Se connecter / S'enregistrer
Votre question

quelqu'un pour analyser ce scan ? merci d'avance...

Tags :
  • Scan
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Septembre 2008 22:32:28

bonjour, bonsoir,

voilà depuis quelques jours je crois avoir un p'tit soucis de virus :

- avast semble impossible de se mettre à jour (la connexion échoue)
- au démarrage mon parfeux est deconnecté
- les liens de recherche sur google s'ouvre ds un autre onglet et ne corresponde pas à l'adresse internet correspondante
- windows update impossible (la connexion échoue)

enfin bref c'est pas la joie...et j'ai eu beaucoup de mal à télécharger hijack this....ce soir ça fonctionne et je ne sais pas pourkoi..

voici le scan :

et merci d'avance car je sais par expérience que vous êtes ds la capacité d'éradiquer ce truc :) 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22:42, on 29/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\cisvc.exe
C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\ltmsg.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\drivers\svchost.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\Windows\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 6762 bytes



merci encore....


Autres pages sur : analyser scan merci avance

a b 8 Sécurité
30 Septembre 2008 12:54:40

Bonjour,

  • Télécharge Catchme ([#ff0000]Gmer[/#f]) sur ton Bureau.
  • Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse.
    1 Octobre 2008 22:00:56

    merciii de ta réponse....j'ai failli jeter mon pc par la fenêtre..

    heureusement j'ai un autre pc connecté car sur celui infecté la connexion échoue

    voici le log :

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    HKLM\SYSTEM\CurrentControlSet\Services\TDTCPerv

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\Documents and Settings\Administrateur\Local Settings\Temp\TDSSc41d.tmp 688128 bytes
    C:\WINDOWS\system32\drivers\tdssserv.sys 45056 bytes
    C:\WINDOWS\system32\tdssadw.dll 77824 bytes
    C:\WINDOWS\system32\TDSSerrors.log 40 bytes
    C:\WINDOWS\system32\tdssinit.dll 57344 bytes
    C:\WINDOWS\system32\tdssl.dll 20480 bytes
    C:\WINDOWS\system32\tdsslog.dll 12288 bytes
    C:\WINDOWS\system32\tdssmain.dll 32768 bytes
    C:\WINDOWS\system32\tdssserf.dll 12288 bytes
    C:\WINDOWS\system32\tdssserf1.dll 8192 bytes
    C:\WINDOWS\system32\tdssservers.dat 256 bytes
    C:\WINDOWS\Temp\TDSS6441.tmp 20480 bytes

    scan completed successfully
    hidden processes: 0
    hidden services: 1
    hidden files: 12
    Contenus similaires
    a b 8 Sécurité
    2 Octobre 2008 18:09:38

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    3 Octobre 2008 22:12:25

    désolé j'ai mis pas mal de temps....

    telechargé une sal...rie en croyant que c'était combofix.exe mais voici le scan de combofix qui a résolu apparemment en parti ce problème :

    ComboFix 08-10-02.03 - Administrateur 2008-10-03 21:42:43.1 - NTFSx86

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\ShoppingReport
    C:\Program Files\ShoppingReport\Uninst.exe
    C:\Windows\dkwqgnbe.dll
    C:\Windows\edlw.exe
    C:\Windows\fkebanrw.exe
    C:\Windows\neksolda.dll
    C:\Windows\nkefbltdbve.dll
    C:\Windows\privacy_danger
    C:\Windows\privacy_danger\images\body.gif
    C:\Windows\privacy_danger\images\capt.gif
    C:\Windows\privacy_danger\images\capt2.gif
    C:\Windows\privacy_danger\images\red.gif
    C:\Windows\privacy_danger\images\text.gif
    C:\Windows\privacy_danger\index.htm
    C:\Windows\system32\awtsRlLB.dll
    C:\Windows\system32\awtsTKee.dll
    C:\Windows\system32\drivers\svchost.exe
    C:\Windows\system32\drivers\tdssserv.sys
    C:\WINDOWS\system32\Eghklnnn.ini
    C:\WINDOWS\system32\Eghklnnn.ini2
    C:\Windows\system32\jkkHYsRL.dll
    C:\Windows\system32\nnnkLfda.dll
    C:\Windows\system32\nnnlkhgE.dll
    C:\Windows\system32\TDSSadw.dll
    C:\Windows\system32\TDSSerrors.log
    C:\Windows\system32\tdssinit.dll
    C:\Windows\system32\tdssl.dll
    C:\Windows\system32\tdsslog.dll
    C:\Windows\system32\TDSSmain.dll
    C:\Windows\system32\tdssserf.dll
    C:\Windows\system32\TDSSserf1.dll
    C:\Windows\system32\tdssservers.dat
    C:\Windows\xgpsarbm.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
    .

    2008-10-03 08:30 . 2008-10-03 08:30 1,013,977 ---hs---- C:\WINDOWS\system32\xsohmrjp.ini
    2008-10-03 08:30 . 2008-10-03 08:30 80,000 --a------ C:\WINDOWS\system32\pjrmhosx.dll
    2008-10-02 22:54 . 2008-10-02 22:54 1,013,977 ---hs---- C:\WINDOWS\system32\kmssruty.ini
    2008-10-02 22:54 . 2008-10-02 22:54 80,512 --a------ C:\WINDOWS\system32\yturssmk.dll
    2008-09-29 22:22 . 2008-09-29 22:22 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-08 20:40 . 2008-09-08 20:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DivX

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-01 23:49 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\foobar2000
    2008-09-21 22:25 --------- d-----w C:\Program Files\PartyGaming.Net
    2008-09-02 22:04 --------- d-----w C:\Program Files\Soulseek
    2008-08-31 15:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-30 14:04 --------- d-----w C:\Program Files\M-Audio
    2008-08-27 20:11 --------- d-----w C:\Program Files\DivX
    2008-08-26 17:10 20,747 ----a-w C:\Windows\system32\drivers\AegisP.sys
    2008-08-26 17:10 --------- d-----w C:\Program Files\Linksys
    2008-08-26 07:43 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-08-25 19:00 --------- d-----w C:\Program Files\Sun
    2008-08-25 19:00 --------- d-----w C:\Program Files\Java
    2008-07-26 18:15 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_5991.exe
    2008-07-26 18:15 15,397 ----a-w C:\Program Files\settings.dat
    2008-03-06 08:17 0 ---ha-w C:\Documents and Settings\Administrateur\Application Data\.4E6423D2C0ADD4DD.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-04-25 126976]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-04-25 540672]
    "eabconfg.cpl"="C:\Program Files\Compaq\EAB\EabServr.exe" [2002-03-07 171665]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-04 185896]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
    "NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\system32\Ati2mdxx.exe]
    "AtiPTA"="atiptaxx.exe" [2002-02-14 C:\WINDOWS\system32\atiptaxx.exe]
    "LTWinModem1"="ltmsg.exe" [2002-02-28 C:\WINDOWS\system32\ltmsg.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\Windows\System32\CTFMON.EXE" [2008-04-14 15360]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Documents and Settings\\Administrateur\\Bureau\\slsk.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Program Files\\Soulseek\\slsk.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    S3 GTFFBUS;GT FF BUS;C:\Windows\system32\DRIVERS\gtffbus.sys [2007-01-15 17152]
    S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\Windows\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 122240]
    S3 GTPTSER;GT PT SER;C:\Windows\system32\DRIVERS\gtptser.sys [2007-01-15 8064]
    S3 GTUQBUS;GT UQ BUS;C:\Windows\system32\DRIVERS\gtuqbus.sys [2007-01-15 36992]
    S3 ma763006;M-Audio Transit USB;C:\Windows\system32\drivers\MA763006.sys [ ]
    S3 MADFU;MADFU;C:\Windows\system32\DRIVERS\MADFUXP.sys [2007-04-12 16512]
    S3 MADFU006;MADFU006;C:\Windows\system32\DRIVERS\MADFU006.sys [ ]
    S3 MAUSBXP;Service for M-Audio Xponent (WDM);C:\Windows\system32\DRIVERS\mausbxp.sys [ ]
    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2005-11-02 215552]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\Windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\Auto\command - F:\RavMonE.exe e
    \Shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{012D9FBA-5736-4E91-9798-3C92984D2832} - C:\Windows\nkefbltdbve.dll
    BHO-{260A71A6-8F64-40E5-A705-24093F0C67E8} - C:\Windows\system32\nnnlkhgE.dll
    BHO-{6FB13DD6-4650-4556-AE18-27142F0B5C9F} - C:\Windows\system32\awtsTKee.dll
    Toolbar-{E96A7638-7DDE-4811-B18A-677BC79F7978} - C:\Windows\dkwqgnbe.dll
    ShellExecuteHooks-{6FB13DD6-4650-4556-AE18-27142F0B5C9F} - C:\Windows\system32\awtsTKee.dll
    SSODL-xgpsarbm-{AE9CD58B-432B-4EC7-96D5-1612D0CA59C1} - C:\Windows\xgpsarbm.dll
    SSODL-neksolda-{7382E056-E85D-4CF0-B9D7-666F4AF004A6} - C:\Windows\neksolda.dll


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fjwglloj.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr
    FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
    FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-03 22:02:01
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-03 22:06:50 - machine was rebooted [Administrateur]
    ComboFix-quarantined-files.txt 2008-10-03 20:06:43

    Avant-CF: 9,531,351,040 octets libres
    Post-Run: 9,514,688,512 octets libres

    158 --- E O F --- 2008-09-09 18:39:35
    a b 8 Sécurité
    4 Octobre 2008 12:53:21

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\xsohmrjp.ini
    C:\WINDOWS\system32\pjrmhosx.dll
    C:\WINDOWS\system32\kmssruty.ini
    C:\WINDOWS\system32\yturssmk.dll

    Registry::


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :


    Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
    * le nom de la partition peut changer
    4 Octobre 2008 15:11:46

    rapport combofix :

    ComboFix 08-10-02.03 - Administrateur 2008-10-04 14:59:17.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.703 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\vitefait\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Bureau\vitefait\CFScript.txt
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\kmssruty.ini
    C:\WINDOWS\system32\pjrmhosx.dll
    C:\WINDOWS\system32\xsohmrjp.ini
    C:\WINDOWS\system32\yturssmk.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\kmssruty.ini
    C:\WINDOWS\system32\pjrmhosx.dll
    C:\WINDOWS\system32\xsohmrjp.ini
    C:\WINDOWS\system32\yturssmk.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-04 au 2008-10-04 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-29 22:22 . 2008-09-29 22:22 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-08 20:40 . 2008-09-08 20:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DivX

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-04 12:53 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\foobar2000
    2008-09-21 22:25 --------- d-----w C:\Program Files\PartyGaming.Net
    2008-09-02 22:04 --------- d-----w C:\Program Files\Soulseek
    2008-08-31 15:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-30 14:04 --------- d-----w C:\Program Files\M-Audio
    2008-08-27 20:11 --------- d-----w C:\Program Files\DivX
    2008-08-26 17:10 20,747 ----a-w C:\Windows\system32\drivers\AegisP.sys
    2008-08-26 17:10 --------- d-----w C:\Program Files\Linksys
    2008-08-26 07:43 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-08-25 19:00 --------- d-----w C:\Program Files\Sun
    2008-08-25 19:00 --------- d-----w C:\Program Files\Java
    2008-07-26 18:15 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_5991.exe
    2008-07-26 18:15 15,397 ----a-w C:\Program Files\settings.dat
    2008-07-25 08:36 524,288 ----a-w C:\Windows\system32\DivXsm.exe
    2008-07-23 16:50 3,596,288 ----a-w C:\Windows\system32\qt-dx331.dll
    2008-07-23 16:50 129,784 ------w C:\Windows\system32\pxafs.dll
    2008-07-23 16:50 120,056 ------w C:\Windows\system32\pxcpyi64.exe
    2008-07-23 16:50 118,520 ------w C:\Windows\system32\pxinsi64.exe
    2008-07-23 16:48 200,704 ----a-w C:\Windows\system32\ssldivx.dll
    2008-07-23 16:48 1,044,480 ----a-w C:\Windows\system32\libdivx.dll
    2008-07-23 16:46 12,288 ----a-w C:\Windows\system32\DivXWMPExtType.dll
    2008-07-18 20:10 94,920 ----a-w C:\Windows\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\Windows\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\Windows\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\Windows\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\Windows\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\Windows\system32\wups.dll
    2008-07-18 20:10 36,552 ----a-w C:\Windows\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\Windows\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\Windows\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\Windows\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\Windows\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\Windows\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\Windows\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\Windows\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\Windows\system32\dllcache\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\Windows\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\Windows\system32\muweb.dll
    2008-07-07 20:28 253,952 ----a-w C:\Windows\system32\es.dll
    2008-07-07 20:28 253,952 ------w C:\Windows\system32\dllcache\es.dll
    2008-03-06 08:17 0 ---ha-w C:\Documents and Settings\Administrateur\Application Data\.4E6423D2C0ADD4DD.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-03_22.06.10.17 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-10-04 09:48:44 16,384 ----atw C:\Windows\Temp\Perflib_Perfdata_7bc.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-04-25 126976]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-04-25 540672]
    "eabconfg.cpl"="C:\Program Files\Compaq\EAB\EabServr.exe" [2002-03-07 171665]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-04 185896]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
    "NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\system32\Ati2mdxx.exe]
    "AtiPTA"="atiptaxx.exe" [2002-02-14 C:\WINDOWS\system32\atiptaxx.exe]
    "LTWinModem1"="ltmsg.exe" [2002-02-28 C:\WINDOWS\system32\ltmsg.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\Windows\System32\CTFMON.EXE" [2008-04-14 15360]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Documents and Settings\\Administrateur\\Bureau\\slsk.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Program Files\\Soulseek\\slsk.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    S3 GTFFBUS;GT FF BUS;C:\Windows\system32\DRIVERS\gtffbus.sys [2007-01-15 17152]
    S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\Windows\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 122240]
    S3 GTPTSER;GT PT SER;C:\Windows\system32\DRIVERS\gtptser.sys [2007-01-15 8064]
    S3 GTUQBUS;GT UQ BUS;C:\Windows\system32\DRIVERS\gtuqbus.sys [2007-01-15 36992]
    S3 ma763006;M-Audio Transit USB;C:\Windows\system32\drivers\MA763006.sys [ ]
    S3 MADFU;MADFU;C:\Windows\system32\DRIVERS\MADFUXP.sys [2007-04-12 16512]
    S3 MADFU006;MADFU006;C:\Windows\system32\DRIVERS\MADFU006.sys [ ]
    S3 MAUSBXP;Service for M-Audio Xponent (WDM);C:\Windows\system32\DRIVERS\mausbxp.sys [ ]
    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2005-11-02 215552]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\Windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\Auto\command - F:\RavMonE.exe e
    \Shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-04 15:02:52
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-10-04 15:05:46
    ComboFix-quarantined-files.txt 2008-10-04 13:05:38
    ComboFix2.txt 2008-10-03 20:06:51

    Avant-CF: 9ÿ360ÿ334ÿ848 octets libres
    Après-CF: 9,345,503,232 octets libres

    135 --- E O F --- 2008-09-09 18:39:35


    rapport hijack this :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:08, on 04/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\system32\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\ltmsg.exe
    C:\Program Files\Compaq\EAB\EabServr.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Windows\system32\spoolsv.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Windows\system32\SNDVOL32.EXE
    C:\Windows\system32\wscntfy.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

    --
    End of file - 6714 bytes



    et merci !!

    ça tourne beaucoup mieux déjà rien à voir...
    4 Octobre 2008 20:32:19

    oki bon j'ai désinstallé avast ... ça m'a fait un peu mal mais bon c'est comme ça :) 

    voici le scan de antivir :

    merci

    Avira AntiVir Personal
    Report file date: samedi 4 octobre 2008 18:00

    Scanning for 1658825 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: STEF

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 15:59:23
    ANTIVIR3.VDF : 7.0.6.243 186368 Bytes 04/10/2008 15:59:24
    Engineversion : 8.1.1.35
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.76 319867 Bytes 04/10/2008 15:59:34
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.1.2 438644 Bytes 04/10/2008 15:59:33
    AEPACK.DLL : 8.1.2.3 364918 Bytes 04/10/2008 15:59:32
    AEOFFICE.DLL : 8.1.0.25 196986 Bytes 04/10/2008 15:59:31
    AEHEUR.DLL : 8.1.0.59 1438071 Bytes 04/10/2008 15:59:30
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 04/10/2008 15:59:27
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.11 172406 Bytes 04/10/2008 15:59:26
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 04/10/2008 15:59:25
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 4 octobre 2008 18:00

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avnotify.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'WUSB54GC.exe' - '1' Module(s) have been scanned
    Scan process 'WLService.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'SiWake.exe' - '1' Module(s) have been scanned
    Scan process 'VeohClient.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'eabservr.exe' - '1' Module(s) have been scanned
    Scan process 'ltmsg.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    34 processes with 34 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '57' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\QooBox\Quarantine\C\WINDOWS\system32\tdssadw.dll.vir
    [DETECTION] Contains recognition pattern of the RKIT/Clbd.KR root kit
    [NOTE] The file was moved to '495a9d56.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\tdssl.dll.vir
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/UltimateDefender.17920 back-door program
    [NOTE] The file was moved to '495a9d5c.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\tdsslog.dll.vir
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.rfv back-door program
    [NOTE] The file was moved to '495a9d5f.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\tdssmain.dll.vir
    [DETECTION] Is the TR/TDss.K Trojan
    [NOTE] The file was moved to '495a9d61.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\tdssserf.dll.vir
    [DETECTION] Is the TR/Dldr.FraudLoad.vbxt Trojan
    [NOTE] The file was moved to '495a9d64.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\tdssserf1.dll.vir
    [DETECTION] Is the TR/Agent.8704.76 Trojan
    [NOTE] The file was moved to '495a9d68.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\svchost.exe.vir
    [DETECTION] Is the TR/Dldr.Agent.ahkm Trojan
    [NOTE] The file was moved to '494a9d7d.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\tdssserv.sys.vir
    [DETECTION] Contains recognition pattern of the RKIT/TDss.D.1 root kit
    [NOTE] The file was moved to '495a9d6d.qua'!
    C:\System Volume Information\_restore{0D239C9C-6D8C-4EEB-AA90-B83F129BEE29}\RP268\A0044444.exe
    [DETECTION] Is the TR/Dldr.Agent.ahkm Trojan
    [NOTE] The file was moved to '49179e98.qua'!
    C:\System Volume Information\_restore{0D239C9C-6D8C-4EEB-AA90-B83F129BEE29}\RP268\A0044445.sys
    [DETECTION] Contains recognition pattern of the RKIT/TDss.D.1 root kit
    [NOTE] The file was moved to '4917b206.qua'!
    C:\System Volume Information\_restore{0D239C9C-6D8C-4EEB-AA90-B83F129BEE29}\RP268\A0044454.dll
    [DETECTION] Contains recognition pattern of the RKIT/Clbd.KR root kit
    [NOTE] The file was moved to '4917b20a.qua'!
    C:\System Volume Information\_restore{0D239C9C-6D8C-4EEB-AA90-B83F129BEE29}\RP268\A0044456.dll
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/UltimateDefender.17920 back-door program
    [NOTE] The file was moved to '4917b20c.qua'!
    C:\System Volume Information\_restore{0D239C9C-6D8C-4EEB-AA90-B83F129BEE29}\RP268\A0044457.dll
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.rfv back-door program
    [NOTE] The file was moved to '4917b20f.qua'!
    C:\System Volume Information\_restore{0D239C9C-6D8C-4EEB-AA90-B83F129BEE29}\RP268\A0044458.dll
    [DETECTION] Is the TR/TDss.K Trojan
    [NOTE] The file was moved to '4917b211.qua'!
    C:\System Volume Information\_restore{0D239C9C-6D8C-4EEB-AA90-B83F129BEE29}\RP268\A0044459.dll
    [DETECTION] Is the TR/Dldr.FraudLoad.vbxt Trojan
    [NOTE] The file was moved to '4917b212.qua'!
    C:\System Volume Information\_restore{0D239C9C-6D8C-4EEB-AA90-B83F129BEE29}\RP268\A0044460.dll
    [DETECTION] Is the TR/Agent.8704.76 Trojan
    [NOTE] The file was moved to '4917b214.qua'!


    End of the scan: samedi 4 octobre 2008 20:24
    Used time: 2:24:07 Hour(s)

    The scan has been done completely.

    7662 Scanning directories
    283016 Files were scanned
    16 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    16 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    282998 Files not concerned
    7403 Archives were scanned
    2 Warnings
    16 Notes

    a b 8 Sécurité
    5 Octobre 2008 15:34:14

    Reposte un rapport Hijackthis.
    5 Octobre 2008 23:34:06

    voici :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:33, on 05/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
    C:\Windows\system32\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\ltmsg.exe
    C:\Program Files\Compaq\EAB\EabServr.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Windows\system32\SNDVOL32.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
    O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

    --
    End of file - 6765 bytes
    a b 8 Sécurité
    6 Octobre 2008 17:14:10

    Re,

    Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    6 Octobre 2008 20:42:52

    oki c'est fait je crois je repost un scan qu'en même :) 

    et pour antivir j'ai mis en quarantaine lors de son premier scan...dois-je supprimer les fichiers ?? ou autre chose ?

    merci en tout cas !!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:41, on 06/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
    C:\Windows\system32\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\ltmsg.exe
    C:\Program Files\Compaq\EAB\EabServr.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
    O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

    --
    End of file - 6430 bytes
    a b 8 Sécurité
    6 Octobre 2008 21:09:22

    Tu as encore des soucis ?
    7 Octobre 2008 07:53:37

    aucun ! merciiiiiiiiiiii

    problème résolu dirons-nous ? ^^
    a b 8 Sécurité
    7 Octobre 2008 12:42:22

    Ouaip :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS