Forum Clubic

Trojan fakescanner

Bonjour à tous,

j’ai chopé dimanche soir un virus.
Les symptomes sont similaire à ceux décrit ici : www.clubic.com…

J’ajouterai juste que quand je fais un “clic-droit” et que je vais dans “propriété” je n’ai plus que 3 onglet ( theme, apparence et parametre) ; impossible de changer le fond d’ecran et impossible de parametrer l’ecran de veille.

A la place de ce dernier j’ai un magnifique “ecran bleu windows de crash” et la page de demarage windows XP ( celle avec la barre qui defile).

J’ai suivi la procedure à la lettre, mise à par pour MBAM que je n’ai pas eu le temps de faire aujourd’hui.

Voilà les resultats :

Hijackthis 1
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:11, on 26/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\MouseDrv.exe
C:\Program Files\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\P.J\Bureau\desinfection\hackthis\PJ.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.fr…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.fr…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.fr…
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.fr…
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.google.fr…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [SkyTel] SkyTel.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [Acrobat Assistant 7.0] “C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM…\Run: [WireLessMouse] C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
O4 - HKLM…\Run: [WireLessKeyboard] C:\Program Files\Trust\Trust Keyboard 15036\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 - HKLM…\Run: [EverioService] “C:\Program Files\CyberLink\PCM4Everio\EverioService.exe”
O4 - HKLM…\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKLM…\Run: [lphcruuj0e73v] C:\WINDOWS\system32\lphcruuj0e73v.exe
O4 - HKCU…\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [BitTorrent DNA] “C:\Program Files\DNA\btdna.exe”
O4 - HKUS\S-1-5-19…\RunOnce: [Config] %systemroot%\system32\run.cmd (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\RunOnce: [Config] %systemroot%\system32\run.cmd (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-21-1390067357-1547161642-682003330-1004…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User ‘Celine’)
O4 - HKUS\S-1-5-18…\RunOnce: [Config] %systemroot%\system32\run.cmd (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\RunOnce: [Config] %systemroot%\system32\run.cmd (User ‘Default user’)
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d’Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - www.photoways.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O17 - HKLM\System\CCS\Services\Tcpip…{8D1595AF-4B6D-4949-B1EE-3ABC6293B037}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


End of file - 11931 bytes

Le rapport de mon antivirus ( Avira Antivir personal)

Avira AntiVir Personal
Report file date: mardi 26 août 2008 20:48

Scanning for 1575260 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: P.J
Computer name: MAISON

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 02/08/2008 14:55:15
AVSCAN.DLL : 8.1.4.0 40705 Bytes 02/08/2008 14:55:15
LUKE.DLL : 8.1.4.5 164097 Bytes 02/08/2008 14:55:15
LUKERES.DLL : 8.1.4.0 12033 Bytes 02/08/2008 14:55:15
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 12:51:53
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 18:12:52
ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 17:52:50
ANTIVIR3.VDF : 7.0.6.74 91136 Bytes 26/08/2008 17:52:51
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 16/04/2008 16:32:09
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 18/08/2008 17:58:02
AESCN.DLL : 8.1.0.23 119156 Bytes 02/08/2008 14:55:15
AERDL.DLL : 8.1.0.20 418165 Bytes 26/04/2008 09:17:55
AEPACK.DLL : 8.1.2.1 364917 Bytes 02/08/2008 14:55:15
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 18/08/2008 17:58:01
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 18/08/2008 17:58:00
AEHELP.DLL : 8.1.0.15 115063 Bytes 30/05/2008 20:36:11
AEGEN.DLL : 8.1.0.36 315764 Bytes 18/08/2008 17:57:59
AEEMU.DLL : 8.1.0.7 430452 Bytes 02/08/2008 14:55:15
AECORE.DLL : 8.1.1.8 172406 Bytes 02/08/2008 14:55:15
AEBB.DLL : 8.1.0.1 53617 Bytes 02/08/2008 14:55:15
AVWINLL.DLL : 1.0.0.12 15105 Bytes 02/08/2008 14:55:15
AVPREF.DLL : 8.0.2.0 38657 Bytes 02/08/2008 14:55:15
AVREP.DLL : 8.0.0.2 98344 Bytes 02/08/2008 14:55:15
AVREG.DLL : 8.0.0.1 33537 Bytes 02/08/2008 14:55:15
AVARKT.DLL : 1.0.0.23 307457 Bytes 16/04/2008 16:32:09
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 02/08/2008 14:55:15
SQLITE3.DLL : 3.3.17.1 339968 Bytes 16/04/2008 16:32:09
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 02/08/2008 14:55:15
NETNT.DLL : 8.0.0.1 7937 Bytes 16/04/2008 16:32:09
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 02/08/2008 14:55:13
RCTEXT.DLL : 8.0.52.0 86273 Bytes 02/08/2008 14:55:13

Configuration settings for the scan:
Jobname…: Complete system scan
Configuration file…: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging…: low
Primary action…: delete
Secondary action…: ignore
Scan master boot sector…: off
Scan boot sector…: on
Boot sectors…: C:, E:, F:, G:, H:,
Process scan…: on
Scan registry…: on
Search for rootkits…: off
Scan all files…: Intelligent file selection
Scan archives…: on
Recursion depth…: 20
Smart extensions…: on
Macro heuristic…: on
File heuristic…: medium

Start of the scan: mardi 26 août 2008 20:48

The scan of running processes will be started
Scan process ‘avscan.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avcenter.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘explorer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘SpySweeper.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘aawservice.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘lsass.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘services.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘winlogon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘smss.exe’ - ‘1’ Module(s) have been scanned
13 processes with 13 modules were scanned

Start scanning boot sectors:
Boot sector ‘C:’
[INFO] No virus was found!
Boot sector ‘E:’
[INFO] No virus was found!
Boot sector ‘F:’
[INFO] No virus was found!
Boot sector ‘G:’
[INFO] No virus was found!
Boot sector ‘H:’
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( ‘60’ files ).

Starting the file scan:

Begin scan in ‘C:’
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\phcruuj0e73v.bmp
[DETECTION] Is the TR/Fakealert.AAF Trojan
[NOTE] The file was deleted!
Begin scan in ‘E:’
Begin scan in ‘F:’
Begin scan in ‘G:’
Begin scan in ‘H:’

End of the scan: mardi 26 août 2008 23:14
Used time: 2:26:03 Hour(s)

The scan has been done completely.

12368 Scanning directories
405096 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
405094 Files not concerned
2199 Archives were scanned
1 Warnings
1 Notes

Et le second Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:45:58, on 26/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\MouseDrv.exe
C:\Program Files\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\P.J\Bureau\desinfection\hackthis\PJ.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.fr…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.fr…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.fr…
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.fr…
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.google.fr…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [SkyTel] SkyTel.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [Acrobat Assistant 7.0] “C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM…\Run: [WireLessMouse] C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
O4 - HKLM…\Run: [WireLessKeyboard] C:\Program Files\Trust\Trust Keyboard 15036\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 - HKLM…\Run: [EverioService] “C:\Program Files\CyberLink\PCM4Everio\EverioService.exe”
O4 - HKLM…\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKLM…\Run: [lphcruuj0e73v] C:\WINDOWS\system32\lphcruuj0e73v.exe
O4 - HKCU…\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [BitTorrent DNA] “C:\Program Files\DNA\btdna.exe”
O4 - HKUS\S-1-5-20…\RunOnce: [Config] %systemroot%\system32\run.cmd (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-20…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-20…\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\RunOnce: [Config] %systemroot%\system32\run.cmd (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\RunOnce: [Config] %systemroot%\system32\run.cmd (User ‘Default user’)
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d’Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - www.photoways.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O17 - HKLM\System\CCS\Services\Tcpip…{8D1595AF-4B6D-4949-B1EE-3ABC6293B037}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


End of file - 11681 bytes

Je precise que suite aux manipulation, l’espece de fausse fenetre message a disparu mais je n’ai toujours pas accès à mes onglet et l’ecran de veille est toujours le même


j'ai oublié de preciser , j'utilise Avira comme antivirus et AD-aware ainsi que spywareblaster. Le tout à jour

Hier j’ai même essayé hitman pro
Edité le 27/08/2008 à 21:48

up

Salut

Tu es encore infecter
Désactive tes protections
Utilise combofix, laisse travailler et post le rapport

voilà le log de combofix

[i]ComboFix 08-08-26.03 - P.J 2008-08-27 18:30:31.1 - NTFSx86

Endroit: C:\Documents and Settings\P.J\Bureau\desinfection\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\P.J\Application Data\macromedia\Flash Player#SharedObjects\CXMX8TXX\bin.clearspring.com
C:\Documents and Settings\P.J\Application Data\macromedia\Flash Player#SharedObjects\CXMX8TXX\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\P.J\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#bin.clearspring.com
C:\Documents and Settings\P.J\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#bin.clearspring.com\settings.sol
C:\WINDOWS\system32\blphcruuj0e73v.scr
C:\WINDOWS\system32\C.tmp

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))))))))
.

2008-08-26 23:21 . 2008-08-26 23:21 d-------- C:\Program Files\Malwarebytes’ Anti-Malware
2008-08-26 23:21 . 2008-08-26 23:21 d-------- C:\Documents and Settings\P.J\Application Data\Malwarebytes
2008-08-26 23:21 . 2008-08-26 23:21 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-08-26 23:21 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 23:21 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-26 09:34 . 2008-08-26 09:34 d-------- C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\Webroot
2008-08-25 23:33 . 2008-08-25 23:33 d-------- C:\Documents and Settings\P.J\Application Data\Lavasoft
2008-08-25 23:26 . 2008-08-25 23:27 d-------- C:\Program Files\Spyware Doctor
2008-08-25 23:26 . 2008-08-25 23:26 d-------- C:\Documents and Settings\P.J\Application Data\PC Tools
2008-08-25 23:26 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-25 23:26 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-25 23:26 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-25 23:26 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-25 23:25 . 2008-08-25 23:25 d-------- C:\Program Files\Webroot
2008-08-25 23:25 . 2008-08-25 23:25 d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\Webroot
2008-08-25 23:25 . 2008-08-25 23:25 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
2008-08-25 23:25 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-08-25 23:25 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-08-25 23:25 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-08-25 23:25 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-08-25 23:21 . 2008-08-25 23:21 d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-25 23:21 . 2008-08-25 23:21 d-------- C:\Documents and Settings\P.J\Application Data\Webroot
2008-08-25 23:21 . 2008-08-25 23:21 164 --a------ C:\install.dat
2008-08-25 23:20 . 2008-08-25 23:21 d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-25 23:20 . 2008-08-25 23:36 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-08-25 19:42 . 2008-08-25 19:42 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
2008-08-25 19:41 . 2008-08-25 19:43 d-------- C:\Temp
2008-08-25 19:08 . 2008-08-25 19:08 d–h----- C:\WINDOWS\system32\GroupPolicy
2008-08-25 19:03 . 2008-08-25 23:37 d-------- C:\Program Files\Hitman Pro
2008-08-24 20:53 . 2008-08-24 20:53 d-------- C:\Documents and Settings\sebguill\Application Data\HP
2008-08-24 20:51 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-24 20:50 . 2007-10-06 02:17 d–h----- C:\Documents and Settings\sebguill\Voisinage réseau
2008-08-24 20:50 . 2007-10-06 02:17 d–h----- C:\Documents and Settings\sebguill\Voisinage d’impression
2008-08-24 20:50 . 2007-10-06 00:22 d–h----- C:\Documents and Settings\sebguill\Modèles
2008-08-24 20:50 . 2008-08-24 20:51 dr------- C:\Documents and Settings\sebguill\Mes documents
2008-08-24 20:50 . 2007-10-06 02:17 dr------- C:\Documents and Settings\sebguill\Menu Démarrer
2008-08-24 20:50 . 2008-08-24 20:53 dr------- C:\Documents and Settings\sebguill\Favoris
2008-08-24 20:50 . 2007-10-06 02:17 d-------- C:\Documents and Settings\sebguill\Bureau
2008-08-24 20:50 . 2008-08-24 20:50 d-------- C:\Documents and Settings\sebguill
2008-08-24 16:52 . 2008-08-27 18:22 d-------- C:\Program Files\DNA
2008-08-24 16:52 . 2008-08-27 18:32 d-------- C:\Documents and Settings\P.J\Application Data\DNA
2008-08-20 13:02 . 2008-08-20 13:02 d-------- C:\Program Files\Beach Soccer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 16:28 --------- d—a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-08-25 21:32 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-24 14:52 --------- d-----w C:\Program Files\eMule
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-13 18:33 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.

------- Sigcheck -------

2005-08-10 12:15 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SuperCopier2.exe”=“C:\Program Files\SuperCopier2\SuperCopier2.exe” [2006-07-07 18:45 1052672]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-19 16:09 15360]
“BitTorrent DNA”=“C:\Program Files\DNA\btdna.exe” [2008-08-24 16:52 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-06-29 00:43 8466432]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-06-29 00:43 81920]
“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-08-02 16:55 266497]
“Acrobat Assistant 7.0”=“C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe” [2008-04-23 02:08 483328]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-06-29 06:24 286720]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41 49152]
“NeroFilterCheck”=“C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe” [2006-01-12 16:40 155648]
“PinnacleDriverCheck”=“C:\WINDOWS\system32\PSDrvCheck.exe” [2004-03-11 00:26 406016]
“WireLessMouse”=“C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe” [2007-03-06 11:18 212992]
“WireLessKeyboard”=“C:\Program Files\Trust\Trust Keyboard 15036\StartAutorun.exe” [2005-11-30 13:48 94208]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 05:25 144784]
“EverioService”=“C:\Program Files\CyberLink\PCM4Everio\EverioService.exe” [2006-11-22 22:10 151552]
“FLMOFFICE4DMOUSE”=“C:\Program Files\Labtec\Mouse\V3.0\moffice.exe” [2008-03-08 12:59 958464]
“nwiz”=“nwiz.exe” [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
“RTHDCPL”=“RTHDCPL.EXE” [2006-10-30 13:49 16269312 C:\WINDOWS\RTHDCPL.exe]
“SkyTel”=“SkyTel.EXE” [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

C:\Documents and Settings\All Users.WINDOWS\Menu D?marrer\Programmes\D?marrage
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Lancement rapide d’Adobe Acrobat.lnk - C:\WINDOWS\Installer{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2007-10-06 15:12:36 25214]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoSMHelp”= 1 (0x1)
“MemCheckBoxInRunDlg”= 1 (0x1)
“NoSMBalloonTip”= 1 (0x1)
“NoDesktopCleanupWizard”= 1 (0x1)
“NoWelcomeScreen”= 1 (0x1)
“NoAutoUpdate”= 1 (0x1)

[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]
“NoSMHelp”= 1 (0x1)
“MemCheckBoxInRunDlg”= 1 (0x1)
“NoSMBalloonTip”= 1 (0x1)
“NoDesktopCleanupWizard”= 1 (0x1)
“NoWelcomeScreen”= 1 (0x1)
“NoAutoUpdate”= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.MJPG”= Pvmjpg30.dll
“VIDC.PIM1”= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
“AntiVirusDisableNotify”=dword:00000001
“UpdatesDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“DisableUnicastResponsesToMulticastBroadcast”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Bonjour\mDNSResponder.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=
“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=
“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=
“C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”=
“C:\Program Files\Pinnacle\Studio 10\programs\RM.exe”=
“C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe”=
“C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe”=
“C:\Program Files\Pinnacle\Studio 10\programs\umi.exe”=
“C:\Program Files\eMule\emule.exe”=
“C:\Program Files\MSN Messenger\msnmsgr.exe”=
“C:\Program Files\MSN Messenger\livecall.exe”=
“C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe”=
“G:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe”=
“C:\Program Files\LeechFTP\Leechftp.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe”=
“C:\Program Files\CyberLink\PCM4Everio\EverioService.exe”=
“C:\Program Files\DNA\btdna.exe”=
“G:\torrent\BitTorrent.exe”=

Newly Created Service - CATCHME
Newly Created Service - PROCEXP90
.
Contenu du dossier ‘Scheduled Tasks/Tâches planifiées’

2008-08-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

  • C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
    .
        • ORPHANS REMOVED - - - -

HKLM-Run-lphcruuj0e73v - C:\WINDOWS\system32\lphcruuj0e73v.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\P.J\Application Data\Mozilla\Firefox\Profiles\7kthxx6i.default
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.club-internet.fr…
FF -: plugin - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
.


catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-08-27 18:33:29
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés …

Balayage caché autostart entries …

Balayage des fichiers cachés …

Scan terminé avec succès
Les fichiers cachés: 0


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
“ImagePath”="??\C:\DOCUME~1\P.J\LOCALS~1\Temp\mc2D.tmp"
.
Temps d’accomplissement: 2008-08-27 18:35:24
ComboFix-quarantined-files.txt 2008-08-27 16:35:18

Pre-Run: 23,857,094,656 octets libres
Post-Run: 23,855,378,432 octets libres

200 — E O F — 2008-08-19 18:33:49[/i]

A la fin du scan, j’ai du relancer “explorer.exe” à la main .
J’ajoute que depuis ce scan j’ai recupéré mes onglet manquant et que le PC semble plus rapide

Upload c’est fichier sur virus total et post les rapport

pour le premier et le troisieme, j’arrive tout bonnement pas à les trouver aux endroits indiqués.

Pour le second :
MD5: df2080892aa553924170f90ebf8c83c5
First received: 2008.08.13 00:31:02 (CET)
Date 2008.08.23 17:18:52 (CET) [>4D]
Résultats 1/35
Permalink: analisis/5729adee7563f9e7881438fe4e5c9d91

fait reanalyser pour le troisiéme

Pour le deux autre copie directement l’adresse dans la fenêtre qui s’ouvre quand tu clic sur parcourir

la réanalyse c’est pour le second tu veux dire…

Oui le second désolé

c’est en cours mais le premiers demeure introuvable dsl

En passant je devrait avoir honte de l’avouer mais mon taf c’est technicien de maintenance en informatique mais pour moi ces rapport c’est imbuvable…


voilà le rapport du second :

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.27.1 2008.08.27 -
AntiVir 7.8.1.23 2008.08.27 -
Authentium 5.1.0.4 2008.08.27 -
Avast 4.8.1195.0 2008.08.27 -
AVG 8.0.0.161 2008.08.27 -
BitDefender 7.2 2008.08.27 -
CAT-QuickHeal 9.50 2008.08.26 -
ClamAV 0.93.1 2008.08.27 -
DrWeb 4.44.0.09170 2008.08.27 -
eSafe 7.0.17.0 2008.08.26 -
eTrust-Vet 31.6.6052 2008.08.27 -
Ewido 4.0 2008.08.27 -
F-Prot 4.4.4.56 2008.08.27 -
Fortinet 3.14.0.0 2008.08.26 -
GData 19 2008.08.27 -
Ikarus T3.1.1.34.0 2008.08.27 -
K7AntiVirus 7.10.428 2008.08.25 -
Kaspersky 7.0.0.125 2008.08.27 -
McAfee 5371 2008.08.27 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3393 2008.08.27 -
Panda 9.0.0.4 2008.08.27 Suspicious file
PCTools 4.4.2.0 2008.08.27 -
Prevx1 V2 2008.08.27 -
Rising 20.59.21.00 2008.08.27 -
Sophos 4.33.0 2008.08.27 -
Sunbelt 3.1.1582.1 2008.08.26 -
Symantec 10 2008.08.27 -
TheHacker 6.3.0.6.060 2008.08.23 -
TrendMicro 8.700.0.1004 2008.08.27 -
ViRobot 2008.8.27.1352 2008.08.27 -
VirusBuster 4.5.11.0 2008.08.27 -
Webwasher-Gateway 6.6.2 2008.08.27 -
Information additionnelle
File size: 49152 bytes
MD5…: df2080892aa553924170f90ebf8c83c5
SHA1…: 2eaab172c6f4d9ceeeea5c3d32c2a45fc30f5045
SHA256: cb967f3151a6a8b55e6ea2a928ca2a3804d8f004168ae0d64a9c02aad77ba015
SHA512: 821e6695f5d51781003271b624237859ea16578a1d59d25bbc45f2f92e46bd79
b27eeedf28418f18ea284d06c02e924694ce81beec2ab8e65b49f00ae376155d
PEiD…: -
TrID…: File type identification
DirectShow filter (58.3%)
Windows OCX File (35.7%)
Win32 Executable Generic (2.4%)
Win32 Dynamic Link Library (generic) (2.1%)
Generic Win/DOS Executable (0.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10005552
timedatestamp…: 0x48349745 (Wed May 21 21:42:29 2008)
machinetype…: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4c5b 0x5000 6.27 66319786fc8036f38f30e545971fd60f
.rdata 0x6000 0xabe 0x1000 3.88 9bb08f759f9c8ebe667fc0557fdf337c
.data 0x7000 0x124d 0x2000 3.73 fbbf88da69003fa5520fd6f4f870a676
.rsrc 0x9000 0x10f8 0x2000 2.68 81886fd0d2686033552283ace26d4c96
.reloc 0xb000 0x6c8 0x1000 3.38 b6a39b02ad4635a22aa1b156bb7fb05d

( 6 imports )

KERNEL32.dll: Sleep, CreateProcessA, GetTickCount, LeaveCriticalSection, EnterCriticalSection, MultiByteToWideChar, lstrlenW, lstrlenA, GetShortPathNameA, WideCharToMultiByte, SizeofResource, GetLastError, lstrcmpiA, lstrcpynA, IsDBCSLeadByte, DeleteCriticalSection, GetModuleHandleA, InitializeCriticalSection, HeapAlloc, GetSystemInfo, GetVersionExA, HeapCreate, HeapDestroy, lstrcpyA, lstrcatA, GetProcAddress, LoadLibraryA, InterlockedDecrement, InterlockedIncrement, DebugBreak, HeapReAlloc, HeapFree, GetModuleFileNameA, LoadLibraryExA, FindResourceA, LoadResource, LockResource, CreateFileA, WriteFile, CloseHandle, DeleteFileA, DisableThreadLibraryCalls, FreeLibrary
USER32.dll: CharNextA, FindWindowA
SHLWAPI.dll: SHDeleteKeyA
ADVAPI32.dll: RegDeleteValueA, RegDeleteKeyA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegEnumKeyExA, RegSetValueExA, RegQueryInfoKeyA, RegEnumValueA, RegCreateKeyExA
ole32.dll: CoTaskMemFree, CoTaskMemAlloc, CoTaskMemRealloc, CoCreateInstance
OLEAUT32.dll: -, -, -, -, -, -, -, -

( 7 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, NP_GetEntryPoints, NP_Initialize, NP_Shutdown
packers (Kaspersky): PE_Patch


je confirme, premiers et troisieme introuvable

Autant pour moi le fichier avez été effacé et combofix a seulement supprimer sa clés :wink:

Ton problème et toujours présent?


Repost un nouveau hijackthis stp

pour le probleme, non il semble parti

je te post ca de suite


Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:35:06, on 27/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\MouseDrv.exe
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TopDesk\topdesk.exe
F:\données utilisateurs\données PJ\visual-tooltip_visual_tooltip_2.2_francais_18558\VisualToolTip.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Documents and Settings\P.J\Bureau\desinfection\hackthis\PJ.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.fr…
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.google.fr…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [SkyTel] SkyTel.EXE
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [Acrobat Assistant 7.0] “C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM…\Run: [WireLessMouse] C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
O4 - HKLM…\Run: [WireLessKeyboard] C:\Program Files\Trust\Trust Keyboard 15036\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 - HKLM…\Run: [EverioService] “C:\Program Files\CyberLink\PCM4Everio\EverioService.exe”
O4 - HKLM…\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKCU…\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [BitTorrent DNA] “C:\Program Files\DNA\btdna.exe”
O4 - HKCU…\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKCU…\RunOnce: [PackNoVs] “C:\WINDOWS\BricoPacks\Vista Inspirat 2\pack-it.exe” --unsetvs
O4 - HKUS\S-1-5-19…\RunOnce: [Config] %systemroot%\system32\run.cmd (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\RunOnce: [Config] %systemroot%\system32\run.cmd (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-21-1390067357-1547161642-682003330-1004…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User ‘Celine’)
O4 - HKUS\S-1-5-18…\RunOnce: [Config] %systemroot%\system32\run.cmd (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\RunOnce: [Config] %systemroot%\system32\run.cmd (User ‘Default user’)
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y’z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d’Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program… Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - www.photoways.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O17 - HKLM\System\CCS\Services\Tcpip…{8D1595AF-4B6D-4949-B1EE-3ABC6293B037}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe


End of file - 11881 bytes

Ton log a l’air clean je pense que c’est bon

En tout cas merci pour tout

De rien