Bonjour
Merci pour votre réponse je vous joins comme demandé le nouveau rapport HijackThis puis les rapport OTM et MBAM
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:11:11, on 20/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Gilles\Application Data\Transcend\JFSW2\JFSW2Launch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search4top.net/040C/ie.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [123MP3FR] rundll32.exe C:\WINDOWS\system32\MSNSA32.dll,DllMostrar MSN:123MP3FR:t
O4 - HKCU\..\Run: [JFSW2Launch] C:\Documents and Settings\Gilles\Application Data\Transcend\JFSW2\JFSW2Launch.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: honestech One Touch DVD Receiver.lnk = C:\Program Files\honestech One Touch DVD\Receiver.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {16930DCA-0910-4C00-86FF-0C73872D4ABA} - java script:window.location.href="http://www.download-plus.com/fr/emule/default.asp?id="'>http://www.download-plus.com/fr/emule/default.asp?id="'>http://www.download-plus.com/fr/emule/default.asp?id="'>http://www.download-plus.com/fr/emule/default.asp?id=" (file missing)
O9 - Extra 'Tools' menuitem: logiciels - {16930DCA-0910-4C00-86FF-0C73872D4ABA} - java script:window.location.href="http://www.download-plus.com/fr/emule/default.asp?id=" (file missing)
O9 - Extra button: private access - {2B44FD33-B048-4B2B-88D5-4B80AB018F29} - C:\WINDOWS\system32\private access (file missing)
O9 - Extra button: 123MP3FR - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\system32\123MP3FR (file missing)
O9 - Extra button: logiciels - {810B72CB-566A-409B-B6A3-31F720C16FAE} - C:\WINDOWS\system32\logiciels (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {A2199168-22AC-44A3-BA5F-8A83E693FEBF} - java script:window.location.href="http://www.webmp3musique.com/fr/default.asp?id="'>http://www.webmp3musique.com/fr/default.asp?id="'>http://www.webmp3musique.com/fr/default.asp?id="'>http://www.webmp3musique.com/fr/default.asp?id=" (file missing)
O9 - Extra 'Tools' menuitem: musique - {A2199168-22AC-44A3-BA5F-8A83E693FEBF} - java script:window.location.href="http://www.webmp3musique.com/fr/default.asp?id=" (file missing)
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: musique - {F4445FEB-6D20-47CB-9ACF-9D142A7F680A} - C:\WINDOWS\system32\musique (file missing)
O9 - Extra button: (no name) - {FF55FC7B-F2EB-4F50-9409-2F726DD0E112} - java script:window.location.href="http://www.morefreenudes.com/default.asp?id="'>http://www.morefreenudes.com/default.asp?id="'>http://www.morefreenudes.com/default.asp?id="'>http://www.morefreenudes.com/default.asp?id=" (file missing)
O9 - Extra 'Tools' menuitem: private access - {FF55FC7B-F2EB-4F50-9409-2F726DD0E112} - java script:window.location.href="http://www.morefreenudes.com/default.asp?id=" (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {44515AE5-25B3-46CF-833B-0D816C602868} - http://acceso.masminutos.com/downloads.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3426B014-8CD6-472A-AEBC-D67011CBAF5B}: NameServer = 192.168.1.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 10246 bytes
rapport OTM
======== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder c:\documents and settings\gilles\application data\eorezo\softwareupdate\softwareupdatehp.exe not found.
File/Folder c:\windows\system32\mspca32.dll not found.
C:\Program Files\Bonjour\mDNSResponder.exe moved successfully.
C:\Program Files\Bonjour moved successfully.
c:\documents and settings\gilles\application data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.7 moved successfully.
c:\documents and settings\gilles\application data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.6 moved successfully.
c:\documents and settings\gilles\application data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.5 moved successfully.
c:\documents and settings\gilles\application data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.4 moved successfully.
c:\documents and settings\gilles\application data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.3 moved successfully.
c:\documents and settings\gilles\application data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.2 moved successfully.
c:\documents and settings\gilles\application data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.1 moved successfully.
c:\documents and settings\gilles\application data\EoRezo\SoftwareUpdate\Software\itsTV moved successfully.
c:\documents and settings\gilles\application data\EoRezo\SoftwareUpdate\Software\eoengine\9.1.0.0 moved successfully.
c:\documents and settings\gilles\application data\EoRezo\SoftwareUpdate\Software\eoengine moved successfully.
c:\documents and settings\gilles\application data\EoRezo\SoftwareUpdate\Software\eobrowserpub\1.0.0.1 moved successfully.
c:\documents and settings\gilles\application data\EoRezo\SoftwareUpdate\Software\eobrowserpub moved successfully.
c:\documents and settings\gilles\application data\EoRezo\SoftwareUpdate\Software moved successfully.
c:\documents and settings\gilles\application data\EoRezo\SoftwareUpdate\Download moved successfully.
c:\documents and settings\gilles\application data\EoRezo\SoftwareUpdate moved successfully.
c:\documents and settings\gilles\application data\EoRezo\eoStats moved successfully.
c:\documents and settings\gilles\application data\EoRezo\eoDesktop moved successfully.
c:\documents and settings\gilles\application data\EoRezo\db moved successfully.
c:\documents and settings\gilles\application data\EoRezo moved successfully.
========== SERVICES/DRIVERS ==========
Service\Driver Bonjour Service stopped successfully.
Service\Driver Bonjour Service deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56EF9AEB-9F18-4CA9-9D41-60F24CEA4A80}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56EF9AEB-9F18-4CA9-9D41-60F24CEA4A80}\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LoadMSPCA not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SoftwareHelper not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Gilles\LOCALS~1\Temp\~DF735.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gilles\LOCALS~1\Temp\~DFD84B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gilles\LOCALS~1\Temp\~DFDDA.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\T9ZAUDYZ\AP_ADV_300x250[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\T9ZAUDYZ\OTM[1].exe scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\L0QY0C8F\hp[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\E89Y6TZZ\analyse-rapport-t164520[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\E89Y6TZZ\iframe[3].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\2HYNBU8N\ban_728x90[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\2HYNBU8N\SEE0CANMYHV9CAMA0FFHCA6SELZ4CAN7Z591CATZIPJHCALFMH40CAENLWZRCANGNSBVCAS3OBE
XCA14NNZ1CACN6C1FCA9RU61RCAVRUXJ2CALA4UD0CA1VZK9YCAETFHATCAF7F1C7CA5CBRTRCA2XLUDF
.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_73c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
OTM by OldTimer - Version 2.1.0.1 log created on 06202009_092614
Rapport MBAM
Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2312
Windows 5.1.2600 Service Pack 2
20/06/2009 10:15:55
mbam-log-2009-06-20 (10-15-55).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 131600
Temps écoulé: 37 minute(s), 9 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\system volume information\_restore{817a1a99-3498-42c7-bf75-633401cd4e11}\RP443\A0048733.exe (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
c:\system volume information\_restore{817a1a99-3498-42c7-bf75-633401cd4e11}\RP443\A0048734.exe (Rogue.PCSpeedScan) -> Quarantined and deleted successfully.
c:\system volume information\_restore{817a1a99-3498-42c7-bf75-633401cd4e11}\RP449\A0050125.dll (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{817a1a99-3498-42c7-bf75-633401cd4e11}\RP449\A0050132.dll (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{817a1a99-3498-42c7-bf75-633401cd4e11}\RP449\A0050153.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\_OTM\movedfiles\06202009_092614\documents and settings\gilles\application data\EoRezo\softwareupdate\SoftwareUpdate.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
Merci de votre avis
slts
