Help j'ai un virus (win32 trojan.wimad)

paul57000 Messages postés 20 Statut Membre -  
paul57000 Messages postés 20 Statut Membre -
Bonjour,

J'ai depuis peu un virus sur mon ordinateur qui ralentit considérablement la vitesse de ma connexion internet, et qui m'envoie des pubs pour un antivirus.
J'ai lancé un scan avec Ad-aware, qui avait détecté un virus "win32.trojandownloader.wimad".
Cependant, Ad-aware affichait avoir réussi a le supprimer, mais le problème persiste encore depuis, et lorsque je lance un scan, plus aucun virus n'est détecté, donc peut être que le trojan n'avais pas été supprimé...

Voilà, est ce que qq'un pourrait m'aider?

Merci d'avance.
Configuration: Windows XP
Firefox 3.0.4

16 réponses

  1. ric025
     
    Salut!!

    Télécharge d'abord cet outil qui va permettre de cibler l'infection:

    hijackthis

    Installe-le dans son dossier par défaut et lance-le.

    Choisis l'option "Do a system scan and save a Logfile".

    Copie/colle alors le rapport généré dans ta prochaine réponse.

    A++ ;)
    0
  2. paul57000 Messages postés 20 Statut Membre
     
    Voila le log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:00:50, on 22/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\VM_STI.EXE
    C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\VM_STI.EXE
    C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Popsicle - {A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C} - C:\Documents and Settings\All Users\Documents\Popsicle\ADVPro.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-789336058-179605362-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'paul')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: LaunchU3.exe.lnk = ?
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\System32\dxtmsft32.dll
    O20 - Winlogon Notify: ac24d2c2509 - C:\WINDOWS\System32\dxtmsft32.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe
    0
  3. ric025
     
    Ok! Je vais débuter la désinfection, mais si ce que je pense se confirme, je t'enverrai certainement quelqu'un de plus qualifié que moi dans ce genre d'infection.

    Commence par ceci:

    Télécharge malwarebytes

    Installe-le en veillant bien à ce que la case de mise à jour soit cochée en fin d'installation.

    Lance-le et après la mise à jour, coche la case "Examen Complet".

    Lance la recherche sur tous tes disques.

    Après le scan, si le programme trouve quelque chose, clique sur "Voir les résultats" puis sur "Supprimer la sélection".

    Si MBAM te demande de rebooter pour finaliser la suppression, accepte.

    Poste ensuite le rapport généré dans ta prochaine réponse.

    A+
    0
  4. paul57000 Messages postés 20 Statut Membre
     
    voila:

    Malwarebytes' Anti-Malware 1.31
    Version de la base de données: 1531
    Windows 5.1.2600 Service Pack 3

    22/12/2008 14:11:39
    mbam-log-2008-12-22 (14-11-39).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 144457
    Temps écoulé: 28 minute(s), 51 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 11
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 4
    Fichier(s) infecté(s): 137

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\Documents and Settings\All Users\Documents\Popsicle\ADVPro.dll (Trojan.BHO) -> Delete on reboot.
    C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\TypeLib\{be2ce3a1-0e47-4f12-a243-8fccced94209} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cd796033-04ae-4b69-8cb2-92bd6c2aaa27} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popsicle.comadvpro (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popsicle.comadvpro.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{f7759abc-b7d8-437c-adc4-b35f2e1692cc} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m (Trojan.Agent) -> Delete on reboot.
    C:\Documents and Settings\anne\Application Data\m\shared (Trojan.Agent) -> Delete on reboot.

    Fichier(s) infecté(s):
    C:\Documents and Settings\All Users\Documents\Popsicle\ADVPro.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\.NET ModelKit Suite 3.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\3D Galaxy (Trojan.Agent) -> Delete on reboot.
    C:\Documents and Settings\anne\Application Data\m\shared\4th_Dimension_Standard_2003.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\A-one_DVD_Copy_5.74_Cracked.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Ace Currency Calculator 1.3.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\ActiveMailer 3.2.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Alarm Clock Pro 8.4.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\AllTweaks_Manager_1.00_[KeyGen].zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\All_Video_to_VCD_SVCD_DVD_Converter_4.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Anapod_Explorer_8.9.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Angel iPod Video Converter 1.31.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Antenna_-_Web_Design_Studio_2.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Apollo_DVD_to_PSP_3.3.0_(KeyGen).zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\AVS Capture Wizard 1.5.1.64.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Barca 2.5 Build 3900.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\BiDi Mail UI 0.8.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Birthday_Agent_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\BitRock InstallBuilder 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Blue Theme 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\BlueBox 1.0.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Break.com Video Grabber 1.0.0.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Business Valuation Model Excel 32.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\C-Organizer_3.7_[With_Crack].zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\CALGOT and MAIMAI Christmas Wreathe 1.0.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Celtic_Font_#2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\CombiMovie 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Convert Image to PDF 2.212.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\DBBlobEditor_3.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Dragri_Lite_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\dsRenamer 2.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\DwgFind 2.10.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Easy_Registry_ActiveX_1.0_Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\eCorral_2.0.1.0_KeyGen.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\eMailer 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\eMenutree 4.6.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Export To PDF .NET Assembly 1.2.50.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Express Talk VoIP Softphone 3.08.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Exybar_1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\EzCoin 1.02.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\F-Album_1.8.0_[Crack].zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Freedom_Force_Beast_skin.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Freevoip 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\FTPConnector 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\gMigrate_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\GoalAchiever_1.0_Key+Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Go_Up_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\GradientStudio_1.1_Beta.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Gunman Chronicles Factory map.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\HashPass_1.6_Patch.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\HexTemplate_1.3b.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Hide_Secret_Files_1.02.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\HiFi_OGG_Splitter_Joiner_1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Holly Dolly Video Grabber Max 2.9.7.10 Key.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Housenator 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\How to Play the Guitar Vol1 5.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\HTML_Search_and_Replace_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\HT_Photo_DVD_2.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\IE Photomontage 1.02.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\IE Proxy Changer 1.1.4322.2407.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\IMDbSearch 1.0.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Intercue_Mobility_Suite_for_Pocket_PC_4.8.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Internet_Explorer_Key_6.5_build_1014.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\InventoryBuilder 2.8.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\iPod Video Converter 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\JukeJam_1.0_(Cracked).zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\KillPro_1.5_KeyGen.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Lament Configuration Screen saver 1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Living 3D Fireplace 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\LLXResourceManager 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\LogAnalytics 2.0.043.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\MapContacts for Google Earth 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\mIRCStats 1.21 (Key).zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Mortgage-UK_1.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\MyFavorites_Pro_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\MyLife_Organized_1.5.01.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Native_POP3_Connector_2.4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\NetZoom_Stencils_for_Visio_2003_Visio_2003.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\O-Knife 1.01.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Offshore_Sailing_2.00.11.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\P2P_Backup_1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\PC Draft PE 5.0.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\PDF-XChange_Lite_3.6_build_118_[Key].zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Percautus_Radio_1.4.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\PHP_5.2.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Portable Offline Browser 4.7.2614 SR1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\ProFactor IncludeManager 1.02.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Pro_Email_Verifier_1.2.1_[KeyGen].zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Recipe_Browser_1.2_Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Red_M&M_Clock_Screensaver_1.0_Crack.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Restorer2000_Pro_3_build_123007.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Return_to_Castle_Wolfenstein_Fatality_map.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Rosary_Screen_Saver_1.11.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Screen_Calipers_Mac_Edition_3.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\SEOpen 0.8.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\ShowOff 1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Show_Me_The_Colors!_4.7.0.33520.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Simple Net Speed 1.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Smart Video Converter 1.5.42.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\SoftCab_Email_Checker_1.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Software Time Lock 6.1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Spytech SpyAgent 6.20.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Spy_Stalker_1.0.1_(Cracked).zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Sqirlz Water Reflections 2.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Star_Wars_Empire_at_War_v1.1_patch.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\SWF To Image 1.30 [KeyGen].zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\TFT-Setup_1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\The_Mask_of_Zorro.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\The_Stimulator_1.0.11.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\TimeMgr_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Toolbar_Remover_2.1.12_With_Crack.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Toyota MRS Screensaver.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\TreePad_Viewer_7.1.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\TurnBackTime 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\UMSLite_4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Unreal_Tournament_2003_-_Infected_Damarus_skin.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Update Itunes 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\UserToolInfo_0.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\UxTheme Patch for Windows Server 2008 SP1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Valentina_for_Revolution_2.3_Patch.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Visual Requirements 1.4.8.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\VoiceChum Professional 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\WebClipio 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\WebKut 1.0.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Webskape Player 3.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\WebSpeedReader 8.8.14.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Widget Land News & Search.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\XP_Artistic_Icons_Collection_3.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\Zelscope 1.00.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\anne\Application Data\m\shared\[Programmi-Ita].Panda.platinum.internet.security.2005(crack.+.serial)+.italiano.zip (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Delete on reboot.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ric025
     
    Ok! Redémarre le pc si ce n'est déjà fait.

    Relance ensuite MBAM, va dans quarantaine et supprime tout.

    Ensuite fais ceci:

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
  7. paul57000 Messages postés 20 Statut Membre
     
    voila le log:

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by zou at 2008-12-22 17:54:54
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 111 GB (92%) free of 120 GB
    Total RAM: 1006 MB (61% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:55:02, on 22/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\VM_STI.EXE
    C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\zou\Bureau\RSIT.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\zou.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: LaunchU3.exe.lnk = ?
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\System32\dxtmsft32.dll
    O20 - Winlogon Notify: ac24d2c2509 - C:\WINDOWS\System32\dxtmsft32.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe
    0
  8. ric025
     
    Re! Tu n'as pas d'Anti-virus?

    Sinon, installe celui-ci: http://www.commentcamarche.net/telecharger/telecharger 55 antivir

    Ensuite:

    Télécharge UsbFix (de Chiquitine29) sur ton Bureau :

    http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

    --> Lance l'installation avec les paramètres par défaut.

    --> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

    --> Clic droit sur le raccourci UsbFix sur ton Bureau et choisis Exécuter en tant qu'administrateur.

    --> Le PC va redémarrer.

    --> Après redémarrage, poste le rapport UsbFix.txt

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

    (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide
    0
  9. paul57000 Messages postés 20 Statut Membre
     
    voila le rapport:

    -------------- UsbFix V2.413.6 ---------------

    * User : zou - ZOU-86833816385
    * Outils mis a jours le 21/12/2008 par Chiquitine29 et Chimay8
    * Recherche effectuée à 20:51:22 le 22/12/2008
    * Windows Xp - Internet Explorer 7.0.5730.13

    --------------- [ Processus actifs ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\DOCUME~1\zou\LOCALS~1\Temp\1.tmp\b2e.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\VM_STI.EXE
    C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

    --------------- [ Informations lecteurs ] ----------------

    C: - Lecteur fixe

    D: - Lecteur fixe

    E: - Lecteur amovible

    --------------- [ Lecteur C ] ----------------

    C: - Lecteur fixe

    +- Listing des fichiers présents :

    [10/08/2008 18:08][--a------] C:\AUTOEXEC.BAT
    [05/08/2004 13:00][-rahs----] C:\NTDETECT.COM
    [10/08/2008 18:01][---hs----] C:\boot.ini
    [09/11/2008 11:33][--a------] C:\FindyKill.txt
    [09/11/2008 11:33][--a------] C:\HaxFix.txt
    [09/11/2008 11:33][--a------] C:\UsbFix.txt
    [10/08/2008 18:08][--a------] C:\CONFIG.SYS
    [10/08/2008 18:08][--a------] C:\IO.SYS
    [10/08/2008 18:08][--a------] C:\MSDOS.SYS
    [10/08/2008 18:08][--a------] C:\pagefile.sys

    --------------- [ Lecteur D ] ----------------

    D: - Lecteur fixe

    +- Listing des fichiers présents :

    --------------- [ Lecteur E ] ----------------

    E: - Lecteur amovible

    +- Listing des fichiers présents :

    [21/12/2008 20:08][--a------] E:\haxfix.exe
    [21/12/2008 20:08][--a------] E:\hijackthis_hijackthis_2.02_anglais_17891.exe

    --------------- [ Registre / Startup ] ----------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
    SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    Syslog=
    NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    nwiz=nwiz.exe /install
    NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
    BigDogPath=C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
    SigmatelSysTrayApp=sttray.exe
    IntelAudioStudio="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
    SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
    Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    NoChange=1
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1
    <NO NAME>=

    --------------- [ Registre / Mountpoint2 ] ----------------

    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a4a60c8-3f93-11d8-be3b-001676c787e6}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a4a60c8-3f93-11d8-be3b-001676c787e6}\Shell\explore\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a4a60c8-3f93-11d8-be3b-001676c787e6}\Shell\open\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d520e289-8337-11dd-be51-001676c787e6}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d520e289-8337-11dd-be51-001676c787e6}\Shell\explore\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d520e289-8337-11dd-be51-001676c787e6}\Shell\open\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea5ec16a-6ed8-11dd-be2f-001676c787e6}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea5ec16a-6ed8-11dd-be2f-001676c787e6}\Shell\explore\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea5ec16a-6ed8-11dd-be2f-001676c787e6}\Shell\open\Command

    --------------- [ Nettoyage des disques ] ----------------

    --------------- [ Resumé ] ----------------

    -> /!\ Le resultat doit etre interprété par un spécialiste /!\

    [10/08/2008 18:08][--a------] C:\AUTOEXEC.BAT
    [05/08/2004 13:00][-rahs----] C:\NTDETECT.COM
    [10/08/2008 18:01][---hs----] C:\boot.ini
    [21/12/2008 20:08][--a------] E:\haxfix.exe
    [21/12/2008 20:08][--a------] E:\hijackthis_hijackthis_2.02_anglais_17891.exe

    --------------- ! Fin du rapport ! ----------------
    0
  10. ric025
     
    Télécharge CCleaner

    Lors de l’installation, décoche l’option qui t’installerait la barre Yahoo


    Va dans "Options">>"Avancé". Décoche la première ligne.

    Va dans la section "Nettoyeur". Lance l'analyse. La liste créée, lance le nettoyage deux fois de suite afin d'obtenir 0bytes supprimé!

    Ensuite dans "Registre", lance une recherche des erreurs. La liste créée, fais-les réparer.

    /!\ A ce moment CCleaner te demande normalement de sauvegarder le registre, fais-le. /!\

    Recommence ensuite le cycle Recherche/Réparation des erreurs jusqu'à n'en trouver aucune lors de la recherche.

    ------------------------------------

    Poste ensuite un nouveau rapport RSIT, stp.
    0
  11. paul57000
     
    voic le nouveau rapport RSIT:

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by zou at 2008-12-22 22:01:48
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 111 GB (92%) free of 120 GB
    Total RAM: 1006 MB (64% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:01:57, on 22/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\VM_STI.EXE
    C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\zou\Bureau\RSIT.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\zou.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: LaunchU3.exe.lnk = ?
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\System32\dxtmsft32.dll
    O20 - Winlogon Notify: ac24d2c2509 - C:\WINDOWS\System32\dxtmsft32.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe
    0
  12. paul57000
     
    voic le nouveau rapport RSIT:

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by zou at 2008-12-22 22:01:48
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 111 GB (92%) free of 120 GB
    Total RAM: 1006 MB (64% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:01:57, on 22/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\VM_STI.EXE
    C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\zou\Bureau\RSIT.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\zou.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: LaunchU3.exe.lnk = ?
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\System32\dxtmsft32.dll
    O20 - Winlogon Notify: ac24d2c2509 - C:\WINDOWS\System32\dxtmsft32.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe
    0
  13. ric025
     
    Toujours pas d'antivirus??

    Ou en sont tes problèmes?
    0
  14. paul57000 Messages postés 20 Statut Membre
     
    Désolé pour cette absence prolongée, j'étais parti en vacances.
    Le protocole que vous m'avez proposé marche mais au bout de quelques jours, les virus reviennent et c'est encore le même problème...
    Que me proposez-vous?

    Quant a mon antivirus, j'ai tea timer, l'antivirus de spybot, je ne sais pas si c'est un bon antivirus ou non.
    0
  15. ric025
     
    Le protocole que vous m'avez proposé marche mais au bout de quelques jours, les virus reviennent et c'est encore le même problème...

    --> Effectivement, on a rien fait!!! ;)

    Donc bonsoir! Ça fait un moment! Va falloir se remettre dedans!

    Pour commencer, si tu as toujours RSIT sur ton bureau, tu peux envoyer un rapport! ;)

    A++

    0
  16. paul57000 Messages postés 20 Statut Membre
     
    Il y a eu quelques complications: j'ai essayé de lancer RSIT, mais le programme m'a dit que hijackthis n'etait pas une application win32 valide.
    J'ai lancé ad-aware qui marchait normalement, et il a trouvé un worm bagle que j'avais déjà eu précédemment, il y a 3 mois environ. On m'avait aidé a enlever ce virus dans ce topic: http://www.commentcamarche.net/forum/affich 9093291 worm bagle comment supprimer ce virus?#11 .
    Enfin bref, j'ai repris la même procédure, avec findykill, et donc le worm bagle ne devrait plus me gêner, du moins je l'éspere, je ne comprends pas comment il a pu réapparaître ainsi après quelques mois.
    Après avoir refait cela, j'ai réinstallé hijackthis et donc ça remarche.

    Voici finalement le rapport RSIT: (au moment ou le scan a été fait, internet marchait normalement mais il y avait toujours des pubs pour un antivirus qui s'affichaient).

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by zou at 2009-01-11 14:58:54
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 111 GB (92%) free of 120 GB
    Total RAM: 1006 MB (70% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:59:00, on 11/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Documents and Settings\zou\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\zou.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: LaunchU3.exe.lnk = ?
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\System32\dxtmsft32.dll
    O20 - Winlogon Notify: ac24d2c2509 - C:\WINDOWS\System32\dxtmsft32.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe
    0
  17. paul57000 Messages postés 20 Statut Membre
     
    quelque chose de suspect?
    0