Se connecter / S'enregistrer
Votre question

Infecté par winantivirus, drivecleaner and co...[résolu!]

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Avril 2007 19:58:40

Bonjour à tous!

Mon PC est surinfecté par drivecleaner, winantivirus, et autres pop-ups fort désagréables!!!!
Impossible de m'en débarasser, ca revient toujours après mes analyses spybot et adaware, et dés que je lance une page internet.
Avant que je lance l'ordi par la fenêtre, pourriez vous me venir en aide?
Merci d'avance, voila mon rapport hijackthis.



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:59:21, on 15/04/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eric MORANGE\Bureau\VundoFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eric MORANGE\Bureau\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planetis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {8528BD1A-4D94-4D49-BCAA-0E098E80F02F} - C:\WINDOWS\system32\fccyyxu.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {97D8A8C7-CA24-41BB-AFBA-98C63A3166AE} - C:\WINDOWS\System32\awvvv.dll (file missing)
O2 - BHO: (no name) - {9E850E3D-4CC2-44DD-BCFC-E0FC5C8C74A9} - C:\WINDOWS\System32\awtst.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FCE0421E-A3A1-44BA-A7EC-8FAFDAE5F8BC} - C:\WINDOWS\System32\gebcb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: officejet 6100.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.planetis.com/
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.c...
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA497} - https://activation.club-internet.fr/wizlet/clubinternet...
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.c...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/31a6e1ee318159719506/netzip...
O20 - Winlogon Notify: awtst - C:\WINDOWS\System32\awtst.dll
O20 - Winlogon Notify: fccyyxu - C:\WINDOWS\SYSTEM32\fccyyxu.dll
O20 - Winlogon Notify: khffgec - C:\WINDOWS\SYSTEM32\khffgec.dll
O20 - Winlogon Notify: ljjjjih - C:\WINDOWS\SYSTEM32\ljjjjih.dll
O20 - Winlogon Notify: pmnkiih - C:\WINDOWS\SYSTEM32\pmnkiih.dll
O20 - Winlogon Notify: ssqpnmk - C:\WINDOWS\SYSTEM32\ssqpnmk.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 11990 bytes

Configuration: Windows XP
Internet Explorer 6.0

Autres pages sur : infecte winantivirus drivecleaner and resolu

a b 8 Sécurité
16 Avril 2007 20:11:09

Bonjour,

C'est une infection Vundo.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    16 Avril 2007 20:44:06

    Merci de ton aide ! :bounce: 

    Voilà le rapport Vundo:

    VundoFix V6.3.19

    Checking Java version...

    Java version is 1.5.0.11

    Scan started at 19:36:24 15/04/2007

    Listing files found while scanning....

    C:\WINDOWS\System32\bcbeg.bak1
    C:\WINDOWS\System32\bcbeg.bak2
    C:\WINDOWS\System32\bcbeg.ini
    C:\WINDOWS\System32\bcbeg.ini2
    C:\WINDOWS\System32\bcbeg.tmp
    C:\WINDOWS\system32\cchtfdky.dll
    C:\WINDOWS\system32\csleescr.dll
    C:\WINDOWS\system32\cwaireyv.dll
    C:\WINDOWS\system32\fulvnyos.dll
    C:\WINDOWS\System32\gebcb.dll
    C:\WINDOWS\system32\jcfrtcyt.dll
    C:\WINDOWS\system32\nbtgtich.dll
    C:\WINDOWS\system32\nfkuajbd.dll
    C:\WINDOWS\system32\qducbpsg.dll
    C:\WINDOWS\system32\sktwreoi.dll
    C:\WINDOWS\system32\xpcgnafy.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\System32\bcbeg.bak1
    C:\WINDOWS\System32\bcbeg.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\System32\bcbeg.bak2
    C:\WINDOWS\System32\bcbeg.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\System32\bcbeg.ini
    C:\WINDOWS\System32\bcbeg.ini Has been deleted!

    Attempting to delete C:\WINDOWS\System32\bcbeg.ini2
    C:\WINDOWS\System32\bcbeg.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\System32\bcbeg.tmp
    C:\WINDOWS\System32\bcbeg.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cchtfdky.dll
    C:\WINDOWS\system32\cchtfdky.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\csleescr.dll
    C:\WINDOWS\system32\csleescr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cwaireyv.dll
    C:\WINDOWS\system32\cwaireyv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fulvnyos.dll
    C:\WINDOWS\system32\fulvnyos.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\gebcb.dll
    C:\WINDOWS\System32\gebcb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jcfrtcyt.dll
    C:\WINDOWS\system32\jcfrtcyt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nbtgtich.dll
    C:\WINDOWS\system32\nbtgtich.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nfkuajbd.dll
    C:\WINDOWS\system32\nfkuajbd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qducbpsg.dll
    C:\WINDOWS\system32\qducbpsg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\sktwreoi.dll
    C:\WINDOWS\system32\sktwreoi.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xpcgnafy.dll
    C:\WINDOWS\system32\xpcgnafy.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.19

    Checking Java version...

    Java version is 1.5.0.11

    Scan started at 20:51:33 15/04/2007

    Listing files found while scanning....

    C:\WINDOWS\System32\awvvv.dll
    C:\WINDOWS\system32\claqrmlx.dll
    C:\WINDOWS\System32\vvvwa.bak1
    C:\WINDOWS\System32\vvvwa.ini

    Beginning removal...

    Attempting to delete C:\WINDOWS\System32\awvvv.dll
    C:\WINDOWS\System32\awvvv.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\claqrmlx.dll
    C:\WINDOWS\system32\claqrmlx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\vvvwa.bak1
    C:\WINDOWS\System32\vvvwa.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\System32\vvvwa.ini
    C:\WINDOWS\System32\vvvwa.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\System32\awvvv.dll
    C:\WINDOWS\System32\awvvv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\vvvwa.ini
    C:\WINDOWS\System32\vvvwa.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.19

    Checking Java version...

    Java version is 1.5.0.11

    Scan started at 22:49:33 15/04/2007

    Listing files found while scanning....

    C:\WINDOWS\System32\awtst.dll
    C:\WINDOWS\system32\mleiwnok.dll
    C:\WINDOWS\System32\tstwa.bak1
    C:\WINDOWS\System32\tstwa.ini

    Beginning removal...

    VundoFix V6.3.19

    Checking Java version...

    Java version is 1.5.0.11

    Scan started at 12:56:56 16/04/2007

    Listing files found while scanning....

    C:\WINDOWS\System32\awtst.dll
    C:\WINDOWS\system32\mleiwnok.dll
    C:\WINDOWS\System32\tstwa.bak1
    C:\WINDOWS\System32\tstwa.ini

    Beginning removal...

    Attempting to delete C:\WINDOWS\System32\awtst.dll
    C:\WINDOWS\System32\awtst.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mleiwnok.dll
    C:\WINDOWS\system32\mleiwnok.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\tstwa.bak1
    C:\WINDOWS\System32\tstwa.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\System32\tstwa.ini
    C:\WINDOWS\System32\tstwa.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.19

    Checking Java version...

    Java version is 1.5.0.11

    Scan started at 20:12:52 16/04/2007

    Listing files found while scanning....

    C:\WINDOWS\System32\mpqss.bak1
    C:\WINDOWS\System32\mpqss.ini
    C:\WINDOWS\system32\rhmhfdwx.dll
    C:\WINDOWS\System32\ssqpm.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\System32\mpqss.bak1
    C:\WINDOWS\System32\mpqss.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\System32\mpqss.ini
    C:\WINDOWS\System32\mpqss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rhmhfdwx.dll
    C:\WINDOWS\system32\rhmhfdwx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\ssqpm.dll
    C:\WINDOWS\System32\ssqpm.dll Has been deleted!

    Performing Repairs to the registry.
    Done!



    et le rapport hijackthis:
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 20:41:57, on 16/04/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Apps\ActivBoard\nhksrv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Apps\ActivBoard\MMKeybd.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\System32\WDBtnMgr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\system32\slserv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Apps\ActivBoard\TrayMon.exe
    C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
    C:\Apps\ActivBoard\OSD.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Eric MORANGE\Bureau\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planetis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {525427C8-DE02-41D2-834E-F9C34E12DF6D} - C:\WINDOWS\System32\awtst.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7C76FC9E-AA43-4F67-BE0A-78E9A3CE5E32} - C:\WINDOWS\System32\ssqpm.dll (file missing)
    O2 - BHO: (no name) - {8528BD1A-4D94-4D49-BCAA-0E098E80F02F} - C:\WINDOWS\system32\fccyyxu.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {97D8A8C7-CA24-41BB-AFBA-98C63A3166AE} - C:\WINDOWS\System32\awvvv.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O2 - BHO: (no name) - {FCE0421E-A3A1-44BA-A7EC-8FAFDAE5F8BC} - C:\WINDOWS\System32\gebcb.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O4 - Global Startup: officejet 6100.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.planetis.com/
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.c...
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA497} - https://activation.club-internet.fr/wizlet/clubinternet...
    O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.c...
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/31a6e1ee318159719506/netzip...
    O20 - Winlogon Notify: fccyyxu - C:\WINDOWS\SYSTEM32\fccyyxu.dll
    O20 - Winlogon Notify: khffgec - C:\WINDOWS\SYSTEM32\khffgec.dll
    O20 - Winlogon Notify: ljjjjih - C:\WINDOWS\SYSTEM32\ljjjjih.dll
    O20 - Winlogon Notify: pmnkiih - C:\WINDOWS\SYSTEM32\pmnkiih.dll
    O20 - Winlogon Notify: ssqpnmk - C:\WINDOWS\SYSTEM32\ssqpnmk.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
    O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

    --
    End of file - 11704 bytes
    Contenus similaires
    16 Avril 2007 21:14:14

    C'est fait!
    Que puis-je faire ensuite?
    Merci d'avance

    Estelle
    a b 8 Sécurité
    16 Avril 2007 21:21:39

    Re,

    Télécharge Combofix
    Sauvegarde-le sur ton Bureau et pas ailleurs !

    Clique sur le menu Démarrer puis Executer, copie/colle ceci :
    "%userprofile%\Bureau\combofix.exe" /v fccyyxu khffgec ljjjjih pmnkiih ssqpnmk
    Clique sur [OK]. Suis les invites.

    Attends que Combofix ait terminé, un rapport sera créé. Poste le rapport.
    16 Avril 2007 21:55:11

    Voilà le rapport chef:

    "Eric MORANGE" - 07-04-16 21:26:24 Service Pack 1
    ComboFix 07-04-16.3.V - Running from: C:\Documents and Settings\Eric MORANGE\Bureau\
    Command switches used :: /v fccyyxu khffgec ljjjjih pmnkiih ssqpnmk


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\khffgec.dll
    C:\WINDOWS\system32\ljjjjih.dll
    C:\WINDOWS\system32\pmnkiih.dll
    C:\WINDOWS\system32\ssqpnmk.dll
    C:\WINDOWS\system32\dqxmbcai.dll
    C:\WINDOWS\system32\vturr.dll
    C:\WINDOWS\system32\awtustt.dll
    C:\WINDOWS\system32\gebbbca.dll
    C:\WINDOWS\system32\khfdefg.dll
    C:\WINDOWS\system32\khfgffg.dll
    C:\WINDOWS\system32\ljjgdby.dll
    C:\WINDOWS\system32\ljjgfgd.dll
    C:\WINDOWS\system32\mljkhge.dll
    C:\WINDOWS\system32\opnoolj.dll
    C:\WINDOWS\system32\ssqnkkh.dll
    C:\WINDOWS\system32\ssqqpnl.dll
    C:\WINDOWS\system32\tuvsrro.dll
    C:\WINDOWS\system32\urqrppn.dll
    C:\WINDOWS\system32\yayyaaa.dll
    C:\WINDOWS\system32\kmllm.bak1
    C:\WINDOWS\system32\kmllm.ini
    C:\WINDOWS\system32\rrutv.ini
    C:\WINDOWS\system32\mllmk.dll
    C:\WINDOWS\system32\fccyyxu.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\install.log
    C:\WINDOWS\pp.exe


    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\NPF


    ((((((((((((((((((((((((((((((( Files Created from 2007-03-16 to 2007-04-16 ))))))))))))))))))))))))))))))))))


    2007-04-16 21:07 <REP> d-------- C:\Program Files\Sunbelt Software
    2007-04-15 20:47 97,280 --a------ C:\VundoFix.exe
    2007-04-15 20:47 <REP> d-------- C:\MSNFix
    2007-04-15 20:47 <REP> d-------- C:\GenProc
    2007-04-15 20:47 <REP> d-------- C:\CCleaner
    2007-04-15 20:39 <REP> C:\DOCUME~1\ADMINI~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
    2007-04-15 20:36 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-04-15 20:36 <REP> dr------- C:\DOCUME~1\ADMINI~1\Mes documents
    2007-04-15 20:36 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
    2007-04-15 20:36 <REP> dr------- C:\DOCUME~1\ADMINI~1\Favoris
    2007-04-15 20:36 <REP> dr------- C:\DOCUME~1\ADMINI~1\Bureau
    2007-04-15 20:36 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
    2007-04-15 20:36 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
    2007-04-15 20:36 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
    2007-04-15 20:36 <REP> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
    2007-04-15 20:36 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust
    2007-04-15 20:36 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
    2007-04-15 20:33 <REP> d-------- C:\WINDOWS\pss
    2007-04-15 19:36 <REP> d-------- C:\VundoFix Backups
    2007-04-15 12:14 <REP> d-------- C:\!KillBox
    2007-04-14 22:27 <REP> d-------- C:\Program Files\ToniArts
    2007-04-05 08:57 47,616 --a------ C:\WINDOWS\sqlserver.dll
    2007-03-24 23:22 <REP> d-------- C:\DOCUME~1\ced\APPLIC~1\Nikon
    2007-03-16 09:56 72,496 --a------ C:\WINDOWS\system32\drivers\khips.sys
    2007-03-16 09:56 302,000 --a------ C:\WINDOWS\system32\drivers\fwdrv.sys


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-04-15 22:24 63854 --a--c--- C:\WINDOWS\system32\perfc00c.dat
    2007-04-15 22:24 445434 --a--c--- C:\WINDOWS\system32\perfh00c.dat
    2007-04-14 22:27 -------- d--h----- C:\Program Files\installshield installation information
    2007-04-11 22:14 -------- d-------- C:\Program Files\winamp
    2007-04-09 20:38 -------- d-------- C:\Program Files\shareaza
    2007-04-09 20:38 -------- d-------- C:\Program Files\morpheus
    2007-03-28 16:01 -------- d-------- C:\Program Files\java
    2007-02-23 15:52 -------- d-------- C:\Program Files\Fichiers communs\xing shared
    2007-02-16 20:15 87608 --a------ C:\DOCUME~1\ERICMO~1\APPLIC~1\ezpinst.exe
    2007-02-16 20:15 47360 --a------ C:\DOCUME~1\ERICMO~1\APPLIC~1\pcouffin.sys
    2007-02-16 20:15 33 --a------ C:\DOCUME~1\ERICMO~1\APPLIC~1\pcouffin.log
    2007-02-16 20:15 1144 --a------ C:\DOCUME~1\ERICMO~1\APPLIC~1\pcouffin.inf
    2007-02-16 20:15 1074 --a------ C:\DOCUME~1\ERICMO~1\APPLIC~1\pcouffin.cat
    2007-02-16 20:09 -------- d-------- C:\Program Files\google
    2007-02-16 20:05 94080 --a------ C:\DOCUME~1\ERICMO~1\APPLIC~1\ezplay.sys
    2007-02-16 20:05 7812 --a------ C:\DOCUME~1\ERICMO~1\APPLIC~1\ezplay.cat
    2007-02-16 20:05 33 --a------ C:\DOCUME~1\ERICMO~1\APPLIC~1\yuljgbls.log
    2007-02-16 20:05 1104 --a------ C:\DOCUME~1\ERICMO~1\APPLIC~1\yuljgbls.inf
    2007-02-02 19:09 125 --a------ C:\DOCUME~1\ERICMO~1\APPLIC~1\yuljgbls.ini
    2007-01-31 15:47 0 --a------ C:\WINDOWS\nsreg.dat
    2007-01-31 15:45 3431 --a------ C:\WINDOWS\mozver.dat


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [x]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    {525427C8-DE02-41D2-834E-F9C34E12DF6D} C:\WINDOWS\System32\awtst.dll [x]
    {53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    {7C76FC9E-AA43-4F67-BE0A-78E9A3CE5E32} C:\WINDOWS\System32\ssqpm.dll [x]
    {9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    {97D8A8C7-CA24-41BB-AFBA-98C63A3166AE} C:\WINDOWS\System32\awvvv.dll [x]
    {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    {CC01AF1A-C1EF-4158-91B1-0FAE6271D67C} C:\WINDOWS\System32\mllmk.dll [x]
    {FCE0421E-A3A1-44BA-A7EC-8FAFDAE5F8BC} C:\WINDOWS\System32\gebcb.dll [x]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "AtiPTA"="atiptaxx.exe"
    "EM_EXEC"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
    "ACTIVBOARD"="C:\\Apps\\ActivBoard\\MMKeybd.exe"
    "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
    "ActivSurf"="C:\\apps\\ActivSurf\\4448364\\Program\\backweb-4448364.exe"
    "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
    "WD Button Manager"="WDBtnMgr.exe"
    "StandardInstall"=""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1106163164.job

    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    ? [2488]

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    scan completed successfully
    hidden processes: 1
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-04-16 21:52:40 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 07-04-16 21:52

    C:\WINDOWS\$hf_mig$\KB840987\SP1QFE\winlogon.exe - F5D97F77AC97B244FF33280154186065
    C:\WINDOWS\$hf_mig$\KB840987\SP1QFE\user32.dll - 0118C8AD7AFB81AD9D5E3A1794E8EB78
    C:\WINDOWS\$hf_mig$\KB841533\SP1QFE\winlogon.exe - F5D97F77AC97B244FF33280154186065
    C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll - 0DF75FB73F705B011630159A43D7C354
    C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll - C34920EB988CE98910BD6B0417F334EB
    C:\WINDOWS\$NtUninstallKB840987$\user32.dll - 0ABF2F5280940D32D1D52BD3500B0C37
    C:\WINDOWS\$NtUninstallKB840987_RTM$\user32.dll - 0116F8B66043084912D4CEB1C3ABF1E2
    C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe - 71820BC9EE6653C8748922459DFC384D
    C:\WINDOWS\$NtUninstallKB841533_RTM$\winlogon.exe - 7486A7D62930D64E83CD847C3C69E7CC
    C:\WINDOWS\$NtUninstallKB890859$\user32.dll - 0118C8AD7AFB81AD9D5E3A1794E8EB78
    C:\WINDOWS\$NtUninstallKB914388$\ws2_32.dll - 20C6D9F9522DDA0F9A8E4B8641CA9245
    C:\WINDOWS\$NtUninstallKB922819$\ws2_32.dll - 93307E5F8389A7474511DC51165694E5
    C:\WINDOWS\ServicePackFiles\i386\winlogon.exe - 71820BC9EE6653C8748922459DFC384D
    C:\WINDOWS\ServicePackFiles\i386\user32.dll - 0ABF2F5280940D32D1D52BD3500B0C37
    C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\winlogon.exe - 123EEA158F74D0F67A51DCDF065D1091
    C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ws2_32.dll - EED74B969B2CA1ACC558FF60FB420E28
    C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\user32.dll - 61C8C283AD063BB697AE61A155C64A5A
    C:\WINDOWS\SoftwareDistribution\Download\b3d62539e3338b3e6aca7b80247f201f\sp1qfe\ws2_32.dll - 7279695B154A49550F675A985265B00A
    C:\WINDOWS\system32\winlogon.exe - F5D97F77AC97B244FF33280154186065
    C:\WINDOWS\system32\ws2_32.dll - 7279695B154A49550F675A985265B00A
    C:\WINDOWS\system32\user32.dll - 6EEF91AD23C3474C934174D11C6DA321
    C:\WINDOWS\system32\dllcache\ws2_32.dll - 7279695B154A49550F675A985265B00A
    a b 8 Sécurité
    16 Avril 2007 21:55:53

    Reposte un rapport Hijackthis stp.
    16 Avril 2007 21:58:38

    c'est parti:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 21:58:33, on 16/04/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Apps\ActivBoard\nhksrv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\atiptaxx.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Apps\ActivBoard\MMKeybd.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\System32\WDBtnMgr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Apps\ActivBoard\TrayMon.exe
    C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
    C:\Apps\ActivBoard\OSD.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Eric MORANGE\Bureau\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planetis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {525427C8-DE02-41D2-834E-F9C34E12DF6D} - C:\WINDOWS\System32\awtst.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7C76FC9E-AA43-4F67-BE0A-78E9A3CE5E32} - C:\WINDOWS\System32\ssqpm.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {97D8A8C7-CA24-41BB-AFBA-98C63A3166AE} - C:\WINDOWS\System32\awvvv.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O2 - BHO: (no name) - {CC01AF1A-C1EF-4158-91B1-0FAE6271D67C} - C:\WINDOWS\System32\mllmk.dll (file missing)
    O2 - BHO: (no name) - {FCE0421E-A3A1-44BA-A7EC-8FAFDAE5F8BC} - C:\WINDOWS\System32\gebcb.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O4 - Global Startup: officejet 6100.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.planetis.com/
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.c...
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA497} - https://activation.club-internet.fr/wizlet/clubinternet...
    O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.c...
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/31a6e1ee318159719506/netzip...
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
    O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

    --
    End of file - 11638 bytes
    16 Avril 2007 22:02:23

    oki,


    Logfile of HijackThis v1.99.1
    Scan saved at 22:02:12, on 16/04/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Apps\ActivBoard\nhksrv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\atiptaxx.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Apps\ActivBoard\MMKeybd.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\System32\WDBtnMgr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Apps\ActivBoard\TrayMon.exe
    C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
    C:\Apps\ActivBoard\OSD.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Eric MORANGE\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planetis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {525427C8-DE02-41D2-834E-F9C34E12DF6D} - C:\WINDOWS\System32\awtst.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7C76FC9E-AA43-4F67-BE0A-78E9A3CE5E32} - C:\WINDOWS\System32\ssqpm.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: (no name) - {97D8A8C7-CA24-41BB-AFBA-98C63A3166AE} - C:\WINDOWS\System32\awvvv.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O2 - BHO: (no name) - {CC01AF1A-C1EF-4158-91B1-0FAE6271D67C} - C:\WINDOWS\System32\mllmk.dll (file missing)
    O2 - BHO: (no name) - {FCE0421E-A3A1-44BA-A7EC-8FAFDAE5F8BC} - C:\WINDOWS\System32\gebcb.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O4 - Global Startup: officejet 6100.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.planetis.com/
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.c...
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA497} - https://activation.club-internet.fr/wizlet/clubinternet...
    O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.c...
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/31a6e1ee318159719506/netzip...
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    a b 8 Sécurité
    16 Avril 2007 22:05:11

    Re,

    - Lance Hijackthis ->Do a system scan only
    ->Coche les lignes ci-dessous :

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O2 - BHO: (no name) - {525427C8-DE02-41D2-834E-F9C34E12DF6D} - C:\WINDOWS\System32\awtst.dll (file missing)
    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
    O2 - BHO: (no name) - {7C76FC9E-AA43-4F67-BE0A-78E9A3CE5E32} - C:\WINDOWS\System32\ssqpm.dll (file missing)
    O2 - BHO: (no name) - {97D8A8C7-CA24-41BB-AFBA-98C63A3166AE} - C:\WINDOWS\System32\awvvv.dll (file missing)
    O2 - BHO: (no name) - {CC01AF1A-C1EF-4158-91B1-0FAE6271D67C} - C:\WINDOWS\System32\mllmk.dll (file missing)
    O2 - BHO: (no name) - {FCE0421E-A3A1-44BA-A7EC-8FAFDAE5F8BC} - C:\WINDOWS\System32\gebcb.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/ [...] comInt.cab
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

    Clique sur Fix checked (en bas à gauche)

    ----------
    -> Démarrer
    -> Exécuter...
    Tape Services.msc puis valide
    Double clique sur Boonty Games
    Type de démarrage : "Désactiver"
    Clique en bas sur "Arrêter"
    Valide les changements.
    -----
    Ouvre Hijackthis puis:
    -> Open the Misc Tools Section
    -> Delete an NT Service
    Tape BOONTY puis valide.
    ----------

    Supprime ce dossier :
    C:\Program Files\Fichiers communs\BOONTY Shared
    16 Avril 2007 22:18:46

    Alors, j'ai fait les manips demandées.
    qques précisions: le type de démarrage était déjà "desactiver" pour Boonty games et je ne pouvais pas cliquer sur "Arreter" (c'etait grisé)

    Quand j'ai voulu supprimé BOONTY ac hijackthis, il ne l'a pas trouvé

    J'ai néanmoins supprimé le dossier Boonty Shared.
    Merci de ton aide en tt K!

    Je te redonne un rapport hijackthis:
    Logfile of HijackThis v1.99.1
    Scan saved at 22:18:39, on 16/04/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Apps\ActivBoard\MMKeybd.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\System32\WDBtnMgr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Apps\ActivBoard\nhksrv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    C:\Apps\ActivBoard\TrayMon.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Apps\ActivBoard\OSD.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Eric MORANGE\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planetis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O4 - Global Startup: officejet 6100.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.planetis.com/
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.c...
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA497} - https://activation.club-internet.fr/wizlet/clubinternet...
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/31a6e1ee318159719506/netzip...
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


    a b 8 Sécurité
    16 Avril 2007 22:23:28

    Re,

    Télécharge Clean.zip (de Malekal),
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.

    16 Avril 2007 22:26:09

    voilou:
    16/04/2007 a 22:25:03,03

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32
    C:\WINDOWS\system32\c3.exe FOUND
    C:\WINDOWS\system32\mcrh.tmp FOUND
    C:\WINDOWS\system32\SpoonUninstall.exe FOUND
    C:\WINDOWS\system32\ustart.exe FOUND
    "C:\Documents and Settings\Eric MORANGE\Application Data\ezpinst.exe" FOUND

    *** Recherche des fichiers dans C:\Program Files
    *** Fin du rapport !
    a b 8 Sécurité
    16 Avril 2007 22:27:15

    Re,

    Télécharge puis installe AVG Anti-Spyware (AVG AS)
    Fais les mises à jour mais ne lance pas de scan pour le moment.
    AIDE : Tuto sur AVG Anti-Spyware (Malekal)

    Redémarre en mode sans échec

    Relance AVG AS :
    - Choisis l'onglet "Analyse"
    - Puis l'onglet "Paramètres"
    - Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
    - Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    [#ff0000]Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"[/#f]

    Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
    Enregistre ce fichier texte sur ton bureau.

    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 2 puis patiente.

    Redémarre normalement
    Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.

    Poste le rapport clean : C:\rapport_clean.txt
    a b 8 Sécurité
    16 Avril 2007 22:41:57

    Re,

    Télécharge puis installe AVG Anti-Spyware (AVG AS)
    Fais les mises à jour mais ne lance pas de scan pour le moment.
    AIDE : Tuto sur AVG Anti-Spyware (Malekal)

    Redémarre en mode sans échec

    Relance AVG AS :
    - Choisis l'onglet "Analyse"
    - Puis l'onglet "Paramètres"
    - Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
    - Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    [#ff0000]Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"[/#f]

    Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
    Enregistre ce fichier texte sur ton bureau.

    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 2 puis patiente.

    Redémarre normalement
    Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.

    Poste le rapport clean : C:\rapport_clean.txt
    16 Avril 2007 23:36:42

    voila pr le rapport hijackthis, le reste arrive:

    Logfile of HijackThis v1.99.1
    Scan saved at 23:36:30, on 16/04/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Apps\ActivBoard\nhksrv.exe
    C:\WINDOWS\System32\atiptaxx.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Apps\ActivBoard\MMKeybd.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\WDBtnMgr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\Apps\ActivBoard\TrayMon.exe
    C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Apps\ActivBoard\OSD.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Documents and Settings\Eric MORANGE\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planetis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O4 - Global Startup: officejet 6100.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.planetis.com/
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.c...
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA497} - https://activation.club-internet.fr/wizlet/clubinternet...
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/31a6e1ee318159719506/netzip...
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    16 Avril 2007 23:37:52

    voila le rapport clean:
    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 16/04/2007 a 23:23:24,81

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:

    *** Suppression des fichiers dans C:\WINDOWS\

    *** Suppression des fichiers dans C:\WINDOWS\system32
    tentative de suppression de C:\WINDOWS\system32\c3.exe
    tentative de suppression de C:\WINDOWS\system32\mcrh.tmp
    tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe
    tentative de suppression de C:\WINDOWS\system32\ustart.exe

    *** Suppression des fichiers dans C:\Program Files

    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !
    16 Avril 2007 23:40:30

    et voilà pour le rapport AVG AS:
    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 23:22:01 16/04/2007

    + Résultat de l'analyse:



    HKU\S-1-5-21-1220945662-1644491937-682003330-500\Software\Surfairy -> Adware.Surfairy : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
    C:\Documents and Settings\ced\Cookies\ced@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@fnac.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.16:C:\Documents and Settings\ced\Application Data\Mozilla\Firefox\Profiles\mvor98ch.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    :mozilla.14:C:\Documents and Settings\ced\Application Data\Mozilla\Firefox\Profiles\mvor98ch.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
    C:\Documents and Settings\ced\Cookies\ced@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@search.msn[2].txt -> TrackingCookie.Msn : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
    C:\Documents and Settings\ced\Cookies\ced@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\ced\Cookies\ced@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\ced\Cookies\ced@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\Eric MORANGE\Cookies\eric morange@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.


    Fin du rapport
    16 Avril 2007 23:55:54

    je ne sais pas comment tu interpréteras ces rapports mais en attendant, je ne suis plus embêtée par ces s............ depuis dix minutes!
    de bonne augure j'espère!
    à ++
    a b 8 Sécurité
    17 Avril 2007 11:55:03

    Les pubs reviennent ?
    17 Avril 2007 22:54:02

    non, c'est tout parti!!!
    J'espère que c'est pour de bon!
    En tout cas, mille mercis de ton efficacité et ton expertise!

    Bonne continuation!

    Estelle
    a b 8 Sécurité
    17 Avril 2007 23:11:54

    Bonne continuation !
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS