Se connecter / S'enregistrer
Votre question

La torture selon schost.exe

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
14 Février 2008 18:33:26

:hello: 

Voici ma configuration:

Processeur Intel Core 2 Extreme QX9850 3,3Ghz
Mémoire vive Cellshock DDR3 3GB
Carte Graphique: Nvdia Geforce 8800 Ultra 768MB
Disque Dur Sealtek 150 Go 10000 t/m 16MB
OS: Windows XP

Vous trouvez normal que l'ordi rame avec une telle config et juste un soft lancé? Non en effet c anormal. Je suis infecté par schost.exe

Bitdefender ne peut l'éliminer, il le trouve dans le systéme32 mais moi je l'ai pas trouvé. Son effet: ralentir l'ordi, changer la date au démarage de 4années en arriére ce qui a pour effet de rendre la license de l'antivirus invalide (ainsi que celle de tous les softwares) d'empécher les mises a jour et la connection a MSN. J'ai trouvé aucun moyen de l'érradiquer je vous en supplie aidez moi a sortir de cet enfer quotidien :cry:  , schost.exe me rends complétement dingue donc si vous connaissez quelquonqu antivirus, software capable de l'éradiquer définitivement. Dites le moi. Merci^^

Autres pages sur : torture schost exe

14 Février 2008 19:05:56

Salut,

Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce tuto.
14 Février 2008 19:36:16

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:08, on 14/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\utorrent\utorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\schost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [Microsoft] schost.exe
O4 - HKLM\..\RunServices: [Microsoft] schost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\utorrent\utorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08dd -f video -m logitech -d 11.5.0.1145 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08dd -f video -m logitech -d 11.5.0.1145 (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{57F39ECC-6B1F-4F11-84CB-FEC5E4FA6C9E}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{715B3565-7ACD-4E03-AE7E-687E19332A0E}: NameServer = 10.7.1.10
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 11349 bytes

Merci 1000x de m'avoir répondu^^
14 Février 2008 19:40:58

Re,

Télécharge SDFix (d’Andy Manchesta)

Enregistre le sur ton le bureau.

Lance le.
Fais install afin qu’il puisse s’extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Lance SDFix.
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.

Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished

Appuie sur une touche.

Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<
14 Février 2008 23:11:26

Salut :hello: 

SDFix: Version 1.142

Run by Hypérion on 14/02/2007 at 22:28

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\HYPER~1\Bureau\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\antiv.exe - Deleted




Removing Temp Files...

ADS Check:

Il a juste trouvé un trojan mais pas l'increvable schost.exe qui continue a déranger mon windows... Voici le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:10:12, on 14/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\utorrent\utorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\utorrent\utorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08dd -f video -m logitech -d 11.5.0.1145 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08dd -f video -m logitech -d 11.5.0.1145 (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{57F39ECC-6B1F-4F11-84CB-FEC5E4FA6C9E}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{715B3565-7ACD-4E03-AE7E-687E19332A0E}: NameServer = 10.7.1.10
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 11214 bytes

Bizzarement schost né pas là :heink: 
15 Février 2008 07:09:00

Il n'apparaît plus dans Hijackthis en effet.
Sûr qu'il est toujours là ?

Clique sur démarrer --> exécuter, tape CMD puis valide par ok.
Colle ligne par ligne en validant entre deux (par entrée) les lignes suivantes dans la fenêtre noire qui apparaît.
cd %windir%\system32
del /q /f schost.exe
(Ne pas confondre avec svchost!)
Quel message apparaît ?
15 Février 2008 11:49:30

Impossible de trouver schost.exe

Mais au démarage y'a toujours ce programme qui apparait avant les autres et qui me fait chier a modifier la date :cry: 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22:50, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\utorrent\utorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\Program Files\TechSmith\Camtasia Studio 5\CamRecorder.exe
C:\Program Files\TechSmith\Camtasia Studio 5\TSCHelp.exe
C:\WINDOWS\system32\WISPTIS.EXE

voici le dernier rapport hijackthis toujours sans schost.exe
15 Février 2008 16:29:16

Re,

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
15 Février 2008 17:18:22

:hello: 

ComboFix 08-02-15.2 - Fatoumata 2008-02-15 16:58:03.1 - NTFSx86
Endroit: C:\Documents and Settings\Fatoumata\Mes documents\DL\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))))))))
.

2008-02-15 15:36 . 2008-02-15 16:00 <REP> d-------- C:\Fraps
2008-02-15 15:36 . 2008-02-15 16:11 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-14 19:58 . 2008-01-18 03:36 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-02-14 19:57 . 2008-02-14 19:57 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-02-14 19:57 . 2008-02-14 19:57 <REP> d-------- C:\Program Files\Fichiers communs\TechSmith Shared
2008-02-14 19:56 . 2008-02-14 19:56 <REP> d-------- C:\Program Files\TechSmith
2008-02-14 19:29 . 2008-02-14 19:29 <REP> d-------- C:\Program Files\Trend Micro
2008-02-14 18:51 . 2007-02-14 22:11 1,364 --a------ C:\WINDOWS\Sandboxie.ini
2008-02-14 18:50 . 2008-02-14 18:50 <REP> d-------- C:\Program Files\Sandboxie
2008-02-14 13:08 . 2008-02-14 20:22 <REP> d-------- C:\Documents and Settings\Fatoumata\Application Data\gtk-2.0
2008-02-14 13:08 . 2008-02-14 13:08 <REP> d-------- C:\Documents and Settings\Fatoumata\.thumbnails
2008-02-14 11:52 . 2008-02-14 20:22 <REP> d-------- C:\Documents and Settings\Fatoumata\.gimp-2.4
2008-02-14 11:49 . 2008-02-14 11:49 <REP> d-------- C:\Program Files\GIMP-2.0
2008-02-14 00:46 . 2008-02-14 00:46 <REP> d-------- C:\Documents and Settings\Fatoumata\Application Data\EPSON
2008-02-13 23:43 . 2007-02-14 12:14 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-02-13 23:23 . 2008-02-13 23:23 <REP> d-------- C:\Program Files\NecroFile
2008-02-12 11:08 . 2008-02-12 11:08 <REP> d-------- C:\Program Files\MagicISO
2008-02-11 22:23 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
2008-02-11 22:23 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
2008-02-11 22:23 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
2008-02-11 20:24 . 2008-02-14 19:58 121 --a------ C:\WINDOWS\bdagent.INI
2008-02-11 19:53 . 2008-02-11 19:53 <REP> d-------- C:\Program Files\BitDefender
2008-02-11 19:51 . 2004-02-12 20:53 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-02-11 15:44 . 2007-10-11 21:02 186,323 --a------ C:\wubildr
2008-02-11 15:44 . 2008-02-11 15:44 85,020 --a------ C:\WINDOWS\uninstall-ubuntu.exe
2008-02-11 15:44 . 2007-10-11 21:03 8,192 --a------ C:\wubildr.mbr
2008-02-11 11:32 . 2008-02-11 11:32 <REP> d-------- C:\Program Files\HHD Software
2008-02-11 11:18 . 2005-02-12 20:37 267 --a------ C:\WINDOWS\w32dasm8.ini
2008-02-11 00:14 . 2008-02-13 15:42 <REP> d-------- C:\Program Files\RivaTuner v2.06
2008-02-10 23:37 . 2007-02-12 13:05 <REP> d-------- C:\Program Files\Microsoft Games
2008-02-10 21:01 . 2008-02-10 21:01 <REP> d-------- C:\Program Files\Registrar Registry Manager
2008-02-10 21:01 . 2008-01-30 19:41 31,280 --a------ C:\WINDOWS\system32\rrMon.sys
2008-02-10 15:30 . 2008-02-10 15:30 9,668 --a------ C:\WINDOWS\system32\shutdown.rar
2008-02-10 14:47 . 2008-02-10 14:47 <REP> d-------- C:\WINDOWS\system32\Futuremark
2008-02-10 14:47 . 2008-02-10 14:47 <REP> d-------- C:\Program Files\Fichiers communs\Futuremark Shared
2008-02-10 14:47 . 2008-02-10 14:47 <REP> d-------- C:\Documents and Settings\Fatoumata\Application Data\InstallShield
2008-02-10 14:47 . 2007-10-11 11:55 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys
2008-02-10 14:46 . 2008-02-10 14:46 <REP> d-------- C:\WINDOWS\Sun
2008-02-10 14:45 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-10 14:44 . 2008-02-10 14:44 <REP> d-------- C:\Program Files\Java
2008-02-10 14:43 . 2008-02-10 14:43 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-02-10 00:10 . 2008-02-10 00:10 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-10 00:09 . 2008-02-10 00:09 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-02-09 23:02 . 2008-02-09 23:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-09 21:39 . 2008-02-09 21:39 1,024,069 --a------ C:\WINDOWS\system32\ntoskrnl.rar
2008-02-09 21:04 . 2008-02-09 21:04 819,961,801 --a------ C:\3D Studio Max 9 + Tutorials and Keygen.uif
2008-02-09 20:52 . 2008-02-14 17:34 <REP> d--h----- C:\WINDOWS\Icons
2008-02-09 19:37 . 2008-02-09 19:37 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-02-09 14:31 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-09 14:31 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-09 14:31 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-09 11:22 . 2008-02-09 11:22 <REP> d-------- C:\Program Files\iTunes
2008-02-09 11:22 . 2008-02-09 11:22 <REP> d-------- C:\Program Files\iPod
2008-02-09 11:22 . 2008-02-09 11:22 <REP> d-------- C:\Program Files\Bonjour
2008-02-09 11:14 . 2008-02-09 11:14 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-02-08 23:46 . 2008-02-08 23:46 <REP> d-------- C:\Program Files\Windows Live
2008-02-08 23:46 . 2008-02-08 23:46 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-08 23:46 . 2008-02-08 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-08 22:59 . 2008-02-13 15:26 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2008-02-08 22:59 . 2008-02-08 22:59 <REP> d-------- C:\Documents and Settings\Fatoumata\Application Data\Thunderbird
2008-02-08 22:15 . 2008-02-08 22:15 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-08 22:15 . 2008-02-08 22:15 <REP> d-------- C:\Documents and Settings\Fatoumata\Application Data\TuneUp Software
2008-02-08 22:15 . 2008-02-08 22:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-08 22:15 . 2008-02-08 22:15 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-08 22:15 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-02-08 22:14 . 2008-02-08 22:14 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-08 21:15 . 2008-02-08 21:15 <REP> d-------- C:\Program Files\utorrent
2008-02-08 21:15 . 2008-02-15 16:59 <REP> d-------- C:\Documents and Settings\Fatoumata\Application Data\utorrent
2008-02-03 21:08 . 2008-02-03 21:09 <REP> d-------- C:\Sandbox
2008-02-03 20:40 . 2008-02-13 12:44 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-03 20:40 . 2004-02-13 11:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-03 12:57 . 2008-02-03 12:57 <REP> d-------- C:\Documents and Settings\Fatoumata\Application Data\vlc
2008-02-03 11:57 . 2008-02-03 11:57 <REP> d-------- C:\Documents and Settings\Fatoumata\Application Data\Apple Computer
2008-02-02 23:08 . 2006-02-14 22:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-02 23:08 . 2008-02-02 23:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-02 23:03 . 2008-02-02 23:03 <REP> d-------- C:\Program Files\QuickTime
2008-02-02 23:03 . 2008-02-02 23:03 <REP> d-------- C:\Program Files\Apple Software Update
2008-02-02 23:03 . 2008-02-02 23:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-02 23:03 . 2008-02-02 23:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-02 19:05 . 2008-02-02 19:05 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-02-02 19:05 . 2008-02-02 19:05 64,194 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-02-02 19:02 . 2008-02-02 19:05 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-02 19:01 . 2008-02-02 19:01 <REP> d-------- C:\WINDOWS\BricoPacks
2008-02-02 18:53 . 2008-02-10 14:46 1,404 --a------ C:\WINDOWS\mozver.dat
2008-02-02 18:50 . 2008-02-02 18:50 <REP> d-------- C:\Documents and Settings\Fatoumata\Application Data\Talkback
2008-02-02 18:49 . 2008-02-02 18:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-02 18:46 . 2007-11-09 16:58 126,690 --a------ C:\WINDOWS\img.jpg
2008-02-02 18:07 . 2008-02-02 15:41 216 -rahs---- C:\BOOT.BKK
2008-02-02 17:52 . 2008-02-02 17:52 <REP> d-------- C:\Program Files\TGTSoft
2008-02-02 17:29 . 2008-02-02 17:29 <REP> d-------- C:\Program Files\UxTheme Multipatcher Fr
2008-02-01 22:11 . 2008-02-01 22:11 <REP> d-------- C:\Blackbox
2008-02-01 21:43 . 2008-02-01 21:43 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-01 21:43 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-01 21:43 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-02-01 21:43 . 2007-03-10 12:51 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-01 21:43 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-02-01 21:43 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-02-01 21:43 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-02-01 21:43 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-02-01 21:43 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 19:19 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-02-14 11:03 --------- d-----w C:\Program Files\Webteh
2008-02-13 14:47 --------- d-----w C:\Program Files\Skype
2008-02-13 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-02-13 14:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 14:31 --------- d-----w C:\Program Files\NewTech Infosystems
2008-02-13 14:19 --------- d-----w C:\Program Files\DivX
2008-02-13 14:12 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-11 17:34 --------- d-----w C:\Program Files\CyberLink
2008-02-02 18:05 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-02-02 18:05 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-01-14 12:52 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-07 16:41 196,368 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-12-07 02:08 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-12-07 02:08 63,488 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-07 02:08 6,066,176 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-07 02:08 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-07 02:08 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-12-07 02:08 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-07 02:08 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-12-07 02:08 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-12-07 02:08 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-07 02:08 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-12-07 02:08 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-07 02:08 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-12-07 02:08 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-12-07 02:08 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-12-07 02:08 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-12-07 02:08 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-12-07 02:08 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-12-07 02:08 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-12-07 02:08 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-12-07 02:08 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-12-07 02:08 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-12-06 11:03 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-27 15:46 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2007-06-13 13:22 197,648 --sh--r C:\WINDOWS\system32\schost.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D}
{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"uTorrent"="C:\Program Files\utorrent\utorrent.exe" [2008-02-08 21:15 219952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 14:18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 22:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 22:43 688218]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 05:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-07 16:27 126976]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-12-09 12:50 311296]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-14 20:07 360448]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Fichiers communs\logishrd\WUApp32.exe" [2007-10-12 03:03 439568]

C:\Documents and Settings\Fatoumata\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
--a------ 2007-10-09 15:46 61440 C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft]
-r-hs---- 2007-06-13 14:22 197648 C:\WINDOWS\system32\schost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-05-24 19:31 1372160 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-25 14:18 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"ePowerManagement"=C:\Acer\ePM\ePM.exe boot
"EPM-DM"=c:\acer\epm\epm-dm.exe
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
"EPSON Stylus DX4800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"

R1 bdftdif;bdftdif;C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys [2004-02-12 20:58]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-01-03 11:51]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 11:50]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 05:00]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-02-14 20:19]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-01-07 17:41]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2004-02-12 20:58]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-01-13 12:53]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-05 05:00]
S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 14:46]
S3 Lbrthioara;Lbrthioara;C:\WINDOWS\system32\drivers\ialmnt5.sys [2004-10-07 16:54]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-08 22:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - 06C408E7
*Newly Created Service* - 289DB96F

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C51550E6-BEE1-DC64-9DC1-1168E64FFA74}]
C:\WINDOWS\system32\Windowsupdates\Windupdate.exe s
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-14 18:27:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-08 21:15:54 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-02-15 15:59:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 17:02:48
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll

Il a retrouvé schost.exe

j'ai été le supprimé dans ma base de registre

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:40, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\utorrent\utorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\Program Files\TechSmith\Camtasia Studio 5\CamRecorder.exe
C:\Program Files\TechSmith\Camtasia Studio 5\TSCHelp.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\utorrent\utorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08dd -f video -m logitech -d 11.5.0.1145 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08dd -f video -m logitech -d 11.5.0.1145 (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{57F39ECC-6B1F-4F11-84CB-FEC5E4FA6C9E}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{715B3565-7ACD-4E03-AE7E-687E19332A0E}: NameServer = 10.7.1.10
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 11519 bytes
le nouveau rapport hijackthis
15 Février 2008 17:28:09

Re,

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\schost.exe
C:\WINDOWS\nsreg.dat
C:\3D Studio Max 9 + Tutorials and Keygen.uif

Folder::
C:\WINDOWS\system32\Windowsupdates

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"iTunesHelper"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C51550E6-BEE1-DC64-9DC1-1168E64FFA74}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft]


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS