Votre question

Plein de problème sur mon pauvre ordi !

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
19 Mai 2007 17:35:19

Salut, je suis mauvaise en informatique mais j'ai tout de même constaté qu'il y avait beaucoup de ralentissement, des barres de recherche non désirée, des pop up avec marqué ''trojan win32 deteced'', des anti virus qui s'installent...
J'ai cru comprendre qu'il fallait utiliser le logiciel HIJACKTHIS pour que vous puissiez m'aider, j'ai donc fais un log pour ne pas perdre de temps :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:33:41, on 19/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\system32\msdn_lib.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cccf6d69-f6f9-43f0-ae8e-0599c51ce36b} - C:\WINDOWS\system32\HPZwiz.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\tmp214.tmp.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpyDawn] C:\Program Files\SpyDawn\SpyDawn.exe /h
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\leo\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\cbxvss.dll",realset
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [iut75] c:\windows\system32\drivers\uzcx.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels32.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu27.exe 61A847B5BBF72810358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [qwertybot.exe] C:\WINDOWS\system32\qwertybot.exe
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vexg6ame4.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\RunOnce: [service] C:\DOCUME~1\leo\LOCALS~1\Temp\ebmvvscc.exe delete
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Internet Security\isamntr.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Internet Security\pmsnrr.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A048B58-CEE0-4122-8914-00B367ECA182}: NameServer = 85.255.113.150,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{C05A5D89-6849-4369-8238-BDD742C643C8}: NameServer = 85.255.113.150,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA19A283-64D0-4B56-9227-6ACFBC6E827C}: NameServer = 85.255.113.150,85.255.112.233
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
O17 - HKLM\System\CS1\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
O17 - HKLM\System\CS2\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
O17 - HKLM\System\CS3\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
O20 - AppInit_DLLs:
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxx.dll
O20 - Winlogon Notify: HPZwiz - C:\WINDOWS\SYSTEM32\HPZwiz.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
O21 - SSODL: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - C:\WINDOWS\system32\xkrdk.dll (file missing)
O21 - SSODL: CDRecorder036 - {A3BC5E20-0235-1ABF-9CE1-00AA00512036} - C:\WINDOWS\system32\glax32.dll
O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - C:\WINDOWS\system32\ymbe.dll
O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - C:\WINDOWS\system32\iaaqjbp.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - C:\WINDOWS\system32\xkrdk.dll (file missing)
O22 - SharedTaskScheduler: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - C:\WINDOWS\system32\ymbe.dll
O22 - SharedTaskScheduler: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - C:\WINDOWS\system32\iaaqjbp.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Documents and Settings\leo\Bureau\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 10564 bytes








Merci d'avance

Autres pages sur : plein probleme pauvre ordi

a b 8 Sécurité
19 Mai 2007 17:35:58

Bonjour,

Tu es très infecté !

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

Redémarre en mode sans échec

  • Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
    19 Mai 2007 18:36:09

    voila le log SDFix :
    SDFix: Version 1.84

    Run by leo - 19/05/2007 - 17:53:51,73

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    wincom32

    ImagePath:
    \??\C:\WINDOWS\system32\wincom32.sys

    wincom32 - Deleted

    Killing PID 380 'smss.exe'
    Killing PID 612 'winlogon.exe'
    Killing PID 612 'winlogon.exe'


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Missing Security Center Service
    Restoring Missing SharedAccess Service

    Rebooting...


    Normal Mode:
    Checking Files:

    Below files will be copied to Backups folder then removed:

    C:\WINDOWS\SYSTEM32\KERNEL32.EXE - Deleted
    C:\Documents and Settings\leo\Local Settings\Temp\1.dllb - Deleted
    C:\Documents and Settings\leo\Local Settings\Temp\2.dllb - Deleted
    C:\Documents and Settings\leo\Local Settings\Temp\5.dllb - Deleted
    C:\Documents and Settings\leo\Local Settings\Temp\6.dllb - Deleted
    C:\Documents and Settings\leo\Local Settings\Temp\7.dllb - Deleted
    C:\WINDOWS\system32\alt.exe.exe - Deleted
    C:\WINDOWS\system32\pdp.exe.exe - Deleted
    C:\WINDOWS\system32\pee.exe.exe - Deleted
    C:\WINDOWS\system32\sony.exe.exe - Deleted
    C:\WINDOWS\retadpu27.exe.tmp - Deleted
    C:\WINDOWS\abc5019def.exe - Deleted
    C:\WINDOWS\system32\msdrives\driverpp.sys - Deleted
    C:\WINDOWS\system32\msdrives\iedrives.dll - Deleted
    C:\WINDOWS\system32\msdrives\msdrv.exe - Deleted
    C:\WINDOWS\system32\msdrives\msdrvctrl.exe - Deleted
    C:\DOCUME~1\leo\LOCALS~1\Temp\256.tmp.exe - Deleted
    C:\DOCUME~1\leo\LOCALS~1\Temp\25A.tmp.exe - Deleted
    C:\DOCUME~1\leo\LOCALS~1\Temp\tmp1FA.tmp.exe - Deleted
    C:\DOCUME~1\leo\LOCALS~1\Temp\tmp1FB.tmp.exe - Deleted
    C:\DOCUME~1\leo\LOCALS~1\Temp\tmp20E.tmp.exe - Deleted
    C:\DOCUME~1\leo\LOCALS~1\Temp\tmp213.tmp.exe - Deleted
    C:\DOCUME~1\leo\LOCALS~1\Temp\tmp214.tmp.exe - Deleted
    C:\DOCUME~1\leo\LOCALS~1\Temp\tmp215.tmp.exe - Deleted
    C:\DOCUME~1\leo\LOCALS~1\Temp\tmp217.tmp.exe - Deleted
    C:\DOCUME~1\leo\LOCALS~1\Temp\tmp218.tmp.exe - Deleted
    C:\DOCUME~1\leo\LOCALS~1\Temp\tmp220.tmp.exe - Deleted
    C:\Program Files\InetGet2\Installeur.exe - Deleted
    C:\Program Files\Ipwindows\ipwins.dll - Deleted
    C:\Program Files\Ipwindows\ipwins.exe - Deleted
    C:\Program Files\Ipwindows\UnInstall.exe - Deleted
    C:\Documents and Settings\leo\Application Data\Install.dat - Deleted
    C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll - Deleted
    C:\DOCUME~1\leo\LOCALS~1\Temp\abc123.pid - Deleted
    C:\DOCUME~1\leo\LOCALS~1\Temp\abc5019def.exe - Deleted
    C:\DOCUME~1\leo\LOCALS~1\Temp\temp_23767609.bat - Deleted
    C:\WINDOWS\b122.exe - Deleted
    C:\WINDOWS\iedrives.dll - Deleted
    C:\WINDOWS\msdrv.exe - Deleted
    C:\WINDOWS\msdrvctrl.exe - Deleted
    C:\WINDOWS\retadpu27.exe - Deleted
    C:\WINDOWS\smanager.7.exe - Deleted
    C:\WINDOWS\system32\a3dxx.dll - Deleted
    C:\WINDOWS\system32\comdlg77.dll - Deleted
    C:\WINDOWS\system32\dlh9jkd1q1.exe - Deleted
    C:\WINDOWS\system32\dlh9jkd1q2.exe - Deleted
    C:\WINDOWS\system32\dlh9jkd1q5.exe - Deleted
    C:\WINDOWS\system32\dlh9jkd1q6.exe - Deleted
    C:\WINDOWS\system32\dlh9jkd1q7.exe - Deleted
    C:\WINDOWS\system32\dlh9jkd1q8.exe - Deleted
    C:\WINDOWS\system32\drivers\uzcx.exe - Deleted
    C:\WINDOWS\system32\Kernel32.exe - Deleted
    C:\WINDOWS\system32\kernels32.exe - Deleted
    C:\WINDOWS\system32\max1d164v.exe - Deleted
    C:\WINDOWS\system32\qwertybot.exe - Deleted
    C:\WINDOWS\system32\qvxga6met3.exe - Deleted
    C:\WINDOWS\system32\qvxga7met4.exe - Deleted
    C:\WINDOWS\system32\qvx5gamet2.exe - Deleted
    C:\WINDOWS\system32\rpcc.exe - Deleted
    C:\WINDOWS\system32\spoolsvv.exe - Deleted
    C:\WINDOWS\system32\svcp.csv - Deleted
    C:\WINDOWS\system32\vexg4am1et2.exe - Deleted
    C:\WINDOWS\system32\vexg6ame4.exe - Deleted
    C:\WINDOWS\system32\vexga1me4t1.exe - Deleted
    C:\WINDOWS\system32\vexga3me2.exe - Deleted
    C:\WINDOWS\system32\vexga4m1et4.exe - Deleted
    C:\WINDOWS\system32\vexga4me1.exe - Deleted
    C:\WINDOWS\system32\vexga5me3.exe - Deleted
    C:\WINDOWS\system32\vx.tll - Deleted
    C:\WINDOWS\system32\wincom32.ini - Deleted
    C:\WINDOWS\system32\wincom32.sys - Deleted
    C:\WINDOWS\system32\winsub.xml - Deleted
    C:\WINDOWS\xpupdate.exe - Deleted

    Could Not Remove C:\WINDOWS\services.dll

    Folder C:\Program Files\InetGet2 - Removed
    Folder C:\Program Files\Ipwindows - Removed
    Folder C:\WINDOWS\system32\msdrives - Removed

    Removing Temp Files...

    ADS Check:

    Checking if ADS is attached to system32 Folder
    C:\WINDOWS\system32
    :lzx32.sys 66604
    Total size: 66604 bytes.

    system32: deleted 66604 bytes in 1 streams.

    Checking for remaining Streams

    C:\WINDOWS\system32
    No streams found.

    Checking if ADS is attached to svchost.exe
    C:\WINDOWS\system32\svchost.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------


    Rootkit PE386 Found, Use a Rootkit scanner !

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


    Remaining Files:
    ---------------
    C:\WINDOWS\services.dll Found

    Backups Folder: - C:\SDFix\backups\backups.zip

    Checking For Files with Hidden Attributes:

    C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
    C:\Documents and Settings\leo\Mes documents\~WRL1470.tmp
    C:\Documents and Settings\leo\Mes documents\~WRL3430.tmp
    C:\WINDOWS\Temp\18467.tmp.LOG

    Finished

    le new hijackthis :




    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 18:36:35, on 19/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\tmrsrv32.exe
    C:\WINDOWS\system32\msorcl32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\WINDOWS\lclock.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HiJackThis_v2.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\system32\msdn_lib.dll
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {cccf6d69-f6f9-43f0-ae8e-0599c51ce36b} - C:\WINDOWS\system32\HPZwiz.dll
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\tmp214.tmp.dll
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SpyDawn] C:\Program Files\SpyDawn\SpyDawn.exe /h
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\leo\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\cbxvss.dll",realset
    O4 - HKLM\..\Run: [Svcs: Dnscache] C:\DOCUME~1\leo\LOCALS~1\Temp\13728\explorer.exe
    O4 - HKCU\..\Run: [LClock] lclock.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vexg6ame4.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O17 - HKLM\System\CCS\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6A048B58-CEE0-4122-8914-00B367ECA182}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C05A5D89-6849-4369-8238-BDD742C643C8}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DA19A283-64D0-4B56-9227-6ACFBC6E827C}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
    O17 - HKLM\System\CS1\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
    O17 - HKLM\System\CS2\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
    O17 - HKLM\System\CS3\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: HPZwiz - C:\WINDOWS\SYSTEM32\HPZwiz.dll
    O21 - SSODL: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - C:\WINDOWS\system32\xkrdk.dll (file missing)
    O21 - SSODL: CDRecorder036 - {A3BC5E20-0235-1ABF-9CE1-00AA00512036} - C:\WINDOWS\system32\glax32.dll
    O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - C:\WINDOWS\system32\ymbe.dll
    O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - C:\WINDOWS\system32\iaaqjbp.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - C:\WINDOWS\system32\xkrdk.dll (file missing)
    O22 - SharedTaskScheduler: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - C:\WINDOWS\system32\ymbe.dll
    O22 - SharedTaskScheduler: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - C:\WINDOWS\system32\iaaqjbp.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Documents and Settings\leo\Bureau\AVG Anti-Spyware 7.5\guard.exe (file missing)
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

    --
    End of file - 10111 bytes
    Contenus similaires
    a b 8 Sécurité
    19 Mai 2007 18:52:40

    Re,

    On continue.

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    19 Mai 2007 19:21:54

    voilou :

    "leo" - 2007-05-19 18:57:03 Service Pack 2
    ComboFix 07-05.19.5.V - Running from: "C:\Documents and Settings\leo\Bureau\"

    Rootkit driver pe386 is present. ... attempting disinfection
    pe386 ...... driver unloaded successfully.


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\HPZwiz.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\{363E8EF3-47B3-4B57-9B2F-84C3431C88A4}.exe
    C:\WINDOWS\system32\{389A47D7-517C-488D-8101-162D6394C21D}.exe
    C:\WINDOWS\system32\{832E42BC-ECB0-46B5-B7DA-857563D838A5}.exe
    C:\WINDOWS\system32\{FB238C25-1EED-4EC2-B9F3-FBF7D1DE5379}.exe
    C:\WINDOWS\764.exe
    C:\WINDOWS\system32\iaaqjbp.dll
    C:\WINDOWS\system32\ymbe.dll
    C:\DOCUME~1\leo\APPLIC~1\Microsoft\20509.dat
    C:\DOCUME~1\leo\APPLIC~1\Microsoft\60787.dat
    C:\WINDOWS\system32\tmp1FA.tmp.dll
    C:\WINDOWS\system32\tmp20E.tmp.dll
    C:\WINDOWS\system32\tmp214.tmp.dll
    C:\Documents and Settings\All Users.\documents\settings\desktop.ini
    C:\Program Files\bravesentry\BraveSentry.exe
    C:\Program Files\bravesentry\BraveSentry.lic
    C:\Program Files\bravesentry\BraveSentry0.bs
    C:\Program Files\bravesentry\BraveSentry0.dll
    C:\Program Files\bravesentry\BraveSentry1.bs
    C:\Program Files\bravesentry\BraveSentry2.dll
    C:\Program Files\bravesentry\BraveSentry3.dll
    C:\Program Files\bravesentry\Uninstall.exe
    C:\Program Files\internet security\isamini.exe
    C:\Program Files\internet security\ot.ico
    C:\Program Files\internet security\pmmnt.exe
    C:\Program Files\internet security\ts.ico
    C:\WINDOWS\iexplore.dll
    C:\WINDOWS\install.exe
    C:\WINDOWS\services.dll
    C:\WINDOWS\setup.exe
    C:\WINDOWS\system32\WinHealer.dll
    C:\WINDOWS\system32\lzx32.sys
    C:\Documents and Settings\All Users.\documents\settings
    C:\Program Files\bravesentry
    C:\Program Files\internet security
    C:\WINDOWS\system32.dll
    C:\WINDOWS\system32\windev-1491-5252.sys
    C:\WINDOWS\system32\windev-peers.ini


    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_DRIVERPP
    -------\driverpp
    -------\windev-1491-5252


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-19 ))))))))))))))))))))))))))))))))))


    2007-05-19 18:59 52,811 --a------ C:\WINDOWS\system32\csnpu.exe
    2007-05-19 17:50 786,622 --a------ C:\SDFix.exe
    2007-05-19 17:32 1,308,216 --a------ C:\HiJackThis_v2.exe
    2007-05-19 17:30 <REP> d-------- C:\WINDOWS\CSC
    2007-05-19 17:29 133,250 --a------ C:\WINDOWS\system32\alt.exe
    2007-05-19 17:27 18,432 --a------ C:\WINDOWS\sysrlb32.exe
    2007-05-19 17:26 24,570 --a------ C:\WINDOWS\b129.exe.bin
    2007-05-19 17:26 0 --a------ C:\WINDOWS\b136.exe.bin
    2007-05-19 17:16 1,632 --a------ C:\WINDOWS\system32\sqvxga6met3.exe
    2007-05-19 17:11 1,632 --a------ C:\WINDOWS\system32\sqvxga7met4.exe
    2007-05-19 17:10 1,632 --a------ C:\WINDOWS\system32\sqvx5gamet2.exe
    2007-05-19 17:09 15,867 --a------ C:\Program Files\veelcuygnui.exe
    2007-05-14 01:24 4 --a------ C:\WINDOWS\system32\stfv.bin
    2007-05-14 01:24 34,581 --a------ C:\WINDOWS\system32\jbrb32.dll
    2007-05-14 01:24 34,581 --a------ C:\WINDOWS\system32\glax32.dll
    2007-05-14 01:24 139,264 --a------ C:\WINDOWS\system32\windev-2f64-13a5.sys
    2007-05-14 01:24 12 --a------ C:\WINDOWS\system32\sl.bin
    2007-05-14 01:22 9,216 --a------ C:\WINDOWS\180ax.exe
    2007-05-14 01:22 8,704 --a------ C:\WINDOWS\salm.exe
    2007-05-14 01:22 34,581 --a------ C:\WINDOWS\system32\rxvbbz32.dll
    2007-05-14 01:22 32,256 --a------ C:\WINDOWS\2020search2.dll
    2007-05-14 01:22 31,744 --a------ C:\WINDOWS\system32\vxddsk.exe
    2007-05-14 01:22 31,488 --a------ C:\WINDOWS\system32\wml.exe
    2007-05-14 01:22 31,488 --a------ C:\WINDOWS\system32\MSIXU.DLL
    2007-05-14 01:22 30,208 --a------ C:\WINDOWS\stcloader.exe
    2007-05-14 01:22 29,952 --a------ C:\WINDOWS\bokja.exe
    2007-05-14 01:22 29,696 --a------ C:\WINDOWS\vxddsk.exe
    2007-05-14 01:22 29,184 --a------ C:\WINDOWS\swin32.dll
    2007-05-14 01:22 24,064 --a------ C:\WINDOWS\voiceip.dll
    2007-05-14 01:22 23,552 --a------ C:\WINDOWS\2020search.dll
    2007-05-14 01:22 23,296 --a------ C:\WINDOWS\system32\WER8274.DLL
    2007-05-14 01:22 21,504 --a------ C:\WINDOWS\updatetc.exe
    2007-05-14 01:22 21,504 --a------ C:\WINDOWS\system32\msdn_lib.dll
    2007-05-14 01:22 21,504 --a------ C:\WINDOWS\mssvr.exe
    2007-05-14 01:22 21,248 --a------ C:\WINDOWS\wml.exe
    2007-05-14 01:22 21,248 --a------ C:\WINDOWS\pbar.dll
    2007-05-14 01:22 20,992 --a------ C:\WINDOWS\bi.dll
    2007-05-14 01:22 20,736 --a------ C:\WINDOWS\satmat.exe
    2007-05-14 01:22 17,408 --a------ C:\WINDOWS\system32\tmrsrv32.exe
    2007-05-14 01:22 16,640 --a------ C:\WINDOWS\bjam.dll
    2007-05-14 01:22 15,872 --a------ C:\WINDOWS\saiemod.dll
    2007-05-14 01:22 15,616 --a------ C:\WINDOWS\flt.dll
    2007-05-14 01:22 14,592 --a------ C:\WINDOWS\mspphe.dll
    2007-05-14 01:22 13,568 --a------ C:\WINDOWS\Biprep.exe
    2007-05-14 01:22 12,544 --a------ C:\WINDOWS\SUSP.exe
    2007-05-14 01:22 11,776 --a------ C:\WINDOWS\7search.dll
    2007-05-14 01:22 10,752 --a------ C:\WINDOWS\cdsm32.dll
    2007-05-14 01:21 82,438 --a------ C:\WINDOWS\system32\msorcl32.exe
    2007-05-14 01:21 75,264 --a------ C:\WINDOWS\installer.exe
    2007-05-14 01:21 5,120 --a------ C:\WINDOWS\drv.sys
    2007-05-14 01:21 24,576 --a------ C:\winezxw.exe
    2007-05-14 01:21 16,896 --a------ C:\WINDOWS\snownoit.exe
    2007-05-14 01:21 15,867 --a------ C:\WINDOWS\alerter_snow.exe
    2007-05-14 01:21 15,867 --a------ C:\Program Files\zldt.exe
    2007-05-14 01:21 12,800 --a------ C:\WINDOWS\system32\wmvds32.dll
    2007-05-14 01:21 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
    2007-05-14 01:21 10,192 --a------ C:\WINDOWS\win32.exe
    2007-05-13 18:03 106,768 --a------ C:\WINDOWS\cbxvss.dll
    2007-04-26 23:20 <REP> d-------- C:\Program Files\SpyVampire
    2007-04-22 22:53 <REP> d-------- C:\DOCUME~1\leo\Mercury
    2007-04-22 22:50 <REP> d-------- C:\Program Files\Mercury


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-19 15:09:25 5,120 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
    2007-05-13 23:21:52 5,120 ----a-w C:\WINDOWS\system32\drivers\aec.sys
    2007-04-29 19:46:22 -------- d-----w C:\DOCUME~1\leo\APPLIC~1\Azureus
    2007-04-27 18:52:42 -------- d-----w C:\Program Files\eMule
    2007-04-26 16:06:34 -------- d-----w C:\DOCUME~1\leo\APPLIC~1\Image Zone Express
    2007-04-12 09:26:08 -------- d-----w C:\Program Files\MSN Messenger
    2007-03-25 12:58:55 49,460 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-03-25 12:58:55 370,562 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-03-15 15:20:17 81,920 ----a-w C:\WINDOWS\system32\W32N50.dll
    2007-03-15 15:20:17 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.sys
    2007-03-13 18:17:28 -------- d-----w C:\Program Files\PowerISO
    2007-03-13 18:17:28 -------- d-----w C:\Program Files\iTunes
    2007-02-25 20:24:58 2,704 ----a-w C:\WINDOWS\system32\tmp.reg
    2007-02-15 16:15:53 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 02:04]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 04:17]
    {7C2F2C76-1489-450D-B8FB-0B9692D788F9}=C:\WINDOWS\system32\msdn_lib.dll [2007-05-14 01:22]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-03-13 20:16]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-13 20:16]
    "SpyDawn"="C:\Program Files\SpyDawn\SpyDawn.exe" []
    "!AVG Anti-Spyware"="C:\Documents and Settings\leo\Bureau\AVG Anti-Spyware 7.5\avgas.exe" []
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 19:28]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-13 20:16]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LClock"="lclock.exe" []
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 20:24]
    "Service Pack 1"="C:\WINDOWS\system32\vexg6ame4.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "LSD_III"=%systemroot%\LSD\end.cmd
    "tscuninstall"=%systemroot%\system32\tscupgrd.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=1 (0x1)
    "ForceClassicControlPanel"=1 (0x1)
    "NoLowDiskSpaceChecks"=1 (0x1)
    "ClearRecentDocsOnExit"=64 (0x40)
    "NoSMBalloonTip"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{8329660f-e248-4872-98cc-fb9c4fec7ba8}"="C:\WINDOWS\system32\xkrdk.dll" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Documents and Settings\leo\Bureau\AVG Anti-Spyware 7.5\shellexecutehook.dll" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{8329660f-e248-4872-98cc-fb9c4fec7ba8}"="C:\WINDOWS\system32\xkrdk.dll" []
    "{A3BC5E20-0235-1ABF-9CE1-00AA00512036}"="C:\WINDOWS\system32\glax32.dll" [2007-05-14 01:24]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "System"="csnpu.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0
    Security Packages kerberos msv1_0 schannel wdigest
    Notification Packages scecli

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HTTPFilter HTTPFilter
    LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
    NetworkService DnsCache
    DcomLaunch DcomLaunch TermService
    rpcss RpcSs
    imgsvc StiSvc
    termsvcs TermService
    WudfServiceGroup WUDFSvc

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb21372e-a13c-11db-b6f3-00073a488e20}]
    Shell\AutoRun\command explorer.exe


    Contents of the 'Scheduled Tasks' folder
    2007-03-23 16:39:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-19 19:00:00
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-05-19 19:00:45 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-05-19 19:00


    --- E O F ---
    19 Mai 2007 19:25:13

    voilou :

    "leo" - 2007-05-19 18:57:03 Service Pack 2
    ComboFix 07-05.19.5.V - Running from: "C:\Documents and Settings\leo\Bureau\"

    Rootkit driver pe386 is present. ... attempting disinfection
    pe386 ...... driver unloaded successfully.


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\HPZwiz.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\{363E8EF3-47B3-4B57-9B2F-84C3431C88A4}.exe
    C:\WINDOWS\system32\{389A47D7-517C-488D-8101-162D6394C21D}.exe
    C:\WINDOWS\system32\{832E42BC-ECB0-46B5-B7DA-857563D838A5}.exe
    C:\WINDOWS\system32\{FB238C25-1EED-4EC2-B9F3-FBF7D1DE5379}.exe
    C:\WINDOWS\764.exe
    C:\WINDOWS\system32\iaaqjbp.dll
    C:\WINDOWS\system32\ymbe.dll
    C:\DOCUME~1\leo\APPLIC~1\Microsoft\20509.dat
    C:\DOCUME~1\leo\APPLIC~1\Microsoft\60787.dat
    C:\WINDOWS\system32\tmp1FA.tmp.dll
    C:\WINDOWS\system32\tmp20E.tmp.dll
    C:\WINDOWS\system32\tmp214.tmp.dll
    C:\Documents and Settings\All Users.\documents\settings\desktop.ini
    C:\Program Files\bravesentry\BraveSentry.exe
    C:\Program Files\bravesentry\BraveSentry.lic
    C:\Program Files\bravesentry\BraveSentry0.bs
    C:\Program Files\bravesentry\BraveSentry0.dll
    C:\Program Files\bravesentry\BraveSentry1.bs
    C:\Program Files\bravesentry\BraveSentry2.dll
    C:\Program Files\bravesentry\BraveSentry3.dll
    C:\Program Files\bravesentry\Uninstall.exe
    C:\Program Files\internet security\isamini.exe
    C:\Program Files\internet security\ot.ico
    C:\Program Files\internet security\pmmnt.exe
    C:\Program Files\internet security\ts.ico
    C:\WINDOWS\iexplore.dll
    C:\WINDOWS\install.exe
    C:\WINDOWS\services.dll
    C:\WINDOWS\setup.exe
    C:\WINDOWS\system32\WinHealer.dll
    C:\WINDOWS\system32\lzx32.sys
    C:\Documents and Settings\All Users.\documents\settings
    C:\Program Files\bravesentry
    C:\Program Files\internet security
    C:\WINDOWS\system32.dll
    C:\WINDOWS\system32\windev-1491-5252.sys
    C:\WINDOWS\system32\windev-peers.ini


    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_DRIVERPP
    -------\driverpp
    -------\windev-1491-5252


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-19 ))))))))))))))))))))))))))))))))))


    2007-05-19 18:59 52,811 --a------ C:\WINDOWS\system32\csnpu.exe
    2007-05-19 17:50 786,622 --a------ C:\SDFix.exe
    2007-05-19 17:32 1,308,216 --a------ C:\HiJackThis_v2.exe
    2007-05-19 17:30 <REP> d-------- C:\WINDOWS\CSC
    2007-05-19 17:29 133,250 --a------ C:\WINDOWS\system32\alt.exe
    2007-05-19 17:27 18,432 --a------ C:\WINDOWS\sysrlb32.exe
    2007-05-19 17:26 24,570 --a------ C:\WINDOWS\b129.exe.bin
    2007-05-19 17:26 0 --a------ C:\WINDOWS\b136.exe.bin
    2007-05-19 17:16 1,632 --a------ C:\WINDOWS\system32\sqvxga6met3.exe
    2007-05-19 17:11 1,632 --a------ C:\WINDOWS\system32\sqvxga7met4.exe
    2007-05-19 17:10 1,632 --a------ C:\WINDOWS\system32\sqvx5gamet2.exe
    2007-05-19 17:09 15,867 --a------ C:\Program Files\veelcuygnui.exe
    2007-05-14 01:24 4 --a------ C:\WINDOWS\system32\stfv.bin
    2007-05-14 01:24 34,581 --a------ C:\WINDOWS\system32\jbrb32.dll
    2007-05-14 01:24 34,581 --a------ C:\WINDOWS\system32\glax32.dll
    2007-05-14 01:24 139,264 --a------ C:\WINDOWS\system32\windev-2f64-13a5.sys
    2007-05-14 01:24 12 --a------ C:\WINDOWS\system32\sl.bin
    2007-05-14 01:22 9,216 --a------ C:\WINDOWS\180ax.exe
    2007-05-14 01:22 8,704 --a------ C:\WINDOWS\salm.exe
    2007-05-14 01:22 34,581 --a------ C:\WINDOWS\system32\rxvbbz32.dll
    2007-05-14 01:22 32,256 --a------ C:\WINDOWS\2020search2.dll
    2007-05-14 01:22 31,744 --a------ C:\WINDOWS\system32\vxddsk.exe
    2007-05-14 01:22 31,488 --a------ C:\WINDOWS\system32\wml.exe
    2007-05-14 01:22 31,488 --a------ C:\WINDOWS\system32\MSIXU.DLL
    2007-05-14 01:22 30,208 --a------ C:\WINDOWS\stcloader.exe
    2007-05-14 01:22 29,952 --a------ C:\WINDOWS\bokja.exe
    2007-05-14 01:22 29,696 --a------ C:\WINDOWS\vxddsk.exe
    2007-05-14 01:22 29,184 --a------ C:\WINDOWS\swin32.dll
    2007-05-14 01:22 24,064 --a------ C:\WINDOWS\voiceip.dll
    2007-05-14 01:22 23,552 --a------ C:\WINDOWS\2020search.dll
    2007-05-14 01:22 23,296 --a------ C:\WINDOWS\system32\WER8274.DLL
    2007-05-14 01:22 21,504 --a------ C:\WINDOWS\updatetc.exe
    2007-05-14 01:22 21,504 --a------ C:\WINDOWS\system32\msdn_lib.dll
    2007-05-14 01:22 21,504 --a------ C:\WINDOWS\mssvr.exe
    2007-05-14 01:22 21,248 --a------ C:\WINDOWS\wml.exe
    2007-05-14 01:22 21,248 --a------ C:\WINDOWS\pbar.dll
    2007-05-14 01:22 20,992 --a------ C:\WINDOWS\bi.dll
    2007-05-14 01:22 20,736 --a------ C:\WINDOWS\satmat.exe
    2007-05-14 01:22 17,408 --a------ C:\WINDOWS\system32\tmrsrv32.exe
    2007-05-14 01:22 16,640 --a------ C:\WINDOWS\bjam.dll
    2007-05-14 01:22 15,872 --a------ C:\WINDOWS\saiemod.dll
    2007-05-14 01:22 15,616 --a------ C:\WINDOWS\flt.dll
    2007-05-14 01:22 14,592 --a------ C:\WINDOWS\mspphe.dll
    2007-05-14 01:22 13,568 --a------ C:\WINDOWS\Biprep.exe
    2007-05-14 01:22 12,544 --a------ C:\WINDOWS\SUSP.exe
    2007-05-14 01:22 11,776 --a------ C:\WINDOWS\7search.dll
    2007-05-14 01:22 10,752 --a------ C:\WINDOWS\cdsm32.dll
    2007-05-14 01:21 82,438 --a------ C:\WINDOWS\system32\msorcl32.exe
    2007-05-14 01:21 75,264 --a------ C:\WINDOWS\installer.exe
    2007-05-14 01:21 5,120 --a------ C:\WINDOWS\drv.sys
    2007-05-14 01:21 24,576 --a------ C:\winezxw.exe
    2007-05-14 01:21 16,896 --a------ C:\WINDOWS\snownoit.exe
    2007-05-14 01:21 15,867 --a------ C:\WINDOWS\alerter_snow.exe
    2007-05-14 01:21 15,867 --a------ C:\Program Files\zldt.exe
    2007-05-14 01:21 12,800 --a------ C:\WINDOWS\system32\wmvds32.dll
    2007-05-14 01:21 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
    2007-05-14 01:21 10,192 --a------ C:\WINDOWS\win32.exe
    2007-05-13 18:03 106,768 --a------ C:\WINDOWS\cbxvss.dll
    2007-04-26 23:20 <REP> d-------- C:\Program Files\SpyVampire
    2007-04-22 22:53 <REP> d-------- C:\DOCUME~1\leo\Mercury
    2007-04-22 22:50 <REP> d-------- C:\Program Files\Mercury


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-19 15:09:25 5,120 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
    2007-05-13 23:21:52 5,120 ----a-w C:\WINDOWS\system32\drivers\aec.sys
    2007-04-29 19:46:22 -------- d-----w C:\DOCUME~1\leo\APPLIC~1\Azureus
    2007-04-27 18:52:42 -------- d-----w C:\Program Files\eMule
    2007-04-26 16:06:34 -------- d-----w C:\DOCUME~1\leo\APPLIC~1\Image Zone Express
    2007-04-12 09:26:08 -------- d-----w C:\Program Files\MSN Messenger
    2007-03-25 12:58:55 49,460 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-03-25 12:58:55 370,562 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-03-15 15:20:17 81,920 ----a-w C:\WINDOWS\system32\W32N50.dll
    2007-03-15 15:20:17 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.sys
    2007-03-13 18:17:28 -------- d-----w C:\Program Files\PowerISO
    2007-03-13 18:17:28 -------- d-----w C:\Program Files\iTunes
    2007-02-25 20:24:58 2,704 ----a-w C:\WINDOWS\system32\tmp.reg
    2007-02-15 16:15:53 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 02:04]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 04:17]
    {7C2F2C76-1489-450D-B8FB-0B9692D788F9}=C:\WINDOWS\system32\msdn_lib.dll [2007-05-14 01:22]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-03-13 20:16]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-13 20:16]
    "SpyDawn"="C:\Program Files\SpyDawn\SpyDawn.exe" []
    "!AVG Anti-Spyware"="C:\Documents and Settings\leo\Bureau\AVG Anti-Spyware 7.5\avgas.exe" []
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 19:28]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-13 20:16]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LClock"="lclock.exe" []
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 20:24]
    "Service Pack 1"="C:\WINDOWS\system32\vexg6ame4.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "LSD_III"=%systemroot%\LSD\end.cmd
    "tscuninstall"=%systemroot%\system32\tscupgrd.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=1 (0x1)
    "ForceClassicControlPanel"=1 (0x1)
    "NoLowDiskSpaceChecks"=1 (0x1)
    "ClearRecentDocsOnExit"=64 (0x40)
    "NoSMBalloonTip"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{8329660f-e248-4872-98cc-fb9c4fec7ba8}"="C:\WINDOWS\system32\xkrdk.dll" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Documents and Settings\leo\Bureau\AVG Anti-Spyware 7.5\shellexecutehook.dll" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{8329660f-e248-4872-98cc-fb9c4fec7ba8}"="C:\WINDOWS\system32\xkrdk.dll" []
    "{A3BC5E20-0235-1ABF-9CE1-00AA00512036}"="C:\WINDOWS\system32\glax32.dll" [2007-05-14 01:24]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "System"="csnpu.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0
    Security Packages kerberos msv1_0 schannel wdigest
    Notification Packages scecli

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HTTPFilter HTTPFilter
    LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
    NetworkService DnsCache
    DcomLaunch DcomLaunch TermService
    rpcss RpcSs
    imgsvc StiSvc
    termsvcs TermService
    WudfServiceGroup WUDFSvc

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb21372e-a13c-11db-b6f3-00073a488e20}]
    Shell\AutoRun\command explorer.exe


    Contents of the 'Scheduled Tasks' folder
    2007-03-23 16:39:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-19 19:00:00
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-05-19 19:00:45 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-05-19 19:00


    --- E O F ---
    a b 8 Sécurité
    19 Mai 2007 22:55:28

    Il a fait un bon ménage.
    Reposte un rapport Hijackthis.
    21 Mai 2007 14:34:52

    le nouveau hijackthis:


    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 14:34:16, on 21/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\tmrsrv32.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\WINDOWS\lclock.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\system32\msdn_lib.dll
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SpyDawn] C:\Program Files\SpyDawn\SpyDawn.exe /h
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\leo\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [LClock] lclock.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vexg6ame4.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O17 - HKLM\System\CCS\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6A048B58-CEE0-4122-8914-00B367ECA182}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C05A5D89-6849-4369-8238-BDD742C643C8}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DA19A283-64D0-4B56-9227-6ACFBC6E827C}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
    O17 - HKLM\System\CS1\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
    O17 - HKLM\System\CS2\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
    O17 - HKLM\System\CS3\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
    O20 - AppInit_DLLs:
    O21 - SSODL: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - C:\WINDOWS\system32\xkrdk.dll (file missing)
    O21 - SSODL: CDRecorder036 - {A3BC5E20-0235-1ABF-9CE1-00AA00512036} - C:\WINDOWS\system32\glax32.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - C:\WINDOWS\system32\xkrdk.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Documents and Settings\leo\Bureau\AVG Anti-Spyware 7.5\guard.exe (file missing)
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    24 Mai 2007 18:01:08

    voila avec la version
    Logfile of HijackThis v1.99.1
    Scan saved at 17:58:30, on 24/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\tmrsrv32.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\WINDOWS\lclock.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Guitar Pro 5\GP5.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Documents and Settings\leo\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\system32\msdn_lib.dll
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SpyDawn] C:\Program Files\SpyDawn\SpyDawn.exe /h
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\leo\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [LClock] lclock.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vexg6ame4.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O17 - HKLM\System\CCS\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6A048B58-CEE0-4122-8914-00B367ECA182}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C05A5D89-6849-4369-8238-BDD742C643C8}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DA19A283-64D0-4B56-9227-6ACFBC6E827C}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
    O17 - HKLM\System\CS1\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
    O17 - HKLM\System\CS2\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
    O17 - HKLM\System\CS3\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs:
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - C:\WINDOWS\system32\xkrdk.dll (file missing)
    O21 - SSODL: CDRecorder036 - {A3BC5E20-0235-1ABF-9CE1-00AA00512036} - C:\WINDOWS\system32\glax32.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Documents and Settings\leo\Bureau\AVG Anti-Spyware 7.5\guard.exe (file missing)
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    a b 8 Sécurité
    24 Mai 2007 18:47:32

    Re,

    Imprime ces instructions si nécessaire car il va y avoir un redémarrage de l'ordinateur.

    Télécharge le FixWareout (de LonnyRJones) d'un de ces deux sites sur le bureau:
    **Si le lien ne fonctionne pas, clique ici**

    Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
    Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

    Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Do a System Only puis coche les lignes suivantes :

    O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6A048B58-CEE0-4122-8914-00B367ECA182}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C05A5D89-6849-4369-8238-BDD742C643C8}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DA19A283-64D0-4B56-9227-6ACFBC6E827C}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
    O17 - HKLM\System\CS1\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
    O17 - HKLM\System\CS2\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
    O17 - HKLM\System\CS3\Services\Tcpip\..\{19BB5CBF-456E-47EC-8016-4B664558E8D1}: NameServer = 85.255.113.150,85.255.112.233
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
    O21 - SSODL: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - C:\WINDOWS\system32\xkrdk.dll (file missing)


    Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.

    A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

    Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis.
    25 Mai 2007 16:07:40

    le report fixwareout :



    Fixwareout Last edited 5/15/2007
    Post this report in the forums please
    ...
    »»»»»Prerun check

    »»»»»

    »»»»» Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"="csmbp.exe"
    ....
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "0mdm" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "2mdm" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1mdm" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "3mdm" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}5CAA06E95489-07DA-8794-3E31-6167C177{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}5A838D365758-AD7B-5B64-0BCE-CB24E238{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}4A88C1343C48-F2B9-75B4-3B74-3FE8E363{" Deleted
    C:\WINDOWS\System32\klqgc.exe Deleted
    C:\WINDOWS\System32\rrcve.exe Deleted
    C:\WINDOWS\System32\vhyyh.exe Deleted
    ....
    »»»»» Misc files.
    C:\Program Files\SpyVampire Deleted
    ....
    »»»»» Checking for older varients.
    ....

    Search five digit cs, dm, kd, jb, other, files.
    The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

    FINDSTRÿ: Impossible d'ouvrir C:\WINDOWS\System32\csmbp.exe
    C:\WINDOWS\system32\csmbp.exe 52811 06/04/2007

    Click browse, find the file then click submit.
    http://www.virustotal.com/flash/index_en.html
    Or http://virusscan.jotti.org/

    »»»»» Other

    »»»»» Current runs
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
    "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "SpyDawn"="C:\\Program Files\\SpyDawn\\SpyDawn.exe /h"
    "!AVG Anti-Spyware"="\"C:\\Documents and Settings\\leo\\Bureau\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LClock"="lclock.exe"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "Service Pack 1"="C:\\WINDOWS\\system32\\vexg6ame4.exe"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it
    »»»»» End report »»»»»

    le nouveau hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 16:07:23, on 25/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\tmrsrv32.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\WINDOWS\lclock.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Documents and Settings\leo\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SpyDawn] C:\Program Files\SpyDawn\SpyDawn.exe /h
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\leo\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [LClock] lclock.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vexg6ame4.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs:
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: CDRecorder036 - {A3BC5E20-0235-1ABF-9CE1-00AA00512036} - C:\WINDOWS\system32\glax32.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Documents and Settings\leo\Bureau\AVG Anti-Spyware 7.5\guard.exe (file missing)
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    a b 8 Sécurité
    25 Mai 2007 18:04:34

    J'ai envie de vérifier quelque chose avec SDFix.

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

    Redémarre en mode sans échec

  • Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS