Aide sur analyse de HijackThis

bensalim · le 16 août 2008

bonjour merci bk pour ton assistant

j'ai un seul disque dûr partitionner en 2 disque C: et D:

donc D: c'est mon 2éme disque dûr

voila mon nouveau rapport de HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:11:14, on 16/08/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Webroot\Washer\WasherSvc.exe

C:\Program Files\TinaSoft\Easy Cafe Server\EASYSERVER.EXE

C:\WINDOWS\System32\alg.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Winamp\winamp.exe

C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_3_0.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{742C343D-4B6A-426E-8418-A14B6D008D62}: NameServer = 192.168.1.1

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--

End of file - 6719 bytes

merci encore 1000 fois

je trouve pas les mots pour te remercier

Gof · le 16 août 2008

Bonsoir bensalim

Ton rapport HijackThis ne révèle plus de traces d'infections. Je vais juste te faire corriger des entrées obsolètes.

Relance un scan HijackThis

Clique sur Do a system scan only et coche les lignes ci-dessous :

O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

Ferme toutes les fenêtres sauf HijackThis et Fix Checked.

Je vois que Norton n'est plus présent ? Tu t'en es débarrassé pour Antivir ? Bien que je te l'aurais vivement suggéré, je ne te l'aurais pas imposé. C'est toutefois une bonne chose

Il semble que tu sois venu à bout de cette infection.

Je vais te demander de redémarrer ton PC, d'ouvrir des répertoires en C, puis en D, aléatoirement. Ensuite, renouvelle un rapport Diaghelp afin de confirmer que l'infection et sa propagation ont été neutralisées.

A bientôt.

bensalim · le 17 août 2008

dernier rapport d'analyse avec COMBOFIX

ComboFix 08-08-14.03 - Abdelhamid 2008-08-17 18:25:28.3 - NTFSx86

Endroit: C:\Documents and Settings\Abdelhamid\Bureau\ComboFix.exe

* Resident AV is active

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))))))))

.

2008-08-17 18:04 . 2008-08-17 18:05 <REP> d-------- C:\Program Files\Publication Web

2008-08-17 18:04 . 1998-05-22 10:00 145,872 -ra------ C:\WINDOWS\system32\WEBPOST.DLL

2008-08-17 18:04 . 1998-05-25 17:17 121,472 -ra------ C:\WINDOWS\system32\CRSWPP.DLL

2008-08-17 18:04 . 1998-05-22 10:00 112,064 -ra------ C:\WINDOWS\system32\WPWIZDLL.DLL

2008-08-17 18:04 . 1998-05-22 10:00 98,960 -ra------ C:\WINDOWS\system32\FTPWPP.DLL

2008-08-17 18:04 . 1998-05-22 09:57 98,496 -ra------ C:\WINDOWS\system32\POSTWPP.DLL

2008-08-17 18:04 . 1998-05-25 17:16 93,456 -ra------ C:\WINDOWS\system32\FPWPP.DLL

2008-08-17 18:04 . 1998-05-25 17:15 50,816 -ra------ C:\WINDOWS\system32\PIPARSE.DLL

2008-08-17 16:49 . 2008-08-17 16:49 <REP> d-------- C:\GAMES

2008-08-16 11:55 . 2008-08-16 11:55 <REP> d-------- C:\Program Files\Avira

2008-08-16 11:55 . 2008-08-16 11:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-08-15 17:00 . 2008-08-15 17:00 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-08-15 17:00 . 2008-08-15 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-08-15 17:00 . 2008-08-15 17:00 <REP> d-------- C:\Documents and Settings\Abdelhamid\Application Data\Malwarebytes

2008-08-15 17:00 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-15 17:00 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-15 16:16 . 2008-08-15 16:16 <REP> d-------- C:\Program Files\MSECache

2008-08-15 12:44 . 2008-08-15 12:44 0 ---hs---- C:\WINDOWS\S7EB0C8A7.tmp

2008-08-14 11:46 . 2008-08-14 11:46 <REP> d-------- C:\Program Files\Trend Micro

2008-08-08 19:04 . 2008-08-09 11:24 <REP> d-------- C:\Program Files\WinAVI Video Converter

2008-08-08 17:33 . 2008-08-08 17:33 <REP> d-------- C:\DriveKey

2008-08-07 13:50 . 2008-08-07 13:50 <REP> d-------- C:\My Documents

2008-08-07 13:48 . 2008-08-08 17:43 <REP> d-------- C:\Program Files\Amor SWF to Video Converter

2008-08-03 11:48 . 2008-08-09 16:04 <REP> d-------- C:\Documents and Settings\Abdelhamid\Application Data\FileZilla

2008-08-03 11:46 . 2008-08-03 11:47 <REP> d-------- C:\Program Files\FileZilla FTP Client

2008-08-01 12:06 . 2008-08-01 12:16 <REP> d-------- C:\Program Files\HDGraph

2008-08-01 01:39 . 2006-06-29 14:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-08-01 01:10 . 2008-08-01 01:10 <REP> d-------- C:\Program Files\MSXML 6.0

2008-07-28 16:30 . 2008-07-28 16:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8

2008-07-28 13:57 . 2008-07-28 13:57 <REP> d-------- C:\WINDOWS\Sun

2008-07-28 13:55 . 2005-04-13 04:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl

2008-07-28 13:53 . 2008-07-28 13:55 <REP> d-------- C:\Program Files\Java

2008-07-28 13:51 . 2008-07-28 13:51 <REP> d-------- C:\Program Files\Fichiers communs\Java

2008-07-28 11:27 . 2008-07-28 11:28 <REP> d-------- C:\Program Files\ReaConverter Pro

2008-07-27 15:06 . 2008-07-27 15:06 <REP> d-------- C:\WINDOWS\system32\RMBin

2008-07-27 15:06 . 2002-01-05 07:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll

2008-07-27 15:06 . 2002-01-05 06:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2008-07-27 15:06 . 2002-01-05 12:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2008-07-27 15:06 . 2008-07-27 15:06 53,760 --a------ C:\WINDOWS\system\ppacklib.dll

2008-07-27 14:11 . 2008-07-27 18:37 <REP> d-------- C:\TEMP

2008-07-27 14:09 . 2008-07-27 17:08 <REP> d-------- C:\Program Files\AVI MPEG WMV RM to MP3 Converter

2008-07-27 00:28 . 2008-07-28 15:00 <REP> d-------- C:\Program Files\AMT

2008-07-26 23:33 . 2001-08-17 22:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2008-07-26 23:33 . 2001-08-17 22:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys

2008-07-26 12:50 . 2008-07-26 15:20 <REP> d-------- C:\WINDOWS\BDOSCAN8

2008-07-25 20:53 . 2005-02-27 22:48 356,352 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax

2008-07-24 19:37 . 2008-07-24 19:37 <REP> d-------- C:\Program Files\JPEG Camera

2008-07-22 12:27 . 2008-07-27 17:42 <REP> d-------- C:\Program Files\QuickMediaConverter

2008-07-22 12:12 . 2008-07-22 12:25 <REP> d-------- C:\Program Files\NewLive All Media To Mp3 Converter

2008-07-19 13:58 . 2008-07-19 20:07 <REP> d-------- C:\Program Files\MOBILedit!

2008-07-18 21:12 . 2003-07-16 15:27 43,264 --a------ C:\WINDOWS\system32\drivers\ser2pl.sys

2008-07-18 21:10 . 2008-08-08 17:33 <REP> d--h----- C:\Program Files\InstallShield Installation Information

2008-07-18 20:57 . 2008-07-18 20:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite

2008-07-18 20:57 . 2008-07-18 20:57 <REP> d-------- C:\Documents and Settings\Abdelhamid\Application Data\PC Suite

2008-07-18 20:57 . 2008-07-18 20:59 <REP> d-------- C:\Documents and Settings\Abdelhamid\Application Data\Nokia

2008-07-18 20:50 . 2008-07-18 20:50 <REP> d-------- C:\Program Files\DIFX

2008-07-18 20:50 . 2007-09-17 16:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys

2008-07-18 20:49 . 2008-07-18 20:49 <REP> d-------- C:\Program Files\PC Connectivity Solution

2008-07-18 20:46 . 2008-05-07 08:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-07-18 20:22 . 2008-07-18 20:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations

2008-07-17 13:47 . 2008-08-11 19:45 <REP> d-------- C:\Program Files\Windows Live Safety Center

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-17 16:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-08-17 15:43 --------- d-----w C:\Documents and Settings\Abdelhamid\Application Data\uTorrent

2008-08-16 11:06 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2008-08-16 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-08-12 10:24 --------- d-----w C:\Program Files\Spyware Doctor

2008-08-07 11:21 --------- d-----w C:\Program Files\uTorrent

2008-08-03 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-08-02 11:34 --------- d-----w C:\Program Files\ma-config.com

2008-08-02 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com

2008-07-27 00:35 --------- d-----w C:\Program Files\Real Alternative

2008-07-18 20:09 --------- d-----w C:\Program Files\Fichiers communs\InstallShield

2008-07-15 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\09

2008-07-14 10:55 308,600 ----a-w C:\Documents and Settings\All Users\Application Data\NortonProtectionMemo.exe

2008-07-07 23:30 --------- d-----w C:\Program Files\X2CD

2008-07-07 20:32 --------- d-----w C:\Program Files\TVAnts

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-05 21:56 --------- d-----w C:\Program Files\SatelliteTVforPC

2008-07-01 23:27 --------- d-----w C:\Documents and Settings\Abdelhamid\Application Data\U3

2008-06-30 16:11 --------- d-----w C:\Program Files\Smart Projects

2008-06-30 15:56 --------- d-----w C:\Program Files\Tunatic

2008-06-25 18:32 --------- d-----w C:\Program Files\IObit

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-22 18:33 --------- d-----w C:\Documents and Settings\Abdelhamid\Application Data\Ahead

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 -c--a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 -c--a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 -c--a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-19 23:20 --------- d-----w C:\Program Files\Ahead

2008-06-19 23:19 --------- d-----w C:\Program Files\Fichiers communs\Ahead

2008-06-19 00:00 --------- d-----w C:\Program Files\Nero

2008-06-19 00:00 --------- d-----w C:\Program Files\Fichiers communs\Nero

2008-06-19 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero

2002-09-24 08:24 61,440 -c--a-w C:\WINDOWS\inf\i386\onetUSD.dll

2002-08-19 07:46 36,864 -c--a-w C:\WINDOWS\inf\i386\Vizmicro.dll

2002-05-16 09:21 286,720 -c--a-w C:\WINDOWS\inf\i386\rtscan.dll

2002-05-16 09:20 172,032 -c--a-w C:\WINDOWS\inf\i386\viceo.dll

2001-08-03 18:29 13,824 -c--a-w C:\WINDOWS\inf\i386\Usbscan.sys

.

((((((((((((((((((((((((((((( snapshot@2008-08-15_12.54.47.45 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-05-10 09:11:42 1,767,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\PPCNV.DLL

+ 2007-03-21 18:00:06 72,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\PXBCOM.EXE

+ 2007-03-21 17:58:40 4,145,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\WRD12CNV.DLL

+ 2007-03-21 17:58:46 24,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\WRD12EXE.EXE

+ 2007-05-10 09:25:40 14,677,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\XL12CNV.EXE

+ 2008-08-16 10:27:02 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe

+ 1998-07-12 23:00:00 16,384 ----a-w C:\WINDOWS\system32\ADODCFR.DLL

+ 1998-07-12 23:00:00 20,992 ----a-w C:\WINDOWS\system32\CMCT2FR.DLL

+ 1998-07-12 23:00:00 28,672 ----a-w C:\WINDOWS\system32\CMCT3FR.DLL

+ 1998-07-12 23:00:00 89,600 ----a-w C:\WINDOWS\system32\CMCTLFR.DLL

+ 1998-07-12 23:00:00 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL

+ 1997-11-30 23:00:00 57,342 ----a-w C:\WINDOWS\system32\COMMTB32.DLL

+ 1998-07-12 23:00:00 31,232 ----a-w C:\WINDOWS\system32\DATGDFR.DLL

+ 1998-07-12 23:00:00 30,720 ----a-w C:\WINDOWS\system32\DATLSFR.DLL

+ 1998-07-12 23:00:00 21,504 ----a-w C:\WINDOWS\system32\DATRPFR.DLL

+ 1998-06-17 23:00:00 45,056 ----a-w C:\WINDOWS\system32\DBADAPT.DLL

+ 1998-07-12 23:00:00 31,232 ----a-w C:\WINDOWS\system32\DBLSTFR.DLL

+ 1998-06-23 23:00:00 16,656 ----a-w C:\WINDOWS\system32\DBMSSHRN.DLL

+ 1998-06-23 23:00:00 11,536 ----a-w C:\WINDOWS\system32\DBMSSOCN.DLL

+ 1998-07-12 23:00:00 33,280 ----a-w C:\WINDOWS\system32\DBRPRFR.DLL

+ 1998-07-12 23:00:00 51,200 ----a-w C:\WINDOWS\system32\DBRPTFR.DLL

+ 2008-05-09 12:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys

+ 2008-01-21 17:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys

+ 2008-06-27 14:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys

- 2008-08-15 10:37:39 13,789 ----a-w C:\WINDOWS\system32\drivers\klif.sys

+ 2008-08-15 19:03:23 13,789 ----a-w C:\WINDOWS\system32\drivers\klif.sys

+ 2007-03-01 09:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys

+ 1998-07-12 23:00:00 40,960 ----a-w C:\WINDOWS\system32\FLXGDFR.DLL

- 2008-08-01 10:38:33 312,376 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-08-15 17:11:58 331,480 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 1998-07-02 23:00:00 31,744 ----a-w C:\WINDOWS\system32\HLP95EN.DLL

+ 1998-06-29 23:00:00 182,226 ----a-w C:\WINDOWS\system32\HTMUTIL.DLL

+ 1998-07-12 23:00:00 15,360 ----a-w C:\WINDOWS\system32\INETFR.DLL

+ 1998-07-12 23:00:00 32,768 ----a-w C:\WINDOWS\system32\MCIFR.DLL

+ 1998-06-19 23:00:00 65,200 ----a-w C:\WINDOWS\system32\MDT2FW95.DLL

+ 1998-06-17 23:00:00 77,824 ----a-w C:\WINDOWS\system32\MSBIND.DLL

+ 1998-07-12 23:00:00 59,904 ----a-w C:\WINDOWS\system32\MSCC2FR.DLL

+ 1998-07-12 23:00:00 107,520 ----a-w C:\WINDOWS\system32\MSCH2FR.DLL

+ 1998-07-12 23:00:00 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL

+ 1998-07-12 23:00:00 13,824 ----a-w C:\WINDOWS\system32\MSCOMFR.DLL

+ 1998-06-17 23:00:00 311,296 ----a-w C:\WINDOWS\system32\MSDBRPT.DLL

+ 1998-06-17 23:00:00 299,008 ----a-w C:\WINDOWS\system32\MSDBRPTR.DLL

+ 1998-07-12 23:00:00 51,200 ----a-w C:\WINDOWS\system32\MSHFGFR.DLL

+ 1998-04-24 23:00:00 1,045,776 ----a-w C:\WINDOWS\system32\MSJET35.DLL

+ 1998-07-06 23:00:00 149,776 ----a-w C:\WINDOWS\system32\MSJINT35.DLL

+ 1998-05-30 23:00:00 1,233,680 ----a-w C:\WINDOWS\system32\MSJT4JLT.DLL

+ 1998-04-24 23:00:00 24,848 ----a-w C:\WINDOWS\system32\MSJTER35.DLL

+ 1998-07-12 23:00:00 23,040 ----a-w C:\WINDOWS\system32\MSMPIFR.DLL

+ 1998-07-12 23:00:00 20,480 ----a-w C:\WINDOWS\system32\MSMSKFR.DLL

+ 1998-04-24 23:00:00 252,176 ----a-w C:\WINDOWS\system32\MSRD2X35.DLL

+ 1998-04-24 23:00:00 407,312 ----a-w C:\WINDOWS\system32\MSREPL35.DLL

+ 1998-05-30 23:00:00 72,704 ----a-w C:\WINDOWS\system32\ODBCTL32.DLL

+ 1998-07-12 23:00:00 9,728 ----a-w C:\WINDOWS\system32\PCCLPFR.DLL

+ 1998-07-12 23:00:00 34,304 ----a-w C:\WINDOWS\system32\RCHTXFR.DLL

+ 1998-07-12 23:00:00 68,096 ----a-w C:\WINDOWS\system32\RDO20FR.DLL

+ 1998-06-10 23:00:00 15,120 ----a-w C:\WINDOWS\system32\REPUTIL.DLL

+ 1998-04-24 23:00:00 32,256 ----a-w C:\WINDOWS\system32\SELFREG.DLL

+ 1998-07-12 23:00:00 5,120 ----a-w C:\WINDOWS\system32\SQLPAFR.DLL

+ 1998-06-17 23:00:00 118,784 ----a-w C:\WINDOWS\system32\SQLPARSE.DLL

+ 1998-07-12 23:00:00 6,656 ----a-w C:\WINDOWS\system32\STDFTFR.DLL

+ 1998-07-12 23:00:00 10,240 ----a-w C:\WINDOWS\system32\SYSINFR.DLL

+ 1998-07-12 23:00:00 21,504 ----a-w C:\WINDOWS\system32\TABCTFR.DLL

+ 1998-06-17 23:00:00 153,600 ----a-w C:\WINDOWS\system32\TLBINF32.DLL

+ 1998-06-17 23:00:00 89,360 ----a-w C:\WINDOWS\system32\VB5DB.DLL

+ 1998-07-12 23:00:00 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL

+ 1998-07-12 23:00:00 102,912 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL

+ 1998-04-24 23:00:00 368,912 ----a-w C:\WINDOWS\system32\VBAR332.DLL

- 2001-08-28 12:00:00 20,535 -c--a-w C:\WINDOWS\system32\vfpodbc.dll

+ 1998-07-14 23:00:00 978,704 -c--a-w C:\WINDOWS\system32\vfpodbc.dll

+ 1998-06-12 23:00:00 30,720 ----a-w C:\WINDOWS\system32\WINDBVER.EXE

+ 1998-07-12 23:00:00 15,872 ----a-w C:\WINDOWS\system32\WINSKFR.DLL

+ 2005-09-22 22:48:08 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll

+ 2005-09-22 22:48:08 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll

+ 2005-09-22 22:48:06 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]

"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-06-12 17:37 219952]

"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-06-25 14:58 1209584]

"ares"="C:\Program Files\Ares\Ares.exe" [2008-02-20 15:33 963072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 16:14 1107848]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoRun"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

--a------ 2008-06-12 17:37 219952 C:\Program Files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\TinaSoft\\Easy Cafe Server\\EasyServer.exe"=

"C:\\Program Files\\Ares\\Ares.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 15:47]

S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-03-29 17:33]

S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 20:57]

S3 PAC207;SoC PC-Camera Beta3;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-11-23 07:41]

S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-03-05 04:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{272656b2-5ff2-11dd-8c2f-00138fe88153}]

\Shell\AutoRun\command - xqf.com

\Shell\explore\Command - xqf.com

\Shell\open\Command - xqf.com

*Newly Created Service* - CATCHME

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Abdelhamid\Application Data\Mozilla\Firefox\Profiles\zjstxewd.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE -

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-17 18:34:00

Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:

ZwClose

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès

Les fichiers cachés: 0

**************************************************************************

.

Temps d'accomplissement: 2008-08-17 18:39:27

ComboFix-quarantined-files.txt 2008-08-17 17:39:14

ComboFix2.txt 2008-08-15 15:54:06

ComboFix3.txt 2008-08-15 11:58:31

Pre-Run: 1,206,177,792 octets libres

Post-Run: 1,196,621,824 octets libres

267 --- E O F --- 2008-08-16 13:19:28

Gof · le 18 août 2008

Bonjour bensalim

Tu m'as posté un rapport Combofix, mais c'était un rapport Diaghelp que je te demandais. Ce n'est pas grave, je vais faire avec.

Créé un fichier Bloc Notes avec le texte qui se trouve dans l'espace "code" ci-dessous (copie/colle, sans le mot "Code"=>Attention pas de ligne vierge avant REGEDIT4 ) :

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{272656b2-5ff2-11dd-8c2f-00138fe88153}]

Enregistre ce fichier dans (Enregistrer sous) : Bureau
Nom du fichier : remove.reg
Type : tous les fichiers
clique sur Enregistrer
quittele Bloc Notes.
Sur le bureau tu dois avoir ce remove avec en icône le petit cube registre =>
Clique sur le fichier remove.reg pour qu'il s'exécute. Un message te demandera la fusion, accepte.
Supprime le fichier reg.

Télécharge JavaRa.zip de Paul McLain et Fred de Vries.

Décompresse le fichier sur ton bureau (clic droit > Extraire tout)
Double-clique sur le répertoire JavaRa obtenu
Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher)
Clique sur Search For Updates
Sélectionne Update Using jucheck.exe puis clique sur Search
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log (c:\JavaRa.log)
Ferme l'application

A l'issue, poste un nouveau rapport HijackThis, et donne moi des nouvelles du PC. Comment va-t-il ? Comment se comporte-t-il ? Il y a quelques restrictions de présentes, est-ce toi qui les a configuré ? (comme la désactivation du centre de sécurité par exemple ?)

A bientôt.

bensalim · le 18 août 2008

bonjour voila le nouveau rapport de Java RA

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Aug 18 18:24:59 2008

Found and removed: C:\Program Files\Java\jre1.5.0_03

Found and removed: Software\JavaSoft\Java2D\1.5.0_03

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510003

Found and removed: SOFTWARE\Classes\JavaPlugin.150_03

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150030}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_03\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

------------------------------------------------------------------------------------------------------------------------

Nouveau rappart de HijakThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:29:41, on 18/08/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Ares\Ares.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Webroot\Washer\WasherSvc.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\TinaSoft\Easy Cafe Server\EASYSERVER.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ma/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"