Votre question

probleme avec Win32:Trojan-gen{Other} de l'aide

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Mars 2008 20:42:21

Bonjour j'ai ete attaquée par le cheval de troie Win32:Trojan-gen{Other}, mon anti virus est Avast
Merci pour l'aide ...

Autres pages sur : probleme win32 trojan gen other aide

a b 8 Sécurité
6 Mars 2008 21:23:43

Bonjour,

Quel emplacement ?
7 Mars 2008 23:41:52

C:\WINDOWS\system32\iifdbcc.dll
Contenus similaires
7 Mars 2008 23:46:31

Voila le rapport de scan que j'ai eu avec Antivir, merci pour l'aide

AntiVir PersonalEdition Classic
Report file date: jeudi 6 mars 2008 21:50

Scanning for 1136109 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: MEZ

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 20:33:50
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 20:33:50
ANTIVIR3.VDF : 7.0.2.245 216576 Bytes 06/03/2008 20:33:50
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 06/03/2008 20:33:52
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 06/03/2008 20:33:52
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 6 mars 2008 21:50

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'update.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'hcwemMON.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'sgtray.exe' - '1' Module(s) have been scanned
Scan process 'eabservr.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
65 processes with 65 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\ihoxoved.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\ihoxoved.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
C:\WINDOWS\system32\drpjxkxc.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\drpjxkxc.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen

The registry was scanned ( '48' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Lise\Local Settings\Temporary Internet Files\Content.IE5\8NBD2DVG\ptch[1]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48335d55.qua'!
C:\Documents and Settings\Lise\Local Settings\Temporary Internet Files\Content.IE5\AY4SBK31\ptch[1]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48335d5c.qua'!
C:\Documents and Settings\Lise\Local Settings\Temporary Internet Files\Content.IE5\AY4SBK31\tr[1]
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was moved to '482b5d5d.qua'!
C:\Documents and Settings\Lise\Local Settings\Temporary Internet Files\Content.IE5\KX2LIHQ1\CAL02DLJ
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481c5d2f.qua'!
C:\Documents and Settings\Lise\Local Settings\Temporary Internet Files\Content.IE5\KX2LIHQ1\cmp638[1]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48405d5e.qua'!
C:\Documents and Settings\Lise\Local Settings\Temporary Internet Files\Content.IE5\KX2LIHQ1\hctp[3]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48445d57.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP184\A0052747.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4800623f.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP185\A0053747.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48006243.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP186\A0053788.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4800630a.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP187\A0053815.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48006310.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP188\A0053861.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48006316.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP188\A0053875.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48006340.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP188\A0053876.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48006374.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP190\A0055954.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4800637d.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP190\A0055955.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48006382.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP190\A0056009.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48006392.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP191\A0056025.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48006398.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP191\A0056072.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4800639e.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP191\A0056201.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4800642a.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP193\A0057284.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4800643b.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP194\A0057327.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48006440.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP194\A0057328.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48006452.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP195\A0057383.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48006483.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP195\A0057384.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48006486.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP196\A0057442.dll
[DETECTION] Is the Trojan horse TR/Virtumod.PB
[INFO] The file was moved to '48006540.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP196\A0057445.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48006544.qua'!
C:\System Volume Information\_restore{01D86062-9663-4A3E-B3F1-9804119BC23C}\RP200\A0058653.exe
[DETECTION] Is the Trojan horse TR/Dldr.Adload.QY
[INFO] The file was moved to '48006554.qua'!
C:\WINDOWS\system32\aupyovuu.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4840677c.qua'!
C:\WINDOWS\system32\drpjxkxc.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\evnadupo.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483e67d1.qua'!
C:\WINDOWS\system32\evpjslan.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '484067d4.qua'!
C:\WINDOWS\system32\fsbjrqde.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4832682b.qua'!
C:\WINDOWS\system32\fsdrqgyi.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4834686f.qua'!
C:\WINDOWS\system32\gjpkogrq.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4840686d.qua'!
C:\WINDOWS\system32\gksfvxcu.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4843687b.qua'!
C:\WINDOWS\system32\gmvdiimh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '484668a7.qua'!
C:\WINDOWS\system32\ihoxoved.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\ipvdwaui.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4846692d.qua'!
C:\WINDOWS\system32\irchioco.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48336939.qua'!
C:\WINDOWS\system32\jsnrnsbj.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483e6941.qua'!
C:\WINDOWS\system32\mfrdoqkh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48426958.qua'!
C:\WINDOWS\system32\ncpxmbak.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4840697e.qua'!
C:\WINDOWS\system32\neecqybs.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48356985.qua'!
C:\WINDOWS\system32\nqsfrupk.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48436999.qua'!
C:\WINDOWS\system32\omfhaupg.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483669cb.qua'!
C:\WINDOWS\system32\putdujhh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '484469e5.qua'!
C:\WINDOWS\system32\qhkjvymn.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483b69f1.qua'!
C:\WINDOWS\system32\scihjmna.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48396a08.qua'!
C:\WINDOWS\system32\sfrjjejb.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48426a51.qua'!
C:\WINDOWS\system32\teeoxbos.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48356a8e.qua'!
C:\WINDOWS\system32\turqsewe.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48426aaa.qua'!
C:\WINDOWS\system32\txnegxpi.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\ukbhsvmt.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48327215.qua'!
C:\WINDOWS\system32\uvgxgbkc.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48377229.qua'!
C:\WINDOWS\system32\uxwlqdvd.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48477241.qua'!
C:\WINDOWS\system32\vyptamap.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4840724c.qua'!
C:\WINDOWS\system32\whllacby.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483c7243.qua'!
C:\WINDOWS\system32\wqrpwbga.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48427267.qua'!
C:\WINDOWS\system32\xextcvkq.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48487264.qua'!
C:\WINDOWS\system32\xsiqunyc.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48397276.qua'!
C:\WINDOWS\system32\yajthhnq.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483a7267.qua'!
C:\WINDOWS\system32\yogubkmj.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48377279.qua'!
C:\WINDOWS\system32\ysnuxgbe.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483e7280.qua'!
C:\WINDOWS\system32\yxdxhrlc.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48347288.qua'!
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.cge
[INFO] The file was moved to '484072e9.qua'!


End of the scan: jeudi 6 mars 2008 23:39
Used time: 1:49:54 min

The scan has been done completely.

6357 Scanning directories
206585 Files were scanned
67 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
62 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
206518 Files not concerned
1867 Archives were scanned
6 Warnings
113 Notes

a b 8 Sécurité
8 Mars 2008 12:31:44

Reposte un rapport Hijackthis.
9 Mars 2008 15:57:56

Hijackthis?
9 Mars 2008 20:51:38

Oké,
Voila le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:53, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\hcwemMON.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {393AFDB6-28EA-4D2C-BD5B-B8D393EEDF08} - C:\WINDOWS\system32\ssqrp.dll (file missing)
O2 - BHO: (no name) - {5951D459-A139-4FFD-A9C6-9B1E6975E579} - C:\Program Files\NetMeeting\nipysatogC:\WINDOWS\system32\uwce9\renamd83122.exe.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: {5a1e28bd-b136-0e79-77f4-85346ce6840e} - {e0486ec6-4358-4f77-97e0-631bdb82e1a5} - C:\WINDOWS\system32\gksfvxcu.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hcwemMON] hcwemMON.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [787466f7] rundll32.exe "C:\WINDOWS\system32\ihoxoved.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BM7b47556b] Rundll32.exe "C:\WINDOWS\system32\drpjxkxc.dll",s
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: iifdbcc - iifdbcc.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7679 bytes
a b 8 Sécurité
10 Mars 2008 13:36:38

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    10 Mars 2008 20:58:22

    voila le rapport,

    ComboFix 08-03-10.1 - Lise 2008-03-10 20:29:12.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.85 [GMT 1:00]
    Endroit: C:\Documents and Settings\Lise\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Drmupgds
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\nGpxx01
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\prqss.ini
    C:\WINDOWS\system32\prqss.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-09 20:50 . 2008-03-09 20:50 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-09 14:07 . 2008-03-09 14:07 <REP> d-------- C:\Program Files\Xvid
    2008-03-09 14:07 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
    2008-03-09 14:07 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2008-03-09 14:07 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
    2008-03-09 09:51 . 2007-02-28 17:02 2,182,400 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-03-09 09:51 . 2007-02-28 17:02 2,138,112 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-03-09 09:51 . 2007-02-28 17:02 2,059,648 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-03-09 09:51 . 2007-02-28 17:02 2,017,792 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-03-09 09:47 . 2006-06-01 19:48 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
    2008-03-09 09:47 . 2006-06-01 19:48 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
    2008-03-09 09:30 . 2008-03-09 09:30 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-03-07 16:35 . 2008-03-07 21:03 <REP> d-------- C:\VundoFix Backups
    2008-03-06 21:31 . 2008-03-06 21:31 <REP> d-------- C:\Program Files\Avira
    2008-03-06 21:16 . 2008-03-06 21:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-05 20:47 . 2008-03-06 21:47 332 ---hs---- C:\WINDOWS\system32\devoxohi.ini
    2008-03-04 20:39 . 2008-03-05 20:39 5,034 ---hs---- C:\WINDOWS\system32\ydeeghws.ini
    2008-03-04 18:38 . 2008-03-04 20:33 4,794 ---hs---- C:\WINDOWS\system32\ogmwysbt.ini
    2008-03-03 18:04 . 2008-03-04 18:05 4,674 ---hs---- C:\WINDOWS\system32\qpsnkdhs.ini
    2008-03-03 16:24 . 2008-03-03 16:24 4,374 ---hs---- C:\WINDOWS\system32\xwuupmsi.ini
    2008-03-02 15:52 . 2008-03-03 15:52 4,314 ---hs---- C:\WINDOWS\system32\rvohlbac.ini
    2008-02-28 12:17 . 2008-03-02 15:52 4,014 ---hs---- C:\WINDOWS\system32\lnkrasab.ini
    2008-02-27 08:12 . 2008-02-28 12:08 3,414 ---hs---- C:\WINDOWS\system32\cbfipybi.ini
    2008-02-25 21:11 . 2008-02-27 08:09 3,114 ---hs---- C:\WINDOWS\system32\kxuihmrq.ini
    2008-02-25 12:52 . 2008-02-25 21:05 2,754 ---hs---- C:\WINDOWS\system32\oogmstqi.ini
    2008-02-24 11:33 . 2008-02-25 12:47 2,634 ---hs---- C:\WINDOWS\system32\porwgnoc.ini
    2008-02-24 10:36 . 2008-02-24 10:36 2,394 ---hs---- C:\WINDOWS\system32\cqgxuyyi.ini
    2008-02-22 10:34 . 2008-02-24 10:35 2,334 ---hs---- C:\WINDOWS\system32\rhjcrpoj.ini
    2008-02-22 10:22 . 2008-02-28 12:08 147 --a------ C:\WINDOWS\BM7b47556b.xml
    2008-02-22 09:22 . 2008-02-22 09:22 1,734 ---hs---- C:\WINDOWS\system32\trfdjlbl.ini
    2008-02-20 21:12 . 2008-02-22 09:19 1,674 ---hs---- C:\WINDOWS\system32\turtxtlk.ini
    2008-02-19 18:12 . 2008-02-20 21:10 1,554 ---hs---- C:\WINDOWS\system32\xslowptx.ini
    2008-02-18 18:14 . 2008-02-19 18:10 1,314 ---hs---- C:\WINDOWS\system32\ulxvhyhn.ini
    2008-02-17 18:21 . 2008-02-18 17:41 1,194 ---hs---- C:\WINDOWS\system32\ijiwtgcx.ini
    2008-02-16 17:59 . 2008-02-17 18:00 954 ---hs---- C:\WINDOWS\system32\dqdcpype.ini
    2008-02-15 17:45 . 2008-02-16 17:56 834 ---hs---- C:\WINDOWS\system32\achciiqt.ini
    2008-02-14 14:43 . 2008-02-15 17:43 714 ---hs---- C:\WINDOWS\system32\wdchxrpk.ini

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-07 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-03-07 18:01 --------- d-----w C:\Documents and Settings\Lise\Application Data\dvdcss
    2008-03-05 17:08 --------- d-----w C:\Program Files\VideoLAN
    2008-02-12 09:41 --------- d-----w C:\Program Files\BitTorrent
    2008-02-05 21:34 --------- d-----w C:\Documents and Settings\Lise\Application Data\BitTorrent
    2008-01-28 10:29 --------- d-----w C:\Documents and Settings\Lise\Application Data\Media Player Classic
    2008-01-28 10:25 --------- d-----w C:\Program Files\Media Player Classic
    2007-01-24 22:23 56 --sh--r C:\WINDOWS\system32\D3D819630B.sys
    2007-01-24 22:23 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{393AFDB6-28EA-4D2C-BD5B-B8D393EEDF08}]
    C:\WINDOWS\system32\ssqrp.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5951D459-A139-4FFD-A9C6-9B1E6975E579}]
    C:\Program Files\NetMeeting\nipysatogC:\WINDOWS\system32\uwce9\renamd83122.exe.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e0486ec6-4358-4f77-97e0-631bdb82e1a5}]
    C:\WINDOWS\system32\gksfvxcu.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06 196608]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
    "Drmupgds"="C:\Program Files\Drmupgds\Drmupgds.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 19:40 159744]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-09-04 04:52 88363 C:\WINDOWS\AGRSMMSG.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-08 11:22 4730880]
    "nwiz"="nwiz.exe" [2004-04-08 11:22 323584 C:\WINDOWS\system32\nwiz.exe]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 13:05 200766]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-06-08 13:31 286720]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
    "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-08-19 11:50 290816]
    "UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24 217088]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
    "hcwemMON"="hcwemMON.exe" [2007-03-29 22:22 61440 C:\WINDOWS\hcwemMON.exe]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-12 17:56 185632]
    "787466f7"="C:\WINDOWS\system32\ihoxoved.dll" [ ]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-06 21:33 249896]
    "BM7b47556b"="C:\WINDOWS\system32\drpjxkxc.dll" [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdbcc]
    iifdbcc.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58]
    S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58]
    S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58]
    S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58]
    S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58]
    S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58]
    S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58]
    S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-30 02:20]
    S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-01-30 02:19]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a0b40c7-ad22-11db-936e-00904bb83f12}]
    \Shell\Auto\command - MicrosoftPowerPoint.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5985fbbb-73b5-11dc-9497-000fb0466893}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b65b6bbc-6c21-11dc-9481-000fb0466893}]
    \Shell\AutoRun\command - ntde1ect.com
    \Shell\explore\Command - ntde1ect.com
    \Shell\open\Command - ntde1ect.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddc48e49-470f-11dc-9438-000fb0466893}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL systems.com
    \Shell\read\command - explorer.exe
    \Shell\start\command - systems.com

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-23 08:05:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-10 20:36:31
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????4?0?6?9??????? ???B???????????????B? ??????

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-10 20:39:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-10 19:39:07
    .
    2008-03-09 12:10:08 --- E O F ---



    quand mon ordi ce rallume il dit: Eurreur de chargement de C:\WINDOWS\system32\ihoxoved.dll
    impossible de trouver le fichier spécifié
    a b 8 Sécurité
    10 Mars 2008 21:35:27

    On supprime :) 

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\devoxohi.ini
    C:\WINDOWS\system32\ydeeghws.ini
    C:\WINDOWS\system32\ogmwysbt.ini
    C:\WINDOWS\system32\qpsnkdhs.ini
    C:\WINDOWS\system32\xwuupmsi.ini
    C:\WINDOWS\system32\rvohlbac.ini
    C:\WINDOWS\system32\lnkrasab.ini
    C:\WINDOWS\system32\cbfipybi.ini
    C:\WINDOWS\system32\kxuihmrq.ini
    C:\WINDOWS\system32\oogmstqi.ini
    C:\WINDOWS\system32\porwgnoc.ini
    C:\WINDOWS\system32\cqgxuyyi.ini
    C:\WINDOWS\system32\rhjcrpoj.ini
    C:\WINDOWS\BM7b47556b.xml
    C:\WINDOWS\system32\trfdjlbl.ini
    C:\WINDOWS\system32\turtxtlk.ini
    C:\WINDOWS\system32\xslowptx.ini
    C:\WINDOWS\system32\ulxvhyhn.ini
    C:\WINDOWS\system32\ijiwtgcx.ini
    C:\WINDOWS\system32\dqdcpype.ini
    C:\WINDOWS\system32\achciiqt.ini
    C:\WINDOWS\system32\wdchxrpk.ini
    C:\WINDOWS\system32\drpjxkxc.dll
    C:\WINDOWS\system32\ihoxoved.dll
    Folder::
    C:\WINDOWS\system32\uwce9\

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{393AFDB6-28EA-4D2C-BD5B-B8D393EEDF08}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5951D459-A139-4FFD-A9C6-9B1E6975E579}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e0486ec6-4358-4f77-97e0-631bdb82e1a5}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "787466f7"=-
    "BM7b47556b"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdbcc]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Drmupgds"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    11 Mars 2008 21:07:05

    ComboFix 08-03-10.1 - Lise 2008-03-11 21:00:01.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.196 [GMT 1:00]
    Endroit: C:\Documents and Settings\Lise\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Lise\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\BM7b47556b.xml
    C:\WINDOWS\system32\achciiqt.ini
    C:\WINDOWS\system32\cbfipybi.ini
    C:\WINDOWS\system32\cqgxuyyi.ini
    C:\WINDOWS\system32\devoxohi.ini
    C:\WINDOWS\system32\dqdcpype.ini
    C:\WINDOWS\system32\drpjxkxc.dll
    C:\WINDOWS\system32\ihoxoved.dll
    C:\WINDOWS\system32\ijiwtgcx.ini
    C:\WINDOWS\system32\kxuihmrq.ini
    C:\WINDOWS\system32\lnkrasab.ini
    C:\WINDOWS\system32\ogmwysbt.ini
    C:\WINDOWS\system32\oogmstqi.ini
    C:\WINDOWS\system32\porwgnoc.ini
    C:\WINDOWS\system32\qpsnkdhs.ini
    C:\WINDOWS\system32\rhjcrpoj.ini
    C:\WINDOWS\system32\rvohlbac.ini
    C:\WINDOWS\system32\trfdjlbl.ini
    C:\WINDOWS\system32\turtxtlk.ini
    C:\WINDOWS\system32\ulxvhyhn.ini
    C:\WINDOWS\system32\wdchxrpk.ini
    C:\WINDOWS\system32\xslowptx.ini
    C:\WINDOWS\system32\xwuupmsi.ini
    C:\WINDOWS\system32\ydeeghws.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BM7b47556b.xml
    C:\WINDOWS\system32\achciiqt.ini
    C:\WINDOWS\system32\cbfipybi.ini
    C:\WINDOWS\system32\cqgxuyyi.ini
    C:\WINDOWS\system32\devoxohi.ini
    C:\WINDOWS\system32\dqdcpype.ini
    C:\WINDOWS\system32\ijiwtgcx.ini
    C:\WINDOWS\system32\kxuihmrq.ini
    C:\WINDOWS\system32\lnkrasab.ini
    C:\WINDOWS\system32\ogmwysbt.ini
    C:\WINDOWS\system32\oogmstqi.ini
    C:\WINDOWS\system32\porwgnoc.ini
    C:\WINDOWS\system32\qpsnkdhs.ini
    C:\WINDOWS\system32\rhjcrpoj.ini
    C:\WINDOWS\system32\rvohlbac.ini
    C:\WINDOWS\system32\trfdjlbl.ini
    C:\WINDOWS\system32\turtxtlk.ini
    C:\WINDOWS\system32\ulxvhyhn.ini
    C:\WINDOWS\system32\uwce9\
    C:\WINDOWS\system32\wdchxrpk.ini
    C:\WINDOWS\system32\xslowptx.ini
    C:\WINDOWS\system32\xwuupmsi.ini
    C:\WINDOWS\system32\ydeeghws.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-11 to 2008-03-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-09 20:50 . 2008-03-09 20:50 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-09 14:07 . 2008-03-09 14:07 <REP> d-------- C:\Program Files\Xvid
    2008-03-09 14:07 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
    2008-03-09 14:07 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2008-03-09 14:07 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
    2008-03-09 09:51 . 2007-02-28 17:02 2,182,400 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-03-09 09:51 . 2007-02-28 17:02 2,138,112 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-03-09 09:51 . 2007-02-28 17:02 2,059,648 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-03-09 09:51 . 2007-02-28 17:02 2,017,792 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-03-09 09:47 . 2006-06-01 19:48 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
    2008-03-09 09:47 . 2006-06-01 19:48 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
    2008-03-09 09:30 . 2008-03-09 09:30 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-03-07 16:35 . 2008-03-07 21:03 <REP> d-------- C:\VundoFix Backups
    2008-03-06 21:31 . 2008-03-06 21:31 <REP> d-------- C:\Program Files\Avira
    2008-03-06 21:16 . 2008-03-06 21:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-07 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-03-07 18:01 --------- d-----w C:\Documents and Settings\Lise\Application Data\dvdcss
    2008-03-05 17:08 --------- d-----w C:\Program Files\VideoLAN
    2008-02-12 09:41 --------- d-----w C:\Program Files\BitTorrent
    2008-02-05 21:34 --------- d-----w C:\Documents and Settings\Lise\Application Data\BitTorrent
    2008-01-28 10:29 --------- d-----w C:\Documents and Settings\Lise\Application Data\Media Player Classic
    2008-01-28 10:25 --------- d-----w C:\Program Files\Media Player Classic
    2007-01-24 22:23 56 --sh--r C:\WINDOWS\system32\D3D819630B.sys
    2007-01-24 22:23 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06 196608]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 19:40 159744]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-09-04 04:52 88363 C:\WINDOWS\AGRSMMSG.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-08 11:22 4730880]
    "nwiz"="nwiz.exe" [2004-04-08 11:22 323584 C:\WINDOWS\system32\nwiz.exe]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 13:05 200766]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-06-08 13:31 286720]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
    "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-08-19 11:50 290816]
    "UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24 217088]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
    "hcwemMON"="hcwemMON.exe" [2007-03-29 22:22 61440 C:\WINDOWS\hcwemMON.exe]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-12 17:56 185632]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-06 21:33 249896]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-07 12:18:49 110592]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-12 16:54:25 126136]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58]
    S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58]
    S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58]
    S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58]
    S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58]
    S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58]
    S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58]
    S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-30 02:20]
    S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-01-30 02:19]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a0b40c7-ad22-11db-936e-00904bb83f12}]
    \Shell\Auto\command - MicrosoftPowerPoint.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5985fbbb-73b5-11dc-9497-000fb0466893}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b65b6bbc-6c21-11dc-9481-000fb0466893}]
    \Shell\AutoRun\command - ntde1ect.com
    \Shell\explore\Command - ntde1ect.com
    \Shell\open\Command - ntde1ect.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddc48e49-470f-11dc-9438-000fb0466893}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL systems.com
    \Shell\read\command - explorer.exe
    \Shell\start\command - systems.com

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-23 08:05:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-11 21:02:58
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????4?0?6?9??P???? ???B???????????????B? ??????

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-11 21:03:51
    ComboFix-quarantined-files.txt 2008-03-11 20:03:28
    ComboFix2.txt 2008-03-10 19:39:12
    .
    2008-03-09 12:10:08 --- E O F ---
    11 Mars 2008 21:08:34

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:07, on 11/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\hcwemMON.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [hcwemMON] hcwemMON.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 7149 bytes
    a b 8 Sécurité
    11 Mars 2008 21:48:41

    Ton pc se comporte mieux ?
    12 Mars 2008 20:58:52

    ça a l'air merci beaucoup
    a b 8 Sécurité
    13 Mars 2008 18:12:37

    Bon surf :) 

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS