Se connecter / S'enregistrer
Votre question

[RESOLU] infection beagle/bagle

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
26 Mai 2007 15:05:35

Bonjours à tous,
je pense être infécté par un (ou plusieurs) trojan de type beagle ou bagle.
En gros j'ai des fenetres ie/firefox intempestives notamment sur
**lien édité par Angeldark**
Au début il(s) m'avaient supprimé avast et m'empechaient de linstaller
J'ai reussi a fixer ca (plein d'outil + fx-beagle and co), et j'ai réinstallé avast
Aux scans ou en mode garde, il voient certains adware et les nettoie, mais ils reviennent
Bref je sais plus quoi faire, j'en ai marre et j'ai besoin de votre science

labrach

ci apres un log hijack_v2(beta)
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:00:52, on 26/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ProcessTamer\ProcessTamerTray.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\lolo\Mes documents\Appli-Win\anti-spy\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe
O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: ZTE ZXDSL852.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O16 - DPF: {2472565F-E27A-11D9-ADFE-00062919A34C} (ActiveXUploadDiscount.UserControl1) - http://www.fotodiscount.com/activeX/newUploadDiscount.C...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.2.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/ActiveX/SpeedUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57A08605-1CB6-4431-BED7-F6DAD6BB60B6}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Nero\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe (file missing)
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Outlook Express\profsyrtym.html

--
End of file - 10844 bytes

Autres pages sur : resolu infection beagle bagle

a b 8 Sécurité
26 Mai 2007 15:25:55

Bonjour

Télécharge Blacklight (F-Secure), clique sur " I ACCEPT " en bas de la page :
Clique sur le premier " Download " afin de télécharger le programme
Sauvegarde le sur ton Bureau
Double-clique fsbl.exe et accepte la licence; clique Scan puis Next.

A la fin du scan, NE TOUCHE A RIEN !

Tu verras un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Nous devons analyser ce rapport, ferme donc le BlackLight.

Poste le rapport sur le forum.

AIDE : Tuto sur BlackLight (Malekal)
26 Mai 2007 15:54:20

voila le rapport de blacklight
je ne sais pas si ca va t'aider, car y'a pas grand chose
j'attends la suite des instructions
merci

05/26/07 15:37:04 [Info]: BlackLight Engine 1.0.61 initialized
05/26/07 15:37:04 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/26/07 15:37:04 [Note]: 7019 4
05/26/07 15:37:04 [Note]: 7005 0
05/26/07 15:37:33 [Note]: 7006 0
05/26/07 15:37:33 [Note]: 7011 788
05/26/07 15:37:33 [Note]: 7026 0
05/26/07 15:37:33 [Note]: 7026 0
05/26/07 15:37:36 [Note]: FSRAW library version 1.7.1021
Contenus similaires
a b 8 Sécurité
26 Mai 2007 15:55:48

Pourquoi tu penses à Bagle ?
26 Mai 2007 16:01:25

d'abord par rapport a ce que j'ai vu de mes symptomes et des diverses info s données par les scans tels que panda, window care, ...
en meme temps, je ne suis pas sur que ce soit le seul probleme, je l'ai peut etre supprimé avec les fix beagle, mais il reste des adware + ma CPU qui mouline par intermittence
que puis-je faire, j'en ai marre d'essayer de scanner avec differents outils sans resultats probant
merci de ton aide
26 Mai 2007 16:18:37

voila le nouveau log
Le premier O20 est pas normal je crois, car avast me l'a deja signalé

Logfile of HijackThis v1.99.1
Scan saved at 16:15:24, on 26/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ProcessTamer\ProcessTamerTray.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Updater\2.1.850.19570\GoogleUpdaterInstallMgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Norton Security Scan\Nss.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\lolo\Mes documents\Appli-Win\anti-spy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe
O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: ZTE ZXDSL852.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O16 - DPF: {2472565F-E27A-11D9-ADFE-00062919A34C} (ActiveXUploadDiscount.UserControl1) - http://www.fotodiscount.com/activeX/newUploadDiscount.C...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.2.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/ActiveX/SpeedUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57A08605-1CB6-4431-BED7-F6DAD6BB60B6}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Nero\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

a b 8 Sécurité
26 Mai 2007 16:25:42

Re,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    26 Mai 2007 17:02:18

    Apparemment, mon ordi semble moins perturbé ....


    voila le log combofix apres reboot. Je l'ai un peu aidé à redémarrer, je sais pas si j'ai bien fait ...


    "lolo" - 2007-05-26 16:36:21 Service Pack 2
    ComboFix 07-05.26.3.V - Running from: "C:\Program Files\Mozilla Firefox\"

    Rootkit driver xpdt is present. A rootkit scan is required

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    "C:\WINDOWS\retadpu1000106.exe"
    "C:\DOCUME~1\lolo\APPLIC~1\Dxcknwrd.dll"
    "C:\DOCUME~1\lolo\APPLIC~1\Dxcuknwrd.dll"
    "C:\Program Files\Outlook Express\profsyrtym.html"
    "C:\WINDOWS\system32\drivers\core.cache.dsk"
    "C:\WINDOWS\system32\perfc000.dat"
    "C:\Temp\tn3"
    "C:\WINDOWS\system32\perfc000.dat"


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-26 to 2007-05-26 ))))))))))))))))))))))))))))))))))


    2007-05-26 16:22 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-05-26 16:22 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-05-26 16:22 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-05-26 16:22 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-05-26 16:22 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-05-26 16:21 <REP> d-------- C:\Program Files\Spyware Doctor
    2007-05-26 16:21 <REP> d-------- C:\DOCUME~1\lolo\APPLIC~1\PC Tools
    2007-05-26 16:15 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
    2007-05-26 16:10 <REP> d-------- C:\Program Files\Norton Security Scan
    2007-05-26 15:20 <REP> d-------- C:\Program Files\CCleaner
    2007-05-26 15:19 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-05-26 14:21 <REP> d-------- C:\kav
    2007-05-26 10:42 <REP> d-------- C:\Program Files\Skype
    2007-05-26 10:42 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2007-05-26 10:42 <REP> d-------- C:\DOCUME~1\lolo\APPLIC~1\Leadertech
    2007-05-26 10:36 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2007-05-26 09:58 60,574 --a------ C:\WINDOWS\system32\xpdt.sys
    2007-05-26 09:58 1,536 --a------ C:\cwainda.exe
    2007-05-26 06:45 <REP> d-------- C:\VundoFix Backups
    2007-05-26 06:22 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-05-26 06:22 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-05-26 06:22 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-05-26 06:22 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-05-26 06:22 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-05-26 05:52 <REP> d-------- C:\Program Files\MSXML 4.0
    2007-05-26 00:03 <REP> d-------- C:\{80001022-0000-0000-B167-1550C9FB0B0C}
    2007-05-25 22:29 724,992 --a------ C:\WINDOWS\iun6002.exe
    2007-05-25 22:29 <REP> d-------- C:\spywarebegone
    2007-05-25 21:52 <REP> d-------- C:\Program Files\Windows Live Safety Center
    2007-05-25 21:50 <REP> d-------- C:\WINDOWS\system32\ActiveScan
    2007-05-25 21:17 167 --a------ C:\Documents and Settings\lolo\3048.bat
    2007-05-25 21:17 167 --a------ C:\DOCUME~1\lolo\3048.bat
    2007-05-25 21:03 167 --a------ C:\WINDOWS\system32\6850.bat
    2007-05-25 20:59 <REP> d-------- C:\Program Files\Alwil Software
    2007-05-25 08:52 <REP> d-------- C:\DOCUME~1\lolo\APPLIC~1\Lavasoft
    2007-05-24 23:34 <REP> d-------- C:\Documents and Settings\lolo\.housecall6.6
    2007-05-24 23:34 <REP> d-------- C:\DOCUME~1\lolo\.housecall6.6
    2007-05-24 23:28 <REP> d-------- C:\Program Files\Spyware cleaner
    2007-05-24 22:54 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
    2007-05-24 22:54 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
    2007-05-24 22:54 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
    2007-05-24 22:53 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-05-24 22:32 167 --a------ C:\Documents and Settings\lolo\7576.bat
    2007-05-24 22:32 167 --a------ C:\DOCUME~1\lolo\7576.bat
    2007-05-24 22:07 167 --a------ C:\Documents and Settings\lolo\9945.bat
    2007-05-24 22:07 167 --a------ C:\DOCUME~1\lolo\9945.bat
    2007-05-24 08:46 167 --a------ C:\Documents and Settings\lolo\2073.bat
    2007-05-24 08:46 167 --a------ C:\DOCUME~1\lolo\2073.bat
    2007-05-24 00:53 90,112 --a------ C:\WINDOWS\system32\ps.exe
    2007-05-24 00:53 73 --a------ C:\WINDOWS\system32\n.bat
    2007-05-24 00:53 30,530 --a------ C:\WINDOWS\system32\x.dat
    2007-05-24 00:53 167 --a------ C:\WINDOWS\system32\5597.bat
    2007-05-24 00:52 32,768 --a------ C:\WINDOWS\system32\setup9x.exe
    2007-05-24 00:52 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2007-05-24 00:52 109,343 --a------ C:\WINDOWS\system32\app.exe
    2007-05-24 00:52 10,326 --a------ C:\WINDOWS\system32\install.exe
    2007-05-24 00:52 0 --a------ C:\WINDOWS\system32\taskkill.exe
    2007-05-24 00:52 <REP> d-------- C:\WINDOWS\system32\T7
    2007-05-24 00:52 <REP> d-------- C:\WINDOWS\system32\T6QaSQ
    2007-05-24 00:52 <REP> d-------- C:\WINDOWS\system32\T5
    2007-05-24 00:52 <REP> d-------- C:\WINDOWS\system32\T3
    2007-05-24 00:52 <REP> d-------- C:\WINDOWS\system32\T2
    2007-05-24 00:52 <REP> d-------- C:\WINDOWS\system32\pog
    2007-05-24 00:52 <REP> d-------- C:\Temp\0b9
    2007-05-24 00:52 <REP> d-------- C:\Temp
    2007-05-22 21:05 77,636 -ra------ C:\WINDOWS\system32\flec003.exe
    2007-05-22 21:05 <REP> d-------- C:\WINDOWS\exefld
    2007-05-22 19:14 <REP> d-------- C:\Program Files\Altova
    2007-05-21 18:35 <REP> d-------- C:\Program Files\Plone 3
    2007-05-20 23:59 <REP> d-------- C:\Program Files\AC3Filter
    2007-05-11 17:14 <REP> d-------- C:\Program Files\Wolfram Research
    2007-05-10 20:39 <REP> d-------- C:\DOCUME~1\lolo\APPLIC~1\Microsoft Web Folders
    2007-05-09 21:37 <REP> d-------- C:\Program Files\jxProject_2.4.1.2
    2007-05-03 22:30 56 -r-hs---- C:\WINDOWS\system32\C3408FAB69.sys
    2007-05-03 22:30 <REP> d-------- C:\Program Files\DivX
    2007-05-03 22:29 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-05-03 22:29 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-05-03 22:29 <REP> d-------- C:\Program Files\Xvid
    2007-05-02 08:27 <REP> d-------- C:\Program Files\Mattel Interactive


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-26 14:52:18 12,400 ----a-w C:\WINDOWS\system32\tablet.dat
    2007-05-26 14:35:22 -------- d-----w C:\DOCUME~1\lolo\APPLIC~1\Skype
    2007-05-26 14:33:01 -------- d-----w C:\Program Files\SpeedFan
    2007-05-26 14:06:04 -------- d-----w C:\Program Files\Microsoft LifeCam
    2007-05-26 14:06:04 -------- d-----w C:\Program Files\FolderSize
    2007-05-26 14:05:45 -------- d-----w C:\Program Files\Microsoft IntelliType Pro
    2007-05-26 14:05:44 -------- d-----w C:\Program Files\Microsoft IntelliPoint
    2007-05-26 14:05:23 -------- d-----w C:\Program Files\ProcessTamer
    2007-05-26 14:05:14 -------- d-----w C:\Program Files\Google
    2007-05-26 08:37:07 -------- d-----w C:\Program Files\Winamp
    2007-05-26 06:50:13 -------- d-----w C:\Program Files\QuickTime
    2007-05-24 23:02:48 -------- d-----w C:\Program Files\Spybot
    2007-05-24 20:53:57 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-23 06:22:39 -------- d-----w C:\DOCUME~1\lolo\APPLIC~1\Image Zone Express
    2007-05-14 16:19:32 -------- d-----w C:\Program Files\Mozilla Thunderbird Beta 1
    2007-05-11 15:29:32 -------- d-----w C:\DOCUME~1\lolo\APPLIC~1\U3
    2007-05-11 15:13:27 -------- d-----w C:\Program Files\IsoBuster
    2007-05-10 19:02:36 -------- d-----w C:\Program Files\SmartDraw 2007
    2007-05-10 18:59:08 -------- d-----w C:\DOCUME~1\lolo\APPLIC~1\Shareaza
    2007-05-09 19:37:46 -------- d--h--w C:\Program Files\Zero G Registry
    2007-05-03 20:44:22 -------- d-----w C:\Program Files\Joost
    2007-05-03 20:30:54 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-04-30 17:32:49 -------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-22 21:15:39 -------- d-----w C:\DOCUME~1\lolo\APPLIC~1\SmartDraw
    2007-04-19 20:57:40 -------- d-----w C:\Program Files\Barbie(TM)
    2007-04-19 20:52:47 -------- d-----w C:\DOCUME~1\lolo\APPLIC~1\InstallShield
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-14 12:16:19 -------- d-----w C:\DOCUME~1\lolo\APPLIC~1\Joost
    2007-04-12 22:54:12 -------- d-----w C:\Program Files\Sonic Foundry ACID Music
    2007-04-12 22:51:30 -------- d-----w C:\Program Files\CyberLink
    2007-04-10 21:50:24 -------- d-----w C:\Program Files\JAlbum7.1
    2007-04-09 15:01:17 66,808 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-04-09 15:01:17 450,646 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
    2006-04-13 18:50:48 8 --sh--r C:\WINDOWS\system32\5459921715.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-05-18 13:14]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll [2007-05-09 19:32]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 14:20]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 18:12]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50]
    "CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 19:32]
    "AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-09-26 17:46]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-02 11:04]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00]
    "SoundMan"="SOUNDMAN.EXE" []
    "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 01:54]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-21 22:37]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-04-19 11:07]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-18 13:14]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    C:\Program Files\Outlook Express\profsyrtym.html

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13]

    SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode.

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ask Harrap's Shorter.lnk
    backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^lolo^Menu Démarrer^Programmes^Démarrage^Freenet.lnk]
    path=C:\Documents and Settings\lolo\Menu Démarrer\Programmes\Démarrage\Freenet.lnk
    backup=C:\WINDOWS\pss\Freenet.lnkStartup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeluxeCommunications]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Service]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    C:\Program Files\Nero\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
    Alaunch

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    "C:\Program Files\Nero\Nero BackItUp\NBJ.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
    C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPTENET_GUI]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SplitCam]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrackerCam]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b07ca38-d496-11da-95a6-00d0d08b6fa9}]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad1e395c-6a3a-11da-9504-00016ce48c33}]



    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20070526-145535-570
    O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

    backup-20070526-145450-436
    O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing)

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winexz32]
    "Asynchronous"=dword:00000001
    "DllName"="winexz32.dll"
    "Impersonate"=dword:00000000
    "Startup"="EvtStartup"
    "Shutdown"="EvtShutdown"



    backup-20070526-070849-196
    O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe

    backup-20070526-070849-463
    O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe

    backup-20070526-070610-870
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab

    ?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    backup-20070526-070609-886
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....

    ??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????=????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????=?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    backup-20070526-070609-976
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

    ?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????=???

    backup-20070526-070417-934
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    Contents of the 'Scheduled Tasks' folder
    2007-05-24 13:06:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2007-05-26 14:10:48 C:\WINDOWS\tasks\Norton Security Scan.job

    ********************************************************************

    catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-26 16:52:25
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    ********************************************************************

    Completion time: 2007-05-26 16:55:48 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-05-26 16:55

    --- E O F ---

    et le fichier de quarantaine:

    1. 2007-04-30 17:06 142 --a------ C:\Qoobox\Quarantine\C\Program Files\Outlook Express\profsyrtym.html.vir
    2. 2007-05-24 00:52 40960 --a------ C:\Qoobox\Quarantine\C\WINDOWS\retadpu1000106.exe.vir
    3. 2007-05-24 23:18 162348 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\core.cache.dsk.vir
    4. 2007-05-25 08:27 834231 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\lolo\APPLIC~1\Dxcknwrd.dll.vir
    5. 2007-05-25 08:58 88 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\lolo\APPLIC~1\Dxcuknwrd.dll.vir
    6. 2007-05-26 16:41 772 --a------ C:\Qoobox\Quarantine\Registry_backups\hklm_windowsNT_windows.reg.cf
    7. 2007-05-26 16:42 6144 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\perfc000.dat.vir
    8.  
    9.  
    10. Structure du dossier pour le volume ACER
    11. Le num‚ro de s‚rie du volume est BC24-9256
    12. C:\QOOBOX
    13. \---Quarantine
    14. +---C
    15. | +---DOCUME~1
    16. | | \---lolo
    17. | | \---APPLIC~1
    18. | | Dxcknwrd.dll.vir
    19. | | Dxcuknwrd.dll.vir
    20. | |
    21. | +---Program Files
    22. | | \---Outlook Express
    23. | | profsyrtym.html.vir
    24. | |
    25. | \---WINDOWS
    26. | | retadpu1000106.exe.vir
    27. | |
    28. | \---system32
    29. | | perfc000.dat.vir
    30. | |
    31. | \---drivers
    32. | core.cache.dsk.vir
    33. |
    34. \---Registry_backups
    35. hklm_windowsNT_windows.reg.cf


    a b 8 Sécurité
    26 Mai 2007 17:10:59

    Re,

    Télécharge Rustbfix (par ejvindh)
    **Si le lien ne fonctionne pas, clique ici**
    Sauvegarde-le sur ton Bureau.

    Double clique rustbfix.exe afin de lancer l'outil.
    Si une infection Rustock.b est détectée, une invite t'indiquera qu'il est nécessaire de redémarrer le PC. Ce redémarrage pourrait être plus long que d'habitude, et il est possible que deux redémarrages soient requis. Tout cela se fera automatiquement.
    Suite au(x) redémarrage(s), deux rapports s'ouvriront : (C:\avenger.txt & C:\Rustbfix\pelog.txt).
    Poste (Copie/Colle) le contenu de ces deux rapports, ainsi qu'un nouveau log HijackThis dans ta prochaine réponse.
    26 Mai 2007 21:54:37

    .... je reprends la ligne ....

    Ci apres tous les log
    Ca à l'air de marcher ... je touche du cuivre !

    je vais quand meme relancer quelques analyses en lignes, type bitfender, kaspersky, f-secure etc

    Sinon quels outils gratuits pour une protection optimale
    avast
    spydoctor, norton (proposé dans le google pack)
    kerio en firewall ?

    merci en tout cas mon ptit gars pour ta disponibilité

    labrach





    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\vpnhrqoc

    *******************

    Script file located at: \??\C:\Documents and Settings\qwbcwykm.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Driver xpdt unloaded successfully.
    Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

    Completed script processing.

    *******************

    Finished! Terminate.


    ************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************
    26/05/2007 21:22:36,73

    ******************* Pre-run Status of system *******************

    Rootkit driver xpdt is found. Starting the unload-procedure....

    Rustock.b-ADS attached to the System32-folder:
    No streams found.

    Looking for Rustock.b-files in the System32-folder:
    No Rustock.b-files found in system32


    ******************* Post-run Status of system *******************

    Rustock.b-driver on the system: NONE!

    Rustock.b-ADS attached to the System32-folder:
    No System32-ADS found.

    Looking for Rustock.b-files in the System32-folder:
    No Rustock.b-files found in system32


    ******************************* End of Logfile ********************************






    --------------------------------------------------------------------------
    Logfile of HijackThis v1.99.1
    --------------------------------------------------------------------------
    Scan saved at 21:46:34, on 26/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Nero\InCD\InCDsrv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\FolderSize\FolderSizeSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
    C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\ProcessTamer\ProcessTamerTray.exe
    C:\Program Files\SpeedFan\speedfan.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\lolo\Mes documents\Appli-Win\anti-spy\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
    O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe
    O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
    O4 - Global Startup: ZTE ZXDSL852.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {2472565F-E27A-11D9-ADFE-00062919A34C} (ActiveXUploadDiscount.UserControl1) - http://www.fotodiscount.com/activeX/newUploadDiscount.C...
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.2.cab
    O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/ActiveX/SpeedUploader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{57A08605-1CB6-4431-BED7-F6DAD6BB60B6}: NameServer = 80.10.246.1 80.10.246.132
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Nero\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe (file missing)
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    a b 8 Sécurité
    27 Mai 2007 19:34:03

    Re,

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Tuto sur le scan en ligne

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS