Se connecter / S'enregistrer
Votre question

Virus Win32:TratBHO[Trj]

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Janvier 2008 22:04:41

Bonsoir,

Etant nouvelle sur ce forum, je suis à la recherche d'une aide pour me débarasser du cheval de troie win32.

J'ai Avast comme antivirus et un pare-feu Windows.

Autant vous dire, que je suis totalement novice! :whistle: 

Autres pages sur : virus win32 tratbho trj

5 Janvier 2008 22:54:51

Voici l'analyse avec HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:31, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\SOUNDMAN.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\WINDOWS\system32\LVCOMSX.EXE
H:\Program Files\Logitech\Video\LogiTray.exe
H:\Program Files\Winamp\winampa.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
H:\Program Files\Logitech\Video\LogiTray .exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Winamp\winampa .exe
H:\WINDOWS\system32\LVCOMSX .EXE
H:\Program Files\Picasa2\PicasaMediaDetector.exe
H:\Program Files\SyncroSoft\Pos\H2O\cledx .exe
H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray .exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
H:\Program Files\Logitech\Video\FxSvr2.exe
H:\Program Files\Picasa2\PicasaMediaDetector .exe
H:\Program Files\MSN Messenger\MsnMsgr .Exe
H:\Program Files\Skype\Phone\Skype .exe
H:\Program Files\Skype\Plugin Manager\skypePM.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Documents and Settings\Laura\Local Settings\Temporary Internet Files\Content.IE5\STULQBSZ\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=H:\WINDOWS\system32\jkkjj.exe
O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - H:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - H:\WINDOWS\system32\mljihfg.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - H:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {2aec8fb5-379f-5128-2324-875082063c09} - {90c36028-0578-4232-8215-f9735bf8cea2} - H:\WINDOWS\system32\bowdfycw.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] H:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] H:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] H:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [H2O] H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SMSTray] H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [Host Process] H:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [000000af] rundll32.exe "H:\WINDOWS\system32\ybdsqfpr.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "H:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8016 bytes
6 Janvier 2008 11:22:22

Personne pour m'aider? :??: 
Contenus similaires
6 Janvier 2008 12:24:17

Salut,

L'ange te vient en aide :) 

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
6 Janvier 2008 15:26:19

Bonjour a tous. et aussi BoNNe ANNEE!!
J'ai le meme probleme que Laura68 j'ai donc fait le scan avec combofix et voila le resultat.
Je tient a remercier infiniment les personnes qui consacre du temps pour aider des inconus.


ComboFix 08-01-04.1 - walter 2008-01-06 14.46.41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.613 [GMT 1:00]
Eseguito da: C:\Documents and Settings\walter\Impostazioni locali\Temporary Internet Files\Content.IE5\0ZQZETAT\ComboFix[1].exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\NetworkService\Dati applicazioni\NetMon
C:\Documents and Settings\NetworkService\Dati applicazioni\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Dati applicazioni\NetMon\log.txt
C:\Documents and Settings\walter\Dati applicazioni\SCURIT~1
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Alwil Software\Avast4\ashDisp .exe
C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
C:\Programmi\kernel\kernel.exe
C:\Programmi\network monitor
C:\Programmi\Temporary
C:\Programmi\Temporary\kernInstall.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\tpBe12
C:\Temp\tpBe12\etFr.log
C:\WINDOWS\b122.exe
C:\WINDOWS\Downloaded Program Files\UGA6PT_0001_N122M2910NetInstaller.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\f1
C:\WINDOWS\system32\iifeeee.dll
C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\jmllm.ini2
C:\WINDOWS\system32\mllmj.exe
C:\WINDOWS\system32\opnoppn.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\tuvuuss.dll
C:\WINDOWS\system32\wnsinticomsv.exe
C:\WINDOWS\system32\y2
C:\WINDOWS\uninstall_nmon.vbs

  1. <pre>
  2. "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl .exe" replaces infected copy of "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  3. "C:\Programmi\Alwil Software\Avast4\ashDisp .exe" moved to QooBox
  4. "C:\Programmi\Java\jre1.5.0_03\bin\jusched .exe" replaces infected copy of "C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe"
  5. "C:\Programmi\kernel\kernel .exe" replaces infected copy of "C:\Programmi\kernel\kernel.exe"
  6. "C:\WINDOWS\system32\ctfmon .exe" moved to QooBox
  7. </pre>

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Creati Da 2007-12-06 al 2008-01-06 )))))))))))))))))))))))))))))))))))
.

2008-01-06 14:44 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 14:18 . 2008-01-06 14:18 <DIR> d-------- C:\Programmi\Alwil SoftwaiŠ+
2008-01-05 12:02 . 2008-01-05 12:02 <DIR> d-------- C:\WINDOWS\Sun
2008-01-05 12:00 . 2008-01-05 12:00 <DIR> d-------- C:\WINDOWS\system32\ineWc03
2008-01-05 12:00 . 2008-01-05 12:00 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-01-05 12:00 . 2008-01-05 12:00 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-01-05 11:07 . 2008-01-05 11:07 <DIR> d-------- C:\Programmi\Trend Micro
2008-01-04 08:53 . 2008-01-05 11:58 <DIR> d-------- C:\Documents and Settings\walter\.housecall6.6
2008-01-04 08:40 . 2005-04-13 03:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-01-04 08:39 . 2008-01-05 12:02 <DIR> d-------- C:\Programmi\Java
2008-01-04 08:39 . 2008-01-04 08:39 <DIR> d-------- C:\Programmi\File comuni\Java
2008-01-03 19:52 . 2008-01-05 12:01 <DIR> d-------- C:\Programmi\DivX
2008-01-03 14:52 . 2008-01-03 14:52 <DIR> d-------- C:\Programmi\Lavasoft
2008-01-03 14:52 . 2008-01-03 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-01-03 12:06 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-02 14:48 . 2008-01-06 14:53 <DIR> d-------- C:\Programmi\kernel
2008-01-02 14:45 . 2008-01-02 14:45 <DIR> d-------- C:\WINDOWS\system32\ardCo01
2008-01-02 14:45 . 2008-01-02 15:40 <DIR> d--hs---- C:\WINDOWS\d2FsdGVy
2008-01-02 14:45 . 2008-01-02 14:45 <DIR> d-------- C:\Temp\cEeer12
2008-01-02 14:45 . 2008-01-06 14:50 <DIR> d-------- C:\Temp
2008-01-02 14:45 . 2008-01-02 14:56 389,120 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2007-12-12 20:33 . 2007-12-12 20:33 0 --a------ C:\WINDOWS\SemcoEditor 2.04.0_eng.INI
2007-12-12 19:49 . 2007-12-12 19:49 244 --ah----- C:\sqmnoopt01.sqm
2007-12-12 19:49 . 2007-12-12 19:49 232 --ah----- C:\sqmdata01.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 13:18 --------- d-----w C:\Programmi\Alwil Softwaiè+
2008-01-05 17:41 --------- d-----w C:\Documents and Settings\walter\Dati applicazioni\uTorrent
2007-12-21 14:35 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-09 12:56 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-05 15:41 --------- d-----w C:\Programmi\Audacity
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-11 10:13 --------- d-----w C:\Programmi\Roland
2007-11-10 13:49 --------- d-----w C:\Programmi\File comuni\Adobe
2007-10-28 15:16 155,995 ----a-w C:\WINDOWS\java\Packages\HRDJ7NNV.ZIP
2005-07-29 15:24 472 --sha-r C:\WINDOWS\d2FsdGVy\xZIPx3pV.vbs
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"kernel"="C:\Programmi\kernel\kernel.exe" [2008-01-06 10:12 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 15:29 7561216]
"nwiz"="nwiz.exe" [2006-03-09 15:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 15:29 86016]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-06 10:12 40048]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe" [2008-01-06 10:12 36975]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-19 14:39 397824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Programmi\NetMeeting\vilobob.html
FriendlyName=


.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 14:53:52
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-01-06 14:55:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-06 13:55:22
.
2008-01-03 21:29:24 --- E O F ---

6 Janvier 2008 15:47:13

Salut Alcatraz91, bonne année à toi aussi ! Par contre est-ce que tu pourrais te faire ton propre post si ça ne te dérange pas? car je pense que les personnes qui nous aident à nous débarrasser de ces virus le font pour chaque personne personnellement et chaque problème peut etre différent. Merci
6 Janvier 2008 16:07:54

Voici le rapport combofix :

ComboFix 08-01-04.1 - Laura 2008-01-06 15:55:04.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.400 [GMT 1:00]
Running from: H:\Documents and Settings\Laura\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\Documents and Settings\Antoine\Local Settings\Application Data\eyjmcbv.dat
H:\Documents and Settings\Antoine\Local Settings\Application Data\eyjmcbv.exe
H:\Documents and Settings\Antoine\Local Settings\Application Data\eyjmcbv_nav.dat
H:\Documents and Settings\Antoine\Local Settings\Application Data\eyjmcbv_navps.dat
H:\Program Files\Alwil Software\Avast4\ashDisp .exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\Program Files\Logitech\Video\ISStart.exe
H:\Program Files\Logitech\Video\LogiTray.exe
H:\Program Files\Logitech\Video\ManifestEngine.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\MSN Messenger\msnmsgr.exe
H:\Program Files\Picasa2\PicasaMediaDetector.exe
H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Syncrosoft\POS\H2O\cledx.exe
H:\Program Files\Winamp Remote\bin\OrbTray.exe
H:\Program Files\Winamp\Winampa.exe
H:\WINDOWS\cookies.ini
H:\WINDOWS\Fonts\a.zip
H:\WINDOWS\Fonts\Crack.exe
H:\WINDOWS\Fonts\svchost.exe
H:\WINDOWS\system32\ctfmon .exe
H:\WINDOWS\system32\ctfmon.exe.tmp
H:\WINDOWS\system32\LVCOMSX.EXE
H:\WINDOWS\system32\mcrh.tmp
H:\WINDOWS\system32\mljihfg.dll
H:\WINDOWS\system32\nvs2.inf
H:\WINDOWS\system32\RCX20.tmp
H:\WINDOWS\system32\RCX2E.tmp
H:\WINDOWS\system32\RCX4C.tmp
H:\WINDOWS\system32\RCX5A.tmp
H:\WINDOWS\system32\RCX5D.tmp
H:\WINDOWS\system32\RCX81.tmp
H:\winlogon.exe
H:\x.dat
H:\z.dat
H:\WINDOWS\Fonts\'

  1. <pre>
  2. "H:\Program Files\Alwil Software\Avast4\ashDisp .exe" moved to QooBox
  3. "H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe" replaces infected copy of "H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
  4. "H:\Program Files\Java\jre1.6.0_03\bin\jusched .exe" replaces infected copy of "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
  5. "H:\Program Files\Logitech\Video\LogiTray .exe" replaces infected copy of "H:\Program Files\Logitech\Video\LogiTray.exe"
  6. "H:\Program Files\Logitech\Video\ManifestEngine .exe" replaces infected copy of "H:\Program Files\Logitech\Video\ManifestEngine.exe"
  7. "H:\Program Files\Messenger\msmsgs .exe" replaces infected copy of "H:\Program Files\Messenger\msmsgs.exe"
  8. "H:\Program Files\MSN Messenger\msnmsgr .exe" replaces infected copy of "H:\Program Files\MSN Messenger\msnmsgr.exe"
  9. "H:\Program Files\Picasa2\PicasaMediaDetector .exe" replaces infected copy of "H:\Program Files\Picasa2\PicasaMediaDetector.exe"
  10. "H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray .exe" replaces infected copy of "H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe"
  11. "H:\Program Files\Skype\Phone\Skype .exe" replaces infected copy of "H:\Program Files\Skype\Phone\Skype.exe"
  12. "H:\Program Files\Syncrosoft\POS\H2O\cledx .exe" replaces infected copy of "H:\Program Files\Syncrosoft\POS\H2O\cledx.exe"
  13. "H:\Program Files\Winamp\Winampa .exe" replaces infected copy of "H:\Program Files\Winamp\Winampa.exe"
  14. "H:\Program Files\Winamp Remote\bin\OrbTray .exe" replaces infected copy of "H:\Program Files\Winamp Remote\bin\OrbTray.exe"
  15. "H:\WINDOWS\system32\ctfmon .exe" moved to QooBox
  16. "H:\WINDOWS\system32\LVCOMSX .EXE" replaces infected copy of "H:\WINDOWS\system32\LVCOMSX.EXE"
  17. </pre>

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))))))))
.

2008-01-06 15:50 . 2000-08-31 08:00 51,200 --a------ H:\WINDOWS\NirCmd.exe
2008-01-05 17:43 . 2008-01-05 18:11 <REP> d-------- H:\VundoFix Backups
2008-01-03 20:03 . 2008-01-06 16:00 <REP> d-------- H:\Program Files\Picasa2
2008-01-03 13:56 . 2008-01-03 13:56 348,160 --a------ H:\WINDOWS\system32\RCX15D.tmp
2008-01-03 13:23 . 2008-01-05 21:28 <REP> d-------- H:\Program Files\Nostale(FR)
2007-12-29 17:43 . 2007-12-29 17:48 <REP> d-------- H:\Program Files\AV Vcs 6.0 DIAMOND
2007-12-29 11:24 . 2007-12-29 11:50 <REP> d-------- H:\Documents and Settings\Laura\Application Data\Winamp
2007-12-28 22:47 . 2007-12-28 22:47 <REP> d-------- H:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-12-28 22:45 . 2007-12-28 22:50 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\Winamp
2007-12-28 13:33 . 2007-12-28 22:47 <REP> d-------- H:\Program Files\Winamp Remote
2007-12-28 13:29 . 2007-12-28 13:29 <REP> d-------- H:\Program Files\VirtualDJ
2007-12-28 13:08 . 2007-12-28 13:24 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\GetRightToGo
2007-12-28 10:25 . 2008-01-05 17:31 1,045,502 ---hs---- H:\WINDOWS\system32\rpfqsdby.ini
2007-12-27 18:44 . 2007-12-27 18:44 40,960 --a------ H:\Documents and Settings\Frederique\f.exe
2007-12-27 18:26 . 1999-12-17 08:13 86,016 --a------ H:\WINDOWS\unvise32.exe
2007-12-26 22:15 . 2007-12-26 22:15 40,960 --a------ H:\Documents and Settings\Laura\f.exe
2007-12-26 21:11 . 2007-12-27 18:27 <REP> d-------- H:\Program Files\LimeWire
2007-12-26 21:10 . 2007-12-26 21:11 <REP> d-------- H:\Documents and Settings\Antoine\.limewire
2007-12-26 20:22 . 2007-12-26 20:27 286,720 --a------ H:\WINDOWS\vsnpstd2 .exe
2007-12-26 20:22 . 2008-01-06 11:13 221,184 --a------ H:\WINDOWS\system32\LVCOMSX.EXE
2007-12-26 20:19 . 2007-12-26 20:19 40,737 --a------ H:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-26 20:18 . 2007-12-26 20:18 79,875 --a------ H:\WINDOWS\system32\adssite-remove.exe
2007-12-26 20:18 . 2007-12-27 14:04 77,353 --a------ H:\WINDOWS\system32\adssite_sidebar_uninstall.exe
2007-12-26 20:12 . 2007-12-26 20:12 147,456 --a------ H:\WINDOWS\system32\vbzip10.dll
2007-12-26 20:08 . 2007-12-27 18:44 134 --a------ H:\n.bat
2007-12-25 09:31 . 2007-12-25 09:31 65 --a------ H:\WINDOWS\FISHUI.INI
2007-12-25 08:52 . 2007-12-25 08:52 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\DataCast
2007-12-25 08:52 . 2007-08-23 21:06 110,592 --a------ H:\WINDOWS\system32\TG_DUMP0708.DLL
2007-12-24 22:18 . 2007-12-24 22:18 <REP> d-------- H:\Program Files\Lame MP3 Codec
2007-12-24 22:18 . 2002-12-03 22:13 1,048,576 --a------ H:\WINDOWS\system32\lameACM.acm
2007-12-24 22:18 . 2005-05-03 09:33 299,008 --a------ H:\WINDOWS\system32\LAME_MP3.dll
2007-12-24 22:18 . 2007-12-24 22:18 65,024 --a------ H:\WINDOWS\IFinst26.exe
2007-12-24 22:18 . 2004-12-10 21:29 401 --a------ H:\WINDOWS\system32\lame_acm.xml
2007-12-24 22:17 . 2007-12-24 22:17 <REP> d-------- H:\Program Files\Samsung
2007-12-24 22:17 . 2007-12-24 22:17 <REP> d-------- H:\Program Files\MarkAny
2007-12-24 22:17 . 2007-12-24 22:17 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\InstallShield
2007-12-24 22:12 . 2005-01-28 08:53 5,525,504 --a------ H:\WINDOWS\system32\setb7.tmp
2007-12-24 14:02 . 2007-12-24 14:02 319,488 --a------ H:\WINDOWS\system32\adssite_sidebar.dll
2007-12-22 18:00 . 2001-08-23 17:04 12,288 --a------ H:\WINDOWS\system32\drivers\mouhid.sys
2007-12-22 18:00 . 2001-08-23 17:04 12,288 --a--c--- H:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-13 11:34 . 2007-07-27 14:15 <REP> d--h----- H:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-12-13 11:34 . 2007-07-27 14:15 <REP> d--h----- H:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-13 11:34 . 2007-07-27 12:29 <REP> d--h----- H:\Documents and Settings\Administrateur\ModŠles
2007-12-13 11:34 . 2007-07-27 14:15 <REP> d-------- H:\Documents and Settings\Administrateur\Mes documents
2007-12-13 11:34 . 2007-07-27 14:15 <REP> dr------- H:\Documents and Settings\Administrateur\Menu D‚marrer
2007-12-13 11:34 . 2007-07-27 14:15 <REP> d-------- H:\Documents and Settings\Administrateur\Favoris
2007-12-13 11:34 . 2007-07-27 14:15 <REP> d-------- H:\Documents and Settings\Administrateur\Bureau
2007-12-08 17:53 . 2007-12-08 17:53 <REP> d-------- H:\Program Files\Controle Parental
2007-12-08 17:53 . 2006-12-19 13:47 228,648 --a------ H:\WINDOWS\OptChecker.exe
2007-12-08 17:53 . 2006-12-19 13:34 163,120 --a------ H:\WINDOWS\OptRemove.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 15:01 --------- d-----w H:\Documents and Settings\Laura\Application Data\OpenOffice.org2
2008-01-06 15:00 --------- d-----w H:\Program Files\Winamp
2008-01-06 15:00 --------- d-----w H:\Program Files\MSN Messenger
2008-01-06 14:49 --------- d-----w H:\Documents and Settings\Laura\Application Data\Skype
2008-01-05 22:30 --------- d-----w H:\Documents and Settings\Antoine\Application Data\OpenOffice.org2
2008-01-01 21:43 --------- d-----w H:\Documents and Settings\Antoine\Application Data\LimeWire
2008-01-01 21:37 --------- d---a-w H:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 19:33 --------- d-----w H:\Program Files\Steam
2008-01-01 14:56 --------- d-----w H:\Documents and Settings\Laura\Application Data\LimeWire
2007-12-31 08:20 --------- d-----w H:\Documents and Settings\Frederique\Application Data\OpenOffice.org2
2007-12-27 16:41 --------- d-----w H:\Program Files\Google
2007-12-27 16:38 --------- d-----w H:\Program Files\VstPlugins
2007-12-27 16:38 --------- d-----w H:\Program Files\Image-Line
2007-12-27 16:38 --------- d-----w H:\Program Files\Free Audio Pack
2007-12-27 14:16 --------- d-----w H:\Program Files\Wolfenstein - Enemy Territory
2007-12-26 20:02 --------- d-----w H:\Program Files\Fichiers communs\Adobe
2007-12-26 19:56 --------- d-----w H:\Program Files\eMule
2007-12-26 15:54 --------- d-----w H:\Program Files\Messenger Plus! Live
2007-12-25 07:52 --------- d--h--w H:\Program Files\InstallShield Installation Information
2007-12-04 14:56 93,264 ----a-w H:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w H:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w H:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w H:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w H:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-03 16:13 --------- d-----w H:\Program Files\Securitoo
2007-11-22 20:49 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Skype
2007-11-20 17:10 --------- d-----w H:\Program Files\Adverts
2007-11-19 21:01 --------- d-----w H:\Program Files\Bonjour
2007-11-19 20:48 --------- d-----w H:\Program Files\Fichiers communs\Macrovision Shared
2007-11-14 20:03 --------- d-----w H:\Program Files\LitexMedia
2007-11-13 10:25 20,480 ----a-w H:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 18:37 --------- d-----w H:\Program Files\Syncrosoft
2007-11-11 15:02 --------- d-----w H:\Program Files\SM
2007-11-08 17:47 --------- d-----w H:\Program Files\Dealio
.
  1. <pre>
  2. ----a-w 1,266,936 2008-01-01 19:32:38 H:\Program Files\Steam\steam .exe
  3. ----a-w 286,720 2007-12-26 19:27:03 H:\WINDOWS\vsnpstd2 .exe
  4. </pre>



((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-24 14:02 319488 --a------ H:\WINDOWS\system32\adssite_sidebar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90c36028-0578-4232-8215-f9735bf8cea2}]
H:\WINDOWS\system32\bowdfycw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 11:13 5674352]
"Skype"="H:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 11:14 22880040]
"LogitechSoftwareUpdate"="H:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 11:13 196608]
"Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-01-06 11:13 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 09:42 90112 H:\WINDOWS\soundman.exe]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2005-10-10 14:49 7286784]
"nwiz"="nwiz.exe" [2005-10-10 14:49 1519616 H:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 14:49 86016]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 11:13 132496]
"LVCOMSX"="H:\WINDOWS\system32\LVCOMSX.EXE" [2008-01-06 11:13 221184]
"LogitechVideoRepair"="H:\Program Files\Logitech\Video\ISStart.exe" [ ]
"LogitechVideoTray"="H:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 11:13 217088]
"WinampAgent"="H:\Program Files\Winamp\winampa.exe" [2008-01-06 11:13 37376]
"EoEngine"="" []
"EoTraduction"="" []
"avast!"="H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"H2O"="H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2008-01-06 11:13 200069]
"SMSTray"="H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2008-01-06 11:13 132624]
"000000af"="H:\WINDOWS\system32\ybdsqfpr.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-01-06 11:13 443968]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= H:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

R3 CLEDX;Team H2O CLEDX service;H:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 vncmirror;vncmirror;H:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-08-15 16:15]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 16:01:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 16:05:31 - machine was rebooted [Laura]
ComboFix-quarantined-files.txt 2008-01-06 15:05:28
.
2007-12-25 13:19:17 --- E O F ---
6 Janvier 2008 21:35:11

Desolè si j'ai ennuier mais vu que j'ai exactement le meme virus j'ai pensser qu'il y'avai moyen de faire une pierre 2 coups.
ciao.
6 Janvier 2008 21:40:08

Voilà :

ComboFix 08-01-07.1 - Laura 2008-01-06 21:34:11.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.578 [GMT 1:00]
Running from: H:\Documents and Settings\Laura\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\WINDOWS\system32\rpfqsdby.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))))))))
.

2008-01-06 15:50 . 2000-08-31 08:00 51,200 --a------ H:\WINDOWS\NirCmd.exe
2008-01-05 17:43 . 2008-01-05 18:11 <REP> d-------- H:\VundoFix Backups
2008-01-03 20:03 . 2008-01-06 16:00 <REP> d-------- H:\Program Files\Picasa2
2008-01-03 13:56 . 2008-01-03 13:56 348,160 --a------ H:\WINDOWS\system32\RCX15D.tmp
2008-01-03 13:23 . 2008-01-06 16:15 <REP> d-------- H:\Program Files\Nostale(FR)
2007-12-29 17:43 . 2007-12-29 17:48 <REP> d-------- H:\Program Files\AV Vcs 6.0 DIAMOND
2007-12-29 11:24 . 2007-12-29 11:50 <REP> d-------- H:\Documents and Settings\Laura\Application Data\Winamp
2007-12-28 22:47 . 2007-12-28 22:47 <REP> d-------- H:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-12-28 22:45 . 2007-12-28 22:50 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\Winamp
2007-12-28 13:33 . 2007-12-28 22:47 <REP> d-------- H:\Program Files\Winamp Remote
2007-12-28 13:29 . 2007-12-28 13:29 <REP> d-------- H:\Program Files\VirtualDJ
2007-12-28 13:08 . 2007-12-28 13:24 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\GetRightToGo
2007-12-27 18:44 . 2007-12-27 18:44 40,960 --a------ H:\Documents and Settings\Frederique\f.exe
2007-12-27 18:26 . 1999-12-17 08:13 86,016 --a------ H:\WINDOWS\unvise32.exe
2007-12-26 22:15 . 2007-12-26 22:15 40,960 --a------ H:\Documents and Settings\Laura\f.exe
2007-12-26 21:11 . 2007-12-27 18:27 <REP> d-------- H:\Program Files\LimeWire
2007-12-26 21:10 . 2007-12-26 21:11 <REP> d-------- H:\Documents and Settings\Antoine\.limewire
2007-12-26 20:22 . 2007-12-26 20:27 286,720 --a------ H:\WINDOWS\vsnpstd2 .exe
2007-12-26 20:22 . 2008-01-06 11:13 221,184 --a------ H:\WINDOWS\system32\LVCOMSX.EXE
2007-12-26 20:19 . 2007-12-26 20:19 40,737 --a------ H:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-26 20:18 . 2007-12-26 20:18 79,875 --a------ H:\WINDOWS\system32\adssite-remove.exe
2007-12-26 20:18 . 2007-12-27 14:04 77,353 --a------ H:\WINDOWS\system32\adssite_sidebar_uninstall.exe
2007-12-26 20:12 . 2007-12-26 20:12 147,456 --a------ H:\WINDOWS\system32\vbzip10.dll
2007-12-26 20:08 . 2007-12-27 18:44 134 --a------ H:\n.bat
2007-12-25 09:31 . 2007-12-25 09:31 65 --a------ H:\WINDOWS\FISHUI.INI
2007-12-25 08:52 . 2007-12-25 08:52 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\DataCast
2007-12-25 08:52 . 2007-08-23 21:06 110,592 --a------ H:\WINDOWS\system32\TG_DUMP0708.DLL
2007-12-24 22:18 . 2007-12-24 22:18 <REP> d-------- H:\Program Files\Lame MP3 Codec
2007-12-24 22:18 . 2002-12-03 22:13 1,048,576 --a------ H:\WINDOWS\system32\lameACM.acm
2007-12-24 22:18 . 2005-05-03 09:33 299,008 --a------ H:\WINDOWS\system32\LAME_MP3.dll
2007-12-24 22:18 . 2007-12-24 22:18 65,024 --a------ H:\WINDOWS\IFinst26.exe
2007-12-24 22:18 . 2004-12-10 21:29 401 --a------ H:\WINDOWS\system32\lame_acm.xml
2007-12-24 22:17 . 2007-12-24 22:17 <REP> d-------- H:\Program Files\Samsung
2007-12-24 22:17 . 2007-12-24 22:17 <REP> d-------- H:\Program Files\MarkAny
2007-12-24 22:17 . 2007-12-24 22:17 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\InstallShield
2007-12-24 22:12 . 2005-01-28 08:53 5,525,504 --a------ H:\WINDOWS\system32\setb7.tmp
2007-12-24 14:02 . 2007-12-24 14:02 319,488 --a------ H:\WINDOWS\system32\adssite_sidebar.dll
2007-12-22 18:00 . 2001-08-23 17:04 12,288 --a------ H:\WINDOWS\system32\drivers\mouhid.sys
2007-12-22 18:00 . 2001-08-23 17:04 12,288 --a--c--- H:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-13 11:34 . 2007-07-27 14:15 <REP> d--h----- H:\Documents and Settings\Administrateur\Voisinage réseau
2007-12-13 11:34 . 2007-07-27 14:15 <REP> d--h----- H:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-13 11:34 . 2007-07-27 12:29 <REP> d--h----- H:\Documents and Settings\Administrateur\Modèles
2007-12-13 11:34 . 2007-07-27 14:15 <REP> d-------- H:\Documents and Settings\Administrateur\Mes documents
2007-12-13 11:34 . 2007-07-27 14:15 <REP> dr------- H:\Documents and Settings\Administrateur\Menu Démarrer
2007-12-13 11:34 . 2007-07-27 14:15 <REP> d-------- H:\Documents and Settings\Administrateur\Favoris
2007-12-13 11:34 . 2007-07-27 14:15 <REP> d-------- H:\Documents and Settings\Administrateur\Bureau
2007-12-08 17:53 . 2007-12-08 17:53 <REP> d-------- H:\Program Files\Controle Parental
2007-12-08 17:53 . 2006-12-19 13:47 228,648 --a------ H:\WINDOWS\OptChecker.exe
2007-12-08 17:53 . 2006-12-19 13:34 163,120 --a------ H:\WINDOWS\OptRemove.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 20:33 --------- d-----w H:\Documents and Settings\Laura\Application Data\Skype
2008-01-06 20:24 --------- d-----w H:\Documents and Settings\Laura\Application Data\OpenOffice.org2
2008-01-06 20:23 --------- d-----w H:\Documents and Settings\Antoine\Application Data\OpenOffice.org2
2008-01-06 15:00 --------- d-----w H:\Program Files\Winamp
2008-01-06 15:00 --------- d-----w H:\Program Files\MSN Messenger
2008-01-01 21:43 --------- d-----w H:\Documents and Settings\Antoine\Application Data\LimeWire
2008-01-01 21:37 --------- d---a-w H:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 19:33 --------- d-----w H:\Program Files\Steam
2008-01-01 14:56 --------- d-----w H:\Documents and Settings\Laura\Application Data\LimeWire
2007-12-31 08:20 --------- d-----w H:\Documents and Settings\Frederique\Application Data\OpenOffice.org2
2007-12-27 16:41 --------- d-----w H:\Program Files\Google
2007-12-27 16:38 --------- d-----w H:\Program Files\VstPlugins
2007-12-27 16:38 --------- d-----w H:\Program Files\Image-Line
2007-12-27 16:38 --------- d-----w H:\Program Files\Free Audio Pack
2007-12-27 14:16 --------- d-----w H:\Program Files\Wolfenstein - Enemy Territory
2007-12-26 20:02 --------- d-----w H:\Program Files\Fichiers communs\Adobe
2007-12-26 19:56 --------- d-----w H:\Program Files\eMule
2007-12-26 15:54 --------- d-----w H:\Program Files\Messenger Plus! Live
2007-12-25 07:52 --------- d--h--w H:\Program Files\InstallShield Installation Information
2007-12-14 16:19 40,960 ------w H:\WINDOWS\system32\MAMACExtract.dll
2007-12-04 14:56 93,264 ----a-w H:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w H:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w H:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w H:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w H:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w H:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w H:\WINDOWS\system32\AvastSS.scr
2007-12-03 16:13 --------- d-----w H:\Program Files\Securitoo
2007-11-22 20:49 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Skype
2007-11-20 17:10 --------- d-----w H:\Program Files\Adverts
2007-11-20 14:36 118,784 ----a-w H:\WINDOWS\system32\MaDRM.dll
2007-11-19 21:01 --------- d-----w H:\Program Files\Bonjour
2007-11-19 20:48 --------- d-----w H:\Program Files\Fichiers communs\Macrovision Shared
2007-11-14 20:03 --------- d-----w H:\Program Files\LitexMedia
2007-11-13 10:25 20,480 ----a-w H:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 18:37 --------- d-----w H:\Program Files\Syncrosoft
2007-11-11 15:02 --------- d-----w H:\Program Files\SM
2007-11-08 17:47 --------- d-----w H:\Program Files\Dealio
2007-10-29 22:43 1,293,824 ----a-w H:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w H:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-24 14:02 319488 --a------ H:\WINDOWS\system32\adssite_sidebar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90c36028-0578-4232-8215-f9735bf8cea2}]
H:\WINDOWS\system32\bowdfycw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 11:13 5674352]
"Skype"="H:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 11:14 22880040]
"LogitechSoftwareUpdate"="H:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 11:13 196608]
"Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-01-06 11:13 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 09:42 90112 H:\WINDOWS\soundman.exe]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2005-10-10 14:49 7286784]
"nwiz"="nwiz.exe" [2005-10-10 14:49 1519616 H:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 14:49 86016]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 11:13 132496]
"LVCOMSX"="H:\WINDOWS\system32\LVCOMSX.EXE" [2008-01-06 11:13 221184]
"LogitechVideoRepair"="H:\Program Files\Logitech\Video\ISStart.exe" [ ]
"LogitechVideoTray"="H:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 11:13 217088]
"WinampAgent"="H:\Program Files\Winamp\winampa.exe" [2008-01-06 11:13 37376]
"EoEngine"="" []
"EoTraduction"="" []
"avast!"="H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"H2O"="H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2008-01-06 11:13 200069]
"SMSTray"="H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2008-01-06 11:13 132624]
"000000af"="H:\WINDOWS\system32\ybdsqfpr.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-01-06 11:13 443968]

H:\Documents and Settings\Antoine\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56]
SM.lnk - H:\Program Files\SM\skymessnet.exe [2007-09-28 08:42:08]

H:\Documents and Settings\Frederique\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56]

H:\Documents and Settings\Laura\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= H:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

R3 CLEDX;Team H2O CLEDX service;H:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 vncmirror;vncmirror;H:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-08-15 16:15]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 21:38:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-07 21:39:04
ComboFix-quarantined-files.txt 2008-01-07 20:38:48
ComboFix2.txt 2008-01-06 15:05:31
.
2007-12-25 13:19:17 --- E O F ---
7 Janvier 2008 17:40:56

Alors personne pour m'aider ? :-(
7 Janvier 2008 20:14:38

Je crois ne plus être infecté alor pour être sûre je vous reposte un nouveau rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:10, on 08/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\SOUNDMAN.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\WINDOWS\system32\LVCOMSX.EXE
H:\Program Files\Logitech\Video\LogiTray.exe
H:\Program Files\Winamp\winampa.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Logitech\Video\FxSvr2.exe
H:\Program Files\Picasa2\PicasaMediaDetector.exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
H:\Program Files\Skype\Plugin Manager\skypePM.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Documents and Settings\Laura\Bureau\smartbarre.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - H:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - H:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {2aec8fb5-379f-5128-2324-875082063c09} - {90c36028-0578-4232-8215-f9735bf8cea2} - H:\WINDOWS\system32\bowdfycw.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] H:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] H:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] H:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [H2O] H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SMSTray] H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [000000af] rundll32.exe "H:\WINDOWS\system32\ybdsqfpr.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "H:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7017 bytes
8 Janvier 2008 17:34:03

personne ne peut m'aider ???
8 Janvier 2008 21:17:46

Re, désolé pour le retard.

Copie le texte se situant dans le cadre ci-dessous :

File::
H:\WINDOWS\system32\ybdsqfpr.dll
H:\WINDOWS\system32\adssite_sidebar.dll
H:\WINDOWS\system32\adssite-remove.exe
H:\WINDOWS\system32\adssite_sidebar_uninstall.exe
H:\WINDOWS\system32\rightonadz-uninst.exe
H:\Documents and Settings\Laura\f.exe
H:\Documents and Settings\Frederique\f.exe
H:\WINDOWS\unvise32.exe

Folder::
H:\Program Files\Adverts
H:\VundoFix Backups

Renv::
H:\WINDOWS\vsnpstd2 .exe
H:\Program Files\Steam\steam .exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EoEngine"=-
"EoTraduction"=-
"000000af"=-


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
9 Janvier 2008 20:10:18

ComboFix 08-01-07.1 - Laura 2008-01-10 20:03:54.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.503 [GMT 1:00]
Running from: H:\Documents and Settings\Laura\Bureau\ComboFix.exe
Command switches used :: H:\Documents and Settings\Laura\Bureau\CFScript.txt
* Created a new restore point

FILE
H:\Documents and Settings\Frederique\f.exe
H:\Documents and Settings\Laura\f.exe
H:\WINDOWS\system32\adssite-remove.exe
H:\WINDOWS\system32\adssite_sidebar.dll
H:\WINDOWS\system32\adssite_sidebar_uninstall.exe
H:\WINDOWS\system32\rightonadz-uninst.exe
H:\WINDOWS\system32\ybdsqfpr.dll
H:\WINDOWS\unvise32.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\Documents and Settings\Frederique\f.exe
H:\Documents and Settings\Laura\f.exe
H:\Program Files\Adverts
H:\VundoFix Backups
H:\VundoFix Backups\awtsqol.dll.bad
H:\VundoFix Backups\awtttqp.dll.bad
H:\VundoFix Backups\bowdfycw.dll.bad
H:\VundoFix Backups\ddcbbba.dll.bad
H:\VundoFix Backups\ddccd.dll.bad
H:\VundoFix Backups\ddcywwx.dll.bad
H:\VundoFix Backups\hgggfec.dll.bad
H:\VundoFix Backups\iiffgef.dll.bad
H:\VundoFix Backups\jjkkj.ini.bad
H:\VundoFix Backups\jjkkj.ini2.bad
H:\VundoFix Backups\jkkhfdc.dll.bad
H:\VundoFix Backups\jkkjj.exe.bad
H:\VundoFix Backups\jkkkhed.dll.bad
H:\VundoFix Backups\mljghff.dll.bad
H:\VundoFix Backups\mljghhg.dll.bad
H:\VundoFix Backups\mljihfg.dll.bad
H:\VundoFix Backups\qomkkih.dll.bad
H:\VundoFix Backups\ssqnkkl.dll.bad
H:\VundoFix Backups\tuvvuvw.dll.bad
H:\VundoFix Backups\urqnkji.dll.bad
H:\VundoFix Backups\wvusrpo.dll.bad
H:\VundoFix Backups\xxywvvv.dll.bad
H:\VundoFix Backups\yayaaxv.dll.bad
H:\VundoFix Backups\ybdsqfpr.dll.bad
H:\WINDOWS\system32\adssite-remove.exe
H:\WINDOWS\system32\adssite_sidebar.dll
H:\WINDOWS\system32\adssite_sidebar_uninstall.exe
H:\WINDOWS\system32\rightonadz-uninst.exe
H:\WINDOWS\unvise32.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))))))))
.

2008-01-08 20:18 . 2008-01-08 20:18 <REP> d-------- H:\Program Files\Trend Micro
2008-01-06 15:50 . 2000-08-31 08:00 51,200 --a------ H:\WINDOWS\NirCmd.exe
2008-01-03 20:03 . 2008-01-06 16:00 <REP> d-------- H:\Program Files\Picasa2
2008-01-03 13:56 . 2008-01-03 13:56 348,160 --a------ H:\WINDOWS\system32\RCX15D.tmp
2008-01-03 13:23 . 2008-01-08 19:55 <REP> d-------- H:\Program Files\Nostale(FR)
2007-12-29 17:43 . 2007-12-29 17:48 <REP> d-------- H:\Program Files\AV Vcs 6.0 DIAMOND
2007-12-29 11:24 . 2007-12-29 11:50 <REP> d-------- H:\Documents and Settings\Laura\Application Data\Winamp
2007-12-28 22:47 . 2007-12-28 22:47 <REP> d-------- H:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-12-28 22:45 . 2007-12-28 22:50 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\Winamp
2007-12-28 13:33 . 2007-12-28 22:47 <REP> d-------- H:\Program Files\Winamp Remote
2007-12-28 13:29 . 2007-12-28 13:29 <REP> d-------- H:\Program Files\VirtualDJ
2007-12-28 13:08 . 2007-12-28 13:24 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\GetRightToGo
2007-12-26 21:11 . 2007-12-27 18:27 <REP> d-------- H:\Program Files\LimeWire
2007-12-26 21:10 . 2007-12-26 21:11 <REP> d-------- H:\Documents and Settings\Antoine\.limewire
2007-12-26 20:22 . 2007-12-26 20:27 286,720 --a------ H:\WINDOWS\vsnpstd2.exe
2007-12-26 20:22 . 2008-01-06 11:13 221,184 --a------ H:\WINDOWS\system32\LVCOMSX.EXE
2007-12-26 20:12 . 2007-12-26 20:12 147,456 --a------ H:\WINDOWS\system32\vbzip10.dll
2007-12-26 20:08 . 2007-12-27 18:44 134 --a------ H:\n.bat
2007-12-25 09:31 . 2007-12-25 09:31 65 --a------ H:\WINDOWS\FISHUI.INI
2007-12-25 08:52 . 2007-12-25 08:52 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\DataCast
2007-12-25 08:52 . 2007-08-23 21:06 110,592 --a------ H:\WINDOWS\system32\TG_DUMP0708.DLL
2007-12-24 22:18 . 2007-12-24 22:18 <REP> d-------- H:\Program Files\Lame MP3 Codec
2007-12-24 22:18 . 2002-12-03 22:13 1,048,576 --a------ H:\WINDOWS\system32\lameACM.acm
2007-12-24 22:18 . 2005-05-03 09:33 299,008 --a------ H:\WINDOWS\system32\LAME_MP3.dll
2007-12-24 22:18 . 2007-12-24 22:18 65,024 --a------ H:\WINDOWS\IFinst26.exe
2007-12-24 22:18 . 2004-12-10 21:29 401 --a------ H:\WINDOWS\system32\lame_acm.xml
2007-12-24 22:17 . 2007-12-24 22:17 <REP> d-------- H:\Program Files\Samsung
2007-12-24 22:17 . 2007-12-24 22:17 <REP> d-------- H:\Program Files\MarkAny
2007-12-24 22:17 . 2007-12-24 22:17 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\InstallShield
2007-12-24 22:12 . 2005-01-28 08:53 5,525,504 --a------ H:\WINDOWS\system32\setb7.tmp
2007-12-22 18:00 . 2001-08-23 17:04 12,288 --a------ H:\WINDOWS\system32\drivers\mouhid.sys
2007-12-22 18:00 . 2001-08-23 17:04 12,288 --a--c--- H:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-13 11:34 . 2007-07-27 14:15 <REP> d--h----- H:\Documents and Settings\Administrateur\Voisinage réseau
2007-12-13 11:34 . 2007-07-27 14:15 <REP> d--h----- H:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-13 11:34 . 2007-07-27 12:29 <REP> d--h----- H:\Documents and Settings\Administrateur\Modèles
2007-12-13 11:34 . 2007-07-27 14:15 <REP> d-------- H:\Documents and Settings\Administrateur\Mes documents
2007-12-13 11:34 . 2007-07-27 14:15 <REP> dr------- H:\Documents and Settings\Administrateur\Menu Démarrer
2007-12-13 11:34 . 2007-07-27 14:15 <REP> d-------- H:\Documents and Settings\Administrateur\Favoris
2007-12-13 11:34 . 2007-07-27 14:15 <REP> d-------- H:\Documents and Settings\Administrateur\Bureau

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 19:08 --------- d-----w H:\Documents and Settings\Laura\Application Data\Skype
2008-01-10 19:03 --------- d-----w H:\Program Files\Steam
2008-01-10 17:12 --------- d-----w H:\Documents and Settings\Laura\Application Data\OpenOffice.org2
2008-01-10 15:07 --------- d-----w H:\Documents and Settings\Antoine\Application Data\OpenOffice.org2
2008-01-06 15:00 --------- d-----w H:\Program Files\Winamp
2008-01-06 15:00 --------- d-----w H:\Program Files\MSN Messenger
2008-01-01 21:43 --------- d-----w H:\Documents and Settings\Antoine\Application Data\LimeWire
2008-01-01 21:37 --------- d---a-w H:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 14:56 --------- d-----w H:\Documents and Settings\Laura\Application Data\LimeWire
2007-12-31 08:20 --------- d-----w H:\Documents and Settings\Frederique\Application Data\OpenOffice.org2
2007-12-27 16:41 --------- d-----w H:\Program Files\Google
2007-12-27 16:38 --------- d-----w H:\Program Files\VstPlugins
2007-12-27 16:38 --------- d-----w H:\Program Files\Image-Line
2007-12-27 16:38 --------- d-----w H:\Program Files\Free Audio Pack
2007-12-27 14:16 --------- d-----w H:\Program Files\Wolfenstein - Enemy Territory
2007-12-26 20:02 --------- d-----w H:\Program Files\Fichiers communs\Adobe
2007-12-26 19:56 --------- d-----w H:\Program Files\eMule
2007-12-26 15:54 --------- d-----w H:\Program Files\Messenger Plus! Live
2007-12-25 07:52 --------- d--h--w H:\Program Files\InstallShield Installation Information
2007-12-14 16:19 40,960 ------w H:\WINDOWS\system32\MAMACExtract.dll
2007-12-08 16:53 --------- d-----w H:\Program Files\Controle Parental
2007-12-04 14:56 93,264 ----a-w H:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w H:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w H:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w H:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w H:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w H:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w H:\WINDOWS\system32\AvastSS.scr
2007-12-03 16:13 --------- d-----w H:\Program Files\Securitoo
2007-11-22 20:49 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Skype
2007-11-20 14:36 118,784 ----a-w H:\WINDOWS\system32\MaDRM.dll
2007-11-19 21:01 --------- d-----w H:\Program Files\Bonjour
2007-11-19 20:48 --------- d-----w H:\Program Files\Fichiers communs\Macrovision Shared
2007-11-14 20:03 --------- d-----w H:\Program Files\LitexMedia
2007-11-13 10:25 20,480 ----a-w H:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 18:37 --------- d-----w H:\Program Files\Syncrosoft
2007-11-11 15:02 --------- d-----w H:\Program Files\SM
2007-10-29 22:43 1,293,824 ----a-w H:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w H:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-06_16.05.17.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-10 17:12:34 16,384 ----atw H:\WINDOWS\Temp\Perflib_Perfdata_568.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90c36028-0578-4232-8215-f9735bf8cea2}]
H:\WINDOWS\system32\bowdfycw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 11:13 5674352]
"Skype"="H:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 11:14 22880040]
"LogitechSoftwareUpdate"="H:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 11:13 196608]
"Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-01-06 11:13 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 09:42 90112 H:\WINDOWS\soundman.exe]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2005-10-10 14:49 7286784]
"nwiz"="nwiz.exe" [2005-10-10 14:49 1519616 H:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 14:49 86016]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 11:13 132496]
"LVCOMSX"="H:\WINDOWS\system32\LVCOMSX.EXE" [2008-01-06 11:13 221184]
"LogitechVideoRepair"="H:\Program Files\Logitech\Video\ISStart.exe" [ ]
"LogitechVideoTray"="H:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 11:13 217088]
"WinampAgent"="H:\Program Files\Winamp\winampa.exe" [2008-01-06 11:13 37376]
"avast!"="H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"H2O"="H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2008-01-06 11:13 200069]
"SMSTray"="H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2008-01-06 11:13 132624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-01-06 11:13 443968]

H:\Documents and Settings\Antoine\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56]
SM.lnk - H:\Program Files\SM\skymessnet.exe [2007-09-28 08:42:08]

H:\Documents and Settings\Frederique\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56]

H:\Documents and Settings\Laura\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= H:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

R3 CLEDX;Team H2O CLEDX service;H:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 vncmirror;vncmirror;H:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-08-15 16:15]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 20:08:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-10 20:08:45
ComboFix-quarantined-files.txt 2008-01-10 19:08:29
ComboFix2.txt 2008-01-07 20:39:05
ComboFix3.txt 2008-01-06 15:05:31
.
2007-12-25 13:19:17 --- E O F ---





Et voici le rapport HijackThis :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:47, on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\WINDOWS\system32\LVCOMSX.EXE
H:\Program Files\Logitech\Video\LogiTray.exe
H:\Program Files\Winamp\winampa.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Picasa2\PicasaMediaDetector.exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
H:\Program Files\Logitech\Video\FxSvr2.exe
H:\Program Files\Skype\Plugin Manager\skypePM.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - H:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {2aec8fb5-379f-5128-2324-875082063c09} - {90c36028-0578-4232-8215-f9735bf8cea2} - H:\WINDOWS\system32\bowdfycw.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] H:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] H:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] H:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [H2O] H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SMSTray] H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "H:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6762 bytes



9 Janvier 2008 20:55:22

Re,

C'est mieux ?

Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.
10 Janvier 2008 18:47:52

Oui ça va beaucoup mieux merci beaucoup ! je vais faire ce que vous m'avez dit et je poste le rapport.
Merci vraiment beaucoup :) 
10 Janvier 2008 21:04:02

Voilà le rapport

Par contre j'ai un souci avec l'antivirus. Le centre de sécurité windows me dit que ma protection antivirus est perimé! Que faire?

AntiVir PersonalEdition Classic
Report file date: vendredi 11 janvier 2008 19:47

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: AMD

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: h:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 11 janvier 2008 19:47

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'PicasaMediaDetector.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'SearchSettings.exe' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'cledx.exe' - '1' Module(s) have been scanned
Scan process 'Winampa.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned

Start scanning boot sectors:
Boot sector 'H:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '27' files ).


Starting the file scan:

Begin scan in 'H:\'
H:\pagefile.sys
[WARNING] The file could not be opened!


End of the scan: vendredi 11 janvier 2008 21:00
Used time: 1:13:40 min

The scan has been done completely.

6728 Scanning directories
296491 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
296491 Files not concerned
2811 Archives were scanned
1 Warnings
7 Notes
10 Janvier 2008 21:26:05

Re,

Tu as bien fait les mises à jour comme je l'ai mis ? :D 
11 Janvier 2008 16:20:56

Hum, non. mais..euh.. :sweat:  je fais comment les mises à jour?
Désolée je suis vraiment pas douée :lol: 
11 Janvier 2008 19:03:20

tu ouvres antivir
start update ;) 
Faut que tu refasses l'analyse :lol: 
16 Janvier 2008 14:30:15

Juste une question comment fait tu pour passer du rapport combox fix au texte que tu met dans CFScript?
J'aime bien comprendre le pourquoi du comment ?
En fait, j'ai le meme virus et comme je suis un informaticien j'aimerais juste comprendre comment.
Merci d'avance.
16 Janvier 2008 19:31:29

On supprime les fichiers ou et dossier infectieux.
Ainsi que les clefs ou et valeurs du registres nocives. Ou certaines peuvent-être remises à zéro où on peut leur affecter la bonne extension à voir etcaetera..
Combofix a des scripts spécifiques pour ça. Je ne peux t'en dire plus :p 
17 Janvier 2008 19:29:40

Bonsoir;

Je suis à nouveau infecté, je ne sais pas pourquoi. je vous poste le rapport HijackThis.
Merci beaucoup


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:06, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\SOUNDMAN.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\WINDOWS\system32\LVCOMSX.EXE
H:\Program Files\Logitech\Video\LogiTray.exe
H:\Program Files\Winamp\winampa.exe
H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
H:\Program Files\Search Settings\SearchSettings.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Picasa2\PicasaMediaDetector.exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.exe
H:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
H:\Program Files\Logitech\Video\FxSvr2.exe
H:\Program Files\Skype\Plugin Manager\skypePM.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - H:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {2aec8fb5-379f-5128-2324-875082063c09} - {90c36028-0578-4232-8215-f9735bf8cea2} - H:\WINDOWS\system32\bowdfycw.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] H:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] H:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] H:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [H2O] H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SMSTray] H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [SearchSettings] H:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "H:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6883 bytes
17 Janvier 2008 19:44:01

Supprime H:\Program Files\Search Settings
Repasse Combofix, poste le rapport et j'attends toujours antivir
19 Janvier 2008 23:17:07

Je n'arrive pas à le supprimer. Dois-je quand meme vous donner le rapport combofix?
19 Janvier 2008 23:55:43

Essaie en mode sans échec, et oui poste moi le rapport ;) 
20 Janvier 2008 21:12:12

Je l'ai supprimer en mode sans echec mais je l'ai à nouveau. Chaque fois que j'ouvre quelque chose "search settings" se met en route. Que faire?
Je vous poste le rapport combofix.
20 Janvier 2008 21:23:05

Voici le rapport :


ComboFix 08-01-20.1 - Laura 2008-01-21 21:16:33.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.557 [GMT 1:00]
Running from: H:\Documents and Settings\Laura\Bureau\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))))))))
.

2008-01-21 21:15 . 2000-08-31 08:00 51,200 --a------ H:\WINDOWS\NirCmd.exe
2008-01-19 18:50 . 2008-01-19 18:50 <REP> d-------- H:\Program Files\VirtualDJ
2008-01-17 20:03 . 2008-01-17 20:03 <REP> d-------- H:\Documents and Settings\Laura\Application Data\DataCast
2008-01-17 17:46 . 2008-01-17 17:46 <REP> d-------- H:\Documents and Settings\Frederique\Application Data\Search Settings
2008-01-13 22:49 . 2008-01-13 22:49 <REP> d-------- H:\Program Files\Stardock
2008-01-13 22:49 . 2002-02-15 14:02 1,326,080 --------- H:\WINDOWS\system32\vcl60.bpl
2008-01-13 22:49 . 2002-02-15 14:02 676,352 --------- H:\WINDOWS\system32\rtl60.bpl
2008-01-11 19:42 . 2008-01-11 19:42 <REP> d-------- H:\Program Files\Avira
2008-01-11 19:00 . 2008-01-11 19:00 <REP> d-------- H:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 18:55 . 2008-01-11 18:55 <REP> d-------- H:\Program Files\CCleaner
2008-01-11 18:22 . 2008-01-11 18:22 <REP> d-------- H:\Documents and Settings\Laura\Application Data\Search Settings
2008-01-10 21:36 . 2008-01-10 21:36 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\Search Settings
2008-01-08 20:18 . 2008-01-08 20:18 <REP> d-------- H:\Program Files\Trend Micro
2008-01-03 20:03 . 2008-01-06 16:00 <REP> d-------- H:\Program Files\Picasa2
2008-01-03 13:23 . 2008-01-08 19:55 <REP> d-------- H:\Program Files\Nostale(FR)
2007-12-29 11:24 . 2007-12-29 11:50 <REP> d-------- H:\Documents and Settings\Laura\Application Data\Winamp
2007-12-28 22:47 . 2007-12-28 22:47 <REP> d-------- H:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-12-28 22:45 . 2007-12-28 22:50 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\Winamp
2007-12-28 13:33 . 2007-12-28 22:47 <REP> d-------- H:\Program Files\Winamp Remote
2007-12-28 13:08 . 2008-01-19 18:47 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\GetRightToGo
2007-12-26 21:11 . 2008-01-21 01:35 <REP> d-------- H:\Program Files\LimeWire
2007-12-26 21:10 . 2007-12-26 21:11 <REP> d-------- H:\Documents and Settings\Antoine\.limewire
2007-12-26 20:22 . 2007-12-26 20:27 286,720 --a------ H:\WINDOWS\vsnpstd2.exe
2007-12-26 20:22 . 2008-01-06 11:13 221,184 --a------ H:\WINDOWS\system32\LVCOMSX.EXE
2007-12-26 20:12 . 2007-12-26 20:12 147,456 --a------ H:\WINDOWS\system32\vbzip10.dll
2007-12-26 20:08 . 2007-12-27 18:44 134 --a------ H:\n.bat
2007-12-25 09:31 . 2008-01-17 22:13 65 --a------ H:\WINDOWS\FISHUI.INI
2007-12-25 08:52 . 2007-12-25 08:52 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\DataCast
2007-12-25 08:52 . 2007-08-23 21:06 110,592 --a------ H:\WINDOWS\system32\TG_DUMP0708.DLL
2007-12-24 22:18 . 2007-12-24 22:18 <REP> d-------- H:\Program Files\Lame MP3 Codec
2007-12-24 22:18 . 2002-12-03 22:13 1,048,576 --a------ H:\WINDOWS\system32\lameACM.acm
2007-12-24 22:18 . 2005-05-03 09:33 299,008 --a------ H:\WINDOWS\system32\LAME_MP3.dll
2007-12-24 22:18 . 2007-12-24 22:18 65,024 --a------ H:\WINDOWS\IFinst26.exe
2007-12-24 22:18 . 2004-12-10 21:29 401 --a------ H:\WINDOWS\system32\lame_acm.xml
2007-12-24 22:17 . 2007-12-24 22:17 <REP> d-------- H:\Program Files\Samsung
2007-12-24 22:17 . 2007-12-24 22:17 <REP> d-------- H:\Program Files\MarkAny
2007-12-24 22:17 . 2007-12-24 22:17 <REP> d-------- H:\Documents and Settings\Antoine\Application Data\InstallShield
2007-12-24 22:12 . 2005-01-28 08:53 5,525,504 --a------ H:\WINDOWS\system32\setb7.tmp
2007-12-22 18:00 . 2001-08-23 17:04 12,288 --a------ H:\WINDOWS\system32\drivers\mouhid.sys
2007-12-22 18:00 . 2001-08-23 17:04 12,288 --a--c--- H:\WINDOWS\system32\dllcache\mouhid.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 20:01 --------- d-----w H:\Documents and Settings\Laura\Application Data\OpenOffice.org2
2008-01-21 19:41 --------- d-----w H:\Documents and Settings\Antoine\Application Data\OpenOffice.org2
2008-01-21 18:20 --------- d-----w H:\Program Files\Steam
2008-01-21 10:36 --------- d-----w H:\Documents and Settings\Laura\Application Data\Skype
2008-01-21 00:37 --------- d-----w H:\Documents and Settings\Laura\Application Data\LimeWire
2008-01-20 19:37 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Skype
2008-01-20 13:16 --------- d-----w H:\Documents and Settings\Frederique\Application Data\OpenOffice.org2
2008-01-10 20:39 --------- d-----w H:\Program Files\Free Audio Pack
2008-01-10 20:16 --------- d-----w H:\Documents and Settings\Antoine\Application Data\Dealio
2008-01-10 20:12 --------- d---a-w H:\Documents and Settings\All Users\Application Data\TEMP
2008-01-06 15:00 --------- d-----w H:\Program Files\Winamp
2008-01-06 15:00 --------- d-----w H:\Program Files\MSN Messenger
2008-01-01 21:43 --------- d-----w H:\Documents and Settings\Antoine\Application Data\LimeWire
2007-12-27 16:41 --------- d-----w H:\Program Files\Google
2007-12-27 16:38 --------- d-----w H:\Program Files\VstPlugins
2007-12-27 16:38 --------- d-----w H:\Program Files\Image-Line
2007-12-27 14:16 --------- d-----w H:\Program Files\Wolfenstein - Enemy Territory
2007-12-26 20:02 --------- d-----w H:\Program Files\Fichiers communs\Adobe
2007-12-26 19:56 --------- d-----w H:\Program Files\eMule
2007-12-26 15:54 --------- d-----w H:\Program Files\Messenger Plus! Live
2007-12-25 07:52 --------- d--h--w H:\Program Files\InstallShield Installation Information
2007-12-14 16:19 40,960 ------w H:\WINDOWS\system32\MAMACExtract.dll
2007-12-08 16:53 --------- d-----w H:\Program Files\Controle Parental
2007-12-03 16:13 --------- d-----w H:\Program Files\Securitoo
2007-11-20 14:36 118,784 ----a-w H:\WINDOWS\system32\MaDRM.dll
2007-10-29 22:43 1,293,824 ----a-w H:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90c36028-0578-4232-8215-f9735bf8cea2}]
H:\WINDOWS\system32\bowdfycw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
H:\Program Files\Search Settings\kb125\SearchSettings.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-06 11:13 5674352]
"Skype"="H:\Program Files\Skype\Phone\Skype.exe" [2008-01-06 11:14 22880040]
"LogitechSoftwareUpdate"="H:\Program Files\Logitech\Video\ManifestEngine.exe" [2008-01-06 11:13 196608]
"Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-01-06 11:13 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 09:42 90112 H:\WINDOWS\soundman.exe]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2005-10-10 14:49 7286784]
"nwiz"="nwiz.exe" [2005-10-10 14:49 1519616 H:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 14:49 86016]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-06 11:13 132496]
"LVCOMSX"="H:\WINDOWS\system32\LVCOMSX.EXE" [2008-01-06 11:13 221184]
"LogitechVideoRepair"="H:\Program Files\Logitech\Video\ISStart.exe" [ ]
"LogitechVideoTray"="H:\Program Files\Logitech\Video\LogiTray.exe" [2008-01-06 11:13 217088]
"WinampAgent"="H:\Program Files\Winamp\winampa.exe" [2008-01-06 11:13 37376]
"H2O"="H:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2008-01-06 11:13 200069]
"SMSTray"="H:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2008-01-06 11:13 132624]
"SearchSettings"="H:\Program Files\Search Settings\SearchSettings.exe" [ ]
"avgnt"="H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-12 19:43 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-01-06 11:13 443968]

H:\Documents and Settings\Frederique\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56 393216]

H:\Documents and Settings\Laura\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56 393216]

H:\Documents and Settings\Antoine\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - H:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56 393216]
SM.lnk - H:\Program Files\SM\skymessnet.exe [2007-09-28 08:42:08 651264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= H:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

R3 CLEDX;Team H2O CLEDX service;H:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 vncmirror;vncmirror;H:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-08-15 16:15]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 21:21:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-21 21:22:12
ComboFix2.txt 2008-01-10 19:08:46
.
2007-12-25 13:19:17 --- E O F ---
20 Janvier 2008 21:52:26

Re,

Tu ne sembles plus infecté.

Aller dans poste de travail>outils>option des dossiers>affichage>afficher les fichiers et dossiers cachés. - - > Appliquer - - > OK

Aller dans poste de travail>outils>option des dossiers>affichage>décocher masquer les fichiers protégés du système d’exploitation. - - > Appliquer - - > OK
(Tu recoches après)

Fais analyser ces fichier sur ce site >> Virustotal <<

Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : H:\WINDOWS\IFinst26.exe
Clique maintenant sur envoyer le fichier.
Poste le rapport (De Fichier *** reçu le *** jusqu’à SHA1 : ***)


Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.


21 Janvier 2008 18:54:46

Voici le rapport de virustotal :


Fichier IFinst26.exe reçu le 2008.01.03 01:53:55 (CET)
Situation actuelle: terminé

Résultat: 1/32 (3.12%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: fdc9d4de50a845137580698494b19f13
SHA1: 0982241e310fd7d79ce544d1c78ee4c6ce704091
21 Janvier 2008 18:58:23

Rapport Clean.
27 Janvier 2008 22:08:47

Bonjour, je me permet de m'inserer dans la conversation car je suis infecté par ce même cheval de troie avec avast comme antivirus que dois je faire ? voici le rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:11, on 27/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\RemoteControlService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\ASWL2K.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX01.328\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {49D63E18-33B1-46F2-82C2-39431FB94794} - C:\WINDOWS\system32\hggebba.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {81829EEF-8CFB-4A4A-BB2D-76BB2DB48154} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://www.bobtv.fr/download/cfweb_www.bobtv.fr-downloa...
O20 - Winlogon Notify: hggebba - C:\WINDOWS\SYSTEM32\hggebba.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS