[Résolu] Mon PC est infecté par un virus informatique ou un malware

[Falkra]

OK, ça n'a pas marché là, en fait.

 

Désinstalle Search Guard Plus via ajout/suppression de programmes, et dis moi ce que ça donne, si ça marche, et s'il revient après un redémarrage.

[nikigabal]

Salut,

 

J'ai fais ce que tu m'as dit et cela n'a rien changé..........

[Falkra]

Poste un nouveau RSIT stp, on va nettoyer à la main les restes.

[nikigabal]

Logfile of random's system information tool 1.06 (written by random/random)

Run by windows at 2009-11-01 19:08:14

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 44 GB (19%) free of 238 GB

Total RAM: 1023 MB (51% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:08:22, on 01/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\PROGRA~1\Bandoo\Bandoo.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Electronic Arts\EADM\Core.exe

C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\windows\Bureau\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\trend micro\windows.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza\ShareazaIEHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll

O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll

O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [E06FXLRD_9269343] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: Wildlife Park 2 AddOn2 Horses Drivers Auto Removal (pr2aluab) (pr2aluab) - Koch Media - C:\WINDOWS\system32\pr2aluab.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9130 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]

BHO pour Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-04 228048]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-01 263280]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-01 764912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]

UrlHelper Class - C:\Program Files\Shareaza Applications\Shareaza\ShareazaIEHelper.dll [2009-05-04 398784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-16 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-16 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]

BandooIEPlugin Class - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll [2009-06-17 1858496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{196C3A46-4758-433D-A600-802C804AF39C} - Shareaza MediaBar - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll [2009-05-04 529856]

{147D6308-0614-4112-89B1-31402F9B82C4} - Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-04 228048]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-01 263280]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-07-13 14679552]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-16 148888]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"NPSStartup"= []

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-11-01 122880]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]

"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-09-03 3342336]

"E06FXLRD_9269343"=C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE [2005-06-04 301776]

"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]

"AdobeUpdater"=C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe [2008-09-26 2356088]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-11-01 39408]

 

C:\Documents and Settings\windows\Menu Démarrer\Programmes\Démarrage

OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2005-06-29 46080]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=55924053

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\Installation\Setupx.exe"="D:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza"

"C:\CreativesFiles\Shareaza.exe"="C:\CreativesFiles\Shareaza.exe:*:Enabled:Shareaza"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"

"C:\Documents and Settings\windows\Bureau\freezer.exe"="C:\Documents and Settings\windows\Bureau\freezer.exe:*:Enabled:freezer"

"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"

"C:\Program Files\Free Download Manager\fdm.exe"="C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager"

"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"

"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2009-11-01 18:35:04 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2009-10-31 22:49:59 ----D---- C:\WINDOWS\Minidump

2009-10-31 22:42:24 ----A---- C:\WINDOWS\zip.exe

2009-10-31 22:42:24 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-10-31 22:42:24 ----A---- C:\WINDOWS\SWSC.exe

2009-10-31 22:42:24 ----A---- C:\WINDOWS\SWREG.exe

2009-10-31 22:42:24 ----A---- C:\WINDOWS\sed.exe

2009-10-31 22:42:24 ----A---- C:\WINDOWS\PEV.exe

2009-10-31 22:42:24 ----A---- C:\WINDOWS\NIRCMD.exe

2009-10-31 22:42:24 ----A---- C:\WINDOWS\MBR.exe

2009-10-31 22:42:24 ----A---- C:\WINDOWS\grep.exe

2009-10-31 22:41:33 ----D---- C:\WINDOWS\ERDNT

2009-10-31 22:41:32 ----SD---- C:\ComboFix

2009-10-31 22:41:06 ----D---- C:\Qoobox

2009-10-30 18:43:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$

2009-10-30 13:27:06 ----A---- C:\WINDOWS\system32\muweb.dll

2009-10-30 13:27:06 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2009-10-30 13:27:06 ----A---- C:\WINDOWS\system32\mucltui.dll

2009-10-29 22:24:11 ----D---- C:\Program Files\Microsoft Silverlight

2009-10-29 22:23:14 ----D---- C:\Program Files\Microsoft Sync Framework

2009-10-29 22:22:21 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition

2009-10-29 22:21:27 ----D---- C:\Program Files\Microsoft

2009-10-29 22:21:10 ----D---- C:\Program Files\Windows Live SkyDrive

2009-10-29 22:20:46 ----D---- C:\Program Files\Windows Live

2009-10-29 22:08:00 ----D---- C:\Program Files\Fichiers communs\Windows Live

2009-10-29 21:44:50 ----D---- C:\Program Files\Adobe

2009-10-29 15:39:44 ----D---- C:\WINDOWS\Downloaded Installations

2009-10-20 18:12:29 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

2009-10-15 19:14:17 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$

2009-10-15 19:14:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$

2009-10-15 19:14:03 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$

2009-10-15 19:13:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$

2009-10-15 19:13:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$

2009-10-15 19:13:46 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$

2009-10-15 19:13:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$

2009-10-15 19:12:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$

2009-10-15 19:12:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$

2009-10-15 19:12:35 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

2009-10-12 19:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

2009-10-08 20:51:35 ----D---- C:\users

2009-10-04 15:09:23 ----D---- C:\Documents and Settings\All Users\Application Data\171D4

2009-10-04 15:07:56 ----A---- C:\WINDOWS\NAVIGMA.INI

 

======List of files/folders modified in the last 1 months======

 

2009-11-01 19:08:15 ----D---- C:\Program Files\trend micro

2009-11-01 19:07:12 ----D---- C:\Documents and Settings\windows\Application Data\uTorrent

2009-11-01 19:07:10 ----D---- C:\WINDOWS\Temp

2009-11-01 19:07:04 ----D---- C:\WINDOWS\Prefetch

2009-11-01 19:06:58 ----SHD---- C:\WINDOWS\Installer

2009-11-01 18:35:39 ----D---- C:\Program Files\Google

2009-11-01 11:26:16 ----D---- C:\WINDOWS\system32\CatRoot2

2009-11-01 11:26:01 ----D---- C:\WINDOWS\system32\Lang

2009-11-01 11:24:31 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-10-31 23:52:09 ----RD---- C:\Program Files

2009-10-31 22:49:59 ----D---- C:\WINDOWS

2009-10-31 22:49:56 ----D---- C:\Program Files\SuperCopier2

2009-10-31 22:47:35 ----D---- C:\WINDOWS\system32\drivers

2009-10-31 22:47:35 ----D---- C:\WINDOWS\system32

2009-10-31 22:47:35 ----D---- C:\WINDOWS\AppPatch

2009-10-31 22:47:32 ----D---- C:\Program Files\Fichiers communs

2009-10-31 21:04:02 ----D---- C:\Documents and Settings\All Users\Application Data\Bandoo

2009-10-30 18:43:19 ----HD---- C:\WINDOWS\inf

2009-10-30 18:43:17 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-10-30 18:42:49 ----D---- C:\WINDOWS\WinSxS

2009-10-30 14:56:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-10-30 14:22:01 ----HD---- C:\WINDOWS\$hf_mig$

2009-10-29 22:50:58 ----D---- C:\WINDOWS\Microsoft.NET

2009-10-29 22:50:28 ----RSD---- C:\WINDOWS\assembly

2009-10-29 22:26:44 ----SD---- C:\Documents and Settings\windows\Application Data\Microsoft

2009-10-29 22:23:50 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-10-29 22:23:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-10-29 22:22:31 ----D---- C:\WINDOWS\system32\DirectX

2009-10-29 22:21:15 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2009-10-29 22:20:53 ----RSD---- C:\WINDOWS\Fonts

2009-10-29 21:45:12 ----D---- C:\Program Files\Fichiers communs\Adobe

2009-10-29 21:45:05 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2009-10-29 21:39:13 ----D---- C:\Program Files\Messenger

2009-10-29 18:46:16 ----D---- C:\Program Files\Mozilla Firefox

2009-10-24 23:11:16 ----D---- C:\WINDOWS\Help

2009-10-24 07:51:41 ----A---- C:\WINDOWS\LEXSTAT.INI

2009-10-15 19:14:25 ----A---- C:\WINDOWS\imsins.BAK

2009-10-02 19:01:57 ----A---- C:\WINDOWS\system32\MRT.exe

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-29 1241088]

R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-07-13 3851264]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12288]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]

R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-03-26 45568]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

S3 asz1jczz;asz1jczz; C:\WINDOWS\system32\drivers\asz1jczz.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\windows\LOCALS~1\Temp\catchme.sys []

S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\windows\LOCALS~1\Temp\mc23.tmp []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-29 376832]

R2 Bandoo Coordinator;Bandoo Coordinator; C:\PROGRA~1\Bandoo\Bandoo.exe [2009-06-17 1513920]

R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-16 152984]

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]

R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]

R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

S2 pr2aluab;Wildlife Park 2 AddOn2 Horses Drivers Auto Removal (pr2aluab); C:\WINDOWS\system32\pr2aluab.exe [2007-09-12 411032]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-01 182768]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

[Falkra]

Plus ADSPY/SmartShoper dans le coin en tout cas.

 

Télécharge OTMoveIt (OTM) par OldTimer.

• Enregistre ce fichier sur le Bureau.
  
• Fais un double clic sur OTM.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  
• Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
  

  :processes
  explorer.exe
  :files
  C:\Program Files\AskBarDis
  C:\Program Files\AskSearch
  C:\WINDOWS\iun6002.exe
  C:\WINDOWS\system32\drivers\asz1jczz.sys
  
  :reg 
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "NPSStartup"=-
  
  :services
  ASKService
  ASKUpgrade
  asz1jczz
  
  :commands
  [start explorer]

  
  

• Retourne dans la fenêtre de OTM, fais un clic droit dans la zone de gauche intitulée "Paste List Of Files/Folders to Move" (sous la barre jaune) puis choisir Coller.
  
• Clique sur le bouton rouge Moveit!.
  
• Ferme OTMoveIt3
  
• Poste dans ta prochaine réponse le rapport de OTMoveIt3 (contenu du fichier C:\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
  

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

[nikigabal]

Error: Unable to interpret <processes> in the current context!

Error: Unable to interpret <explorer.exe> in the current context!

========== FILES ==========

File/Folder C:\Program Files\AskBarDis not found.

C:\Program Files\AskSearch\bin moved successfully.

C:\Program Files\AskSearch moved successfully.

File/Folder C:\WINDOWS\iun6002.exe not found.

File/Folder C:\WINDOWS\system32\drivers\asz1jczz.sys not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.

========== SERVICES/DRIVERS ==========

Service\Driver ASKService not found.

Service\Driver ASKService not found.

Service\Driver ASKUpgrade not found.

Service\Driver ASKUpgrade not found.

Service\Driver asz1jczz not found.

Service\Driver key asz1jczz deleted successfully.

========== COMMANDS ==========

 

OTM by OldTimer - Version 3.0.0.6 log created on 11012009_201455

[Falkra]

Ca aura fini le ménage.

 

Tu as toujours des avertissements smartshopper ? Normalement c'est terminé ça.

[nikigabal]

A priori non j'en ait plus. Merci encore pour ton aide.

[nikigabal]

certaines choses sont évitables, on en parlera en fin de désinfection.

 

 

Tu voulais dire quoi quand tu as écrit ça ?

[Falkra]

On va maintenant faire le ménage, supprimer les outils spéciaux utilisés, et sécuriser la machine. Elle est très vulnérable.

 

Désinstalle combofix : entre combofix /uninstall dans la boite exécuter du menu démarrer.

=> combofix espace slasht uninstall

 

Dis moi si ça marche. Ca ne doit pas démarrer combofix hein.

 

Je te prépare la suite, on a fait le plus gros, de toute façon.