[RESOLU] rapport hijackthis

[krikri58]

Bonjour.

j"ai un problème avec un PC, il rame , se bloque, pourtant j'ai supprimé les virus et le problème persiste quand meme.

J ai suivi la procèdure. Voici le rapport Hijack This

MERCI D AVANCE-

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:58:59, on 21.07.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\Philips\SPC220NC\Monitor.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Isabelle\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [the bone download 1] C:\Documents and Settings\All Users\Application Data\axis wait the bone\flaw live.exe

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe

O4 - HKLM\..\Run: [ugescw] "C:\PROGRA~1\ERREUR~1\ugescw.exe" -start

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [salestart] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sixth Dent] C:\DOCUME~1\Isabelle\APPLIC~1\THISBI~1\WebRemote.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: TrayMin220.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124099845656

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

 

--

End of file - 12486 bytes

Modifié le 23 juillet 2008 par krikri58

[Apollo]

Bonsoir et bienvenue krikri58.

 

Pas étonnant que le pc rame, il est bien infecté et a beaucoup, beaucoup de programmes qui tournent pour rien en arrière-plan, mais on verra ça après la désinfection.

 

De plus, il y a deux antivirus: Antivir et Avast! Ne jamais laisser qu'un seul antivirus sur un pc; je te conseille de garder Antivir et de désinstaller Avast. Ce conflit fait également ramer l'ordi.

 

1)Télécharge Lop S&D.exe sur ton Bureau.

http://eric.71.mespages.googlepages.com/LopSD.exe

 

Double-clique dessus pour lancer l'installation

Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau

Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

 

2) Télécharge SmitfraudFix sur ton bureau.

• 
  
• Double-clique sur smitfraudfix.cmd
  
• Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
  
• Poste le rapport sur le forum dans ta prochaine réponse.
  Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
  

 

Poste les deux rapports stp.

@+

[krikri58]

De plus, il y a deux antivirus: Antivir et Avast! Ne jamais laisser qu'un seul antivirus sur un pc; je te conseille de garder Antivir et de désinstaller Avast. Ce conflit fait également ramer l'ordi.

 

Je ne vois pas avast dans l ajout ou suppression de programmes , c est bizarre.

 

voici les 2 rapports

 

 

--------------------\\ Lop S&D 4.2.2-2 XP/Vista

 

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Isabelle ] [ "C:\Lop SD" ] [ Selection : 1 ]

[ 22.07.2008 | 11:11:26.32 ] [ PC : CHIEFTEC ]

[ MAJ : 20-07-2008 | 12:15 ]

 

--------------------\\ Listing des dossiers dans Application Data

 

[13.06.2007|22:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[21.07.2008|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[09.11.2007|22:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\axis wait the bone

[18.12.2004|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink

[18.12.2004|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

[01.06.2007|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD X Studios

[04.11.2007|16:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\erreurchasseur

[20.01.2007|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[19.05.2008|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft

[27.08.2005|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP

[27.06.2006|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log

[04.06.2008|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt

[04.03.2008|19:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[20.04.2007|11:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[12.03.2005|12:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6

[23.12.2006|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage

[13.01.2007|15:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Philips Intelligent Agent

[04.11.2007|16:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor

[12.09.2007|20:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[10.02.2006|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[08.04.2008|10:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[11.09.2005|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[24.12.2006|17:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

 

[18.12.2004|16:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

[02.12.2007|21:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[27.02.2008|20:51] C:\DOCUME~1\Isabelle\APPLIC~1\Adobe

[02.07.2006|15:05] C:\DOCUME~1\Isabelle\APPLIC~1\AdobeUM

[13.01.2007|15:57] C:\DOCUME~1\Isabelle\APPLIC~1\Ahead

[22.12.2007|18:38] C:\DOCUME~1\Isabelle\APPLIC~1\ArcSoft

[19.05.2008|21:18] C:\DOCUME~1\Isabelle\APPLIC~1\Azureus

[25.02.2005|20:44] C:\DOCUME~1\Isabelle\APPLIC~1\CyberLink

[18.12.2004|16:37] C:\DOCUME~1\Isabelle\APPLIC~1\desktop.ini

[08.09.2007|15:19] C:\DOCUME~1\Isabelle\APPLIC~1\DriveCleaner Free

[04.11.2007|16:32] C:\DOCUME~1\Isabelle\APPLIC~1\erreurchasseur

[21.04.2008|19:32] C:\DOCUME~1\Isabelle\APPLIC~1\GDIPFONTCACHEV1.DAT

[28.05.2006|21:26] C:\DOCUME~1\Isabelle\APPLIC~1\GdiplusUpgrade_MSIApproach_Wrapper.log

[29.10.2006|12:47] C:\DOCUME~1\Isabelle\APPLIC~1\Google

[04.03.2005|20:09] C:\DOCUME~1\Isabelle\APPLIC~1\Help

[26.10.2006|14:37] C:\DOCUME~1\Isabelle\APPLIC~1\HP

[22.02.2005|08:13] C:\DOCUME~1\Isabelle\APPLIC~1\Identities

[26.12.2007|16:36] C:\DOCUME~1\Isabelle\APPLIC~1\Image Zone Express

[22.12.2007|18:18] C:\DOCUME~1\Isabelle\APPLIC~1\InstallShield

[04.06.2008|17:00] C:\DOCUME~1\Isabelle\APPLIC~1\Leadertech

[12.07.2008|12:07] C:\DOCUME~1\Isabelle\APPLIC~1\LimeWire

[04.03.2005|20:11] C:\DOCUME~1\Isabelle\APPLIC~1\Macromedia

[23.04.2008|14:00] C:\DOCUME~1\Isabelle\APPLIC~1\Microsoft

[03.04.2007|20:19] C:\DOCUME~1\Isabelle\APPLIC~1\MSN6

[25.12.2005|16:41] C:\DOCUME~1\Isabelle\APPLIC~1\Musicmatch

[13.01.2007|15:45] C:\DOCUME~1\Isabelle\APPLIC~1\NeroDCTemplates

[26.12.2007|16:28] C:\DOCUME~1\Isabelle\APPLIC~1\Printer Info Cache

[10.11.2007|20:48] C:\DOCUME~1\Isabelle\APPLIC~1\Samsung

[23.04.2006|23:35] C:\DOCUME~1\Isabelle\APPLIC~1\Sun

[04.03.2005|06:09] C:\DOCUME~1\Isabelle\APPLIC~1\Symantec

[21.07.2008|14:17] C:\DOCUME~1\Isabelle\APPLIC~1\this bird mags

[09.06.2007|18:45] C:\DOCUME~1\Isabelle\APPLIC~1\vlc

[24.05.2006|22:02] C:\DOCUME~1\Isabelle\APPLIC~1\Vso

[10.01.2008|21:46] C:\DOCUME~1\Isabelle\APPLIC~1\WinRAR

 

[16.07.2007|14:07] C:\DOCUME~1\ISABEL~1\APPLIC~1\Adobe

[09.02.2006|20:39] C:\DOCUME~1\ISABEL~1\APPLIC~1\AdobeUM

[17.06.2006|09:12] C:\DOCUME~1\ISABEL~1\APPLIC~1\Ahead

[18.12.2004|16:37] C:\DOCUME~1\ISABEL~1\APPLIC~1\desktop.ini

[20.01.2007|17:35] C:\DOCUME~1\ISABEL~1\APPLIC~1\Google

[11.08.2006|12:25] C:\DOCUME~1\ISABEL~1\APPLIC~1\HP

[14.01.2006|21:40] C:\DOCUME~1\ISABEL~1\APPLIC~1\Identities

[11.08.2006|12:27] C:\DOCUME~1\ISABEL~1\APPLIC~1\Image Zone Express

[14.01.2006|21:44] C:\DOCUME~1\ISABEL~1\APPLIC~1\Macromedia

[14.08.2006|21:45] C:\DOCUME~1\ISABEL~1\APPLIC~1\Magic Match

[05.03.2008|22:19] C:\DOCUME~1\ISABEL~1\APPLIC~1\Microsoft

[04.02.2008|22:34] C:\DOCUME~1\ISABEL~1\APPLIC~1\Skype

 

[05.03.2008|22:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[05.03.2008|22:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[06.02.2006|21:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[21.07.2008 18:14][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job

[22.07.2008 10:27][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28.09.2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[13.06.2007|22:54] C:\Program Files\Adobe

[10.02.2006|19:30] C:\Program Files\Alwil Software

[18.12.2004|17:42] C:\Program Files\Analog Devices

[04.03.2008|19:32] C:\Program Files\Anuman Interactive

[22.12.2007|18:22] C:\Program Files\ArcSoft

[21.07.2008|21:00] C:\Program Files\Avira

[05.03.2008|22:26] C:\Program Files\AxBx

[24.12.2006|17:07] C:\Program Files\Azureus

[01.01.2007|14:12] C:\Program Files\Azureus1

[27.02.2008|21:03] C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor

[18.12.2004|17:59] C:\Program Files\CyberLink

[26.04.2008|10:57] C:\Program Files\EasyPHP 2.0b1

[26.04.2008|10:52] C:\Program Files\EasyPHP1-8

[12.07.2008|18:21] C:\Program Files\eMule

[12.07.2008|18:21] C:\Program Files\eMule2

[12.07.2008|18:40] C:\Program Files\ffdshow

[02.03.2008|22:13] C:\Program Files\Fichiers communs

[28.01.2007|09:54] C:\Program Files\Google

[27.06.2006|11:52] C:\Program Files\Hewlett-Packard

[27.06.2006|11:53] C:\Program Files\HP

[20.07.2008|16:36] C:\Program Files\InstallShield Installation Information

[18.06.2008|21:14] C:\Program Files\Internet Explorer

[08.08.2007|17:04] C:\Program Files\Java

[12.07.2008|12:02] C:\Program Files\LimeWire

[22.12.2007|18:12] C:\Program Files\Logitech

[18.12.2004|17:43] C:\Program Files\Marvell

[24.09.2005|17:07] C:\Program Files\Messenger

[29.10.2007|18:03] C:\Program Files\MessengerPlus! 3

[18.12.2004|16:47] C:\Program Files\microsoft frontpage

[21.04.2008|19:03] C:\Program Files\Microsoft Office

[21.09.2005|19:47] C:\Program Files\Movie Maker

[21.04.2008|19:02] C:\Program Files\MSECache

[18.12.2004|16:44] C:\Program Files\MSN

[11.04.2005|14:15] C:\Program Files\MSN Apps

[08.08.2007|17:06] C:\Program Files\MSN Games

[18.12.2004|16:44] C:\Program Files\MSN Gaming Zone

[12.07.2008|18:06] C:\Program Files\MSN Messenger

[24.04.2007|13:14] C:\Program Files\MSN Spy 2004

[25.12.2005|16:42] C:\Program Files\Musicmatch

[20.05.2006|18:29] C:\Program Files\Nero

[13.01.2007|14:50] C:\Program Files\nero express

[21.09.2005|19:42] C:\Program Files\NetMeeting

[28.02.2008|20:49] C:\Program Files\Neuf

[12.06.2007|23:40] C:\Program Files\Outlook Express

[22.12.2007|18:21] C:\Program Files\Philips

[13.01.2007|16:50] C:\Program Files\Philips Intelligent Agent

[15.05.2006|20:56] C:\Program Files\Real Clone DVD

[20.07.2008|16:36] C:\Program Files\SAGEM

[10.11.2007|20:33] C:\Program Files\Samsung

[23.04.2008|14:20] C:\Program Files\Script Edit

[20.07.2008|15:41] C:\Program Files\Securitoo

[18.12.2004|16:46] C:\Program Files\Services en ligne

[27.01.2006|16:26] C:\Program Files\Skype

[12.09.2007|20:54] C:\Program Files\Spybot - Search & Destroy

[08.04.2008|10:26] C:\Program Files\Spyware Doctor

[10.02.2006|19:29] C:\Program Files\Symantec

[16.12.2005|19:37] C:\Program Files\Ubisoft

[18.12.2004|17:07] C:\Program Files\Uninstall Information

[09.06.2007|13:50] C:\Program Files\VideoLAN

[22.07.2008|11:04] C:\Program Files\Wanadoo

[04.03.2008|19:38] C:\Program Files\Winamp

[11.08.2007|15:27] C:\Program Files\Windows Live

[21.07.2008|20:08] C:\Program Files\Windows Media Connect 2

[21.07.2008|20:08] C:\Program Files\Windows Media Player

[21.09.2005|19:42] C:\Program Files\Windows NT

[15.08.2005|12:00] C:\Program Files\WindowsUpdate

[10.01.2008|21:42] C:\Program Files\WinRAR

[18.12.2004|16:47] C:\Program Files\xerox

[24.12.2006|16:41] C:\Program Files\Yahoo!

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[03.09.2007|18:24] C:\Program Files\Fichiers communs\Adobe

[13.01.2007|14:53] C:\Program Files\Fichiers communs\Ahead

[18.12.2004|18:07] C:\Program Files\Fichiers communs\Designer

[20.05.2008|20:49] C:\Program Files\Fichiers communs\ErreurChasseur

[27.08.2005|10:51] C:\Program Files\Fichiers communs\Hewlett-Packard

[17.12.2007|20:55] C:\Program Files\Fichiers communs\HP

[18.12.2004|17:43] C:\Program Files\Fichiers communs\InstallShield

[23.04.2006|23:32] C:\Program Files\Fichiers communs\Java

[13.01.2007|15:21] C:\Program Files\Fichiers communs\LightScribe

[02.03.2008|22:35] C:\Program Files\Fichiers communs\Logitech

[21.04.2008|19:03] C:\Program Files\Fichiers communs\Microsoft Shared

[18.12.2004|16:45] C:\Program Files\Fichiers communs\MSSoap

[18.12.2004|16:37] C:\Program Files\Fichiers communs\ODBC

[25.12.2005|16:43] C:\Program Files\Fichiers communs\PhilipsMM

[18.12.2004|16:45] C:\Program Files\Fichiers communs\Services

[18.12.2004|16:37] C:\Program Files\Fichiers communs\SpeechEngines

[10.02.2006|19:29] C:\Program Files\Fichiers communs\Symantec Shared

[12.06.2007|23:40] C:\Program Files\Fichiers communs\System

 

--------------------\\ Process

 

( 48 Processus )

 

iexplore.exe ~ [2844]

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\DOCUME~1\ALLUSE~1\APPLIC~1\axis wait the bone

C:\DOCUME~1\Isabelle\Cookies\isabelle@advertising[1].txt

 

--------------------\\ Verification du Registre

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"the bone download 1"="C:\\Documents and Settings\\All Users\\Application Data\\axis wait the bone\\flaw live.exe"

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts MODIFIE

 

127.0.0.1 bin.errorprotector.com ## added by CiD

127.0.0.1 br.errorsafe.com ## added by CiD

127.0.0.1 br.winantivirus.com ## added by CiD

127.0.0.1 br.winfixer.com ## added by CiD

127.0.0.1 cdn.drivecleaner.com ## added by CiD

127.0.0.1 cdn.errorsafe.com ## added by CiD

127.0.0.1 cdn.winsoftware.com ## added by CiD

127.0.0.1 de.errorsafe.com ## added by CiD

127.0.0.1 de.winantivirus.com ## added by CiD

127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

127.0.0.1 download.cdn.errorsafe.com ## added by CiD

127.0.0.1 download.cdn.winsoftware.com ## added by CiD

127.0.0.1 download.errorsafe.com ## added by CiD

127.0.0.1 download.systemdoctor.com ## added by CiD

127.0.0.1 download.winantispyware.com ## added by CiD

127.0.0.1 download.windrivecleaner.com ## added by CiD

127.0.0.1 download.winfixer.com ## added by CiD

127.0.0.1 drivecleaner.com ## added by CiD

127.0.0.1 dynamique.drivecleaner.com ## added by CiD

127.0.0.1 errorprotector.com ## added by CiD

127.0.0.1 errorsafe.com ## added by CiD

127.0.0.1 es.winantivirus.com ## added by CiD

127.0.0.1 fr.winantivirus.com ## added by CiD

127.0.0.1 fr.winfixer.com ## added by CiD

127.0.0.1 go.drivecleaner.com ## added by CiD

127.0.0.1 go.errorsafe.com ## added by CiD

127.0.0.1 go.winantispyware.com ## added by CiD

127.0.0.1 go.winantivirus.com ## added by CiD

127.0.0.1 hk.winantivirus.com ## added by CiD

127.0.0.1 instlog.errorsafe.com ## added by CiD

127.0.0.1 instlog.winantivirus.com ## added by CiD

127.0.0.1 instlog.winfixer.com ## added by CiD

127.0.0.1 jsp.drivecleaner.com ## added by CiD

127.0.0.1 kb.errorsafe.com ## added by CiD

127.0.0.1 kb.winantivirus.com ## added by CiD

127.0.0.1 nl.errorsafe.com ## added by CiD

127.0.0.1 se.errorsafe.com ## added by CiD

127.0.0.1 secure.drivecleaner.com ## added by CiD

127.0.0.1 secure.errorsafe.com ## added by CiD

127.0.0.1 secure.winantispam.com ## added by CiD

127.0.0.1 secure.winantispy.com ## added by CiD

127.0.0.1 secure.winantivirus.com ## added by CiD

127.0.0.1 support.winantivirus.com ## added by CiD

127.0.0.1 trial.updates.winsoftware.com ## added by CiD

127.0.0.1 ulog.winantivirus.com ## added by CiD

127.0.0.1 utils.errorsafe.com ## added by CiD

127.0.0.1 utils.winantivirus.com ## added by CiD

127.0.0.1 utils.winfixer.com ## added by CiD

127.0.0.1 winantispyware.com ## added by CiD

127.0.0.1 winantivirus.com ## added by CiD

127.0.0.1 winfixer.com ## added by CiD

127.0.0.1 winfixer2006.com ## added by CiD

127.0.0.1 winsoftware.com ## added by CiD

127.0.0.1 www.drivecleaner.com ## added by CiD

127.0.0.1 www.errorprotector.com ## added by CiD

127.0.0.1 www.errorsafe.com ## added by CiD

127.0.0.1 www.systemdoctor.com ## added by CiD

127.0.0.1 www.utils.winfixer.com ## added by CiD

127.0.0.1 www.win-anti-virus-pro.com ## added by CiD

127.0.0.1 www.win-virus-pro.com ## added by CiD

127.0.0.1 www.winantispam.com ## added by CiD

127.0.0.1 www.winantispy.com ## added by CiD

127.0.0.1 www.winantispyware.com ## added by CiD

127.0.0.1 www.winantivirus.com ## added by CiD

127.0.0.1 www.winantiviruspro.com ## added by CiD

127.0.0.1 www.windrivecleaner.com ## added by CiD

127.0.0.1 www.windrivesafe.com ## added by CiD

127.0.0.1 www.winfixer.com ## added by CiD

127.0.0.1 www.winfixer2006.com ## added by CiD

127.0.0.1 www.winsoftware.com ## added by CiD

 

-> 72 [ 70 ## added by CiD ]

 

/!\ 1 Not 127.0.0.1 !!

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-22 11:12:30

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 297

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ Cracks & Keygens ..

 

=> C:\DOCUME~1\ALLUSE~1\Bureau\Q-DANCE RADIO HARD STREAM 128K MP3\incomplete\(1)Asys - Acid Head Cracker [303 Inferno Mix].mp3

 

 

[F:279][D:16]-> C:\DOCUME~1\Isabelle\LOCALS~1\Temp

[F:53][D:0]-> C:\DOCUME~1\Isabelle\Cookies

[F:568][D:5]-> C:\DOCUME~1\Isabelle\LOCALS~1\TEMPOR~1\content.IE5

 

--------------------\\ Fin du rapport a 11:13:30.76

 

 

 

SmitFraudFix v2.331

 

Rapport fait à 12:45:47.45, 22.07.2008

Executé à partir de C:\Documents and Settings\Isabelle\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\Philips\SPC220NC\Monitor.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Isabelle\Bureau\SmitfraudFix\Policies.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Isabelle

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Isabelle\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Isabelle\Favoris

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Ma page d'accueil"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL"

"LoadAppInit_DLLs"=dword:00000001

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets

DNS Server Search Order: 192.168.1.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{228C4964-C9F9-4581-819E-4C15EB34662F}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D7E96D8B-180B-4825-B5CA-B4160C0C39E8}: DhcpNameServer=86.64.145.141 84.103.237.141

HKLM\SYSTEM\CS1\Services\Tcpip\..\{228C4964-C9F9-4581-819E-4C15EB34662F}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{D7E96D8B-180B-4825-B5CA-B4160C0C39E8}: DhcpNameServer=86.64.145.141 84.103.237.141

HKLM\SYSTEM\CS2\Services\Tcpip\..\{228C4964-C9F9-4581-819E-4C15EB34662F}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{D7E96D8B-180B-4825-B5CA-B4160C0C39E8}: DhcpNameServer=86.64.145.141 84.103.237.141

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

[Apollo]

Bonjour,

 

Pour Avast! il reste pourtant des traces, on va passer un outil spécifique:

Exécute cet outil ->

 

http://www.avast.com/fre/avast-uninstall-utility.html

 

* Relance Lop S&D

 

 

Choisis cette fois ci l'Option 2 (Suppression)

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

 

**

Redémarrer l'ordinateur en mode sans échec (tapoter F8 au boot pour obtenir le menu de démarrage

ou tuto Symantec).

 

Double-clique sur smitfraudfix.cmd

• Sélectionne 2 pour supprimer les fichiers responsables de l'infection.
  
• A la question Voulez-vous nettoyer le registre ? réponds O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.
  Le fix déterminera si le fichier wininet.dll est infecté.
  
• A la question Corriger le fichier infecté ? réponds O (oui) pour remplacer le fichier corrompu.
  
• Redémarre en mode normal et poste le rapport sur le forum.
  N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1
  Attention : l'option 2 de l'outil supprime le fond d'écran !
  

 

process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky...) comme étant un RiskTool.

Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

 

Poste donc: le rapport de Lop s&d (option 2) Smitfraudfix (option2) ainsi qu'un nouveau log Hijackthis fait après le redémarrage du pc.

 

@ + tard

[krikri58]

voici les 3 rapports

 

 

 

--------------------\\ Lop S&D 4.2.2-2 XP/Vista

 

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Isabelle ] [ "C:\Lop SD" ] [ Selection : 2 ]

[ 22.07.2008 | 14:11:03.10 ] [ PC : CHIEFTEC ]

[ MAJ : 20-07-2008 | 12:15 ]

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

 

Supprime! - C:\DOCUME~1\Isabelle\Cookies\isabelle@advertising[1].txt

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\axis wait the bone

RestaurÚ! - Fichier Hosts

 

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

Supprime! - C:\DOCUME~1\Isabelle\APPLIC~1\DriveCleaner Free

Supprime! - C:\DOCUME~1\Isabelle\APPLIC~1\ErreurChasseur

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErreurChasseur

 

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[13.06.2007|22:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[21.07.2008|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[18.12.2004|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink

[18.12.2004|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

[01.06.2007|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD X Studios

[20.01.2007|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[19.05.2008|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft

[27.08.2005|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP

[27.06.2006|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log

[04.06.2008|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt

[04.03.2008|19:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[20.04.2007|11:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[12.03.2005|12:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6

[23.12.2006|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage

[13.01.2007|15:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Philips Intelligent Agent

[04.11.2007|16:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor

[12.09.2007|20:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[10.02.2006|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[08.04.2008|10:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[11.09.2005|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[24.12.2006|17:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

 

[18.12.2004|16:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

[02.12.2007|21:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[27.02.2008|20:51] C:\DOCUME~1\Isabelle\APPLIC~1\Adobe

[02.07.2006|15:05] C:\DOCUME~1\Isabelle\APPLIC~1\AdobeUM

[13.01.2007|15:57] C:\DOCUME~1\Isabelle\APPLIC~1\Ahead

[22.12.2007|18:38] C:\DOCUME~1\Isabelle\APPLIC~1\ArcSoft

[19.05.2008|21:18] C:\DOCUME~1\Isabelle\APPLIC~1\Azureus

[25.02.2005|20:44] C:\DOCUME~1\Isabelle\APPLIC~1\CyberLink

[18.12.2004|16:37] C:\DOCUME~1\Isabelle\APPLIC~1\desktop.ini

[21.04.2008|19:32] C:\DOCUME~1\Isabelle\APPLIC~1\GDIPFONTCACHEV1.DAT

[28.05.2006|21:26] C:\DOCUME~1\Isabelle\APPLIC~1\GdiplusUpgrade_MSIApproach_Wrapper.log

[29.10.2006|12:47] C:\DOCUME~1\Isabelle\APPLIC~1\Google

[04.03.2005|20:09] C:\DOCUME~1\Isabelle\APPLIC~1\Help

[26.10.2006|14:37] C:\DOCUME~1\Isabelle\APPLIC~1\HP

[22.02.2005|08:13] C:\DOCUME~1\Isabelle\APPLIC~1\Identities

[26.12.2007|16:36] C:\DOCUME~1\Isabelle\APPLIC~1\Image Zone Express

[22.12.2007|18:18] C:\DOCUME~1\Isabelle\APPLIC~1\InstallShield

[04.06.2008|17:00] C:\DOCUME~1\Isabelle\APPLIC~1\Leadertech

[12.07.2008|12:07] C:\DOCUME~1\Isabelle\APPLIC~1\LimeWire

[04.03.2005|20:11] C:\DOCUME~1\Isabelle\APPLIC~1\Macromedia

[23.04.2008|14:00] C:\DOCUME~1\Isabelle\APPLIC~1\Microsoft

[03.04.2007|20:19] C:\DOCUME~1\Isabelle\APPLIC~1\MSN6

[25.12.2005|16:41] C:\DOCUME~1\Isabelle\APPLIC~1\Musicmatch

[13.01.2007|15:45] C:\DOCUME~1\Isabelle\APPLIC~1\NeroDCTemplates

[26.12.2007|16:28] C:\DOCUME~1\Isabelle\APPLIC~1\Printer Info Cache

[10.11.2007|20:48] C:\DOCUME~1\Isabelle\APPLIC~1\Samsung

[23.04.2006|23:35] C:\DOCUME~1\Isabelle\APPLIC~1\Sun

[04.03.2005|06:09] C:\DOCUME~1\Isabelle\APPLIC~1\Symantec

[21.07.2008|14:17] C:\DOCUME~1\Isabelle\APPLIC~1\this bird mags

[09.06.2007|18:45] C:\DOCUME~1\Isabelle\APPLIC~1\vlc

[24.05.2006|22:02] C:\DOCUME~1\Isabelle\APPLIC~1\Vso

[10.01.2008|21:46] C:\DOCUME~1\Isabelle\APPLIC~1\WinRAR

 

[16.07.2007|14:07] C:\DOCUME~1\ISABEL~1\APPLIC~1\Adobe

[09.02.2006|20:39] C:\DOCUME~1\ISABEL~1\APPLIC~1\AdobeUM

[17.06.2006|09:12] C:\DOCUME~1\ISABEL~1\APPLIC~1\Ahead

[18.12.2004|16:37] C:\DOCUME~1\ISABEL~1\APPLIC~1\desktop.ini

[20.01.2007|17:35] C:\DOCUME~1\ISABEL~1\APPLIC~1\Google

[11.08.2006|12:25] C:\DOCUME~1\ISABEL~1\APPLIC~1\HP

[14.01.2006|21:40] C:\DOCUME~1\ISABEL~1\APPLIC~1\Identities

[11.08.2006|12:27] C:\DOCUME~1\ISABEL~1\APPLIC~1\Image Zone Express

[14.01.2006|21:44] C:\DOCUME~1\ISABEL~1\APPLIC~1\Macromedia

[14.08.2006|21:45] C:\DOCUME~1\ISABEL~1\APPLIC~1\Magic Match

[05.03.2008|22:19] C:\DOCUME~1\ISABEL~1\APPLIC~1\Microsoft

[04.02.2008|22:34] C:\DOCUME~1\ISABEL~1\APPLIC~1\Skype

 

[05.03.2008|22:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[05.03.2008|22:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[06.02.2006|21:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[21.07.2008 18:14][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job

[22.07.2008 10:27][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28.09.2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[13.06.2007|22:54] C:\Program Files\Adobe

[10.02.2006|19:30] C:\Program Files\Alwil Software

[18.12.2004|17:42] C:\Program Files\Analog Devices

[04.03.2008|19:32] C:\Program Files\Anuman Interactive

[22.12.2007|18:22] C:\Program Files\ArcSoft

[21.07.2008|21:00] C:\Program Files\Avira

[05.03.2008|22:26] C:\Program Files\AxBx

[24.12.2006|17:07] C:\Program Files\Azureus

[01.01.2007|14:12] C:\Program Files\Azureus1

[27.02.2008|21:03] C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor

[18.12.2004|17:59] C:\Program Files\CyberLink

[26.04.2008|10:57] C:\Program Files\EasyPHP 2.0b1

[26.04.2008|10:52] C:\Program Files\EasyPHP1-8

[12.07.2008|18:21] C:\Program Files\eMule

[12.07.2008|18:21] C:\Program Files\eMule2

[12.07.2008|18:40] C:\Program Files\ffdshow

[02.03.2008|22:13] C:\Program Files\Fichiers communs

[28.01.2007|09:54] C:\Program Files\Google

[27.06.2006|11:52] C:\Program Files\Hewlett-Packard

[27.06.2006|11:53] C:\Program Files\HP

[20.07.2008|16:36] C:\Program Files\InstallShield Installation Information

[18.06.2008|21:14] C:\Program Files\Internet Explorer

[08.08.2007|17:04] C:\Program Files\Java

[12.07.2008|12:02] C:\Program Files\LimeWire

[22.12.2007|18:12] C:\Program Files\Logitech

[18.12.2004|17:43] C:\Program Files\Marvell

[24.09.2005|17:07] C:\Program Files\Messenger

[29.10.2007|18:03] C:\Program Files\MessengerPlus! 3

[18.12.2004|16:47] C:\Program Files\microsoft frontpage

[21.04.2008|19:03] C:\Program Files\Microsoft Office

[21.09.2005|19:47] C:\Program Files\Movie Maker

[21.04.2008|19:02] C:\Program Files\MSECache

[18.12.2004|16:44] C:\Program Files\MSN

[11.04.2005|14:15] C:\Program Files\MSN Apps

[08.08.2007|17:06] C:\Program Files\MSN Games

[18.12.2004|16:44] C:\Program Files\MSN Gaming Zone

[12.07.2008|18:06] C:\Program Files\MSN Messenger

[24.04.2007|13:14] C:\Program Files\MSN Spy 2004

[25.12.2005|16:42] C:\Program Files\Musicmatch

[20.05.2006|18:29] C:\Program Files\Nero

[13.01.2007|14:50] C:\Program Files\nero express

[21.09.2005|19:42] C:\Program Files\NetMeeting

[28.02.2008|20:49] C:\Program Files\Neuf

[12.06.2007|23:40] C:\Program Files\Outlook Express

[22.12.2007|18:21] C:\Program Files\Philips

[13.01.2007|16:50] C:\Program Files\Philips Intelligent Agent

[15.05.2006|20:56] C:\Program Files\Real Clone DVD

[20.07.2008|16:36] C:\Program Files\SAGEM

[10.11.2007|20:33] C:\Program Files\Samsung

[23.04.2008|14:20] C:\Program Files\Script Edit

[20.07.2008|15:41] C:\Program Files\Securitoo

[18.12.2004|16:46] C:\Program Files\Services en ligne

[27.01.2006|16:26] C:\Program Files\Skype

[12.09.2007|20:54] C:\Program Files\Spybot - Search & Destroy

[08.04.2008|10:26] C:\Program Files\Spyware Doctor

[10.02.2006|19:29] C:\Program Files\Symantec

[16.12.2005|19:37] C:\Program Files\Ubisoft

[18.12.2004|17:07] C:\Program Files\Uninstall Information

[09.06.2007|13:50] C:\Program Files\VideoLAN

[22.07.2008|11:04] C:\Program Files\Wanadoo

[04.03.2008|19:38] C:\Program Files\Winamp

[11.08.2007|15:27] C:\Program Files\Windows Live

[21.07.2008|20:08] C:\Program Files\Windows Media Connect 2

[21.07.2008|20:08] C:\Program Files\Windows Media Player

[21.09.2005|19:42] C:\Program Files\Windows NT

[15.08.2005|12:00] C:\Program Files\WindowsUpdate

[10.01.2008|21:42] C:\Program Files\WinRAR

[18.12.2004|16:47] C:\Program Files\xerox

[24.12.2006|16:41] C:\Program Files\Yahoo!

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[03.09.2007|18:24] C:\Program Files\Fichiers communs\Adobe

[13.01.2007|14:53] C:\Program Files\Fichiers communs\Ahead

[18.12.2004|18:07] C:\Program Files\Fichiers communs\Designer

[20.05.2008|20:49] C:\Program Files\Fichiers communs\ErreurChasseur

[27.08.2005|10:51] C:\Program Files\Fichiers communs\Hewlett-Packard

[17.12.2007|20:55] C:\Program Files\Fichiers communs\HP

[18.12.2004|17:43] C:\Program Files\Fichiers communs\InstallShield

[23.04.2006|23:32] C:\Program Files\Fichiers communs\Java

[13.01.2007|15:21] C:\Program Files\Fichiers communs\LightScribe

[02.03.2008|22:35] C:\Program Files\Fichiers communs\Logitech

[21.04.2008|19:03] C:\Program Files\Fichiers communs\Microsoft Shared

[18.12.2004|16:45] C:\Program Files\Fichiers communs\MSSoap

[18.12.2004|16:37] C:\Program Files\Fichiers communs\ODBC

[25.12.2005|16:43] C:\Program Files\Fichiers communs\PhilipsMM

[18.12.2004|16:45] C:\Program Files\Fichiers communs\Services

[18.12.2004|16:37] C:\Program Files\Fichiers communs\SpeechEngines

[10.02.2006|19:29] C:\Program Files\Fichiers communs\Symantec Shared

[12.06.2007|23:40] C:\Program Files\Fichiers communs\System

 

--------------------\\ Process

 

( 46 Processus )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-22 14:12:11

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 297

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ Cracks & Keygens ..

 

=> C:\DOCUME~1\ALLUSE~1\Bureau\Q-DANCE RADIO HARD STREAM 128K MP3\incomplete\(1)Asys - Acid Head Cracker [303 Inferno Mix].mp3

 

 

[F:279][D:16]-> C:\DOCUME~1\Isabelle\LOCALS~1\Temp

[F:56][D:0]-> C:\DOCUME~1\Isabelle\Cookies

[F:846][D:5]-> C:\DOCUME~1\Isabelle\LOCALS~1\TEMPOR~1\content.IE5

 

--------------------\\ Fin du rapport a 14:13:13.10

 

 

SmitFraudFix v2.331

 

Rapport fait à 14:27:40.67, 22.07.2008

Executé à partir de C:\Documents and Settings\Isabelle\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode sans echec

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{228C4964-C9F9-4581-819E-4C15EB34662F}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D7E96D8B-180B-4825-B5CA-B4160C0C39E8}: DhcpNameServer=86.64.145.141 84.103.237.141

HKLM\SYSTEM\CS1\Services\Tcpip\..\{228C4964-C9F9-4581-819E-4C15EB34662F}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{D7E96D8B-180B-4825-B5CA-B4160C0C39E8}: DhcpNameServer=86.64.145.141 84.103.237.141

HKLM\SYSTEM\CS2\Services\Tcpip\..\{228C4964-C9F9-4581-819E-4C15EB34662F}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{D7E96D8B-180B-4825-B5CA-B4160C0C39E8}: DhcpNameServer=86.64.145.141 84.103.237.141

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

Nettoyage terminé.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:42:54, on 22.07.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\Philips\SPC220NC\Monitor.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe

C:\Documents and Settings\Isabelle\Bureau\HijackThis.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe

O4 - HKLM\..\Run: [ugescw] "C:\PROGRA~1\ERREUR~1\ugescw.exe" -start

O4 - HKLM\..\Run: [salestart] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sixth Dent] C:\DOCUME~1\Isabelle\APPLIC~1\THISBI~1\WebRemote.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: TrayMin220.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124099845656

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

 

--

End of file - 11782 bytes

[Apollo]

Re,

 

Fais une analyse avec MalwareBytes après l'avoir configuré comme le préconise Malekal:

http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

 

Fais une analyse complète en sélectionnant tous les disques ou partitions.

Supprime ce qu'il trouve puis prends le rapport qui se trouve dans "Rapports/Logs".

 

Garde cet outil pour des analyses ponctuelles, il est très efficace.

 

Refais un log Hijackthis après ça et poste les deux rapports stp.

[krikri58]

voici les 2 rapports.

 

Malwarebytes' Anti-Malware 1.22

Version de la base de données: 978

Windows 5.1.2600 Service Pack 2

 

19:24:08 22.07.2008

mbam-log-7-22-2008 (19-24-08).txt

 

Type de recherche: Examen complet (A:\|C:\|D:\|)

Eléments examinés: 100614

Temps écoulé: 57 minute(s), 14 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 2

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

 

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:31:21, on 22.07.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\Philips\SPC220NC\Monitor.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Documents and Settings\Isabelle\Bureau\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe

O4 - HKLM\..\Run: [ugescw] "C:\PROGRA~1\ERREUR~1\ugescw.exe" -start

O4 - HKLM\..\Run: [salestart] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sixth Dent] C:\DOCUME~1\Isabelle\APPLIC~1\THISBI~1\WebRemote.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: TrayMin220.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124099845656

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

 

--

End of file - 11815 bytes

[Apollo]

Re,

 

Désactive le teatimer de Spybot en passant par les options de Spybot: une fois dans le logiciel, il faut aller dans le menu "Mode" => coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Teatimer" . Tu ne dois plus voir l'icône du Teatimer dans la barre de tâches!

Ne fais pas l'impasse sur cette étape, car ca peut faire échouer la procédure de désinfection !

 

Relance Hijackthis "do a system scan only" et coche les cases devant ces lignes:

 

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

O4 - HKLM\..\Run: [salestart] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sixth Dent] C:\DOCUME~1\Isabelle\APPLIC~1\THISBI~1\WebRemote.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: TrayMin220.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

 

Ferme tous les programmes ouverts et les fenêtres web et clique sur Fix Checked.

 

Cherche et élimine les fichiers/dossiers si présents:(indiqués en gras)

 

c:\program files\fichiers communs\erreurchasseur\strpmon.exe

c:\program files\thisbi~1\webremote.exe

 

**

Stp rends- toi sur cette page afin de télécharger Winreg5.reg

 

> http://www.sendspace.com/file/zbkcpx

pour cela, clique sur le lien en bas de page > Download Link: Winreg5.reg et enregistre-le sur le bureau.

 

Double-clique sur ce fichier et accepte la fusion dans le registre; cela dure une fraction de seconde.

 

Tu peux ensuite mettre le fichier Winreg5 à la corbeille et vider celle-ci.

 

*** Télécharger ATF Cleaner par Atribune.

• Double-clique ATF-Cleaner.exe afin de lancer le programme.
  Sous l'onglet Main, choisis : Select All
  Cliquer sur le bouton Empty Selected
  

Si tu utilises le navigateur Firefox :

• Clique Firefox au haut et choisis : Select All
  Cliquer le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
  

Si tu utilises le navigateur Opera :

• Clique Opera au haut et choisis : Select All
  Cliquer le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, cliquer No à l'invite.
  

Clique Exit, du menu principal, afin de fermer le programme.

Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

 

Redémarre le pc et poste un nouveau log Hijackthis stp.

@++

[krikri58]

Voici le rapport hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:07:26, on 23.07.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\Philips\SPC220NC\Monitor.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Documents and Settings\Isabelle\Bureau\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe

O4 - HKLM\..\Run: [ugescw] "C:\PROGRA~1\ERREUR~1\ugescw.exe" -start

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124099845656

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

 

--

End of file - 9988 bytes

[krikri58]

je voulais savoir aussi si c est du au pc infecté que l ecran défile bizarrement, avec des traits et de manière s accadée

 

je sais que cela ne vient pas de l écran car j ai essayé sur 2 écrans différents et le résultat est identique.

 

PS au passage MERCI à ta rapidité Apollo 01