/02/2008 16:15 <REP> Winamp 24/02/2008 13:40 <REP> Windows Live 17/06/2007 18:04 <REP> Windows Media Connect 2 17/07/2007 17:38 <REP> Windows Media Player 10/06/2007 08:01 <REP> Windows NT 06/02/2008 22:01 <REP> World of Warcraft 04/09/2007 21:41 <REP> WowCartographe 10/06/2007 08:01 <REP> xerox 17/06/2007 09:30 <REP> XnView 13/01/2008 18:33 <REP> Zapu 0 fichier(s) 0 octets 98 Rép(s) 202.015.334.400 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 3C22-43D3 Répertoire de C:\Program Files\fichiers communs 24/02/2008 13:07 <REP> . 24/02/2008 13:07 <REP> .. 07/07/2007 16:10 <REP> Adobe 09/07/2007 22:50 <REP> Blizzard Entertainment 21/02/2008 13:12 <REP> Colasoft Shared 24/06/2007 11:56 <REP> Crystal Decisions 10/06/2007 07:55 <REP> Hewlett-Packard 10/06/2007 07:55 <REP> HP 10/06/2007 07:55 <REP> InstallShield 10/06/2007 07:55 <REP> InterVideo 10/06/2007 07:55 <REP> Java 17/06/2007 10:33 <REP> LightScribe 24/06/2007 04:49 <REP> MAGIX Shared 24/02/2008 13:37 <REP> Microsoft Shared 10/06/2007 07:55 <REP> MSSoap 09/07/2007 19:39 <REP> NSV 10/06/2007 07:55 <REP> ODBC 20/06/2007 12:10 <REP> Real 10/06/2007 07:55 <REP> Services 24/02/2008 13:07 <REP> Skype 10/06/2007 07:55 <REP> SpeechEngines 10/06/2007 07:55 <REP> SureThing Shared 03/09/2007 19:48 <REP> Symantec Shared 13/06/2007 02:01 <REP> System 20/06/2007 12:10 <REP> xing shared 0 fichier(s) 0 octets 25 Rép(s) 202.015.334.400 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 3C22-43D3 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 10/06/2007 07:55 <REP> . 10/06/2007 07:55 <REP> .. 18/05/2001 21:57 561.209 MSONSEXT.DLL 03/06/1999 18:09 122.937 MSOWS409.DLL 07/03/2001 13:00 127.033 MSOWS40c.DLL 3 fichier(s) 811.179 octets 2 Rép(s) 202.015.334.400 octets libres c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.0.29\iTunesSetupAdmin.exe c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe c:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage\AutoTBar.exe c:\Documents and Settings\HP_Propriétaire\Application Data\inst.exe c:\Documents and Settings\HP_Propriétaire\Application Data\Sony Setup9063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe c:\Documents and Settings\HP_Propriétaire\Bureau\aaw2007.exe c:\Documents and Settings\HP_Propriétaire\Bureau\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\HP_Propriétaire\Bureau\everest.exe c:\Documents and Settings\HP_Propriétaire\Bureau\processscanner.exe c:\Documents and Settings\HP_Propriétaire\Bureau\setupfre.exe c:\Documents and Settings\HP_Propriétaire\Bureau\setupxv.exe c:\Documents and Settings\HP_Propriétaire\Bureau\SkypeSetup.exe c:\Documents and Settings\HP_Propriétaire\Bureau\spybotsd15.exe c:\Documents and Settings\HP_Propriétaire\Bureau\spybotsd152.exe c:\Documents and Settings\HP_Propriétaire\Bureau\WLinstaller.exe c:\Documents and Settings\HP_Propriétaire\Bureau\netspeed\instmsia.exe c:\Documents and Settings\HP_Propriétaire\Bureau\netspeed\instmsiw.exe c:\Documents and Settings\HP_Propriétaire\Bureau\netspeed\setup.exe c:\Documents and Settings\HP_Propriétaire\Bureau\OpenOffice.org 2.2 Installation Files\instmsia.exe c:\Documents and Settings\HP_Propriétaire\Bureau\OpenOffice.org 2.2 Installation Files\instmsiw.exe c:\Documents and Settings\HP_Propriétaire\Bureau\OpenOffice.org 2.2 Installation Files\setup.exe c:\Documents and Settings\HP_Propriétaire\Bureau\OpenOffice.org 2.3 Installation Files\instmsia.exe c:\Documents and Settings\HP_Propriétaire\Bureau\OpenOffice.org 2.3 Installation Files\instmsiw.exe c:\Documents and Settings\HP_Propriétaire\Bureau\OpenOffice.org 2.3 Installation Files\setup.exe c:\Documents and Settings\HP_Propriétaire\Bureau\OpenOffice.org 2.3 Installation Files\java\jre-6u3-windows-i586-p.exe c:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\_AZTMP0_\HijackThis.exe c:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\OTMLCH2J\SDFix[1].exe c:\Documents and Settings\HP_Propriétaire\Mes documents\emuleplus12b.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\OOo_2.3.1_Win32Intel_install_wJRE_fr.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\SetupUtil.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\winamp552_full_emusic-7plus_fr-fr.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\DVDFab\Temp\Update\Update.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\Mes fichiers reçus\ccsetup204_slim.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\Mes fichiers reçus\divxtodvd_0.5.2_francais_13277.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\Mes fichiers reçus\DrDivX_2_0_0_OSS.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\Mes fichiers reçus\phdmper_tr.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\Mes fichiers reçus\GenProc\GenProc\outil\swreg.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\Mes fichiers reçus\picturey505\setupfre.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\Mises à jour de programme téléchargées\HomeTheater 2 HP CPC\HomeTheater 2 HP Update 2.6.1.133 (French)\IHT2.6.1.133HP(CPC)_logid32206patch.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\WoW-BurningCrusade-frFR-Slim-Installer\Installer.exe c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O9I74XAJ\iTunesSetupAdmin[1].exe c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UP8LMT0V\iTunesSetupAdmin[1].exe c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\Diagnostic Assistant\data\hprbevdb.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll c:\Documents and Settings\HP_Propriétaire\Application Data\Internet Download Accelerator\temp\skin.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_HP_DESKTOP.tar.gz a l'adresse http://upload.malekal.com et hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:11:12, on 24/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\exmewtgsxiej.exe C:\Program Files\Windows Live\Contrôle parental\fssui.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\ESTsoft\ALZip\ALZip.exe C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\_AZTMP1_\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [exmewtgsxiej] C:\WINDOWS\system32\exmewtgsxiej.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunServices: [exmewtgsxiej] C:\WINDOWS\system32\exmewtgsxiej.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM') O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe O23 - Service: Print Spooler Service (ekeeymid1z5) - Unknown owner - C:\WINDOWS\system32\exmewtgsxiej.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5078 bytes J'ai eu une alerte de virus avec antivir : Exported events: 24/02/2008 17:56 [Guard] Malware found Virus or unwanted program 'TR/Inject.MF [TR/Inject.MF]' detected in file 'C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\wlmaydxeOP.dll. Action performed: Move file to quarantine

voici le rapport de sdfix : SDFix: Version 1.146 Run by Administrateur on dim. 24/02/2008 at 17:32 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Name: ekeeymid1z5 Path: C:\WINDOWS\system32\exmewtgsxiej.exe /service ekeeymid1z5 - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-24 17:37:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:0000007e "TracesSuccessful"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{383A68CA-7FE4-1D9B-4B47-F4E182A11604}] "fahggkoifamo"=hex:66,61,66,6a,64,6e,6d,67,6b,62,63,63,00,00 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 209 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Disabled:AOL France" "C:\\Program Files\\Codemasters\\DiRT Demo\\DiRTDemo.exe"="C:\\Program Files\\Codemasters\\DiRT Demo\\DiRTDemo.exe:*:Disabled:DiRT Demo Executable" "C:\\Program Files\\filezilla\\FileZilla-3.0.5.2\\filezilla.exe"="C:\\Program Files\\filezilla\\FileZilla-3.0.5.2\\filezilla.exe:*:Disabled:FileZilla FTP Client" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes" "C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Disabled:Logiciel de transfert de fichiers" "C:\\Program Files\\Net2Phone CommCenter\\CommCtr.exe"="C:\\Program Files\\Net2Phone CommCenter\\CommCtr.exe:*:Disabled:Net2Phone CommCenter Client GUI Module" "E:\\SetupUtil.exe"="E:\\SetupUtil.exe:*:Disabled:SetupUtil" "C:\\Documents and Settings\\HP_Propri‚taire\\Mes documents\\SetupUtil.exe"="C:\\Documents and Settings\\HP_Propri‚taire\\Mes documents\\SetupUtil.exe:*:Disabled:SetupUtil" "C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Disabled:Torrent P2P application" "C:\\Program Files\\Zapu\\Zapu\\wDivi.exe"="C:\\Program Files\\Zapu\\Zapu\\wDivi.exe:*:Disabled:Zapu Control" "C:\\Program Files\\PacketTrap Networks\\ToolSuite\\PacketTrapToolkit.exe"="C:\\Program Files\\PacketTrap Networks\\ToolSuite\\PacketTrapToolkit.exe:*:Enabled:pt360 Tool Suite" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : Files with Hidden Attributes : Sat 9 Jun 2007 218 A.SHR --- "C:\BOOT.BAK" Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Mon 2 Jul 2007 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys" Sun 24 Jun 2007 9 A..H. --- "C:\WINDOWS\system32\wxmmin.dll" Mon 9 Jul 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 1 Aug 2005 79,360 A..H. --- "C:\Swsetup\Monitors\SP31061\hpinsx64.exe" Wed 11 Jan 2006 1,764,352 A..H. --- "C:\disque_L\photo\photo_numerique\100K7430\~WRL0005.tmp" Sun 17 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp" Finished! et de hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:42:12, on 24/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\exmewtgsxiej.exe C:\Program Files\Windows Live\Contrôle parental\fssui.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\ESTsoft\ALZip\ALZip.exe C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\_AZTMP0_\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [exmewtgsxiej] C:\WINDOWS\system32\exmewtgsxiej.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun O4 - HKLM\..\RunServices: [exmewtgsxiej] C:\WINDOWS\system32\exmewtgsxiej.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM') O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe O23 - Service: Print Spooler Service (ekeeymid1z5) - Unknown owner - C:\WINDOWS\system32\exmewtgsxiej.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4762 bytes Entre le premier rapport Hijackthis et celui-ci, j'ai utilisé antivir (en lisant un comparatif entre avast!, qui n'a rien vu, et antivir, qui a décelé 5 virus potentiel). J'ai aussi supprimer tous les records généré par Hijackthis. (toujours avant ce dernier rapport)

antivir a trouver un fichier image contenant un exécutable : HIDDENEXT/Crypted J'essaye de bloquer les emails sortant, mais avec avast!, en mode silencieux, et suppression des emails, ça passe quand même. une vrai passoire

BOnjour, Mon PC à l'air de servir de relai pour l'envoi de spam. J'utilise spybot & avast! familiale Voici le rapport de HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:34:55, on 24/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe C:\Program Files\InterVideo\Common\Bin\WinRemote.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\WINDOWS\system32\ixfppizmxf.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\ESTsoft\ALZip\ALZip.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\_AZTMP0_\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.20.20.101:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [exmewtgsxiej] C:\WINDOWS\system32\exmewtgsxiej.exe O4 - HKLM\..\Run: [ixfppizmxf] C:\WINDOWS\system32\ixfppizmxf.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [seaMonkey Quick Launch] "C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM') O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Global Startup: Démarrer OpdiTracker.lnk = C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing) O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe O23 - Service: Print Spooler Service (ekeeymid1z5) - Unknown owner - C:\WINDOWS\system32\exmewtgsxiej.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7400 bytes Merci