Votre question

internet explorer explosé

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Juin 2007 09:56:17

Bonjour,

j'ai mon internet explorer qui se lance avec la mauvaise page de démarrage quand je fais une recherche sur mozilla. Il y a du winantivirus Pro dans l'air... J'ai déjà fait un scan avec mon antivirus qui m'a détruit 3 malwares, lavasoft 3 autres, et spybot quelques autres encore. Voici mon log de hijack, quelqu'un peut-il m'aider ? Mon log de Hijack s'est interompu à un moment pour me dire que quelque chose le bloquait, et qu'il fallait "basculer vers" pour interrompre une application. Ce que j'ai fait.
D'avance, grand merci !

Log :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:54:46, on 07/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Documents and Settings\All Users\Application Data\uhkxefqh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\julutru\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {56BA5CFF-09DC-4CF7-87E7-CB1C081A5390} - C:\WINDOWS\system32\yabcd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\awtspmn.dll
O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\system32\cwxhtmvp.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [uhkxefqh.exe] C:\Documents and Settings\All Users\Application Data\uhkxefqh.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\xoypfvrx.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O20 - Winlogon Notify: awtspmn - C:\WINDOWS\SYSTEM32\awtspmn.dll
O20 - Winlogon Notify: winlpi32 - C:\WINDOWS\SYSTEM32\winlpi32.dll
O20 - Winlogon Notify: yabcd - C:\WINDOWS\system32\yabcd.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EasyBoxApache - Unknown owner - C:\Program Files\EasyBox\Apache\Apache.exe (file missing)
O23 - Service: EasyBoxVLC - Unknown owner - C:\Program Files\EasyBox\SrvAny.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 8209 bytes

Autres pages sur : internet explorer explosa

7 Juin 2007 09:59:50

Spybot m'a trouvé un malware nommé SmitFraud. Peut-être une piste ?
a b 8 Sécurité
7 Juin 2007 13:17:27

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    Contenus similaires
    8 Juin 2007 09:28:52

    Merci, Vundo a effectivement du redémarrer 2 fois...

    Voici le Hijack tout d'abord :

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 09:23:41, on 08/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Documents and Settings\All Users\Application Data\uhkxefqh.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Documents and Settings\julutru\Bureau\HiJackThis_v2.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\awtspmn.dll (file missing)
    O2 - BHO: (no name) - {A6E9BB13-8213-4CCB-8342-9E7A0ED9FC39} - C:\WINDOWS\system32\yabcd.dll (file missing)
    O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\rshrcvlb.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [uhkxefqh.exe] C:\Documents and Settings\All Users\Application Data\uhkxefqh.exe
    O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\xoypfvrx.dll",realset
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O20 - Winlogon Notify: winlpi32 - C:\WINDOWS\SYSTEM32\winlpi32.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: EasyBoxApache - Unknown owner - C:\Program Files\EasyBox\Apache\Apache.exe (file missing)
    O23 - Service: EasyBoxVLC - Unknown owner - C:\Program Files\EasyBox\SrvAny.exe (file missing)
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

    --
    End of file - 8007 bytes




    Et voici le Vundo :




    VundoFix V6.4.2

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 20:50:30 07/06/2007

    Listing files found while scanning....


    VundoFix V6.4.2

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 08:40:30 08/06/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awtspmn.dll
    C:\WINDOWS\system32\dcbay.bak1
    C:\WINDOWS\system32\dcbay.bak2
    C:\WINDOWS\system32\dcbay.ini
    C:\WINDOWS\system32\iifcbxy.dll
    C:\WINDOWS\system32\tuvturs.dll
    C:\WINDOWS\system32\xoypfvrx.dll
    C:\WINDOWS\system32\xrvfpyox.ini
    C:\WINDOWS\system32\yabcd.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtspmn.dll
    C:\WINDOWS\system32\awtspmn.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\dcbay.bak1
    C:\WINDOWS\system32\dcbay.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dcbay.bak2
    C:\WINDOWS\system32\dcbay.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dcbay.ini
    C:\WINDOWS\system32\dcbay.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iifcbxy.dll
    C:\WINDOWS\system32\iifcbxy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tuvturs.dll
    C:\WINDOWS\system32\tuvturs.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xoypfvrx.dll
    C:\WINDOWS\system32\xoypfvrx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xrvfpyox.ini
    C:\WINDOWS\system32\xrvfpyox.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yabcd.dll
    C:\WINDOWS\system32\yabcd.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtspmn.dll
    C:\WINDOWS\system32\awtspmn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yabcd.dll
    C:\WINDOWS\system32\yabcd.dll Has been deleted!

    Performing Repairs to the registry.
    Done!


    Merci !
    a b 8 Sécurité
    8 Juin 2007 13:21:11

    Re,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    8 Juin 2007 19:06:57

    Re,

    et merci.

    Voici le rapport :

    "julutru" - 2007-06-08 18:50:58 Service Pack 2 NTFS
    ComboFix 07-06-3B - Running from: "C:\Documents and Settings\julutru\Bureau\"


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\winlpi32.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\julutru\APPLIC~1.\macromedia\Flash Player\#SharedObjects\FSMTNUSW\www.broadcaster.com
    C:\DOCUME~1\julutru\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\DOCUME~1\julutru\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00001.dll
    C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00002.dll
    C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
    C:\WINDOWS\system32\xpdx.sys


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\xpdx


    ((((((((((((((((((((((((( Files Created from 2007-05-08 to 2007-06-08 )))))))))))))))))))))))))))))))


    2007-06-08 18:56 <REP> d-------- C:\Avenger
    2007-06-08 08:40 58,420 --a------ C:\WINDOWS\system32\rshrcvlb.dll
    2007-06-07 20:50 <REP> d-------- C:\VundoFix Backups
    2007-06-07 09:08 2,580 --a------ C:\WINDOWS\system32\obaporgt.exe
    2007-06-07 02:07 55,316 --a------ C:\WINDOWS\system32\cwxhtmvp.dll
    2007-06-07 00:59 56,832 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\uhkxefqh.exe
    2007-06-03 10:20 <REP> d-------- C:\Program Files\hp deskjet 3420 series
    2007-06-03 10:19 184,386 --a------ C:\WINDOWS\system32\hpzsnt07.dll
    2007-05-26 18:28 966,144 --a------ C:\WINDOWS\system32\AudioInfos.dll
    2007-05-26 18:28 877,568 --a------ C:\WINDOWS\system32\AudFile.dll
    2007-05-26 18:28 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
    2007-05-26 18:28 403,968 --a------ C:\WINDOWS\system32\WMAFile.dll
    2007-05-26 18:28 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
    2007-05-26 18:28 <REP> d-------- C:\Program Files\Free Easy Burner
    2007-05-26 05:02 5,883 --a------ C:\WINDOWS\DiabUnin.dat
    2007-05-26 05:02 2,829 --a------ C:\WINDOWS\DiabUnin.pif
    2007-05-26 05:02 118,784 --a------ C:\WINDOWS\DiabUnin.exe
    2007-05-26 05:02 <REP> d-------- C:\Program Files\Diablo
    2007-05-25 22:12 <REP> d-------- C:\24.COMPLETE.DAY.6.VOST.FRENCH.DivX6-5yN
    2007-05-23 14:58 344,064 -ra------ C:\WINDOWS\system32\drivers\rt73.sys
    2007-05-22 21:31 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
    2007-05-20 11:36 90,112 --a------ C:\WINDOWS\system32\AVMiniWeb.exe
    2007-05-20 11:36 520,192 --a------ C:\WINDOWS\system32\AVmmfecd.exe
    2007-05-20 11:36 438,272 --a------ C:\WINDOWS\system32\AVawbecd.exe
    2007-05-20 11:36 380,928 --a------ C:\WINDOWS\system32\AVawbdcd.exe
    2007-05-20 11:36 266,240 --a------ C:\WINDOWS\system32\AVamrecd.exe
    2007-05-20 11:36 208,896 --a------ C:\WINDOWS\system32\lame_enc.dll
    2007-05-20 11:36 <REP> d-------- C:\Program Files\MRConverter
    2007-05-15 00:03 <REP> d-------- C:\DOCUME~1\julutru\APPLIC~1\vlc
    2007-05-12 18:10 <REP> d-------- C:\Program Files\MyFreeTV
    2007-05-09 10:51 <REP> d-------- C:\Program Files\MSECache


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-07 21:01:08 -------- d-----w C:\Program Files\FreeEasyZap
    2007-06-06 22:37:08 2,932 ----a-w C:\WINDOWS\system32\d3d9caps.dat
    2007-06-03 08:18:17 -------- d-----w C:\Program Files\Hewlett-Packard
    2007-05-29 13:16:17 -------- d-----w C:\Program Files\Mozilla Thunderbird
    2007-05-23 12:59:36 76,118 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-05-23 12:59:36 469,190 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-05-19 12:10:19 -------- d-s---w C:\DOCUME~1\julutru\APPLIC~1\Temporary
    2007-05-19 11:58:22 -------- d-----w C:\DOCUME~1\julutru\APPLIC~1\TransRender
    2007-05-17 09:17:51 -------- d-----w C:\DOCUME~1\julutru\APPLIC~1\Zylom
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-04-21 19:12:25 -------- d-----w C:\Program Files\eMule
    2007-04-21 06:55:37 -------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 21:15:44 -------- d-----w C:\Program Files\FLVPlayer
    2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {8A61098D-612B-4EF2-943D-64E920684061}=C:\WINDOWS\system32\awtspmn.dll []
    {A6E9BB13-8213-4CCB-8342-9E7A0ED9FC39}=C:\WINDOWS\system32\yabcd.dll []
    {E12BFF69-38A7-406e-A8EF-2738107A7831}=C:\WINDOWS\system32\rshrcvlb.dll [2007-06-08 08:40]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 18:38]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 06:03]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "uhkxefqh.exe"="C:\Documents and Settings\All Users\Application Data\uhkxefqh.exe" [2007-06-07 00:59]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{8A61098D-612B-4EF2-943D-64E920684061}"="C:\WINDOWS\system32\awtspmn.dll" []

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages scecli scecli scecli scecli

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPodService"=3 (0x3)
    "HPConfig"=2 (0x2)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "ATIPTA"=C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
    "Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe
    "Multi-function Keyboard"=GWHotKey.exe
    "Display Settings"=C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    "QT4HPOT"=C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
    "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
    "Device Detector"="C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
    UxTuneUp


    Contents of the 'Scheduled Tasks' folder
    2007-05-25 15:15:01 C:\WINDOWS\tasks\1-Click Maintenance.job
    2007-06-08 16:49:54 C:\WINDOWS\tasks\MP Scheduled Scan.job

    **************************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-08 18:57:29
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************

    Completion time: 2007-06-08 18:59:54 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-06-08 18:59

    --- E O F ---
    a b 8 Sécurité
    8 Juin 2007 19:13:14

    Re,

    Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
    Sélectionne TOUS les emplacements en gras ci-dessous :

    C:\WINDOWS\system32\rshrcvlb.dll
    C:\WINDOWS\system32\obaporgt.exe
    C:\WINDOWS\system32\cwxhtmvp.dll


    ---> Clique-droit puis Copier (ou Ctrl+C)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
    Clique maintenant sur [#ff0000]MoveIt![/#f]

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    9 Juin 2007 14:42:32

    Merci !

    Voici :

    DllUnregisterServer procedure not found in C:\WINDOWS\system32\rshrcvlb.dll
    C:\WINDOWS\system32\rshrcvlb.dll NOT unregistered.
    C:\WINDOWS\system32\rshrcvlb.dll moved successfully.
    C:\WINDOWS\system32\obaporgt.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\cwxhtmvp.dll
    C:\WINDOWS\system32\cwxhtmvp.dll NOT unregistered.
    C:\WINDOWS\system32\cwxhtmvp.dll moved successfully.

    Created on 06/09/2007 14:41:27
    a b 8 Sécurité
    9 Juin 2007 17:31:10

    Reposte un rapport Hijackthis.
    10 Juin 2007 10:12:23

    Merci, en tout cas tout a l'air d'aller mieux.

    Voici le rapport :

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 10:10:51, on 10/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Documents and Settings\All Users\Application Data\uhkxefqh.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\julutru\Bureau\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\awtspmn.dll (file missing)
    O2 - BHO: (no name) - {A6E9BB13-8213-4CCB-8342-9E7A0ED9FC39} - C:\WINDOWS\system32\yabcd.dll (file missing)
    O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\rshrcvlb.dll (file missing)
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [uhkxefqh.exe] C:\Documents and Settings\All Users\Application Data\uhkxefqh.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: EasyBoxApache - Unknown owner - C:\Program Files\EasyBox\Apache\Apache.exe (file missing)
    O23 - Service: EasyBoxVLC - Unknown owner - C:\Program Files\EasyBox\SrvAny.exe (file missing)
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

    --
    End of file - 7732 bytes
    11 Juin 2007 18:34:21

    Re,

    Ok. voici le résultat :

    Logfile of HijackThis v1.99.1
    Scan saved at 18:33:40, on 11/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Documents and Settings\All Users\Application Data\uhkxefqh.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\julutru\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\awtspmn.dll (file missing)
    O2 - BHO: (no name) - {A6E9BB13-8213-4CCB-8342-9E7A0ED9FC39} - C:\WINDOWS\system32\yabcd.dll (file missing)
    O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\rshrcvlb.dll (file missing)
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [uhkxefqh.exe] C:\Documents and Settings\All Users\Application Data\uhkxefqh.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: EasyBoxApache - Unknown owner - C:\Program Files\EasyBox\Apache\Apache.exe" -k runservice (file missing)
    O23 - Service: EasyBoxVLC - Unknown owner - C:\Program Files\EasyBox\SrvAny.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

    a b 8 Sécurité
    11 Juin 2007 18:39:31

    Re,

    Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES

    O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\awtspmn.dll (file missing)
    O2 - BHO: (no name) - {A6E9BB13-8213-4CCB-8342-9E7A0ED9FC39} - C:\WINDOWS\system32\yabcd.dll (file missing)
    O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\rshrcvlb.dll (file missing)
    issch.exe" -start
    O4 - HKLM\..\Run: [uhkxefqh.exe] C:\Documents and Settings\All Users\Application Data\uhkxefqh.exe


    Utilise OTMoveIt avec :
    C:\Documents and Settings\All Users\Application Data\uhkxefqh.exe
    11 Juin 2007 23:23:20

    C'est fait, mais je crois avoir appuyer sur Clean Up! au lieu de Move It! avec OTmoveIT...
    Mon ordi veut redémarrer mais bon, voici le dernier log sur Hijack.

    Et, encore merci.

    Logfile of HijackThis v1.99.1
    Scan saved at 23:21:26, on 11/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Documents and Settings\julutru\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: EasyBoxApache - Unknown owner - C:\Program Files\EasyBox\Apache\Apache.exe" -k runservice (file missing)
    O23 - Service: EasyBoxVLC - Unknown owner - C:\Program Files\EasyBox\SrvAny.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

    a b 8 Sécurité
    12 Juin 2007 11:33:02

    Tu peux refaire un scan Combofix ?
    15 Juin 2007 09:09:41

    Bonjour, et encore merci.

    Voici le log :

    ComboFix 07-06-13.3 - C:\Documents and Settings\julutru\Bureau\ComboFix.exe
    "julutru" - 2007-06-15 9:02:44 - Service Pack 2 NTFS


    ((((((((((((((((((((((((( Files Created from 2007-05-15 to 2007-06-15 )))))))))))))))))))))))))))))))


    2007-06-15 09:02 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-11 22:02 <REP> d-------- C:\Program Files\Fichiers communs\ACD Systems
    2007-06-11 22:02 <REP> d-------- C:\Program Files\ACD Systems
    2007-06-11 22:02 <REP> d-------- C:\24.COMPLETE.DAY.6.VOST.FRENCH.DivX6-5yN
    2007-06-11 22:00 <REP> d-------- C:\Program Files\Optio 50L Digital Camera
    2007-06-11 22:00 <REP> d-------- C:\Program Files\MRConverter
    2007-06-11 22:00 <REP> d-------- C:\Program Files\Matroska Playback Pack
    2007-06-11 22:00 <REP> d-------- C:\Program Files\Google
    2007-06-11 22:00 <REP> d-------- C:\Program Files\FpTest
    2007-06-11 22:00 <REP> d-------- C:\Program Files\FLVPlayer
    2007-06-11 22:00 <REP> d-------- C:\Program Files\Diablo
    2007-06-11 22:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\POP3Profiles
    2007-06-11 20:15 29,704 --a------ C:\WINDOWS\system32\uxtuneup(2).dll
    2007-06-10 12:21 6,291,456 --a------ C:\DOCUME~1\julutru\ntuser.dat
    2007-06-03 10:20 <REP> d-------- C:\Program Files\hp deskjet 3420 series
    2007-06-03 10:19 184,386 --a------ C:\WINDOWS\system32\hpzsnt07.dll
    2007-05-26 18:28 966,144 --a------ C:\WINDOWS\system32\AudioInfos.dll
    2007-05-26 18:28 877,568 --a------ C:\WINDOWS\system32\AudFile.dll
    2007-05-26 18:28 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
    2007-05-26 18:28 403,968 --a------ C:\WINDOWS\system32\WMAFile.dll
    2007-05-26 18:28 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
    2007-05-26 18:28 <REP> d-------- C:\Program Files\Free Easy Burner
    2007-05-26 05:02 2,829 --a------ C:\WINDOWS\DiabUnin.pif
    2007-05-26 05:02 118,784 --a------ C:\WINDOWS\DiabUnin.exe
    2007-05-23 14:58 344,064 -ra------ C:\WINDOWS\system32\drivers\rt73.sys
    2007-05-22 21:31 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
    2007-05-20 11:36 90,112 --a------ C:\WINDOWS\system32\AVMiniWeb.exe
    2007-05-20 11:36 520,192 --a------ C:\WINDOWS\system32\AVmmfecd.exe
    2007-05-20 11:36 438,272 --a------ C:\WINDOWS\system32\AVawbecd.exe
    2007-05-20 11:36 380,928 --a------ C:\WINDOWS\system32\AVawbdcd.exe
    2007-05-20 11:36 266,240 --a------ C:\WINDOWS\system32\AVamrecd.exe
    2007-05-20 11:36 208,896 --a------ C:\WINDOWS\system32\lame_enc.dll
    2007-05-15 00:03 <REP> d-------- C:\DOCUME~1\julutru\APPLIC~1\vlc


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-13 21:22:50 -------- d-----w C:\Program Files\FreeEasyZap
    2007-06-13 07:50:09 -------- d-----w C:\DOCUME~1\julutru\APPLIC~1\TransRender
    2007-06-11 20:02:28 -------- d-----w C:\Program Files\TuneUp Utilities 2007
    2007-06-11 19:42:20 -------- d-----w C:\Program Files\UBISOFT
    2007-06-11 19:37:26 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-11 19:34:51 -------- d-----w C:\Program Files\ArcSoft
    2007-06-06 22:37:08 2,932 ----a-w C:\WINDOWS\system32\d3d9caps.dat
    2007-06-03 08:18:17 -------- d-----w C:\Program Files\Hewlett-Packard
    2007-05-29 13:16:17 -------- d-----w C:\Program Files\Mozilla Thunderbird
    2007-05-23 12:59:36 76,118 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-05-23 12:59:36 469,190 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-05-19 12:10:19 -------- d-s---w C:\DOCUME~1\julutru\APPLIC~1\Temporary
    2007-05-17 09:17:51 -------- d-----w C:\DOCUME~1\julutru\APPLIC~1\Zylom
    2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-12 16:11:53 -------- d-----w C:\Program Files\MyFreeTV
    2007-05-09 08:51:08 -------- d-----w C:\Program Files\MSECache
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-21 19:12:25 -------- d-----w C:\Program Files\eMule
    2007-04-21 06:55:37 -------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 18:38]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 06:03]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages :\WINDOWS\system32\srrstr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPodService"=3 (0x3)
    "HPConfig"=2 (0x2)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "ATIPTA"=C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
    "Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe
    "Multi-function Keyboard"=GWHotKey.exe
    "Display Settings"=C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    "QT4HPOT"=C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
    "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
    "Device Detector"="C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
    UxTuneUp
    NtmlSvc


    Contents of the 'Scheduled Tasks' folder
    2007-05-25 15:15:01 C:\WINDOWS\tasks\1-Click Maintenance.job
    2007-06-15 07:02:58 C:\WINDOWS\tasks\MP Scheduled Scan.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-15 09:06:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************

    Completion time: 2007-06-15 9:08:02

    --- E O F ---
    19 Juin 2007 23:19:57

    euh... quelqu'un ?
    Merci.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS