Se connecter / S'enregistrer
Votre question

trojans win32small-JMH

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Mars 2008 12:05:10

Bonjour!
Je lance un appel desespérer a une âme charitable qui voudrait bien m'aider à éliminer "trojans win32small-JMH
Je l'ai trouvé avec Avast mais je n'y connais pas grand chose à l'informatique...!
J'ai vu un sujet déjà posté sur ce virus mais il est écrit de ne pas éffectuer la meme procédure, au risque d'endomager mon ordi..alors que dois-je faire??

MERCI MERCI BEAUCOUP D'AVANCE!!

Autres pages sur : trojans win32small jmh

17 Mars 2008 12:43:53

VOICI mon SCAN:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:53, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\WINDOWS\system32\LVComS.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe
C:\Program Files\Softwin\BitDefender Free Edition\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Orange HSS\browser\browser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\nroped.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AF5E618D-3E96-4545-9637-EB5FE383D555} - C:\WINDOWS\system32\shimengd.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {E69B67D6-B00F-400F-8652-C824AAC334F4} - C:\WINDOWS\system32\mfcbns32.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mimichacha.spaces.live.com//PhotoUpload/MsnPUpld...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/javauploader/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mimichacha.spaces.live.com/PhotoUpload/MsnPUpld....
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} (QuestActiveX Class) - http://www.quest3d.com/Quest3D_WebInstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 13367 bytes
a b 8 Sécurité
17 Mars 2008 13:27:09

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    Contenus similaires
    17 Mars 2008 13:49:03

    MERCI BCP, voivi le rapport:
    ComboFix 08-03-14.4 - HP_Propriétaire 2008-03-17 13:41:59.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.157 [GMT 1:00]
    Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\nvs2.inf
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-17 to 2008-03-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-17 13:44 . 2008-03-17 13:44 9,296 --a------ C:\WINDOWS\system32\lvlvmp.exe
    2008-03-17 13:28 . 2008-03-17 13:28 <REP> d-------- C:\Program Files\Avira
    2008-03-17 13:28 . 2008-03-17 13:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-17 12:38 . 2008-03-17 12:38 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-16 11:34 . 2008-03-16 11:34 <REP> d-------- C:\Program Files\Softwin
    2008-03-14 13:46 . 2008-03-14 13:46 244 --ah----- C:\sqmnoopt00.sqm
    2008-03-14 13:46 . 2008-03-14 13:46 232 --ah----- C:\sqmdata00.sqm
    2008-03-13 21:20 . 2008-03-13 21:20 64,156 --a------ C:\WINDOWS\system32\nroped.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-17 12:21 --------- d-----w C:\Program Files\Logitech
    2008-03-16 10:19 --------- d-----w C:\Program Files\QuickTime
    2008-03-16 10:19 --------- d-----w C:\Program Files\iTunes
    2008-02-27 13:07 --------- d-----w C:\Program Files\Windows Live
    2008-02-16 15:57 109,496 -c--a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-01-27 19:55 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\XnView
    2008-01-27 17:19 --------- d-----w C:\Program Files\AnFX 5
    2008-01-27 15:22 --------- d-----w C:\Program Files\XnView
    2008-01-27 15:14 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-01-27 14:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-01-25 06:53 --------- d-----w C:\Program Files\orange
    2008-01-20 15:58 --------- d-----w C:\Program Files\DivX
    2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-08-15 08:04 836 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\ViewerApp.dat
    2007-05-09 18:08 14 -c--a-w C:\Documents and Settings\HP_Propriétaire\getfile.dat
    2007-05-09 18:08 14 -c--a-w C:\Documents and Settings\HP_Propriétaire\getfile.dat
    2006-08-28 08:02 1,840 -c--a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
    2005-05-12 05:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
    2006-03-01 09:22 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF5E618D-3E96-4545-9637-EB5FE383D555}]
    C:\WINDOWS\system32\shimengd.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E69B67D6-B00F-400F-8652-C824AAC334F4}]
    C:\WINDOWS\system32\mfcbns32.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 19:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-09 19:48 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-08 00:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-08 19:02 94208]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 18:59 77824]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 19:03 114688]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-04 02:43 90112 C:\WINDOWS\SOUNDMAN.EXE]
    "AlcWzrd"="ALCWZRD.EXE" [2005-05-04 18:01 2805248 C:\WINDOWS\ALCWZRD.EXE]
    "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35 49152]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 00:44 61440]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-05 00:21 278528]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
    "PCDrProfiler"="" []
    "PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 01:50 253952]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-12-16 22:37 188416]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 22:39 77824]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
    "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 17:36 28672]
    "SystrayORAHSS"="C:\Program Files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 19:55 94208]
    "ORAHSSSessionManager"="C:\Program Files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 19:03 102400]
    "Flash Media"="" []
    "BDMCon"="C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe" [2004-03-01 14:41 229376]
    "BDNewsAgent"="C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe" [2003-12-16 14:06 6656]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-17 13:30 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

    C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
    Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-15 08:33:14 344064]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-01-08 16:10:48 954475]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 06:23:26 282624]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]
    Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-01-08 19:26:44 151552]
    Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-01-08 19:26:39 106496]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Documents and Settings\\HP_Propriétaire\\Mes documents\\mimi.chacha\\eMule0.46c\\eMule0.46c\\emule.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Orange HSS\\Browser\\Browser.exe"=
    "C:\\WINDOWS\\system32\\nroped.exe"=

    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    *Newly Created Service* - ANTIVIRSCHEDULER
    *Newly Created Service* - ANTIVIRSERVICE
    *Newly Created Service* - AVGIO
    *Newly Created Service* - AVGNTFLT
    *Newly Created Service* - AVIPBB
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-12-15 18:47:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-17 13:44:49
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    ? [1188]

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-17 13:45:37
    ComboFix-quarantined-files.txt 2008-03-17 12:45:28
    .
    2008-03-12 12:31:33 --- E O F ---
    17 Mars 2008 13:51:28

    Je viens d'enlever AVAST et j'ai installer AVIRA ANTIVIR
    a b 8 Sécurité
    17 Mars 2008 14:38:31

    Tu peux faire un scan complet puis poster le rapport ?
    22 Mars 2008 20:06:16

    Désolée du retard (boulot!)

    Voilà le scan:


    AntiVir PersonalEdition Classic
    Report file date: samedi 22 mars 2008 18:56

    Scanning for 1160819 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: CHARRON

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 12:30:38
    ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 16:38:36
    ANTIVIR3.VDF : 7.0.3.63 2048 Bytes 21/03/2008 16:38:36
    AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 19/03/2008 12:21:35
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 17/03/2008 12:30:39
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 22 mars 2008 18:56

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'Browser.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'FTCOMModule.exe' - '1' Module(s) have been scanned
    Scan process 'OraConfigRecover.exe' - '1' Module(s) have been scanned
    Scan process 'CoreCom.exe' - '1' Module(s) have been scanned
    Scan process 'Deskboard.exe' - '1' Module(s) have been scanned
    Scan process 'ConnectivityManager.exe' - '1' Module(s) have been scanned
    Scan process 'Launcher.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
    Scan process 'bdss.exe' - '1' Module(s) have been scanned
    Scan process 'xcommsvr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned
    Scan process 'Residence.exe' - '1' Module(s) have been scanned
    Scan process 'SonyTray.exe' - '1' Module(s) have been scanned
    Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
    Scan process 'dslmon.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'bdnagent.exe' - '1' Module(s) have been scanned
    Scan process 'bdmcon.exe' - '1' Module(s) have been scanned
    Scan process 'LVComS.exe' - '1' Module(s) have been scanned
    Scan process 'AlertModule.exe' - '1' Module(s) have been scanned
    Scan process 'SystrayApp.exe' - '1' Module(s) have been scanned
    Scan process 'WkUFind.exe' - '1' Module(s) have been scanned
    Scan process 'QTTask.exe' - '1' Module(s) have been scanned
    Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'kbd.exe' - '1' Module(s) have been scanned
    Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
    Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
    Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    56 processes with 56 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '58' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HP_PAVILION>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP421\A0047670.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '481551d6.qua'!
    C:\WINDOWS\mrofinu1423.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '48545245.qua'!
    C:\WINDOWS\system32\nroped.exe
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <HP_RECOVERY>


    End of the scan: samedi 22 mars 2008 20:02
    Used time: 1:06:14 min

    The scan has been done completely.

    7208 Scanning directories
    441645 Files were scanned
    2 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    2 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    441643 Files not concerned
    13873 Archives were scanned
    3 Warnings
    0 Notes
    a b 8 Sécurité
    23 Mars 2008 10:30:45

    Refais un scan Combofix.
    23 Mars 2008 17:46:33

    omboFix 08-03-14.4 - HP_Propriétaire 2008-03-23 17:36:17.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.46 [GMT 1:00]
    Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-21 13:54 . 2008-03-21 13:54 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
    2008-03-19 13:45 . 2008-03-19 13:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-19 13:45 . 2008-03-19 13:45 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-17 13:28 . 2008-03-17 13:28 <REP> d-------- C:\Program Files\Avira
    2008-03-17 13:28 . 2008-03-17 13:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-17 12:38 . 2008-03-17 12:38 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-16 11:34 . 2008-03-16 11:34 <REP> d-------- C:\Program Files\Softwin
    2008-03-14 13:46 . 2008-03-14 13:46 244 --ah----- C:\sqmnoopt00.sqm
    2008-03-14 13:46 . 2008-03-14 13:46 232 --ah----- C:\sqmdata00.sqm
    2008-03-13 21:20 . 2008-03-13 21:20 64,156 --------- C:\WINDOWS\system32\nroped.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-17 12:21 --------- d-----w C:\Program Files\Logitech
    2008-03-16 10:19 --------- d-----w C:\Program Files\QuickTime
    2008-03-16 10:19 --------- d-----w C:\Program Files\iTunes
    2008-02-27 13:07 --------- d-----w C:\Program Files\Windows Live
    2008-02-16 15:57 109,496 -c--a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-01-27 19:55 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\XnView
    2008-01-27 17:19 --------- d-----w C:\Program Files\AnFX 5
    2008-01-27 15:22 --------- d-----w C:\Program Files\XnView
    2008-01-27 15:14 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-01-27 14:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-01-25 06:53 --------- d-----w C:\Program Files\orange
    2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-08-15 08:04 836 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\ViewerApp.dat
    2007-05-09 18:08 14 -c--a-w C:\Documents and Settings\HP_Propriétaire\getfile.dat
    2007-05-09 18:08 14 -c--a-w C:\Documents and Settings\HP_Propriétaire\getfile.dat
    2006-08-28 08:02 1,840 -c--a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
    2005-05-12 05:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
    2006-03-01 09:22 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF5E618D-3E96-4545-9637-EB5FE383D555}]
    C:\WINDOWS\system32\shimengd.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E69B67D6-B00F-400F-8652-C824AAC334F4}]
    C:\WINDOWS\system32\mfcbns32.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 19:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-09 19:48 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-08 00:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-08 19:02 94208]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 18:59 77824]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 19:03 114688]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-04 02:43 90112 C:\WINDOWS\SOUNDMAN.EXE]
    "AlcWzrd"="ALCWZRD.EXE" [2005-05-04 18:01 2805248 C:\WINDOWS\ALCWZRD.EXE]
    "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35 49152]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 00:44 61440]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-05 00:21 278528]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
    "PCDrProfiler"="" []
    "PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 01:50 253952]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-12-16 22:37 188416]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 22:39 77824]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
    "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 17:36 28672]
    "SystrayORAHSS"="C:\Program Files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 19:55 94208]
    "ORAHSSSessionManager"="C:\Program Files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 19:03 102400]
    "Flash Media"="" []
    "BDMCon"="C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe" [2004-03-01 14:41 229376]
    "BDNewsAgent"="C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe" [2003-12-16 14:06 6656]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-17 13:30 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

    C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
    Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-15 08:33:14 344064]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-01-08 16:10:48 954475]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 06:23:26 282624]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]
    Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-01-08 19:26:44 151552]
    Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-01-08 19:26:39 106496]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Documents and Settings\\HP_Propriétaire\\Mes documents\\mimi.chacha\\eMule0.46c\\eMule0.46c\\emule.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Orange HSS\\Browser\\Browser.exe"=
    "C:\\WINDOWS\\system32\\nroped.exe"=

    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-22 18:47:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-23 17:40:36
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    ? [1568]

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-23 17:42:24
    ComboFix-quarantined-files.txt 2008-03-23 16:42:20
    ComboFix2.txt 2008-03-17 12:45:37
    .
    2008-03-12 12:31:33 --- E O F ---
    a b 8 Sécurité
    24 Mars 2008 16:34:11

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF5E618D-3E96-4545-9637-EB5FE383D555}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E69B67D6-B00F-400F-8652-C824AAC334F4}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Flash Media"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS