Sujet Précédent Sujet Suivant

Help j'ai un virus (win32 trojan.wimad)

paul57000 Messages postés 20 Statut Membre -  
paul57000 Messages postés 20 Statut Membre -
Bonjour,

J'ai depuis peu un virus sur mon ordinateur qui ralentit considérablement la vitesse de ma connexion internet, et qui m'envoie des pubs pour un antivirus.
J'ai lancé un scan avec Ad-aware, qui avait détecté un virus "win32.trojandownloader.wimad".
Cependant, Ad-aware affichait avoir réussi a le supprimer, mais le problème persiste encore depuis, et lorsque je lance un scan, plus aucun virus n'est détecté, donc peut être que le trojan n'avais pas été supprimé...

Voilà, est ce que qq'un pourrait m'aider?

Merci d'avance.
A voir également:

16 réponses

Réponse 1 / 16
Utilisateur anonyme
 
Salut!!

Télécharge d'abord cet outil qui va permettre de cibler l'infection:

hijackthis

Installe-le dans son dossier par défaut et lance-le.

Choisis l'option "Do a system scan and save a Logfile".

Copie/colle alors le rapport généré dans ta prochaine réponse.

A++ ;)
0
Réponse 2 / 16
paul57000 Messages postés 20 Statut Membre
 
Voila le log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:00:50, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Popsicle - {A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C} - C:\Documents and Settings\All Users\Documents\Popsicle\ADVPro.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-789336058-179605362-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'paul')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\dxtmsft32.dll
O20 - Winlogon Notify: ac24d2c2509 - C:\WINDOWS\System32\dxtmsft32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe
0
Réponse 3 / 16
Utilisateur anonyme
 
Ok! Je vais débuter la désinfection, mais si ce que je pense se confirme, je t'enverrai certainement quelqu'un de plus qualifié que moi dans ce genre d'infection.

Commence par ceci:

Télécharge malwarebytes

Installe-le en veillant bien à ce que la case de mise à jour soit cochée en fin d'installation.

Lance-le et après la mise à jour, coche la case "Examen Complet".

Lance la recherche sur tous tes disques.

Après le scan, si le programme trouve quelque chose, clique sur "Voir les résultats" puis sur "Supprimer la sélection".

Si MBAM te demande de rebooter pour finaliser la suppression, accepte.

Poste ensuite le rapport généré dans ta prochaine réponse.

A+
0
Réponse 4 / 16
paul57000 Messages postés 20 Statut Membre
 
voila:

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1531
Windows 5.1.2600 Service Pack 3

22/12/2008 14:11:39
mbam-log-2008-12-22 (14-11-39).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 144457
Temps écoulé: 28 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 137

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Documents and Settings\All Users\Documents\Popsicle\ADVPro.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib\{be2ce3a1-0e47-4f12-a243-8fccced94209} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cd796033-04ae-4b69-8cb2-92bd6c2aaa27} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popsicle.comadvpro (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popsicle.comadvpro.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f7759abc-b7d8-437c-adc4-b35f2e1692cc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\anne\Application Data\m\shared (Trojan.Agent) -> Delete on reboot.

Fichier(s) infecté(s):
C:\Documents and Settings\All Users\Documents\Popsicle\ADVPro.dll (Trojan.BHO) -> Delete on reboot.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\.NET ModelKit Suite 3.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\3D Galaxy (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\anne\Application Data\m\shared\4th_Dimension_Standard_2003.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\A-one_DVD_Copy_5.74_Cracked.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Ace Currency Calculator 1.3.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\ActiveMailer 3.2.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Alarm Clock Pro 8.4.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\AllTweaks_Manager_1.00_[KeyGen].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\All_Video_to_VCD_SVCD_DVD_Converter_4.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Anapod_Explorer_8.9.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Angel iPod Video Converter 1.31.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Antenna_-_Web_Design_Studio_2.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Apollo_DVD_to_PSP_3.3.0_(KeyGen).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\AVS Capture Wizard 1.5.1.64.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Barca 2.5 Build 3900.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\BiDi Mail UI 0.8.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Birthday_Agent_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\BitRock InstallBuilder 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Blue Theme 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\BlueBox 1.0.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Break.com Video Grabber 1.0.0.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Business Valuation Model Excel 32.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\C-Organizer_3.7_[With_Crack].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\CALGOT and MAIMAI Christmas Wreathe 1.0.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Celtic_Font_#2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\CombiMovie 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Convert Image to PDF 2.212.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\DBBlobEditor_3.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Dragri_Lite_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\dsRenamer 2.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\DwgFind 2.10.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Easy_Registry_ActiveX_1.0_Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\eCorral_2.0.1.0_KeyGen.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\eMailer 4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\eMenutree 4.6.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Export To PDF .NET Assembly 1.2.50.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Express Talk VoIP Softphone 3.08.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Exybar_1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\EzCoin 1.02.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\F-Album_1.8.0_[Crack].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Freedom_Force_Beast_skin.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Freevoip 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\FTPConnector 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\gMigrate_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\GoalAchiever_1.0_Key+Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Go_Up_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\GradientStudio_1.1_Beta.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Gunman Chronicles Factory map.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\HashPass_1.6_Patch.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\HexTemplate_1.3b.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Hide_Secret_Files_1.02.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\HiFi_OGG_Splitter_Joiner_1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Holly Dolly Video Grabber Max 2.9.7.10 Key.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Housenator 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\How to Play the Guitar Vol1 5.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\HTML_Search_and_Replace_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\HT_Photo_DVD_2.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\IE Photomontage 1.02.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\IE Proxy Changer 1.1.4322.2407.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\IMDbSearch 1.0.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Intercue_Mobility_Suite_for_Pocket_PC_4.8.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Internet_Explorer_Key_6.5_build_1014.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\InventoryBuilder 2.8.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\iPod Video Converter 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\JukeJam_1.0_(Cracked).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\KillPro_1.5_KeyGen.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Lament Configuration Screen saver 1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Living 3D Fireplace 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\LLXResourceManager 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\LogAnalytics 2.0.043.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\MapContacts for Google Earth 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\mIRCStats 1.21 (Key).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Mortgage-UK_1.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\MyFavorites_Pro_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\MyLife_Organized_1.5.01.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Native_POP3_Connector_2.4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\NetZoom_Stencils_for_Visio_2003_Visio_2003.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\O-Knife 1.01.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Offshore_Sailing_2.00.11.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\P2P_Backup_1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\PC Draft PE 5.0.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\PDF-XChange_Lite_3.6_build_118_[Key].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Percautus_Radio_1.4.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\PHP_5.2.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Portable Offline Browser 4.7.2614 SR1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\ProFactor IncludeManager 1.02.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Pro_Email_Verifier_1.2.1_[KeyGen].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Recipe_Browser_1.2_Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Red_M&M_Clock_Screensaver_1.0_Crack.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Restorer2000_Pro_3_build_123007.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Return_to_Castle_Wolfenstein_Fatality_map.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Rosary_Screen_Saver_1.11.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Screen_Calipers_Mac_Edition_3.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\SEOpen 0.8.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\ShowOff 1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Show_Me_The_Colors!_4.7.0.33520.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Simple Net Speed 1.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Smart Video Converter 1.5.42.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\SoftCab_Email_Checker_1.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Software Time Lock 6.1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Spytech SpyAgent 6.20.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Spy_Stalker_1.0.1_(Cracked).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Sqirlz Water Reflections 2.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Star_Wars_Empire_at_War_v1.1_patch.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\SWF To Image 1.30 [KeyGen].zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\TFT-Setup_1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\The_Mask_of_Zorro.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\The_Stimulator_1.0.11.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\TimeMgr_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Toolbar_Remover_2.1.12_With_Crack.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Toyota MRS Screensaver.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\TreePad_Viewer_7.1.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\TurnBackTime 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\UMSLite_4.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Unreal_Tournament_2003_-_Infected_Damarus_skin.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Update Itunes 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\UserToolInfo_0.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\UxTheme Patch for Windows Server 2008 SP1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Valentina_for_Revolution_2.3_Patch.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Visual Requirements 1.4.8.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\VoiceChum Professional 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\WebClipio 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\WebKut 1.0.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Webskape Player 3.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\WebSpeedReader 8.8.14.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Widget Land News & Search.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\XP_Artistic_Icons_Collection_3.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\Zelscope 1.00.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\anne\Application Data\m\shared\[Programmi-Ita].Panda.platinum.internet.security.2005(crack.+.serial)+.italiano.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Delete on reboot.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
Utilisateur anonyme
 
Ok! Redémarre le pc si ce n'est déjà fait.

Relance ensuite MBAM, va dans quarantaine et supprime tout.

Ensuite fais ceci:

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 6 / 16
paul57000 Messages postés 20 Statut Membre
 
voila le log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by zou at 2008-12-22 17:54:54
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 111 GB (92%) free of 120 GB
Total RAM: 1006 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:02, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\zou\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\zou.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\dxtmsft32.dll
O20 - Winlogon Notify: ac24d2c2509 - C:\WINDOWS\System32\dxtmsft32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe
0
Réponse 7 / 16
Utilisateur anonyme
 
Re! Tu n'as pas d'Anti-virus?

Sinon, installe celui-ci: http://www.commentcamarche.net/telecharger/telecharger 55 antivir

Ensuite:

Télécharge UsbFix (de Chiquitine29) sur ton Bureau :

http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

--> Clic droit sur le raccourci UsbFix sur ton Bureau et choisis Exécuter en tant qu'administrateur.

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide
0
Réponse 8 / 16
paul57000 Messages postés 20 Statut Membre
 
voila le rapport:

-------------- UsbFix V2.413.6 ---------------

* User : zou - ZOU-86833816385
* Outils mis a jours le 21/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 20:51:22 le 22/12/2008
* Windows Xp - Internet Explorer 7.0.5730.13

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\zou\LOCALS~1\Temp\1.tmp\b2e.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur amovible

--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe

+- Listing des fichiers présents :

[10/08/2008 18:08][--a------] C:\AUTOEXEC.BAT
[05/08/2004 13:00][-rahs----] C:\NTDETECT.COM
[10/08/2008 18:01][---hs----] C:\boot.ini
[09/11/2008 11:33][--a------] C:\FindyKill.txt
[09/11/2008 11:33][--a------] C:\HaxFix.txt
[09/11/2008 11:33][--a------] C:\UsbFix.txt
[10/08/2008 18:08][--a------] C:\CONFIG.SYS
[10/08/2008 18:08][--a------] C:\IO.SYS
[10/08/2008 18:08][--a------] C:\MSDOS.SYS
[10/08/2008 18:08][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe

+- Listing des fichiers présents :

--------------- [ Lecteur E ] ----------------

E: - Lecteur amovible

+- Listing des fichiers présents :

[21/12/2008 20:08][--a------] E:\haxfix.exe
[21/12/2008 20:08][--a------] E:\hijackthis_hijackthis_2.02_anglais_17891.exe

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Syslog=
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
BigDogPath=C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
SigmatelSysTrayApp=sttray.exe
IntelAudioStudio="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a4a60c8-3f93-11d8-be3b-001676c787e6}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a4a60c8-3f93-11d8-be3b-001676c787e6}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a4a60c8-3f93-11d8-be3b-001676c787e6}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d520e289-8337-11dd-be51-001676c787e6}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d520e289-8337-11dd-be51-001676c787e6}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d520e289-8337-11dd-be51-001676c787e6}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea5ec16a-6ed8-11dd-be2f-001676c787e6}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea5ec16a-6ed8-11dd-be2f-001676c787e6}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea5ec16a-6ed8-11dd-be2f-001676c787e6}\Shell\open\Command

--------------- [ Nettoyage des disques ] ----------------

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[10/08/2008 18:08][--a------] C:\AUTOEXEC.BAT
[05/08/2004 13:00][-rahs----] C:\NTDETECT.COM
[10/08/2008 18:01][---hs----] C:\boot.ini
[21/12/2008 20:08][--a------] E:\haxfix.exe
[21/12/2008 20:08][--a------] E:\hijackthis_hijackthis_2.02_anglais_17891.exe

--------------- ! Fin du rapport ! ----------------
0
Réponse 9 / 16
Utilisateur anonyme
 
Télécharge CCleaner

Lors de l’installation, décoche l’option qui t’installerait la barre Yahoo

Va dans "Options">>"Avancé". Décoche la première ligne.

Va dans la section "Nettoyeur". Lance l'analyse. La liste créée, lance le nettoyage deux fois de suite afin d'obtenir 0bytes supprimé!

Ensuite dans "Registre", lance une recherche des erreurs. La liste créée, fais-les réparer.

/!\ A ce moment CCleaner te demande normalement de sauvegarder le registre, fais-le. /!\

Recommence ensuite le cycle Recherche/Réparation des erreurs jusqu'à n'en trouver aucune lors de la recherche.

------------------------------------

Poste ensuite un nouveau rapport RSIT, stp.
0
Réponse 10 / 16
paul57000
 
voic le nouveau rapport RSIT:

Logfile of random's system information tool 1.05 (written by random/random)
Run by zou at 2008-12-22 22:01:48
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 111 GB (92%) free of 120 GB
Total RAM: 1006 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:57, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\zou\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\zou.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\dxtmsft32.dll
O20 - Winlogon Notify: ac24d2c2509 - C:\WINDOWS\System32\dxtmsft32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe
0
Réponse 11 / 16
paul57000
 
voic le nouveau rapport RSIT:

Logfile of random's system information tool 1.05 (written by random/random)
Run by zou at 2008-12-22 22:01:48
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 111 GB (92%) free of 120 GB
Total RAM: 1006 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:57, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\zou\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\zou.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\dxtmsft32.dll
O20 - Winlogon Notify: ac24d2c2509 - C:\WINDOWS\System32\dxtmsft32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe
0
Réponse 12 / 16
Utilisateur anonyme
 
Toujours pas d'antivirus??

Ou en sont tes problèmes?
0
Réponse 13 / 16
paul57000 Messages postés 20 Statut Membre
 
Désolé pour cette absence prolongée, j'étais parti en vacances.
Le protocole que vous m'avez proposé marche mais au bout de quelques jours, les virus reviennent et c'est encore le même problème...
Que me proposez-vous?

Quant a mon antivirus, j'ai tea timer, l'antivirus de spybot, je ne sais pas si c'est un bon antivirus ou non.
0
Réponse 14 / 16
Utilisateur anonyme
 
Le protocole que vous m'avez proposé marche mais au bout de quelques jours, les virus reviennent et c'est encore le même problème...

--> Effectivement, on a rien fait!!! ;)

Donc bonsoir! Ça fait un moment! Va falloir se remettre dedans!

Pour commencer, si tu as toujours RSIT sur ton bureau, tu peux envoyer un rapport! ;)

A++

0
Réponse 15 / 16
paul57000 Messages postés 20 Statut Membre
 
Il y a eu quelques complications: j'ai essayé de lancer RSIT, mais le programme m'a dit que hijackthis n'etait pas une application win32 valide.
J'ai lancé ad-aware qui marchait normalement, et il a trouvé un worm bagle que j'avais déjà eu précédemment, il y a 3 mois environ. On m'avait aidé a enlever ce virus dans ce topic: http://www.commentcamarche.net/forum/affich 9093291 worm bagle comment supprimer ce virus?#11 .
Enfin bref, j'ai repris la même procédure, avec findykill, et donc le worm bagle ne devrait plus me gêner, du moins je l'éspere, je ne comprends pas comment il a pu réapparaître ainsi après quelques mois.
Après avoir refait cela, j'ai réinstallé hijackthis et donc ça remarche.

Voici finalement le rapport RSIT: (au moment ou le scan a été fait, internet marchait normalement mais il y avait toujours des pubs pour un antivirus qui s'affichaient).

Logfile of random's system information tool 1.05 (written by random/random)
Run by zou at 2009-01-11 14:58:54
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 111 GB (92%) free of 120 GB
Total RAM: 1006 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:00, on 11/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\zou\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\zou.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\dxtmsft32.dll
O20 - Winlogon Notify: ac24d2c2509 - C:\WINDOWS\System32\dxtmsft32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe
0
Réponse 16 / 16
paul57000 Messages postés 20 Statut Membre
 
quelque chose de suspect?
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses