Infection ?

Bonjour à tous.

Mon ordi rame comme un fou depuis 2 ou 3 jours.

Voici un rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:11, on 2008-03-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Pinnacle\Shared Files\remoterm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Titouan\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {301FBDD7-1772-40DC-B720-DD60EBCE2DB2} - C:\WINDOWS\system32\fccdbAqp.dll
O2 - BHO: (no name) - {56AF2D18-FFEC-41DE-8B3C-E25DB4C2F0F5} - C:\WINDOWS\system32\fccdbAqp.dll
O2 - BHO: (no name) - {63C48515-E430-44E6-9106-FDF966BAB512} - C:\WINDOWS\system32\yayaXPjH.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\cbXOfgEt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {82209C36-B7D7-420C-A967-9C26FD0967B4} - C:\WINDOWS\system32\awturstu.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PinnacleRemote] C:\Program Files\Pinnacle\Shared Files\remoterm.exe
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Army setup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://ecartoons.aol.fr/prod/install.html
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169662089578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: cbXOfgEt - C:\WINDOWS\SYSTEM32\cbXOfgEt.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Digital Pen rendezvous server (PenRendezvous) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe
O23 - Service: Digital Pen Socket to USB protocol (PenSup) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe

--
End of file - 9333 bytes

salut


Télécharger sur le Bureau.
VundoFix

= Double-clic VundoFix.exe.
= Clic OK
=Attendre le redemarrage de Vundofix
=Clic Scan for Vundo
= le scan est assez long , à la fin
=Clic Remove Vundo
= Puis yes
= Le Bureau disparaît un moment lors de la suppression des fichiers.
=Message shutdown
=clic OK
=Redémarrage auto

=copier le rapport qui est dans C:\vundofix.txt
+
un nouveau hijack

Rapport Vundo :





VundoFix V7.0.3



Scan started at 15:30:30 2008-03-16



Listing files found while scanning....



C:\WINDOWS\system32\byxvuro.dll

C:\windows\system32\ijkkj.ini

C:\windows\system32\ijkkj.ini2

C:\windows\system32\jkkji.dll



VundoFix V7.0.3



Scan started at 15:49:19 2008-03-16



Listing files found while scanning....



C:\WINDOWS\system32\byxvuro.dll

C:\windows\system32\ijkkj.ini

C:\windows\system32\ijkkj.ini2

C:\windows\system32\jkkji.dll



VundoFix V7.0.3



Scan started at 16:26:30 2008-03-16



Listing files found while scanning....



C:\WINDOWS\system32\byxvuro.dll

C:\windows\system32\ijkkj.ini

C:\windows\system32\ijkkj.ini2

C:\windows\system32\jkkji.dll



Beginning removal...



VundoFix V7.0.3



Scan started at 17:14:37 2008-03-16



Listing files found while scanning....



C:\WINDOWS\system32\byxvuro.dll

C:\windows\system32\ijkkj.ini

C:\windows\system32\ijkkj.ini2

C:\windows\system32\jkkji.dll

C:\windows\system32\pmkjh.dll



Beginning removal...



Attempting to delete C:\WINDOWS\system32\byxvuro.dll

C:\WINDOWS\system32\byxvuro.dll Could not be deleted.



Attempting to delete C:\windows\system32\ijkkj.ini

C:\windows\system32\ijkkj.ini Has been deleted!



Attempting to delete C:\windows\system32\ijkkj.ini2

C:\windows\system32\ijkkj.ini2 Has been deleted!



Attempting to delete C:\windows\system32\jkkji.dll

C:\windows\system32\jkkji.dll Could not be deleted.



Attempting to delete C:\windows\system32\pmkjh.dll

C:\windows\system32\pmkjh.dll Has been deleted!



Performing Repairs to the registry.

Done!



Beginning removal...



Performing Repairs to the registry.

Done!



VundoFix V7.0.3



Scan started at 14:02:48 2008-04-02



Listing files found while scanning....



C:\WINDOWS\system32\cbXOfgEt.dll



Beginning removal...



Attempting to delete C:\WINDOWS\system32\cbXOfgEt.dll

C:\WINDOWS\system32\cbXOfgEt.dll Could not be deleted.



Performing Repairs to the registry.

Done!



Beginning removal...



Attempting to delete C:\WINDOWS\system32\cbXOfgEt.dll

C:\WINDOWS\system32\cbXOfgEt.dll Has been deleted!



Performing Repairs to the registry.

Done!





Rapport Hijakthis :



Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:26, on 2008-04-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Pinnacle\Shared Files\remoterm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

C:\Program Files\OpenOffice.org1.1.5\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Papa\Bureau\HiJackThis(2).exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {DFB87FF4-706D-4031-B182-ADCE62D0ABA6} - C:\WINDOWS\system32\awtrOfed.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe

O4 - HKLM\..\Run: [PinnacleRemote] C:\Program Files\Pinnacle\Shared Files\remoterm.exe

O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Army setup.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc

O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Startup: Tablette Genius.lnk = C:\gtabnt\GTABLET.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://ecartoons.aol.fr/prod/install.html

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169662089578

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Digital Pen rendezvous server (PenRendezvous) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe

O23 - Service: Digital Pen Socket to USB protocol (PenSup) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe



--

End of file - 10115 bytes







Ajout du 03-04-2008 à 07:49:

up svp

bonjour

relancer hijack
"Do A System Scan Only"

cocher ces lignes et clic ensuite sur FIX CHECKED

O2 - BHO: (no name) - {DFB87FF4-706D-4031-B182-ADCE62D0ABA6} - C:\WINDOWS\system32\awtrOfed.dll
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Army setup.exe

-------------
Télécharger et enregistrer sur le bureau
Combofix

=Double-clic sur Combofix
= Presser 1 si demandé
= Attendre la fermeture de l’outil ( 5 -10 mn ou plus si infection importante)
=Copier/coller le rapport dans la réponse
Un rapport dans C:\Combofix.txt à mettre dans la réponse

Voilà le rapport Combofix :



ComboFix 08-04-02.1 - Titouan 2008-04-03 17:56:16.8 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.224 [GMT 2:00]

Endroit: C:\Documents and Settings\Titouan\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration



[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

.

TimedOut: progfile.dat



(Modifié par -Titouan- le 03-04-2008 à 18:04)

Ajout du 04-04-2008 à 07:50:

up svp

le rapport n'y est pas

Voila le rapport Combofix :

ComboFix 08-04-02.1 - Titouan 2008-04-07 9:29:39.9 - NTFSx86
Endroit: C:\Documents and Settings\Titouan\Bureau\ComboFix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
TimedOut: progfile.dat

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cJlmmUtv.ini
C:\WINDOWS\system32\cJlmmUtv.ini2
C:\WINDOWS\system32\defOrtwa.ini
C:\WINDOWS\system32\defOrtwa.ini2
C:\WINDOWS\system32\ffNWxGgh.ini
C:\WINDOWS\system32\ffNWxGgh.ini2
C:\WINDOWS\system32\HjPXayay.ini
C:\WINDOWS\system32\HjPXayay.ini2
C:\WINDOWS\system32\iudfqvha.dll
C:\WINDOWS\system32\lTEeOXyb.ini
C:\WINDOWS\system32\lTEeOXyb.ini2
C:\WINDOWS\system32\mSrCKRqr.ini
C:\WINDOWS\system32\mSrCKRqr.ini2
C:\WINDOWS\system32\pqAbdccf.ini
C:\WINDOWS\system32\pqAbdccf.ini2
.
---- Previous Run -------
.
C:\Documents and Settings\Titouan\Local Settings\Application Data\gyeqgxf.dat
C:\Documents and Settings\Titouan\Local Settings\Application Data\gyeqgxf.exe
C:\Documents and Settings\Titouan\Local Settings\Application Data\gyeqgxf_nav.dat
C:\Documents and Settings\Titouan\Local Settings\Application Data\gyeqgxf_navps.dat
C:\WINDOWS\system32\ajwdsiyk.dll
C:\WINDOWS\system32\almyudyh.dll
C:\WINDOWS\system32\beebmciq.dll
C:\WINDOWS\system32\biocjnnv.dll
C:\WINDOWS\system32\cdtfdaep.dll
C:\WINDOWS\system32\cpefemhw.dll
C:\WINDOWS\system32\cseiujch.dll
C:\WINDOWS\system32\hrggoasr.dll
C:\WINDOWS\system32\ifvbfhhg.dll
C:\WINDOWS\system32\jfybuqix.dll
C:\WINDOWS\system32\kggaheij.dll
C:\WINDOWS\system32\lvanuquc.dll
C:\WINDOWS\system32\lxbuxevg.dll
C:\WINDOWS\system32\msrsdrxr.dll
C:\WINDOWS\system32\mxaanicf.dll
C:\WINDOWS\system32\nghnwnet.dll
C:\WINDOWS\system32\odvnujng.dll
C:\WINDOWS\system32\qircbeks.dll
C:\WINDOWS\system32\rxgihqwe.dll
C:\WINDOWS\system32\sgrlwqcw.dll
C:\WINDOWS\system32\svnxwavs.dll
C:\WINDOWS\system32\urvywiqr.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
.

2008-04-07 08:06 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-07 08:06 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-06 17:59 . 2008-04-07 08:03 <REP> d-------- C:\Documents and Settings\Papa\Application Data\skypePM
2008-04-06 17:59 . 2008-04-06 17:59 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-06 17:54 . 2008-04-07 08:10 <REP> d-------- C:\Documents and Settings\Papa\Application Data\Skype
2008-04-06 17:53 . 2008-04-06 17:53 <REP> d-------- C:\Program Files\Skype
2008-04-06 17:53 . 2008-04-06 17:53 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-04-06 17:53 . 2008-04-06 17:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-04-05 12:49 . 2008-04-05 13:00 <REP> d-------- C:\Program Files\e-anim
2008-04-05 12:47 . 2008-04-05 12:47 <REP> d-------- C:\Program Files\Powerbullet
2008-04-02 13:17 . 2008-04-02 13:17 315,616 --a------ C:\WINDOWS\system32\vtUmmlJc.dll
2008-04-01 19:14 . 2008-04-01 19:14 315,616 --a------ C:\WINDOWS\system32\ssqQifde.dll
2008-04-01 17:38 . 2008-04-01 17:38 85,568 --a------ C:\WINDOWS\system32\aisdqurq.dll
2008-04-01 17:35 . 2008-04-01 17:35 90,688 --a------ C:\WINDOWS\system32\icxlctbv.dll
2008-04-01 17:33 . 2008-04-01 17:33 88,128 --a------ C:\WINDOWS\system32\synugtyf.dll
2008-04-01 17:31 . 2008-04-01 17:32 315,616 --a------ C:\WINDOWS\system32\awtrOfed.dll
2008-04-01 14:05 . 2008-04-01 14:05 85,568 --a------ C:\WINDOWS\system32\jroxkibe.dll
2008-03-31 21:02 . 2008-03-31 21:02 315,696 --a------ C:\WINDOWS\system32\rqRKCrSm.dll
2008-03-31 18:48 . 2008-03-31 18:48 90,688 --a------ C:\WINDOWS\system32\pkrbcyix.dll
2008-03-31 18:46 . 2008-03-31 18:46 82,496 --a------ C:\WINDOWS\system32\cqwnupos.dll
2008-03-31 18:45 . 2008-03-31 18:45 315,632 --a------ C:\WINDOWS\system32\hgGxWNff.dll
2008-03-31 16:07 . 2008-03-31 16:07 315,632 --a------ C:\WINDOWS\system32\opnomnnM.dll
2008-03-30 15:49 . 2008-03-30 15:49 315,664 --a------ C:\WINDOWS\system32\yayaXPjH.dll
2008-03-29 14:08 . 2008-03-29 14:08 315,632 --a------ C:\WINDOWS\system32\fccdbAqp.dll
2008-03-29 08:50 . 2008-03-29 08:50 315,568 --a------ C:\WINDOWS\system32\byXOeETl.dll
2008-03-29 08:39 . 2008-04-06 12:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-29 08:39 . 2008-03-29 08:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-28 18:47 . 2008-03-28 18:47 <REP> d-------- C:\Program Files\long audio owns
2008-03-25 17:39 . 2008-03-25 17:39 <REP> d-------- C:\Program Files\FileZilla Client
2008-03-25 16:23 . 2008-03-25 16:46 1,434 --a------ C:\WINDOWS\cdplayer.ini
2008-03-24 14:26 . 2008-03-24 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-24 14:10 . 2008-03-24 14:10 <REP> d-------- C:\Program Files\Bonjour
2008-03-24 13:59 . 2008-03-24 13:59 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-03-23 10:31 . 2008-04-07 09:24 <REP> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-22 20:21 . 2008-03-22 20:21 <REP> d-------- C:\Documents and Settings\Titouan\Application Data\Jasc
2008-03-22 20:16 . 2008-03-22 20:16 <REP> d-------- C:\Program Files\Jasc Software Inc
2008-03-22 10:15 . 2008-04-05 13:10 <REP> d-------- C:\Documents and Settings\Titouan\Application Data\FileZilla
2008-03-19 19:11 . 2008-04-07 09:38 <REP> d-------- C:\Documents and Settings\Titouan\Application Data\OpenOffice.org2
2008-03-16 17:43 . 2008-03-16 17:43 1,366,803 ---hs---- C:\WINDOWS\system32\ufcsxilw.ini
2008-03-16 17:43 . 2008-03-16 17:43 92,224 --a------ C:\WINDOWS\system32\wlixscfu.dll
2008-03-16 17:40 . 2008-03-16 17:40 99,904 --a------ C:\WINDOWS\system32\fkpaisps.dll
2008-03-16 17:38 . 2008-03-16 17:38 95,296 --a------ C:\WINDOWS\system32\hljwqjdv.dll
2008-03-16 16:30 . 2008-04-02 14:16 <REP> d-------- C:\VundoFix Backups
2008-03-16 16:17 . 2008-03-16 17:44 1,366,743 ---hs---- C:\WINDOWS\system32\ysvvbgrr.ini
2008-03-16 13:21 . 2008-03-16 13:22 1,367,583 ---hs---- C:\WINDOWS\system32\japfuilg.ini
2008-03-16 13:21 . 2008-03-16 13:21 92,224 --a------ C:\WINDOWS\system32\gliufpaj.dll
2008-03-16 13:18 . 2008-03-16 13:18 99,904 --a------ C:\WINDOWS\system32\shelmpqt.dll
2008-03-16 13:16 . 2008-03-16 13:16 95,296 --a------ C:\WINDOWS\system32\aycjkwwj.dll
2008-03-16 10:04 . 2008-03-16 13:11 1,367,523 ---hs---- C:\WINDOWS\system32\dcttlnad.ini
2008-03-16 08:39 . 2008-03-16 08:39 1,367,043 ---hs---- C:\WINDOWS\system32\ghgegjbx.ini
2008-03-15 23:18 . 2008-03-16 08:28 1,366,983 ---hs---- C:\WINDOWS\system32\lwussisx.ini
2008-03-15 21:52 . 2008-03-15 23:07 1,366,863 ---hs---- C:\WINDOWS\system32\jovvwpcf.ini
2008-03-15 21:32 . 2008-03-15 21:47 1,366,743 ---hs---- C:\WINDOWS\system32\ktpyoqwb.ini
2008-03-15 20:26 . 2008-03-15 20:26 98,368 --a------ C:\WINDOWS\system32\bgehrnrh.dll
2008-03-15 20:23 . 2008-03-15 20:23 1,367,043 ---hs---- C:\WINDOWS\system32\krpgrrhj.ini
2008-03-15 20:23 . 2008-03-15 20:23 94,272 --a------ C:\WINDOWS\system32\jhrrgprk.dll
2008-03-15 20:21 . 2008-03-15 20:21 98,368 --a------ C:\WINDOWS\system32\vjxjutow.dll
2008-03-15 18:28 . 2008-03-15 20:23 1,366,983 ---hs---- C:\WINDOWS\system32\sypqhcqg.ini
2008-03-15 18:24 . 2008-03-15 18:24 315,504 --a------ C:\WINDOWS\system32\ssqpm.dll
2008-03-15 17:49 . 2008-03-15 18:20 1,366,863 ---hs---- C:\WINDOWS\system32\jvcymfva.ini
2008-03-15 17:31 . 2008-03-15 17:31 1,366,683 ---hs---- C:\WINDOWS\system32\npeecucc.ini
2008-03-15 16:49 . 2008-03-15 16:49 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-15 16:49 . 2008-02-27 14:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-15 16:47 . 2008-03-15 16:47 <REP> d-------- C:\Documents and Settings\Titouan\Application Data\TuneUp Software
2008-03-15 16:47 . 2008-03-15 16:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-15 16:46 . 2008-03-15 16:49 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-15 16:46 . 2008-03-15 16:46 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-15 16:42 . 2008-03-15 16:42 <REP> d-------- C:\Program Files\FreshDevices
2008-03-15 16:27 . 2008-03-15 16:38 <REP> d-------- C:\Program Files\Orb Networks
2008-03-15 16:24 . 2008-03-15 17:19 <REP> d-------- C:\Program Files\TopDesk
2008-03-15 16:21 . 2008-03-15 16:24 <REP> d-------- C:\Documents and Settings\Titouan\Application Data\OtakuSoftware
2008-03-15 12:57 . 2008-03-15 12:57 98,368 --a------ C:\WINDOWS\system32\awkpidts.dll
2008-03-15 12:54 . 2008-03-15 12:54 94,272 --a------ C:\WINDOWS\system32\vqgktyiv.dll
2008-03-15 12:52 . 2008-03-15 12:52 98,368 --a------ C:\WINDOWS\system32\dgiujskh.dll
2008-03-14 19:27 . 2008-03-14 19:27 92,224 --a------ C:\WINDOWS\system32\aalaqfag.dll
2008-03-14 19:24 . 2008-03-14 19:24 98,368 --a------ C:\WINDOWS\system32\lxgskmuq.dll
2008-03-14 19:23 . 2008-03-14 19:23 96,832 --a------ C:\WINDOWS\system32\uluaurit.dll
2008-03-14 15:45 . 2008-03-14 17:17 1,360,006 ---hs---- C:\WINDOWS\system32\bljwxgnd.ini
2008-03-14 08:08 . 2008-03-14 08:08 315,536 --------- C:\WINDOWS\system32\pmnnl.dll
2008-03-13 22:28 . 2008-03-13 22:28 1,346,510 ---hs---- C:\WINDOWS\system32\elaaihwf.ini
2008-03-13 20:49 . 2008-03-13 20:49 86,080 --a------ C:\WINDOWS\system32\jruhybbl.dll
2008-03-13 20:46 . 2008-03-13 20:46 93,760 --a------ C:\WINDOWS\system32\gpfdhcuq.dll
2008-03-13 20:44 . 2008-03-13 20:44 90,176 --a------ C:\WINDOWS\system32\wrdnyswe.dll
2008-03-13 08:46 . 2008-03-13 20:39 1,317,176 ---hs---- C:\WINDOWS\system32\lhumjgvl.ini
2008-03-12 22:06 . 2008-03-13 08:27 1,313,260 ---hs---- C:\WINDOWS\system32\nfagrpdd.ini
2008-03-12 20:32 . 2008-03-12 20:32 1,320,725 ---hs---- C:\WINDOWS\system32\gsaecqlm.ini
2008-03-12 20:32 . 2008-03-12 20:32 90,688 --a------ C:\WINDOWS\system32\mlqceasg.dll
2008-03-12 20:30 . 2008-03-12 20:30 93,760 --a------ C:\WINDOWS\system32\heqwgugw.dll
2008-03-12 20:29 . 2008-03-12 20:29 89,152 --a------ C:\WINDOWS\system32\iqjjware.dll
2008-03-12 14:27 . 2008-03-12 20:32 1,313,140 ---hs---- C:\WINDOWS\system32\txmxuhmu.ini
2008-03-11 20:32 . 2008-03-11 20:32 93,248 --a------ C:\WINDOWS\system32\ieykbvhx.dll
2008-03-11 20:30 . 2008-03-11 20:30 1,315,710 ---hs---- C:\WINDOWS\system32\ypysnsdk.ini
2008-03-11 20:30 . 2008-03-11 20:30 90,688 --a------ C:\WINDOWS\system32\wempgxih.dll
2008-03-11 20:30 . 2008-03-11 20:30 86,592 --a------ C:\WINDOWS\system32\kdsnsypy.dll
2008-03-11 19:38 . 2008-03-11 20:30 1,315,650 ---hs---- C:\WINDOWS\system32\jivtyfeu.ini
2008-03-11 19:35 . 2008-03-11 19:35 93,248 --a------ C:\WINDOWS\system32\ijrbsgbj.dll
2008-03-11 19:33 . 2008-03-11 19:33 90,688 --a------ C:\WINDOWS\system32\xqjxtebi.dll
2008-03-11 18:12 . 2008-03-11 18:27 1,315,590 ---hs---- C:\WINDOWS\system32\grtfhgrm.ini
2008-03-10 21:20 . 2008-03-11 18:05 1,318,043 ---hs---- C:\WINDOWS\system32\aqivbwhm.ini
2008-03-10 19:11 . 2008-03-10 21:20 1,317,803 ---hs---- C:\WINDOWS\system32\jrrhuyqq.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 06:08 --------- d-----w C:\Program Files\OpenOffice.org1.1.5
2008-04-07 06:08 --------- d-----w C:\Documents and Settings\Papa\Application Data\OpenOffice.org2
2008-04-06 07:54 --------- d-----w C:\Documents and Settings\Titouan\Application Data\Cabos
2008-04-05 15:58 --------- d-----w C:\Program Files\TuxPaint
2008-04-05 10:47 --------- d-----w C:\Program Files\Common Files
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-28 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Frag great bend logo
2008-03-28 16:47 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-24 17:26 27,112 ----a-w C:\Documents and Settings\Papa\Application Data\wklnhst.dat
2008-03-24 12:10 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-21 17:20 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-21 17:20 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-21 17:20 --------- d-----w C:\Program Files\Wanadoo Messager
2008-03-21 17:18 --------- d-----w C:\Program Files\QuickTime
2008-03-16 08:43 --------- d-----w C:\Program Files\Navilog1
2008-03-13 06:52 --------- d-----w C:\Program Files\Packard Bell AudioKey Max
2008-03-13 06:48 --------- d-----w C:\Program Files\Microsoft Works
2008-03-13 06:48 --------- d-----w C:\Program Files\Microsoft Picture It! 9
2008-03-13 06:48 --------- d-----w C:\Program Files\LimeWire
2008-03-13 06:48 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-13 06:48 --------- d-----w C:\Program Files\FlashGet
2008-03-13 06:48 --------- d-----w C:\Program Files\FinePixViewerS
2008-03-10 18:00 --------- d-----w C:\Program Files\Dofus
2008-03-08 11:12 1,816,779 ----a-w C:\WINDOWS\Recorder.reg
2008-03-05 17:49 --------- d-----w C:\Documents and Settings\Titouan\Application Data\Dev-Cpp
2008-03-03 17:23 3,784 ----a-w C:\Documents and Settings\Titouan\Application Data\wklnhst.dat
2008-03-03 17:21 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-03-02 13:35 --------- d-----w C:\Program Files\Blender Foundation
2008-03-01 10:56 --------- d-----w C:\Documents and Settings\Titouan\Application Data\gtk-2.0
2008-02-27 21:22 --------- d-----w C:\Program Files\Windows Live
2008-02-27 12:21 --------- d-----w C:\Program Files\AAALOGO
2008-02-26 15:37 --------- d-----w C:\Program Files\Notepad++
2008-02-26 15:37 --------- d-----w C:\Documents and Settings\Titouan\Application Data\Notepad++
2008-02-19 11:51 852 ----a-w C:\Documents and Settings\Maman.FAMILLE-8QI4TEW\Application Data\wklnhst.dat
2008-02-12 14:10 --------- d-----w C:\Program Files\Alwil Software
2008-02-04 16:44 73,760 ----a-w C:\Documents and Settings\Titouan\Application Data\GDIPFONTCACHEV1.DAT
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-26 15:17 564 ---ha-w C:\os792894.bin
2007-12-09 13:54 73,760 ----a-w C:\Documents and Settings\Papa\Application Data\GDIPFONTCACHEV1.DAT
2007-03-29 20:26 3,444 ----a-w C:\Documents and Settings\Maman\Application Data\wklnhst.dat
2007-02-26 16:00 73,376 ----a-w C:\Documents and Settings\Maman\Application Data\GDIPFONTCACHEV1.DAT
2007-01-24 16:40 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-16_15.05.22.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-03-22 18:17:00 49,152 ----a-r C:\WINDOWS\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\Anim3TryAndBuy.exe
+ 2008-03-22 18:17:00 10,134 ----a-r C:\WINDOWS\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\ARPPRODUCTICON.exe
- 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2007-12-04 13:04:28 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2007-12-04 12:54:04 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-03-29 17:23:22 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2006-02-28 11:41:34 61,440 ----a-w C:\WINDOWS\system32\dns-sd.exe
+ 2006-02-28 11:41:22 53,248 ----a-w C:\WINDOWS\system32\dnssd.dll
- 2007-12-04 14:56:02 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
- 2000-08-31 07:00:00 73,728 ----a-w C:\WINDOWS\system32\fdsv.exe
+ 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\system32\fdsv.exe
- 2008-03-08 11:22:51 274,168 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-03-25 05:59:26 1,550,872 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2000-08-31 07:00:00 80,412 ----a-w C:\WINDOWS\system32\grep.exe
+ 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\system32\grep.exe
- 2008-01-23 17:53:01 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-30 08:18:43 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-23 17:53:01 75,266 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-03-30 08:18:43 75,266 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-01-23 17:53:01 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-30 08:18:43 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-23 17:53:01 468,072 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-03-30 08:18:43 468,072 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2000-08-31 07:00:00 98,816 ----a-w C:\WINDOWS\system32\sed.exe
+ 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\system32\sed.exe
- 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
- 2006-01-09 08:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 04:20:32 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2007-04-09 16:09:44 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
+ 2007-04-09 16:09:44 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
+ 2007-04-09 16:09:44 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
- 2000-08-31 07:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe
+ 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe
- 2000-08-31 07:00:00 68,096 ----a-w C:\WINDOWS\system32\zip.exe
+ 2000-08-31 06:00:00 68,096 ----a-w C:\WINDOWS\system32\zip.exe
+ 2008-03-17 18:25:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5d0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54 282624]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-13 18:47 185632]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
"PinnacleRemote"="C:\Program Files\Pinnacle\Shared Files\remoterm.exe" [2002-01-28 20:12 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\awtrOfed.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM7b035d07"=Rundll32.exe "C:\WINDOWS\system32\whqykjtu.dll",s

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 15:47]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 18:06]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2003-04-18 14:45]
R3 Cap7134;ProVideo Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-03-24 19:35]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-07-29 09:15]
R3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys [2000-09-14 14:00]
R3 PhTVTune;ProVideo WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-03-24 21:21]
R3 TaurusPci;ADSL Modem PCI Service;C:\WINDOWS\system32\DRIVERS\toruspci.sys [2004-08-25 12:10]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
R3 W8100XP;BeWAN WiFi PCI 54 AP Driver for Windows XP ;C:\WINDOWS\system32\DRIVERS\mrv8ka51.sys [2004-09-10 10:38]
S3 Phal;Phal - Logitech io2 USB driver;C:\WINDOWS\system32\Drivers\LPhalUsb.sys [2005-03-07 18:35]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-15 16:49]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld []
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-06-22 10:11]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{007e105c-09bf-11dc-beb4-00112f8136c9}]
\Shell\AutoRun\command - G:\ClickMe.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-04 20:27:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-07 07:00:00 C:\WINDOWS\Tasks\B1F6B7BB906D3337.job"
- c:\docume~1\elise\applic~1\longau~1\active sign warn.exe
"2008-04-07 07:37:58 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-07 06:59:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

il y en avait !!
Télécharger sur le bureau

OTMoveIt2.exe
---------------

= Copier ce texte qui est en gras

C:\WINDOWS\system32\vtUmmlJc.dll
C:\WINDOWS\system32\ssqQifde.dll
C:\WINDOWS\system32\aisdqurq.dll
C:\WINDOWS\system32\icxlctbv.dll
C:\WINDOWS\system32\synugtyf.dll
C:\WINDOWS\system32\awtrOfed.dll
C:\WINDOWS\system32\jroxkibe.dll
C:\WINDOWS\system32\rqRKCrSm.dll
C:\WINDOWS\system32\pkrbcyix.dll
C:\WINDOWS\system32\cqwnupos.dll
C:\WINDOWS\system32\hgGxWNff.dll
C:\WINDOWS\system32\opnomnnM.dll
C:\WINDOWS\system32\yayaXPjH.dll
C:\WINDOWS\system32\fccdbAqp.dll
C:\WINDOWS\system32\byXOeETl.dll
C:\WINDOWS\system32\ufcsxilw.ini
C:\WINDOWS\system32\wlixscfu.dll
C:\WINDOWS\system32\fkpaisps.dll
C:\WINDOWS\system32\hljwqjdv.dll
C:\WINDOWS\system32\ysvvbgrr.ini
C:\WINDOWS\system32\japfuilg.ini
C:\WINDOWS\system32\gliufpaj.dll
C:\WINDOWS\system32\shelmpqt.dll
C:\WINDOWS\system32\aycjkwwj.dll
C:\WINDOWS\system32\dcttlnad.ini
C:\WINDOWS\system32\ghgegjbx.ini
C:\WINDOWS\system32\lwussisx.ini
C:\WINDOWS\system32\jovvwpcf.ini
C:\WINDOWS\system32\ktpyoqwb.ini
C:\WINDOWS\system32\bgehrnrh.dll
C:\WINDOWS\system32\krpgrrhj.ini
C:\WINDOWS\system32\jhrrgprk.dll
C:\WINDOWS\system32\vjxjutow.dll
C:\WINDOWS\system32\sypqhcqg.ini
C:\WINDOWS\system32\ssqpm.dll
C:\WINDOWS\system32\jvcymfva.ini
C:\WINDOWS\system32\npeecucc.ini
C:\WINDOWS\system32\awkpidts.dll
C:\WINDOWS\system32\vqgktyiv.dll
C:\WINDOWS\system32\dgiujskh.dll
C:\WINDOWS\system32\aalaqfag.dll
C:\WINDOWS\system32\lxgskmuq.dll
C:\WINDOWS\system32\uluaurit.dll
C:\WINDOWS\system32\bljwxgnd.ini
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\elaaihwf.ini
C:\WINDOWS\system32\jruhybbl.dll
C:\WINDOWS\system32\gpfdhcuq.dll
C:\WINDOWS\system32\wrdnyswe.dll
C:\WINDOWS\system32\lhumjgvl.ini
C:\WINDOWS\system32\nfagrpdd.ini
C:\WINDOWS\system32\gsaecqlm.ini
C:\WINDOWS\system32\mlqceasg.dll
C:\WINDOWS\system32\heqwgugw.dll
C:\WINDOWS\system32\iqjjware.dll
C:\WINDOWS\system32\txmxuhmu.ini
C:\WINDOWS\system32\ieykbvhx.dll
C:\WINDOWS\system32\ypysnsdk.ini
C:\WINDOWS\system32\wempgxih.dll
C:\WINDOWS\system32\kdsnsypy.dll
C:\WINDOWS\system32\jivtyfeu.ini
C:\WINDOWS\system32\ijrbsgbj.dll
C:\WINDOWS\system32\xqjxtebi.dll
C:\WINDOWS\system32\grtfhgrm.ini
C:\WINDOWS\system32\aqivbwhm.ini
C:\WINDOWS\system32\jrrhuyqq.ini
C:\WINDOWS\system32\whqykjtu.dll


= Double-clic sur OTMoveIt
= Dans le cadre de Gauche ==> clic-droit ==> coller
= Clic MoveIt!
= si redémarrage demandé==> Clic : YES
= Un rapport dans ==> C:\_OTMoveIt\MovedFiles\date du jour_heure à copier puis à coller dans la réponse
=======================================================

et

refait un hijack


(Modifié par land3 le 07-04-2008 à 10:36)

Rapport OTMoveIt :



DllUnregisterServer procedure not found in C:\WINDOWS\system32\vtUmmlJc.dll

C:\WINDOWS\system32\vtUmmlJc.dll NOT unregistered.

C:\WINDOWS\system32\vtUmmlJc.dll moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\ssqQifde.dll

C:\WINDOWS\system32\ssqQifde.dll NOT unregistered.

C:\WINDOWS\system32\ssqQifde.dll moved successfully.

LoadLibrary failed for C:\WINDOWS\system32\aisdqurq.dll

C:\WINDOWS\system32\aisdqurq.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\aisdqurq.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\icxlctbv.dll

C:\WINDOWS\system32\icxlctbv.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\icxlctbv.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\synugtyf.dll

C:\WINDOWS\system32\synugtyf.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\synugtyf.dll scheduled to be moved on reboot.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\awtrOfed.dll

C:\WINDOWS\system32\awtrOfed.dll NOT unregistered.

C:\WINDOWS\system32\awtrOfed.dll moved successfully.

LoadLibrary failed for C:\WINDOWS\system32\jroxkibe.dll

C:\WINDOWS\system32\jroxkibe.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\jroxkibe.dll scheduled to be moved on reboot.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqRKCrSm.dll

C:\WINDOWS\system32\rqRKCrSm.dll NOT unregistered.

C:\WINDOWS\system32\rqRKCrSm.dll moved successfully.

LoadLibrary failed for C:\WINDOWS\system32\pkrbcyix.dll

C:\WINDOWS\system32\pkrbcyix.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\pkrbcyix.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\cqwnupos.dll

C:\WINDOWS\system32\cqwnupos.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\cqwnupos.dll scheduled to be moved on reboot.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\hgGxWNff.dll

C:\WINDOWS\system32\hgGxWNff.dll NOT unregistered.

C:\WINDOWS\system32\hgGxWNff.dll moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\opnomnnM.dll

C:\WINDOWS\system32\opnomnnM.dll NOT unregistered.

C:\WINDOWS\system32\opnomnnM.dll moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\yayaXPjH.dll

C:\WINDOWS\system32\yayaXPjH.dll NOT unregistered.

C:\WINDOWS\system32\yayaXPjH.dll moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\fccdbAqp.dll

C:\WINDOWS\system32\fccdbAqp.dll NOT unregistered.

C:\WINDOWS\system32\fccdbAqp.dll moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\byXOeETl.dll

C:\WINDOWS\system32\byXOeETl.dll NOT unregistered.

C:\WINDOWS\system32\byXOeETl.dll moved successfully.

C:\WINDOWS\system32\ufcsxilw.ini moved successfully.

LoadLibrary failed for C:\WINDOWS\system32\wlixscfu.dll

C:\WINDOWS\system32\wlixscfu.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\wlixscfu.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\fkpaisps.dll

C:\WINDOWS\system32\fkpaisps.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\fkpaisps.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\hljwqjdv.dll

C:\WINDOWS\system32\hljwqjdv.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\hljwqjdv.dll scheduled to be moved on reboot.

C:\WINDOWS\system32\ysvvbgrr.ini moved successfully.

C:\WINDOWS\system32\japfuilg.ini moved successfully.

LoadLibrary failed for C:\WINDOWS\system32\gliufpaj.dll

C:\WINDOWS\system32\gliufpaj.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\gliufpaj.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\shelmpqt.dll

C:\WINDOWS\system32\shelmpqt.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\shelmpqt.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\aycjkwwj.dll

C:\WINDOWS\system32\aycjkwwj.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\aycjkwwj.dll scheduled to be moved on reboot.

C:\WINDOWS\system32\dcttlnad.ini moved successfully.

C:\WINDOWS\system32\ghgegjbx.ini moved successfully.

C:\WINDOWS\system32\lwussisx.ini moved successfully.

C:\WINDOWS\system32\jovvwpcf.ini moved successfully.

C:\WINDOWS\system32\ktpyoqwb.ini moved successfully.

LoadLibrary failed for C:\WINDOWS\system32\bgehrnrh.dll

C:\WINDOWS\system32\bgehrnrh.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\bgehrnrh.dll scheduled to be moved on reboot.

C:\WINDOWS\system32\krpgrrhj.ini moved successfully.

LoadLibrary failed for C:\WINDOWS\system32\jhrrgprk.dll

C:\WINDOWS\system32\jhrrgprk.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\jhrrgprk.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\vjxjutow.dll

C:\WINDOWS\system32\vjxjutow.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\vjxjutow.dll scheduled to be moved on reboot.

C:\WINDOWS\system32\sypqhcqg.ini moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\ssqpm.dll

C:\WINDOWS\system32\ssqpm.dll NOT unregistered.

C:\WINDOWS\system32\ssqpm.dll moved successfully.

C:\WINDOWS\system32\jvcymfva.ini moved successfully.

C:\WINDOWS\system32\npeecucc.ini moved successfully.

LoadLibrary failed for C:\WINDOWS\system32\awkpidts.dll

C:\WINDOWS\system32\awkpidts.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\awkpidts.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\vqgktyiv.dll

C:\WINDOWS\system32\vqgktyiv.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\vqgktyiv.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\dgiujskh.dll

C:\WINDOWS\system32\dgiujskh.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\dgiujskh.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\aalaqfag.dll

C:\WINDOWS\system32\aalaqfag.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\aalaqfag.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\lxgskmuq.dll

C:\WINDOWS\system32\lxgskmuq.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\lxgskmuq.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\uluaurit.dll

C:\WINDOWS\system32\uluaurit.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\uluaurit.dll scheduled to be moved on reboot.

C:\WINDOWS\system32\bljwxgnd.ini moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmnnl.dll

C:\WINDOWS\system32\pmnnl.dll NOT unregistered.

C:\WINDOWS\system32\pmnnl.dll moved successfully.

C:\WINDOWS\system32\elaaihwf.ini moved successfully.

LoadLibrary failed for C:\WINDOWS\system32\jruhybbl.dll

C:\WINDOWS\system32\jruhybbl.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\jruhybbl.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\gpfdhcuq.dll

C:\WINDOWS\system32\gpfdhcuq.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\gpfdhcuq.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\wrdnyswe.dll

C:\WINDOWS\system32\wrdnyswe.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\wrdnyswe.dll scheduled to be moved on reboot.

C:\WINDOWS\system32\lhumjgvl.ini moved successfully.

C:\WINDOWS\system32\nfagrpdd.ini moved successfully.

C:\WINDOWS\system32\gsaecqlm.ini moved successfully.

LoadLibrary failed for C:\WINDOWS\system32\mlqceasg.dll

C:\WINDOWS\system32\mlqceasg.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\mlqceasg.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\heqwgugw.dll

C:\WINDOWS\system32\heqwgugw.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\heqwgugw.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\iqjjware.dll

C:\WINDOWS\system32\iqjjware.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\iqjjware.dll scheduled to be moved on reboot.

C:\WINDOWS\system32\txmxuhmu.ini moved successfully.

LoadLibrary failed for C:\WINDOWS\system32\ieykbvhx.dll

C:\WINDOWS\system32\ieykbvhx.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\ieykbvhx.dll scheduled to be moved on reboot.

C:\WINDOWS\system32\ypysnsdk.ini moved successfully.

LoadLibrary failed for C:\WINDOWS\system32\wempgxih.dll

C:\WINDOWS\system32\wempgxih.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\wempgxih.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\kdsnsypy.dll

C:\WINDOWS\system32\kdsnsypy.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\kdsnsypy.dll scheduled to be moved on reboot.

C:\WINDOWS\system32\jivtyfeu.ini moved successfully.

LoadLibrary failed for C:\WINDOWS\system32\ijrbsgbj.dll

C:\WINDOWS\system32\ijrbsgbj.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\ijrbsgbj.dll scheduled to be moved on reboot.

LoadLibrary failed for C:\WINDOWS\system32\xqjxtebi.dll

C:\WINDOWS\system32\xqjxtebi.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\xqjxtebi.dll scheduled to be moved on reboot.

C:\WINDOWS\system32\grtfhgrm.ini moved successfully.

C:\WINDOWS\system32\aqivbwhm.ini moved successfully.

C:\WINDOWS\system32\jrrhuyqq.ini moved successfully.

File/Folder C:\WINDOWS\system32\whqykjtu.dll not found.



OTMoveIt2 v1.0.19 log created on 04082008_101512





Rapport Hijackthis :



Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:20, on 2008-04-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Pinnacle\Shared Files\remoterm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Titouan\Bureau\HiJackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe

O4 - HKLM\..\Run: [PinnacleRemote] C:\Program Files\Pinnacle\Shared Files\remoterm.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://ecartoons.aol.fr/prod/install.html

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169662089578

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Digital Pen rendezvous server (PenRendezvous) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe

O23 - Service: Digital Pen Socket to USB protocol (PenSup) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe



--

End of file - 8616 bytes



Ajout du 08-04-2008 à 15:33:

up svp

up svp