Se connecter / S'enregistrer
Votre question

Ordinateur Infecté !! HELP

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Novembre 2007 19:19:12

:whistle:  Bonjour...
Quelques problèmes avec l'ordinateur, il ramme,certaines pages Internet ne s'ouvrent plus, je pense qu'il doit être infecté...
Voici un scan Hijackthis
Merci pour votre aide


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:53, on 13/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Update_0707_KB77012.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Documents and Settings\Propriétaire.NOM-DOWNCO0B3WU\Bureau\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {0AE65123-30D0-8628-FB2A-1A7AE745FB8C} - C:\DOCUME~1\PROPRI~1.NOM\APPLIC~1\SEEKSE~1\BIRD LOGO.exe (file missing)
O2 - BHO: (no name) - {535677B1-5F57-4A49-8501-72BE5C4B5343} - c:\windows\system32\dbmsrpcnj.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7F8E5A5D-1619-40A3-992A-E300B4B36A13} - C:\WINDOWS\System32\acleditd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ao3] C:\WINDOWS\system32\ao3.exe
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\System32\rpcc.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ao3] C:\WINDOWS\system32\ao3.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Update_0707_KB77012.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter16 Class) - http://netmarble.net/game/nmstarter/NMStarter16.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09c392ec140bd4824f21/netzip...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C1C3CC42-F029-49A2-91C2-C043DFAE3C96} (Samson Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/f...
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} - http://www.sponsoradulto.com/cab/14/fr/SysWebTelecomInt...
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/i...
O20 - Winlogon Notify: vebegbom - C:\WINDOWS\SYSTEM32\dbmsrpcnj.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 15067 bytes

Autres pages sur : ordinateur infecte help

13 Novembre 2007 22:23:58

Bonjour


Effectivement, plusieurs infections.


EDIT : désactive temporairement l'antivirus le temps des scans.


Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK

Démarre ton PC à nouveau.

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis et le contenu du rapport situé dans C:\vundofix.txt


Poste aussi ceci. Télécharge LopxpMH sur ton Bureau.
http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2....
Dézippe-le (clic droit >> Extraire ici) et double clique sur le fichier lopxpMH.bat.
Poste le contenu du rapport qui va s'ouvrir.
21 Novembre 2007 12:10:32

Bonjour désolé pour le retard...
Alors VundoFix n'a rien trouvé d'infecté et ComboFix ne fonctionne pas car la dernière version n'est pas encore sortie...
Donc voici le scan de LopxpMH

Rapport lopxpMH2 version 2.0 fait à 11:38:37,67 le 21/11/2007
C:\Documents and Settings\Propriétaire.NOM-DOWNCO0B3WU\Bureau

******************************************
## Répertoires Application Data

Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\alex\Application Data

09/12/2003 21:48 <REP> .
09/12/2003 21:48 <REP> ..
24/01/2004 12:00 <REP> ABBYY
09/12/2003 21:48 <REP> Adobe
12/12/2003 19:52 <REP> ArcSoft
11/12/2003 19:58 <REP> Help
09/12/2003 21:48 <REP> Identities
19/12/2003 22:18 <REP> InstallShield
20/12/2003 18:43 <REP> InstallShield Installation Information
09/12/2003 21:48 <REP> InterTrust
10/01/2004 19:38 <REP> InterVideo
22/11/2004 17:40 <REP> Lavasoft
22/02/2004 11:02 <REP> Macromedia
09/12/2003 21:48 <REP> Microsoft
09/12/2003 21:48 <REP> SampleView
13/12/2003 17:25 <REP> Smart Panel
09/12/2003 21:48 <REP> Sonic
09/12/2003 21:48 <REP> Symantec
20/12/2003 18:43 <REP> Ubi Soft
09/12/2003 21:48 62 desktop.ini
12/08/2004 11:43 82 264 GDIPFONTCACHEV1.DAT
2 fichier(s) 82 326 octets
19 Rép(s) 114 764 349 440 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\alex\Local Settings\Application Data

09/12/2003 21:48 <REP> .
09/12/2003 21:48 <REP> ..
24/01/2004 12:00 <REP> ABBYY
09/12/2003 21:48 <REP> ApplicationHistory
23/08/2004 18:20 <REP> BVRP Software
11/12/2003 19:58 <REP> Help
09/12/2003 21:48 <REP> HP
02/02/2004 20:47 <REP> Identities
27/01/2004 23:13 <REP> IM
09/12/2003 21:50 <REP> IsolatedStorage
09/12/2003 21:48 <REP> Microsoft
10/01/2004 20:48 <REP> WMTools Downloaded Files
10/01/2004 20:44 99 328 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
09/12/2003 21:48 127 fusioncache.dat
09/12/2003 21:48 83 040 GDIPFONTCACHEV1.DAT
09/12/2003 21:48 1 578 962 IconCache.db
4 fichier(s) 1 761 457 octets
12 Rép(s) 114 764 349 440 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\alex.NOM-DOWNCO0B3WU\Application Data

15/12/2004 19:23 <REP> .
15/12/2004 19:23 <REP> ..
15/12/2004 19:23 <REP> ABBYY
15/12/2004 19:23 <REP> Adobe
15/12/2004 19:23 <REP> ArcSoft
15/12/2004 19:23 <REP> Help
15/12/2004 19:23 <REP> Identities
15/12/2004 19:23 <REP> InterTrust
15/12/2004 19:23 <REP> InterVideo
15/12/2004 19:23 <REP> Lavasoft
15/12/2004 19:23 <REP> Macromedia
15/12/2004 19:23 <REP> Microsoft
15/12/2004 19:23 <REP> MSN6
15/12/2004 19:23 <REP> SampleView
15/12/2004 19:23 <REP> Smart Panel
15/12/2004 19:23 <REP> Sonic
15/12/2004 19:23 <REP> Symantec
0 fichier(s) 0 octets
17 Rép(s) 114 764 349 440 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\alex.NOM-DOWNCO0B3WU\Local Settings\Application Data

15/12/2004 19:23 <REP> .
15/12/2004 19:23 <REP> ..
15/12/2004 19:23 <REP> ABBYY
15/12/2004 19:23 <REP> ApplicationHistory
15/12/2004 19:23 <REP> BVRP Software
15/12/2004 19:23 <REP> Help
15/12/2004 19:23 <REP> HP
15/12/2004 19:23 <REP> Identities
15/12/2004 19:23 <REP> IM
15/12/2004 19:23 <REP> IsolatedStorage
15/12/2004 19:23 <REP> Microsoft
27/12/2004 10:14 5 120 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
15/12/2004 19:28 143 fusioncache.dat
15/12/2004 19:28 82 264 GDIPFONTCACHEV1.DAT
27/12/2004 19:49 169 590 IconCache.db
4 fichier(s) 257 117 octets
11 Rép(s) 114 764 345 344 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\All Users\Application Data

19/10/2003 15:41 <REP> .
19/10/2003 15:41 <REP> ..
20/08/2005 10:37 <REP> Adobe
30/12/2004 09:43 <REP> BASE ITCH FAST PLATFORM
24/09/2006 19:18 <REP> BOONTY
21/08/2004 21:20 <REP> BVRP Software
17/11/2007 10:57 <REP> F-Secure
31/10/2006 19:41 <REP> Google
01/01/2003 16:12 <REP> Hewlett-Packard
01/01/2003 16:41 <REP> InterVideo
22/06/2004 14:05 <REP> Macrovision
10/04/2005 19:27 <REP> Messenger Plus!
01/01/2003 14:40 <REP> Microsoft
07/11/2004 15:44 <REP> MSN Messenger 5.0.0544
07/11/2004 15:46 <REP> MSN6
27/05/2004 20:29 <REP> NFS Underground
27/10/2007 19:05 <REP> PlayFirst
01/01/2003 14:58 <REP> SBSI
01/01/2003 23:39 <REP> Symantec
24/12/2005 17:39 <REP> Windows Genuine Advantage
10/11/2006 19:52 <REP> Windows Live Toolbar
30/01/2007 13:54 <REP> Zylom
01/01/2003 14:41 62 desktop.ini
01/01/2003 16:05 504 hpzinstall.log
2 fichier(s) 566 octets
22 Rép(s) 114 764 345 344 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\Default User\Application Data

19/10/2003 15:42 <REP> .
19/10/2003 15:42 <REP> ..
27/11/2004 20:57 <REP> ABBYY
09/12/2003 19:29 <REP> Adobe
27/11/2004 20:57 <REP> ArcSoft
27/11/2004 20:57 <REP> Help
01/01/2003 14:51 <REP> Identities
09/12/2003 19:29 <REP> InterTrust
27/11/2004 20:57 <REP> InterVideo
27/11/2004 20:57 <REP> Lavasoft
27/11/2004 20:57 <REP> Macromedia
01/01/2003 14:40 <REP> Microsoft
27/11/2004 20:57 <REP> MSN6
09/12/2003 19:29 <REP> SampleView
27/11/2004 20:57 <REP> Smart Panel
09/12/2003 19:29 <REP> Sonic
09/12/2003 19:29 <REP> Symantec
01/01/2003 14:41 62 desktop.ini
27/11/2004 21:04 83 040 GDIPFONTCACHEV1.DAT
2 fichier(s) 83 102 octets
17 Rép(s) 114 764 345 344 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

01/01/2003 14:41 <REP> .
01/01/2003 14:41 <REP> ..
27/11/2004 20:57 <REP> ABBYY
09/12/2003 19:29 <REP> ApplicationHistory
27/11/2004 20:57 <REP> BVRP Software
27/11/2004 20:57 <REP> Help
09/12/2003 21:05 <REP> HP
27/11/2004 20:57 <REP> Identities
27/11/2004 20:57 <REP> IM
27/11/2004 20:57 <REP> IsolatedStorage
09/12/2003 19:29 <REP> Microsoft
27/11/2004 21:03 43 520 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
09/12/2003 19:29 135 fusioncache.dat
09/12/2003 19:29 60 520 GDIPFONTCACHEV1.DAT
09/12/2003 19:29 1 710 910 IconCache.db
4 fichier(s) 1 815 085 octets
11 Rép(s) 114 764 341 248 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\FLORANE\Application Data

22/12/2003 12:14 <REP> .
22/12/2003 12:14 <REP> ..
22/12/2003 12:14 <REP> Adobe
10/01/2004 19:43 <REP> ArcSoft
03/03/2004 18:40 <REP> Help
22/12/2003 12:14 <REP> Identities
22/12/2003 12:14 <REP> InterTrust
10/01/2004 12:46 <REP> InterVideo
02/03/2004 10:44 <REP> Macromedia
22/12/2003 12:14 <REP> Microsoft
22/12/2003 12:14 <REP> SampleView
22/12/2003 12:14 <REP> Sonic
22/12/2003 12:14 <REP> Symantec
22/12/2003 12:14 62 desktop.ini
1 fichier(s) 62 octets
13 Rép(s) 114 764 341 248 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\FLORANE\Local Settings\Application Data

22/12/2003 12:14 <REP> .
22/12/2003 12:14 <REP> ..
22/12/2003 12:14 <REP> ApplicationHistory
03/03/2004 18:40 <REP> Help
22/12/2003 12:14 <REP> HP
22/12/2003 12:14 <REP> Microsoft
22/12/2003 12:14 130 fusioncache.dat
22/12/2003 12:14 83 040 GDIPFONTCACHEV1.DAT
22/12/2003 12:14 1 578 122 IconCache.db
3 fichier(s) 1 661 292 octets
6 Rép(s) 114 764 341 248 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\LocalService\Application Data

01/01/2003 14:55 <REP> .
01/01/2003 14:55 <REP> ..
01/01/2003 14:55 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 114 764 341 248 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

01/01/2003 14:55 <REP> .
01/01/2003 14:55 <REP> ..
01/01/2003 14:55 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 114 764 341 248 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\Manon\Application Data

13/12/2003 20:19 <REP> .
13/12/2003 20:19 <REP> ..
13/12/2003 20:19 <REP> Adobe
03/03/2004 17:48 <REP> ArcSoft
27/04/2004 10:42 <REP> Help
13/12/2003 20:19 <REP> Identities
13/12/2003 20:19 <REP> InterTrust
28/02/2004 15:48 <REP> Macromedia
13/12/2003 20:19 <REP> Microsoft
13/12/2003 20:19 <REP> SampleView
13/12/2003 20:19 <REP> Sonic
13/12/2003 20:19 <REP> Symantec
13/12/2003 20:19 62 desktop.ini
16/07/2004 11:02 81 880 GDIPFONTCACHEV1.DAT
2 fichier(s) 81 942 octets
12 Rép(s) 114 764 341 248 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\Manon\Local Settings\Application Data

13/12/2003 20:19 <REP> .
13/12/2003 20:19 <REP> ..
13/12/2003 20:19 <REP> ApplicationHistory
27/04/2004 10:42 <REP> Help
13/12/2003 20:19 <REP> HP
07/02/2004 14:34 <REP> IM
13/12/2003 20:19 <REP> Microsoft
23/07/2004 14:14 8 704 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
13/12/2003 20:19 128 fusioncache.dat
13/12/2003 20:19 83 040 GDIPFONTCACHEV1.DAT
13/12/2003 20:19 1 579 136 IconCache.db
4 fichier(s) 1 671 008 octets
7 Rép(s) 114 764 337 152 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\MANON.NOM-DOWNCO0B3WU

Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\MANON.NOM-DOWNCO0B3WU\Local Settings\Application Data

22/07/2005 20:04 <REP> .
22/07/2005 20:04 <REP> ..
0 fichier(s) 0 octets
2 Rép(s) 114 764 337 152 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\NetworkService\Application Data

01/01/2003 14:55 <REP> .
01/01/2003 14:55 <REP> ..
01/01/2003 14:55 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 114 764 337 152 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

01/01/2003 14:55 <REP> .
01/01/2003 14:55 <REP> ..
01/01/2003 14:55 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 114 764 337 152 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\PROPRI~1~NOM

Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\Propriétaire

Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\Propriétaire.NOM-DOWNCO0B3WU\Application Data

27/11/2004 21:17 <REP> .
27/11/2004 21:17 <REP> ..
27/11/2004 21:17 <REP> ABBYY
27/11/2004 21:17 <REP> Adobe
20/08/2005 11:38 <REP> AdobeUM
28/10/2006 10:53 <REP> Ahead
27/11/2004 21:17 <REP> ArcSoft
24/12/2005 19:55 <REP> Creative
28/10/2006 10:59 <REP> DivX
20/04/2006 13:26 <REP> EPSON
21/11/2007 11:17 <REP> F-Secure
19/02/2006 13:32 <REP> Google
27/11/2004 21:17 <REP> Help
27/11/2004 21:17 <REP> Identities
27/11/2004 21:17 <REP> InterTrust
27/11/2004 21:17 <REP> InterVideo
17/11/2007 11:09 <REP> ispnews
27/11/2004 21:17 <REP> Lavasoft
27/11/2004 21:17 <REP> Macromedia
31/01/2005 19:46 <REP> Messenger2
27/11/2004 21:17 <REP> Microsoft
25/03/2006 19:01 <REP> MobileAction
27/11/2004 21:17 <REP> MSN6
02/02/2005 21:38 <REP> NetMedia Providers
02/08/2005 19:48 <REP> NetPumper
27/10/2007 19:05 <REP> PlayFirst
02/02/2005 21:38 <REP> Publish Providers
09/04/2005 22:24 <REP> Real
27/11/2004 21:17 <REP> SampleView
04/05/2007 12:52 <REP> Screenshot Sender
24/09/2005 17:46 <REP> seeksectblue
27/11/2004 21:17 <REP> Smart Panel
27/11/2004 21:17 <REP> Sonic
02/02/2005 21:38 <REP> Sonic Foundry
27/11/2004 21:17 <REP> Symantec
15/02/2005 19:58 <REP> Syntrillium
05/07/2005 10:48 <REP> Visicom Media
27/10/2006 16:48 <REP> vlc
27/11/2004 21:23 62 desktop.ini
27/11/2004 21:23 79 904 GDIPFONTCACHEV1.DAT
26/10/2006 16:45 278 WinssCookie.txt
3 fichier(s) 80 244 octets
38 Rép(s) 114 764 337 152 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Documents and Settings\Propriétaire.NOM-DOWNCO0B3WU\Local Settings\Application Data

27/11/2004 21:17 <REP> .
27/11/2004 21:17 <REP> ..
27/11/2004 21:17 <REP> ABBYY
20/08/2005 11:37 <REP> Adobe
28/10/2006 10:56 <REP> Ahead
27/11/2004 21:17 <REP> ApplicationHistory
27/11/2004 21:17 <REP> BVRP Software
31/08/2006 01:05 <REP> Google
27/11/2004 21:17 <REP> Help
27/11/2004 21:17 <REP> HP
27/11/2004 21:17 <REP> Identities
27/11/2004 21:17 <REP> IM
27/11/2004 21:17 <REP> IsolatedStorage
27/11/2004 21:17 <REP> Microsoft
06/09/2005 22:35 <REP> Shareaza
18/08/2005 21:16 <REP> WMTools Downloaded Files
10/09/2007 16:13 3 714 535677B1-5F57-4A49-8501-72BE5C4B5343.txt
27/11/2004 21:22 23 552 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
27/11/2004 21:22 151 fusioncache.dat
27/11/2004 21:22 79 904 GDIPFONTCACHEV1.DAT
20/04/2005 13:19 2 109 314 IconCache.db
5 fichier(s) 2 216 635 octets
16 Rép(s) 114 764 333 056 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

19/10/2003 15:40 <REP> .
19/10/2003 15:40 <REP> ..
27/11/2004 21:10 <REP> ABBYY
09/12/2003 19:34 <REP> Adobe
27/11/2004 21:10 <REP> ArcSoft
27/11/2004 21:10 <REP> Help
01/01/2003 14:54 <REP> Identities
09/12/2003 19:34 <REP> InterTrust
27/11/2004 21:10 <REP> InterVideo
27/11/2004 21:10 <REP> Lavasoft
27/11/2004 21:10 <REP> Macromedia
01/01/2003 14:54 <REP> Microsoft
27/11/2004 21:10 <REP> MSN6
09/12/2003 19:34 <REP> SampleView
27/11/2004 21:10 <REP> Smart Panel
09/12/2003 19:34 <REP> Sonic
09/12/2003 19:34 <REP> Symantec
01/01/2003 14:54 62 desktop.ini
27/11/2004 21:14 83 040 GDIPFONTCACHEV1.DAT
2 fichier(s) 83 102 octets
17 Rép(s) 114 764 333 056 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

01/01/2003 14:54 <REP> .
01/01/2003 14:54 <REP> ..
27/11/2004 21:10 <REP> ABBYY
09/12/2003 19:34 <REP> ApplicationHistory
27/11/2004 21:10 <REP> BVRP Software
27/11/2004 21:10 <REP> Help
09/12/2003 21:09 <REP> HP
27/11/2004 21:10 <REP> Identities
27/11/2004 21:10 <REP> IM
27/11/2004 21:10 <REP> IsolatedStorage
09/12/2003 19:21 <REP> Microsoft
03/09/2007 16:31 3 296 535677B1-5F57-4A49-8501-72BE5C4B5343.txt
27/11/2004 21:13 43 520 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
09/12/2003 19:34 135 fusioncache.dat
09/12/2003 19:34 60 520 GDIPFONTCACHEV1.DAT
09/12/2003 19:34 1 710 910 IconCache.db
5 fichier(s) 1 818 381 octets
11 Rép(s) 114 764 333 056 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks


C:\WINDOWS\Tasks\B33DBB5591DE2999.job
D54OôÞpC…n_¿ÃP®&F ê <
s "ˆ!Õ : c : \ d o c u m e ~ 1 \ p r o p r i ~ 1 . n o m \ a p p l i c ~ 1 \ s t u p i d ~ 1 \ C i t y B i k e 0 1 . e x e
P r o p r i é t a i r e € 0 Ë   <

C:\WINDOWS\Tasks\Check
Check inexploitable


C:\WINDOWS\Tasks\Symantec
Symantec inexploitable

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 04C0-A4F7

Répertoire de C:\Program Files

17/11/2007 10:41 <REP> .
17/11/2007 10:41 <REP> ..
22/11/2004 14:25 2 636 408 aawsepersonal.exe
12/12/2003 16:32 <REP> ABBYY
01/02/2005 19:49 <REP> Acoustica Mixcraft
01/02/2005 19:47 <REP> Acoustica Shared Effects
20/08/2005 10:22 22 606 384 AdbeRdr70_fra_full.exe
29/02/2004 20:05 <REP> AdF Software
20/08/2005 10:34 <REP> Adobe
16/04/2004 18:33 <REP> Adobe Type Manager
04/05/2007 12:49 <REP> Adverts
09/12/2004 15:15 <REP> Alcatel
02/08/2005 19:46 <REP> Anti-Leech
24/12/2005 19:57 <REP> ArcSoft
11/03/2007 21:45 <REP> Audio MP3 Converter
15/02/2005 20:13 <REP> Audio Sliders 3
09/12/2006 14:26 <REP> AvantGo Connect
02/03/2004 10:06 <REP> AxySnake
29/11/2006 16:11 <REP> Bobdown
24/09/2006 19:18 <REP> Boonty
16/08/2005 13:04 <REP> BoontyGames
14/06/2004 17:46 <REP> Bullfrog
10/04/2005 20:04 <REP> Codemasters
27/01/2004 20:59 <REP> Common files
01/01/2003 14:47 <REP> ComPlus Applications
15/02/2005 20:12 <REP> Cool2000
07/12/2006 13:13 <REP> Creative
28/10/2006 10:55 <REP> DivX
25/01/2005 21:39 7 741 336 DivX521XP2K.exe
27/05/2004 20:12 <REP> EA GAMES
10/08/2005 17:29 <REP> Easy Internet signup
29/02/2004 21:16 <REP> ElastoMania111
05/06/2007 18:26 <REP> eMule
12/12/2003 18:28 <REP> EPSON
29/02/2004 20:08 <REP> Extreme Burnout
28/10/2006 10:51 <REP> Fichiers communs
06/10/2006 16:40 <REP> FileZilla
02/02/2005 18:44 <REP> Firebird
23/12/2005 15:11 <REP> Floating Point Solutions
18/10/2004 17:56 <REP> FruityLoops 3.56
02/03/2004 12:27 <REP> GameSpy Arcade
28/01/2007 10:58 <REP> Google
31/08/2006 01:04 11 817 800 google-earth_google_earth_3.0.0762_beta_anglais_14783.exe
01/01/2003 16:17 <REP> Hewlett-Packard
01/01/2003 16:10 <REP> HP
16/04/2004 18:31 <REP> ImageServer
24/04/2005 18:57 <REP> IncrediMail
01/02/2005 19:47 4 141 INSTALL.LOG
10/11/2006 19:48 16 277 288 Install_Messenger.exe
29/12/2005 13:57 48 133 056 intelliplus standard.exe
28/11/2004 04:20 <REP> Internet Explorer
05/01/2007 17:50 14 826 288 internet explorer 7.exe
27/11/2004 21:07 <REP> InterVideo
01/01/2003 17:00 <REP> Java
01/01/2003 17:00 <REP> Java Web Start
05/02/2004 19:25 <REP> JoWooD
22/11/2004 14:28 <REP> Lavasoft
10/06/2004 16:02 <REP> Little Big Adventure 2
21/08/2004 21:21 <REP> LiveUpdate
04/07/2005 13:17 <REP> MAIET
30/04/2004 10:54 <REP> Maxis
27/11/2004 21:36 <REP> Messager Wanadoo
12/12/2004 15:14 <REP> Messenger
29/06/2007 16:54 <REP> Messenger Plus! Live
31/01/2005 19:48 <REP> Messenger2
01/03/2004 21:01 <REP> Micro Flight
09/12/2006 14:26 <REP> Microsoft ActiveSync
01/01/2003 14:51 <REP> microsoft frontpage
28/03/2004 19:34 <REP> Microsoft Games
29/11/2006 16:12 <REP> Microsoft Office
01/01/2003 16:17 <REP> Microsoft Picture It! 7
28/01/2004 20:37 <REP> Microsoft Visual Studio
26/10/2006 16:45 <REP> Microsoft Windows OneCare Live
01/01/2003 16:16 <REP> Microsoft Works
01/01/2003 16:12 <REP> Microsoft Works Suite 2003
21/08/2004 21:21 <REP> mobile PhoneTools
16/01/2007 20:29 <REP> Montorgueil
24/12/2006 11:22 <REP> Morpheus
24/12/2006 11:22 <REP> MorpheusBar
02/03/2004 12:27 <REP> MotoGP2 Demo
28/11/2004 04:20 <REP> Movie Maker
17/07/2005 20:43 <REP> MP3 Player Utilities
29/11/2006 16:32 <REP> MP3Dancer
22/03/2005 17:07 <REP> MSN
01/01/2003 14:46 <REP> MSN Gaming Zone
29/06/2007 16:54 <REP> MSN Messenger
09/12/2003 19:31 <REP> Multimedia Card Reader
31/10/2004 22:21 <REP> N-case
28/10/2006 10:51 <REP> Nero
28/11/2004 04:20 <REP> NetMeeting
20/08/2005 10:49 <REP> NetPumper
12/12/2003 16:34 <REP> NewSoft
15/02/2004 20:14 <REP> NimoCodec Pack
01/12/2004 14:08 <REP> Norton AntiVirus
01/12/2004 14:27 <REP> Norton SystemWorks
24/01/2004 17:15 <REP> Nullsoft
28/11/2004 04:20 <REP> Outlook Express
16/04/2004 18:31 <REP> PhotoDeluxe HE 3.1
29/02/2004 21:21 <REP> Power Mad Demo
01/06/2006 15:23 1 953 480 power point.exe
14/10/2004 17:56 <REP> Propellerhead
31/05/2004 15:06 <REP> QuickTime
24/01/2004 17:15 <REP> Real
01/01/2003 16:32 <REP> RecordNow!
19/01/2004 17:15 <REP> Rew livré par Pocketmonster
11/03/2007 21:16 <REP> rm-mp3
20/04/2005 13:24 <REP> RM-X Player V3
29/12/2006 19:03 <REP> SAGEM
29/12/2006 18:17 <REP> Securitoo
01/01/2003 17:04 <REP> Services en ligne
26/10/2006 16:45 1 005 872 SetupOneCare.exe
27/11/2004 22:44 <REP> Smart Panel
04/02/2005 18:59 <REP> Sonic Foundry
02/02/2005 21:34 <REP> Sonic Foundry Setup
22/11/2004 18:30 <REP> Sonique
04/02/2005 19:01 <REP> SpacialAudio
18/10/2004 17:54 <REP> Steinberg
01/12/2004 14:23 <REP> Symantec
19/12/2003 21:05 <REP> Ubi Soft
01/01/2003 14:56 <REP> Uninstall Information
08/12/2006 22:37 237 568 Uninstall Morpheus Toolbar.dll
26/07/2002 17:02 153 088 UNWISE.EXE
17/07/2005 20:38 <REP> USBDisk
09/12/2006 14:30 <REP> ViaMichelin
27/10/2006 16:42 <REP> VideoLAN
24/01/2004 17:15 <REP> Viewpoint
06/10/2006 16:38 <REP> VirtualDJ
05/07/2005 10:48 <REP> Visicom Media
21/11/2007 11:31 <REP> Wanadoo
28/05/2006 17:29 <REP> Winamp3
24/12/2005 17:42 <REP> Windows Journal Viewer
29/06/2007 16:54 <REP> Windows Live
10/11/2006 19:52 <REP> Windows Live Toolbar
26/07/2005 11:59 <REP> Windows Media Player
28/11/2004 04:20 <REP> Windows NT
15/02/2004 14:43 <REP> Windows XP Fun Pack
27/08/2006 20:11 <REP> WinRAR
01/01/2003 14:51 <REP> xerox
25/12/2005 12:46 <REP> Yahoo!
12 fichier(s) 127 392 709 octets
127 Rép(s) 114 764 324 864 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
PopupMgr REG_SZ yes

* Mozilla Firefox (1 autorisé 2 interdit)

******************************************
## Registre

* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
Search Bar REG_SZ http://www.google.com/ie

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"


*************** Fin du rapport ****************
Et celui de Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:38, on 21/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Documents and Settings\Propriétaire.NOM-DOWNCO0B3WU\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {0AE65123-30D0-8628-FB2A-1A7AE745FB8C} - C:\DOCUME~1\PROPRI~1.NOM\APPLIC~1\SEEKSE~1\BIRD LOGO.exe (file missing)
O2 - BHO: (no name) - {535677B1-5F57-4A49-8501-72BE5C4B5343} - c:\windows\system32\dbmsrpcnj.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7F8E5A5D-1619-40A3-992A-E300B4B36A13} - C:\WINDOWS\System32\acleditd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ao3] C:\WINDOWS\system32\ao3.exe
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ao3] C:\WINDOWS\system32\ao3.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Update_0707_KB77012.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter16 Class) - http://netmarble.net/game/nmstarter/NMStarter16.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09c392ec140bd4824f21/netzip...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C1C3CC42-F029-49A2-91C2-C043DFAE3C96} (Samson Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/f...
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} - http://www.sponsoradulto.com/cab/14/fr/SysWebTelecomInt...
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/i...
O20 - Winlogon Notify: vebegbom - C:\WINDOWS\SYSTEM32\dbmsrpcnj.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 15171 bytes


Merci encore pour votre aide
Contenus similaires
21 Novembre 2007 22:50:13

Re


Va sur ce site
http://www.virustotal.com/
Clique sur Parcourir et cherche ce fichier.

C:\WINDOWS\system32\ao3.exe

Ensuite clique sur Send .
Si tu as le message "STATUS: QUEUED", patiente.

Colle le rapport ici.


Relance un scan HijackThis et coche les lignes ci-dessous :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {0AE65123-30D0-8628-FB2A-1A7AE745FB8C} - C:\DOCUME~1\PROPRI~1.NOM\APPLIC~1\SEEKSE~1\BIRD LOGO.exe (file missing)
O2 - BHO: (no name) - {535677B1-5F57-4A49-8501-72BE5C4B5343} - c:\windows\system32\dbmsrpcnj.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7F8E5A5D-1619-40A3-992A-E300B4B36A13} - C:\WINDOWS\System32\acleditd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Update_0707_KB77012.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter16 Class) - http://netmarble.net/game/nmstarter/NMStarter16.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn. [...] nPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09c392 [...] 601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 2602136039
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C1C3CC42-F029-49A2-91C2-C043DFAE3C96} (Samson Class) - http://htmldialer.parisvoyeur.com/ [...] Dalila.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} - http://www.sponsoradulto.com/cab/1 [...] comInt.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/conten [...] loader.cab
O20 - Winlogon Notify: vebegbom - C:\WINDOWS\SYSTEM32\dbmsrpcnj.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :p aste List of Files/Folders to be moved.

C:\Documents and Settings\All Users\Application Data\BASE ITCH FAST PLATFORM
C:\Documents and Settings\Propriétaire.NOM-DOWNCO0B3WU\Application Data\seeksectblue
C:\WINDOWS\Tasks\B33DBB5591DE2999.job
C:\Program Files\Adverts
C:\Program Files\Montorgueil
c:\windows\system32\dbmsrpcnj.dll
C:\WINDOWS\System32\acleditd.dll
c:\ex.cab
c:\eied_s7.cab
c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Update_0707_KB77012.exe


Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles avec un nouveau Hijackthis.
24 Novembre 2007 11:26:04

bonjour voici le rapport de virus total...

Fichier AO3.0XE reçu le 2007.11.24 10:47:28 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 23/32 (71.88%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 7.
L'heure estimée de démarrage est entre 59 et 85 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.24.0 2007.11.23 -
AntiVir 7.6.0.34 2007.11.23 TR/Crypt.Morphine.Gen
Authentium 4.93.8 2007.11.21 -
Avast 4.7.1074.0 2007.11.23 Win32:D ownloader-EH
AVG 7.5.0.503 2007.11.23 Generic7.RBY
BitDefender 7.2 2007.11.24 Trojan.Conhook.Y
CAT-QuickHeal 9.00 2007.11.24 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.11.24 Trojan.Packed-86
DrWeb 4.44.0.09170 2007.11.23 BackDoor.Roam
eSafe 7.0.15.0 2007.11.21 Suspicious File
eTrust-Vet 31.3.5318 2007.11.23 Win32/Fifibe.N
Ewido 4.0 2007.11.23 -
FileAdvisor 1 2007.11.24 High threat detected
Fortinet 3.14.0.0 2007.11.24 -
F-Prot 4.4.2.54 2007.11.23 W32/Agent.GXG
F-Secure 6.70.13030.0 2007.11.23 Trojan.Win32.Agent.chp
Ikarus T3.1.1.12 2007.11.24 Trojan.Win32.Agent.chp
Kaspersky 7.0.0.125 2007.11.21 Trojan.Win32.Agent.chp
McAfee 5170 2007.11.23 -
Microsoft 1.3007 2007.11.24 VirTool:Win32/Obfuscator.Q
NOD32v2 2683 2007.11.24 a variant of Win32/Small.BB
Norman 5.80.02 2007.11.23 W32/BHO.QG
Panda 9.0.0.4 2007.11.23 Generic Trojan
Prevx1 V2 2007.11.24 Heuristic: Suspicious Self Modifying EXE
Rising 20.19.51.00 2007.11.24 Trojan.Win32.Agent.chp
Sophos 4.23.0 2007.11.24 -
Sunbelt 2.2.907.0 2007.11.24 -
Symantec 10 2007.11.24 Infostealer.Bzup
TheHacker 6.2.9.140 2007.11.24 -
VBA32 3.12.2.5 2007.11.23 BackDoor.Roam
VirusBuster 4.3.26:9 2007.11.23 -
Webwasher-Gateway 6.0.1 2007.11.24 Trojan.Crypt.Morphine.Gen
Information additionnelle
File size: 17408 bytes
MD5: ab20074b657dd4dea665729dafec162d
SHA1: 769ea96d78caf2d6082da51b5e3c0fc5f9d419ef
packers: Morphine
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=a...
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=10AE97620027...


Voici celui de OTmoveiT

C:\Documents and Settings\All Users\Application Data\BASE ITCH FAST PLATFORM moved successfully.
C:\Documents and Settings\Propriétaire.NOM-DOWNCO0B3WU\Application Data\seeksectblue moved successfully.
C:\WINDOWS\Tasks\B33DBB5591DE2999.job moved successfully.
C:\Program Files\Adverts moved successfully.
File/Folder C:\Program Files\Montorgueil not found.
File/Folder c:\windows\system32\dbmsrpcnj.dll not found.
LoadLibrary failed for C:\WINDOWS\System32\acleditd.dll
C:\WINDOWS\System32\acleditd.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\acleditd.dll scheduled to be moved on reboot.
File/Folder c:\ex.cab not found.
File/Folder c:\eied_s7.cab not found.
File/Folder c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Update_0707_KB77012.exe not found.

Created on 11/24/2007 11:08:30


Et enfin un dernier HijackThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:48, on 24/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Documents and Settings\Propriétaire.NOM-DOWNCO0B3WU\Bureau\Maeva VIRUS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
O2 - BHO: (no name) - {535677B1-5F57-4A49-8501-72BE5C4B5343} - c:\windows\system32\dbmsrpcnj.dll (file missing)
O2 - BHO: (no name) - {7F8E5A5D-1619-40A3-992A-E300B4B36A13} - C:\WINDOWS\System32\acleditd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [ao3] C:\WINDOWS\system32\ao3.exe
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ao3] C:\WINDOWS\system32\ao3.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O20 - Winlogon Notify: vebegbom - dbmsrpcnj.dll (file missing)
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 9701 bytes




Merci !!!
24 Novembre 2007 18:25:44

Bien.

Combofix ast à nouveau opérationnel.

Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
24 Novembre 2007 19:48:36

Voici le scan de Combo Fix


ComboFix 07-11-19.3 - Propriétaire 2007-11-24 19:34:26.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.117 [GMT 1:00]
Running from: C:\DOCUME~1\PROPRI~1.NOM\Bureau\combofix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files.\egauth.inf
C:\WINDOWS\Downloaded Program Files.\nethv32.inf
C:\WINDOWS\system32\system
C:\WINDOWS\system32\system\msxml4.dll
C:\WINDOWS\system32\system\msxml4r.dll
C:\WINDOWS\tmlpcert2005

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-24 to 2007-11-24 ))))))))))))))))))))))))))))))))))))
.

2007-11-17 10:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-11-17 10:57 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-11-17 10:57 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-11-17 10:41 118,842 -r------- C:\WINDOWS\bwUnin-6.3.3.61-7431218L.exe
2007-11-12 18:13 1,046 --a------ C:\WINDOWS\system32\dpnmodemj.dll
2007-11-12 18:13 1,046 --a------ C:\WINDOWS\system32\bidisplg.dll
2007-11-11 13:38 1,046 --a------ C:\WINDOWS\system32\dmocxc.dll
2007-11-11 13:38 1,046 --a------ C:\WINDOWS\system32\dgrpsetuv.dll
2007-11-11 13:36 57,856 --a------ C:\WINDOWS\system32\divx_xx0.dll
2007-10-27 19:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 18:41 --------- d-----w C:\Program Files\Wanadoo
2007-11-24 10:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-11-21 10:52 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-11-21 10:50 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-11-21 10:48 --------- d-----w C:\Program Files\Google
2007-11-21 10:41 --------- d---a-w C:\Program Files\Microsoft Works
2007-11-21 10:41 --------- d---a-w C:\Program Files\Microsoft Picture It! 7
2007-11-21 10:41 --------- d---a-w C:\Program Files\Java Web Start
2007-11-21 10:41 --------- d---a-w C:\Program Files\Easy Internet signup
2007-11-21 10:41 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-21 10:41 --------- d-----w C:\Program Files\PhotoDeluxe HE 3.1
2007-11-21 10:41 --------- d-----w C:\Program Files\NimoCodec Pack
2007-11-21 10:41 --------- d-----w C:\Program Files\Messager Wanadoo
2007-11-21 10:41 --------- d-----w C:\Program Files\LiveUpdate
2007-11-21 10:41 --------- d-----w C:\Program Files\eMule
2007-11-21 10:41 --------- d-----w C:\Program Files\DivX
2007-10-16 13:50 17,792 ----a-w C:\WINDOWS\system32\drivers\tcoxccii.dat
2006-11-10 18:48 16,277,288 ----a-w C:\Program Files\Install_Messenger.exe
2006-10-26 15:45 1,005,872 ----a-w C:\Program Files\SetupOneCare.exe
2006-06-01 14:23 1,953,480 ----a-w C:\Program Files\power point.exe
2005-12-29 12:57 48,133,056 ----a-w C:\Program Files\intelliplus standard.exe
2005-08-20 09:22 22,606,384 ----a-w C:\Program Files\AdbeRdr70_fra_full.exe
2005-02-01 18:47 4,141 ----a-w C:\Program Files\INSTALL.LOG
2005-01-25 20:39 7,741,336 ----a-w C:\Program Files\DivX521XP2K.exe
2004-11-25 15:50 83,040 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\GDIPFONTCACHEV1.DAT
2004-11-22 13:25 2,636,408 ----a-w C:\Program Files\aawsepersonal.exe
2004-08-12 10:43 82,264 ----a-w C:\Documents and Settings\alex\Application Data\GDIPFONTCACHEV1.DAT
2004-07-16 10:02 81,880 ----a-w C:\Documents and Settings\Manon\Application Data\GDIPFONTCACHEV1.DAT
2002-07-26 16:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2005-01-25 20:40 56 --sh--r C:\WINDOWS\system32\157815F023.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{535677B1-5F57-4A49-8501-72BE5C4B5343}]
c:\windows\system32\dbmsrpcnj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F8E5A5D-1619-40A3-992A-E300B4B36A13}]
2003-08-02 21:11 90112 --a------ C:\WINDOWS\System32\acleditd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-03 06:19 C:\WINDOWS\system32\nview.dll]
"Norton SystemWorks"="C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe" [2003-09-18 16:03]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 15:18]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 16:59]
"ao3"="C:\WINDOWS\system32\ao3.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 23:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 14:07]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 14:23]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 10:03]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 09:56]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 03:02]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 04:42]
"VTTimer"="VTTimer.exe" [2003-05-08 07:32 C:\WINDOWS\system32\VTTimer.exe]
"NvCplDaemon"="RUNDLL32.exe" [2003-08-02 21:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-05-03 06:19 C:\WINDOWS\system32\nwiz.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 23:57]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 11:27]
"MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 16:47]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-27 08:34]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 11:15]
"F-Secure Manager"="C:\Program Files\Securitoo\av_fw\Common\FSM32.exe" [2005-10-26 02:51]
"F-Secure TNB"="C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" [2005-07-18 15:51]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" []
"ao3"="C:\WINDOWS\system32\ao3.exe" []
"F-Secure Startup Wizard"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.exe" [2005-10-18 09:29]
"News Service"="C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe" [2005-05-31 13:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vebegbom]
dbmsrpcnj.dll

R0 agvdpadc;agvdpadc;C:\WINDOWS\System32\drivers\tcoxccii.dat
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\System32\drivers\fsdfw.sys
R1 VIAPFD;VIAPFD;C:\WINDOWS\System32\Drivers\VIAPFD.SYS
R2 BackWeb Plug-in - 7431218;Antivirus Firewall;C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\System32\DRIVERS\nvcap.sys
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\System32\DRIVERS\NVxbar.sys
R3 HPCFILT;Alcor Micro Corp - 9361;\??\C:\WINDOWS\System32\Drivers\HpcFilt.sys
R3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\System32\DRIVERS\loop.sys
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
S2 wqwqhymh;Microsoft IR Communications Monitor;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 mamotou;mamotou;C:\WINDOWS\System32\DRIVERS\mamotou.sys
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\System32\DRIVERS\MaRdP2K.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wqwqhymh

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-24 17:55:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-09-12 22:00:00 C:\WINDOWS\Tasks\Symantec Drmc.job"
- C:\Program Files\Fichiers communs\Symantec Shared\SymDrmc.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 19:41:32
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-24 19:44:20 - machine was rebooted
.
--- E O F ---



Et celui de Hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:09, on 24/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\cmd.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Documents and Settings\Propriétaire.NOM-DOWNCO0B3WU\Bureau\Maeva VIRUS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
O2 - BHO: (no name) - {535677B1-5F57-4A49-8501-72BE5C4B5343} - c:\windows\system32\dbmsrpcnj.dll (file missing)
O2 - BHO: (no name) - {7F8E5A5D-1619-40A3-992A-E300B4B36A13} - C:\WINDOWS\System32\acleditd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [ao3] C:\WINDOWS\system32\ao3.exe
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ao3] C:\WINDOWS\system32\ao3.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O20 - Winlogon Notify: vebegbom - dbmsrpcnj.dll (file missing)
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 9681 bytes


Merci encore!! Est-ce bientôt fini?
24 Novembre 2007 21:41:54

Encore quelques corrections.

Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\dpnmodemj.dll
C:\WINDOWS\system32\bidisplg.dll
C:\WINDOWS\system32\dmocxc.dll
C:\WINDOWS\system32\dgrpsetuv.dll
C:\WINDOWS\system32\ao3.exe
C:\WINDOWS\System32\acleditd.dll
c:\windows\system32\dbmsrpcnj.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{535677B1-5F57-4A49-8501-72BE5C4B5343}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F8E5A5D-1619-40A3-992A-E300B4B36A13}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ao3"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ao3"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vebegbom]


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt



Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
25 Novembre 2007 16:37:01

Bonjour, voici le résultat du scan


ComboFix 07-11-19.3 - Propriétaire 2007-11-25 16:11:31.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.215 [GMT 1:00]
Running from: C:\Documents and Settings\Propriétaire.NOM-DOWNCO0B3WU\Bureau\Maeva VIRUS\combofix.exe
Command switches used :: C:\Documents and Settings\Propriétaire.NOM-DOWNCO0B3WU\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\System32\acleditd.dll
C:\WINDOWS\system32\ao3.exe
C:\WINDOWS\system32\bidisplg.dll
c:\windows\system32\dbmsrpcnj.dll
C:\WINDOWS\system32\dgrpsetuv.dll
C:\WINDOWS\system32\dmocxc.dll
C:\WINDOWS\system32\dpnmodemj.dll
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\bidisplg.dll
C:\WINDOWS\system32\dgrpsetuv.dll
C:\WINDOWS\system32\dmocxc.dll
C:\WINDOWS\system32\dpnmodemj.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-25 to 2007-11-25 ))))))))))))))))))))))))))))))))))))
.

2007-11-17 10:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-11-17 10:57 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-11-17 10:57 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-11-11 13:36 57,856 --a------ C:\WINDOWS\system32\divx_xx0.dll
2007-10-27 19:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 15:29 --------- d-----w C:\Program Files\Wanadoo
2007-11-24 10:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-11-21 10:52 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-11-21 10:50 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-11-21 10:48 --------- d-----w C:\Program Files\Google
2007-11-21 10:41 --------- d---a-w C:\Program Files\Microsoft Works
2007-11-21 10:41 --------- d---a-w C:\Program Files\Microsoft Picture It! 7
2007-11-21 10:41 --------- d---a-w C:\Program Files\Java Web Start
2007-11-21 10:41 --------- d---a-w C:\Program Files\Easy Internet signup
2007-11-21 10:41 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-21 10:41 --------- d-----w C:\Program Files\PhotoDeluxe HE 3.1
2007-11-21 10:41 --------- d-----w C:\Program Files\NimoCodec Pack
2007-11-21 10:41 --------- d-----w C:\Program Files\Messager Wanadoo
2007-11-21 10:41 --------- d-----w C:\Program Files\LiveUpdate
2007-11-21 10:41 --------- d-----w C:\Program Files\eMule
2007-11-21 10:41 --------- d-----w C:\Program Files\DivX
2007-11-17 09:41 118,842 ------r C:\WINDOWS\bwUnin-6.3.3.61-7431218L.exe
2007-10-16 13:50 17,792 ----a-w C:\WINDOWS\system32\drivers\tcoxccii.dat
2006-11-10 18:48 16,277,288 ----a-w C:\Program Files\Install_Messenger.exe
2006-10-26 15:45 1,005,872 ----a-w C:\Program Files\SetupOneCare.exe
2006-06-01 14:23 1,953,480 ----a-w C:\Program Files\power point.exe
2005-12-29 12:57 48,133,056 ----a-w C:\Program Files\intelliplus standard.exe
2005-08-20 09:22 22,606,384 ----a-w C:\Program Files\AdbeRdr70_fra_full.exe
2005-02-01 18:47 4,141 ----a-w C:\Program Files\INSTALL.LOG
2005-01-25 20:39 7,741,336 ----a-w C:\Program Files\DivX521XP2K.exe
2004-11-22 13:25 2,636,408 ----a-w C:\Program Files\aawsepersonal.exe
2004-08-12 10:43 82,264 ----a-w C:\Documents and Settings\alex\Application Data\GDIPFONTCACHEV1.DAT
2004-07-16 10:02 81,880 ----a-w C:\Documents and Settings\Manon\Application Data\GDIPFONTCACHEV1.DAT
2002-07-26 16:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2005-01-25 20:40 56 --sh--r C:\WINDOWS\system32\157815F023.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-24_19.43.06.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-24 18:34:11 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-11-25 14:41:22 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{535677B1-5F57-4A49-8501-72BE5C4B5343}]
c:\windows\system32\dbmsrpcnj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F8E5A5D-1619-40A3-992A-E300B4B36A13}]
2003-08-02 21:11 90112 --a------ C:\WINDOWS\System32\acleditd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-03 06:19 C:\WINDOWS\system32\nview.dll]
"Norton SystemWorks"="C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe" [2003-09-18 16:03]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 15:18]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 16:59]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 23:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 14:07]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 14:23]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 10:03]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 09:56]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 03:02]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 04:42]
"VTTimer"="VTTimer.exe" [2003-05-08 07:32 C:\WINDOWS\system32\VTTimer.exe]
"NvCplDaemon"="RUNDLL32.exe" [2003-08-02 21:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-05-03 06:19 C:\WINDOWS\system32\nwiz.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 23:57]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 11:27]
"MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 16:47]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-27 08:34]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 11:15]
"F-Secure Manager"="C:\Program Files\Securitoo\av_fw\Common\FSM32.exe" [2005-10-26 02:51]
"F-Secure TNB"="C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" [2005-07-18 15:51]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" []
"F-Secure Startup Wizard"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.exe" [2005-10-18 09:29]
"News Service"="C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe" [2005-05-31 13:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vebegbom]
dbmsrpcnj.dll

R0 agvdpadc;agvdpadc;C:\WINDOWS\System32\drivers\tcoxccii.dat
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\System32\drivers\fsdfw.sys
R1 VIAPFD;VIAPFD;C:\WINDOWS\System32\Drivers\VIAPFD.SYS
R2 BackWeb Plug-in - 7431218;Antivirus Firewall;C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\System32\DRIVERS\nvcap.sys
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\System32\DRIVERS\NVxbar.sys
R3 HPCFILT;Alcor Micro Corp - 9361;\??\C:\WINDOWS\System32\Drivers\HpcFilt.sys
R3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\System32\DRIVERS\loop.sys
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
S2 wqwqhymh;Microsoft IR Communications Monitor;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 mamotou;mamotou;C:\WINDOWS\System32\DRIVERS\mamotou.sys
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\System32\DRIVERS\MaRdP2K.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wqwqhymh

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-25 00:55:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-24 23:00:00 C:\WINDOWS\Tasks\Symantec Drmc.job"
- C:\Program Files\Fichiers communs\Symantec Shared\SymDrmc.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 16:29:12
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-25 16:31:20 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-24 19:44
.
--- E O F ---
25 Novembre 2007 23:36:08

Bonjour


Posyte un nouveau Hijackthis.
1 Décembre 2007 12:13:38

bonjour ...voici le scan


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:25, on 01/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Documents and Settings\Propriétaire.NOM-DOWNCO0B3WU\Bureau\Maeva VIRUS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
O2 - BHO: (no name) - {535677B1-5F57-4A49-8501-72BE5C4B5343} - c:\windows\system32\dbmsrpcnj.dll (file missing)
O2 - BHO: (no name) - {7F8E5A5D-1619-40A3-992A-E300B4B36A13} - C:\WINDOWS\System32\acleditd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O20 - Winlogon Notify: vebegbom - dbmsrpcnj.dll (file missing)
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 9546 bytes
9 Décembre 2007 18:04:23

Bonjour,
Faut-il que je fasse d'autres manipulations ?
13 Décembre 2007 17:17:14

bonjour pourriez vous me répondre s'il vous plait .... :( 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS