Votre question

Virus - Publicité intempestives

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Juin 2007 11:40:28

Bonjour,

Je me permet de vous demander votre aide car je me suis fais avoir comme un bleu... Je me suis fait infecté par je ne sais quoi qui m'ouvre des fenêtres de publicités autant dans IE que dans Firefox 2. Ce sont des fenêtres de type amaena, asiafriendfinder, drivecleaner, systemdoctor et j'en passe... J'ai essayé de repérer et/ou désinfecter avec différent scanner online et antivirus (mon antivirus actuel étant Avast). Rien n'y a fait.. Je vous demande donc humblement de m'aider car je commence à en avoir plus que marre de toute ces publicité qui m'assaillent pendant le travail.

Je vous remercie d'avance pour l'aide que vous pourrez m'apporter.

P.S. Je suis souvent en déplacement qui peuvt me prendre de quelques heures à une demi journée. C'est donc pourquoi il se peut que je tarde à répondre a vos demandes. Je vous prie de m'excuser pour cet état de fait mais comme je n'ai pas de connexion Internet chez moi, je le fais depuis le travail avec mon portable.

Je vous poste le log Hijackthis 2.0 (la version 1.99.1 plante sur ma machine mais je vous colle le log qu'il me sort à la fin):

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:26:05, on 12.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {004BE0BF-92AD-4CCE-889F-91337A7005F6} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E6A3DF9-3FAA-46B0-85A4-2946CFB6ED36} - (no file)
O2 - BHO: (no name) - {43474947-B5E0-40B7-BB56-19658BBD4539} - C:\WINDOWS\system32\ddcyx.dll (file missing)
O2 - BHO: (no name) - {55E3C7C2-1840-4280-A763-F8FF96C7875c} - C:\WINDOWS\system32\qjpapmfd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A35F8E84-97D4-43F7-9BE9-AAA6FAF247D8} - C:\WINDOWS\system32\qjpapmfd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B71FA585-B351-4E48-8DA8-22F6F705EC73} - C:\WINDOWS\system32\byxvspn.dll
O2 - BHO: (no name) - {C127627B-A8B7-4B8B-AD57-4F0F905BC649} - C:\WINDOWS\system32\mljge.dll
O2 - BHO: (no name) - {D7F0FD48-3ADF-41F8-A1DB-185104DEA899} - (no file)
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=061507 serial=XXXXXXX-XXXXXXX-XXX lang=FR
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\qmlqxjhf.dll",realset
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/...
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab
O20 - Winlogon Notify: byxvspn - C:\WINDOWS\
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\
O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 13575 bytes

/********************/
Scan avec Hijackthis 1.99.1

Logfile of HijackThis v1.99.1
Scan saved at 11:47:47, on 12.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\Administrateur\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=061507 serial=XXXXXXX-XXXXXXX-XXX lang=FR
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\qmlqxjhf.dll",realset
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/...
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
/**********FIN DU FICHIER LOG**********/

Merci d'avance

Autres pages sur : virus publicite intempestives

a b 8 Sécurité
12 Juin 2007 12:13:09

Bonjour,

Utilise juste l'ancienne version d'Hijackthis.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    12 Juin 2007 15:51:55

    Merci.. voila ce que tu m'as demandé

    VundoFix V6.4.1

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 12:38:24 02.06.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\byxvspn.dll
    C:\WINDOWS\system32\ddcyx.dll
    C:\WINDOWS\system32\eeylnxsx.ini
    C:\WINDOWS\system32\qqtss.ini
    C:\WINDOWS\system32\sstqq.dll
    C:\WINDOWS\system32\xsxnlyee.dll
    C:\WINDOWS\system32\xycdd.bak1
    C:\WINDOWS\system32\xycdd.bak2
    C:\WINDOWS\system32\xycdd.ini

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\byxvspn.dll
    C:\WINDOWS\system32\byxvspn.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ddcyx.dll
    C:\WINDOWS\system32\ddcyx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\eeylnxsx.ini
    C:\WINDOWS\system32\eeylnxsx.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qqtss.ini
    C:\WINDOWS\system32\qqtss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\sstqq.dll
    C:\WINDOWS\system32\sstqq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xsxnlyee.dll
    C:\WINDOWS\system32\xsxnlyee.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xycdd.bak1
    C:\WINDOWS\system32\xycdd.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xycdd.bak2
    C:\WINDOWS\system32\xycdd.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xycdd.ini
    C:\WINDOWS\system32\xycdd.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    VundoFix V6.5.0

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 15:39:22 12.06.2007

    Listing files found while scanning....

    C:\windows\system32\acsysigx.ini
    C:\windows\system32\agxijscj.exe
    C:\WINDOWS\system32\byxvspn.dll
    C:\windows\system32\cnsbumkh.exe
    C:\windows\system32\diiksfjh.exe
    C:\WINDOWS\system32\dkxtcuil.dll
    C:\WINDOWS\system32\egjlm.bak1
    C:\WINDOWS\system32\egjlm.bak2
    C:\WINDOWS\system32\egjlm.ini
    C:\WINDOWS\system32\egjlm.ini2
    C:\WINDOWS\system32\egjlm.tmp
    C:\windows\system32\esdiescp.dll
    C:\WINDOWS\system32\evjhdink.dll
    C:\windows\system32\hcjkyjkt.dll
    C:\windows\system32\hdcubsqt.ini
    C:\windows\system32\iavhflyr.dll
    C:\windows\system32\j3241839.dll
    C:\windows\system32\kjpkwxpr.dll
    C:\windows\system32\kwqovhcg.dll
    C:\windows\system32\lkvsmjek.exe
    C:\WINDOWS\system32\mljge.dll
    C:\windows\system32\ndngdivw.ini
    C:\windows\system32\nhgcofvy.dll
    C:\windows\system32\ojlatbit.dll
    C:\windows\system32\qjpapmfd.dll
    C:\WINDOWS\system32\qmlqxjhf.dll
    C:\windows\system32\qrqydrrh.dll
    C:\windows\system32\qyqypxtg.exe
    C:\windows\system32\rsqtqxdl.exe
    C:\windows\system32\tekxochg.dll
    C:\windows\system32\tkjykjch.ini
    C:\windows\system32\tqsbucdh.dll
    C:\windows\system32\wvidgndn.dll
    C:\windows\system32\xgisysca.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\acsysigx.ini
    C:\windows\system32\acsysigx.ini Has been deleted!

    Attempting to delete C:\windows\system32\agxijscj.exe
    C:\windows\system32\agxijscj.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\byxvspn.dll
    C:\WINDOWS\system32\byxvspn.dll Could not be deleted.

    Attempting to delete C:\windows\system32\cnsbumkh.exe
    C:\windows\system32\cnsbumkh.exe Has been deleted!

    Attempting to delete C:\windows\system32\diiksfjh.exe
    C:\windows\system32\diiksfjh.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dkxtcuil.dll
    C:\WINDOWS\system32\dkxtcuil.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\egjlm.bak1
    C:\WINDOWS\system32\egjlm.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\egjlm.bak2
    C:\WINDOWS\system32\egjlm.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\egjlm.ini
    C:\WINDOWS\system32\egjlm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\egjlm.ini2
    C:\WINDOWS\system32\egjlm.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\egjlm.tmp
    C:\WINDOWS\system32\egjlm.tmp Has been deleted!

    Attempting to delete C:\windows\system32\esdiescp.dll
    C:\windows\system32\esdiescp.dll Has been deleted!

    Attempting to delete C:\windows\system32\hcjkyjkt.dll
    C:\windows\system32\hcjkyjkt.dll Has been deleted!

    Attempting to delete C:\windows\system32\hdcubsqt.ini
    C:\windows\system32\hdcubsqt.ini Has been deleted!

    Attempting to delete C:\windows\system32\iavhflyr.dll
    C:\windows\system32\iavhflyr.dll Has been deleted!

    Attempting to delete C:\windows\system32\j3241839.dll
    C:\windows\system32\j3241839.dll Has been deleted!

    Attempting to delete C:\windows\system32\kjpkwxpr.dll
    C:\windows\system32\kjpkwxpr.dll Has been deleted!

    Attempting to delete C:\windows\system32\kwqovhcg.dll
    C:\windows\system32\kwqovhcg.dll Has been deleted!

    Attempting to delete C:\windows\system32\lkvsmjek.exe
    C:\windows\system32\lkvsmjek.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljge.dll
    C:\WINDOWS\system32\mljge.dll Has been deleted!

    Attempting to delete C:\windows\system32\ndngdivw.ini
    C:\windows\system32\ndngdivw.ini Has been deleted!

    Attempting to delete C:\windows\system32\nhgcofvy.dll
    C:\windows\system32\nhgcofvy.dll Has been deleted!

    Attempting to delete C:\windows\system32\ojlatbit.dll
    C:\windows\system32\ojlatbit.dll Has been deleted!

    Attempting to delete C:\windows\system32\qjpapmfd.dll
    C:\windows\system32\qjpapmfd.dll Has been deleted!

    Attempting to delete C:\windows\system32\qrqydrrh.dll
    C:\windows\system32\qrqydrrh.dll Has been deleted!

    Attempting to delete C:\windows\system32\qyqypxtg.exe
    C:\windows\system32\qyqypxtg.exe Has been deleted!

    Attempting to delete C:\windows\system32\rsqtqxdl.exe
    C:\windows\system32\rsqtqxdl.exe Has been deleted!

    Attempting to delete C:\windows\system32\tekxochg.dll
    C:\windows\system32\tekxochg.dll Has been deleted!

    Attempting to delete C:\windows\system32\tkjykjch.ini
    C:\windows\system32\tkjykjch.ini Has been deleted!

    Attempting to delete C:\windows\system32\tqsbucdh.dll
    C:\windows\system32\tqsbucdh.dll Has been deleted!

    Attempting to delete C:\windows\system32\wvidgndn.dll
    C:\windows\system32\wvidgndn.dll Has been deleted!

    Attempting to delete C:\windows\system32\xgisysca.dll
    C:\windows\system32\xgisysca.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\byxvspn.dll
    C:\WINDOWS\system32\byxvspn.dll Has been deleted!

    Performing Repairs to the registry.
    Done!


    Logfile of HijackThis v1.99.1
    Scan saved at 15:51:41, on 12.06.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\HPQ\IAM\bin\asghost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SMINST\Scheduler.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Administrateur\Bureau\hijackthis(2)\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {004BE0BF-92AD-4CCE-889F-91337A7005F6} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0E6A3DF9-3FAA-46B0-85A4-2946CFB6ED36} - (no file)
    O2 - BHO: (no name) - {3F418CD9-B77E-4614-98CA-9DA0DD000470} - C:\WINDOWS\system32\mljge.dll (file missing)
    O2 - BHO: (no name) - {43474947-B5E0-40B7-BB56-19658BBD4539} - C:\WINDOWS\system32\ddcyx.dll (file missing)
    O2 - BHO: (no name) - {55E3C7C2-1840-4280-A763-F8FF96C7875c} - C:\WINDOWS\system32\qjpapmfd.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\system32\bwxwufxg.dll
    O2 - BHO: (no name) - {A35F8E84-97D4-43F7-9BE9-AAA6FAF247D8} - C:\WINDOWS\system32\qjpapmfd.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {B71FA585-B351-4E48-8DA8-22F6F705EC73} - (no file)
    O2 - BHO: (no name) - {D7F0FD48-3ADF-41F8-A1DB-185104DEA899} - (no file)
    O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
    O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=061507 serial=XXXXXX-XXXXXXX-XXX lang=FR
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/...
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: byxvspn - C:\WINDOWS\
    O20 - Winlogon Notify: ddcyx - C:\WINDOWS\
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: mljge - C:\WINDOWS\
    O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
    Contenus similaires
    a b 8 Sécurité
    12 Juin 2007 16:52:50

    Re,

    Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES

    O2 - BHO: (no name) - {004BE0BF-92AD-4CCE-889F-91337A7005F6} - (no file)
    O2 - BHO: (no name) - {0E6A3DF9-3FAA-46B0-85A4-2946CFB6ED36} - (no file)
    O2 - BHO: (no name) - {3F418CD9-B77E-4614-98CA-9DA0DD000470} - C:\WINDOWS\system32\mljge.dll (file missing)
    O2 - BHO: (no name) - {43474947-B5E0-40B7-BB56-19658BBD4539} - C:\WINDOWS\system32\ddcyx.dll (file missing)
    O2 - BHO: (no name) - {55E3C7C2-1840-4280-A763-F8FF96C7875c} - C:\WINDOWS\system32\qjpapmfd.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A35F8E84-97D4-43F7-9BE9-AAA6FAF247D8} - C:\WINDOWS\system32\qjpapmfd.dll (file missing)
    O2 - BHO: (no name) - {B71FA585-B351-4E48-8DA8-22F6F705EC73} - (no file)
    O2 - BHO: (no name) - {D7F0FD48-3ADF-41F8-A1DB-185104DEA899} - (no file)
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O20 - Winlogon Notify: byxvspn - C:\WINDOWS\
    O20 - Winlogon Notify: ddcyx - C:\WINDOWS\
    O20 - Winlogon Notify: mljge - C:\WINDOWS\


  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Reposte un rapport Hijackthis.
    12 Juin 2007 16:58:15

    Merci mais combofix ouvre deux fenetre dos bleue et s'arrete

    Logfile of HijackThis v1.99.1
    Scan saved at 16:54:20, on 12.06.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HPQ\IAM\bin\asghost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\SMINST\Scheduler.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrateur\Bureau\hijackthis(2)\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.he-arc.ch:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {004BE0BF-92AD-4CCE-889F-91337A7005F6} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0E6A3DF9-3FAA-46B0-85A4-2946CFB6ED36} - (no file)
    O2 - BHO: (no name) - {3F418CD9-B77E-4614-98CA-9DA0DD000470} - C:\WINDOWS\system32\mljge.dll (file missing)
    O2 - BHO: (no name) - {43474947-B5E0-40B7-BB56-19658BBD4539} - C:\WINDOWS\system32\ddcyx.dll (file missing)
    O2 - BHO: (no name) - {55E3C7C2-1840-4280-A763-F8FF96C7875c} - C:\WINDOWS\system32\qjpapmfd.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\system32\bwxwufxg.dll
    O2 - BHO: (no name) - {A35F8E84-97D4-43F7-9BE9-AAA6FAF247D8} - C:\WINDOWS\system32\qjpapmfd.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {B71FA585-B351-4E48-8DA8-22F6F705EC73} - (no file)
    O2 - BHO: (no name) - {D7F0FD48-3ADF-41F8-A1DB-185104DEA899} - (no file)
    O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
    O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=061507 serial=DR12CGG-6171681-DXD lang=FR
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/...
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: byxvspn - C:\WINDOWS\
    O20 - Winlogon Notify: ddcyx - C:\WINDOWS\
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: mljge - C:\WINDOWS\
    O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe

    a b 8 Sécurité
    12 Juin 2007 17:00:48

    Désactive Tea Timer de Spybot puis refixe les lignes.
    13 Juin 2007 11:22:13

    tea timer est desactivé, les lignes ne sont plus dans hijackthis et combofix plante toujours. Par contre je n'ai plus de fenêtres publicitaires depuis hier soir...
    a b 8 Sécurité
    13 Juin 2007 12:17:22

    Reposte un rapport Hijackthis.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS