Sujet Précédent Sujet Suivant

Torjan

Fermé
mnizar - 18 févr. 2009 à 00:34
 mnizar - 6 mars 2009 à 21:38
Bonjour,ce le rapport de mon ordinateur a travers hijackthis,aider moi pour enlever les chevales de trois
Logfile of HijackThis v1.99.1
Scan saved at 00:29:25, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mmm.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\WinMover\WinMover.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX32.672\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ares.mp3.es/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll
R3 - URLSearchHook: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
R3 - URLSearchHook: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee0.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
O2 - BHO: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
O3 - Toolbar: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee0.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Mmm] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [WinMover] "C:\Program Files\WinMover\WinMover.exe" /q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: nero.bat.lnk = C:\WINDOWS\system32\nero.bat
O4 - Startup: winword.exe.lnk = C:\WINDOWS\system32\winword.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

16 réponses

Réponse 1 / 16
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
19 févr. 2009 à 21:12
Bonsoir,

▶ Télécharge malwarebyte's anti-malware

▶ Un tutoriel sera à ta disposition pour l'installer et l'utiliser correctement.

▶ Fais la mise à jour du logiciel (elle se fait normalement à l'installation)

▶ Lance une analyse complète en cliquant sur "Exécuter un examen complet"

▶ Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"

▶ L'analyse peut durer un bon moment.....

▶ Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"

▶ Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"

▶ Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum


* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée
1
Réponse 2 / 16
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
18 févr. 2009 à 00:41
Bonsoir,

commence par faire ceci stp :

▶ Télécharge Toolbar-S&D (de Team IDN) sur ton Bureau

▶ Lance l'installation du programme en exécutant le fichier téléchargé.

▶ Double-clique maintenant sur le raccourci de Toolbar-S&D.

▶ Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.

▶ Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

▶ Poste le rapport généré. (C:\TB.txt)
0
mnizar
18 févr. 2009 à 14:36
MERCI, C'Est LE RAPPORT DE TOOLBAR

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER : Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:53 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:248 Mo (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 18/02/2009|14:05 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj6CD.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz6CE.tmp

-----------\\ Extensions

(Administrateur) - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} => eazel-fr
(Administrateur) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(Administrateur) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} => hotspot_shield
(Administrateur) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
(Administrateur) - {DDC359D1-844A-42a7-9AA1-88A850A938A8} => chrome
(Administrateur) - {e4a8a97b-f2ed-450b-b12d-ee082ba24781} => greasemonkey
(Administrateur) - {0083D43D-6EF6-4c6e-9113-0A987DA13A64} => restartfirefox
(Administrateur) - {25A1388B-6B18-46c3-BEBA-A81915D0DE8F} => qls
(Administrateur) - {455D905A-D37C-4643-A9E2-F6FEFAA0424A} => RefControl
(Administrateur) - {55041010-54F1-412e-8177-2E411719162D} => Torrify%20Theme
(Administrateur) - {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} => chatzilla
(Administrateur) - {73a6fe31-595d-460b-a920-fcc0f8843232} => noscript
(Administrateur) - {b749fc7c-e949-447f-926c-3f4eed6accfe} => modifyheaders
(Administrateur) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
(Administrateur) - {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} => torbutton
(Administrateur) - {e411bb40-b04c-11d8-92e7-00d09e0179f2} => firesomething


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://ares.mp3.es/start.php"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ADMINI~1\Bureau\tarek\jeux\WinRar_340_FR\crackWinrar340fr.exe
C:\DOCUME~1\ADMINI~1\Mes documents\anti virus\Norton_Antivirus_2008_final\Nor-ton Inte-rnet Secu-rity_2008_+Crack
C:\DOCUME~1\ADMINI~1\Mes documents\anti virus\Norton_Antivirus_2008_final\Nor-ton Inte-rnet Secu-rity_2008_+Crack\Crack
C:\DOCUME~1\ADMINI~1\Mes documents\anti virus\Norton_Antivirus_2008_final\Nor-ton Inte-rnet Secu-rity_2008_+Crack\Norton Internet Security 2008.exe
C:\DOCUME~1\ADMINI~1\Mes documents\anti virus\Norton_Antivirus_2008_final\Nor-ton Inte-rnet Secu-rity_2008_+Crack\Upgrade from Norton 2007 to norton 2008.txt
C:\DOCUME~1\ADMINI~1\Mes documents\anti virus\Norton_Antivirus_2008_final\Nor-ton Inte-rnet Secu-rity_2008_+Crack\Crack\setup.exe
C:\DOCUME~1\ADMINI~1\Mes documents\anti virus\Norton_Antivirus_2008_final\Nor-ton Inte-rnet Secu-rity_2008_+Crack\Crack\SETUP.LST
C:\DOCUME~1\ADMINI~1\Mes documents\tarek\jeux\WinRar_340_FR\crackWinrar340fr.exe



1 - "C:\ToolBar SD\TB_1.txt" - 18/02/2009|14:08 - Option : [1]

-----------\\ Fin du rapport a 14:08:13.43
0
Réponse 3 / 16
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
18 févr. 2009 à 15:26
Bonjour,

supprime tous les cracks de Norton que tu as téléchargé

ensuite :

▶ Relance Toolbar-S&D en double-cliquant sur le raccourci.

▶ Tape sur "2" puis valide en appuyant sur "Entrée".

/!\ Ne ferme pas la fenêtre lors de la suppression /!\

▶ Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Ce qu'il faut savoir sur les toolbars (barres d'outils)
0
Réponse 4 / 16
mnizar
19 févr. 2009 à 20:16
c'est le rapport de toolbar aprés la suppression de... -----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER : Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:53 Go)
D:\ (CD or DVD)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB) - FAT32 - Total:248 Mo (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 19/02/2009|20:00 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj6CD.tmp
Supprime! - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz6CE.tmp

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Administrateur) - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} => eazel-fr
(Administrateur) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(Administrateur) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} => hotspot_shield
(Administrateur) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
(Administrateur) - {DDC359D1-844A-42a7-9AA1-88A850A938A8} => chrome
(Administrateur) - {e4a8a97b-f2ed-450b-b12d-ee082ba24781} => greasemonkey
(Administrateur) - {0083D43D-6EF6-4c6e-9113-0A987DA13A64} => restartfirefox
(Administrateur) - {25A1388B-6B18-46c3-BEBA-A81915D0DE8F} => qls
(Administrateur) - {455D905A-D37C-4643-A9E2-F6FEFAA0424A} => RefControl
(Administrateur) - {55041010-54F1-412e-8177-2E411719162D} => Torrify%20Theme
(Administrateur) - {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} => chatzilla
(Administrateur) - {73a6fe31-595d-460b-a920-fcc0f8843232} => noscript
(Administrateur) - {b749fc7c-e949-447f-926c-3f4eed6accfe} => modifyheaders
(Administrateur) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
(Administrateur) - {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} => torbutton
(Administrateur) - {e411bb40-b04c-11d8-92e7-00d09e0179f2} => firesomething


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://ares.mp3.es/start.php"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ADMINI~1\Mes documents\tarek\jeux\WinRar_340_FR\crackWinrar340fr.exe



1 - "C:\ToolBar SD\TB_1.txt" - 18/02/2009|14:08 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 18/02/2009|14:28 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 19/02/2009|20:02 - Option : [2]

-----------\\ Fin du rapport a 20:02:26.43
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
mnizar
20 févr. 2009 à 02:21
c'est le rapport de
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1780
Windows 5.1.2600 Service Pack 3

20/02/2009 02:16:52
mbam-log-2009-02-20 (02-16-51).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 124995
Temps écoulé: 2 hour(s), 18 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 108

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\error nuker (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Error Nuker (Rogue.ErrorNuker) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Error Nuker (Rogue.ErrorNuker) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Error Nuker (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\backup (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\bin (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\config (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\doc (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\res (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\startup_log (Rogue.ErrorNuker) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Administrateur\Bureau\ErrorNukerInstaller.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\uninstall.exe (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\bin\ErrorNuker.exe (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\bin\StartupManager.exe (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\config\drr_conf.ini (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\config\drr_english.ini (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\config\drr_support.ini (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\doc\errornuker.chm (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\doc\license.rtf (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\doc\readme.txt (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\doc\vssver.scc (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\drr_hist_date.dat (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\drr_hist_desc.dat (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\drr_hist_entries.dat (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\drr_hist_files.dat (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\Error Nuker Log File.txt (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000005 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000006 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000007 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000008 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000009 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000010 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000011 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000012 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000013 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000014 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000015 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000016 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000017 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000018 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000019 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000020 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000021 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000022 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000023 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000024 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000025 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000026 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000027 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000028 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000029 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000030 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000031 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000032 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000033 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000034 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000035 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000036 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000037 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000038 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000039 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000040 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000041 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000042 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000043 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000044 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000045 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000046 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000047 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000048 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000049 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000050 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000051 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000052 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000053 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000054 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000055 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000056 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000057 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000058 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000059 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000060 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000061 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000062 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000063 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000064 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000065 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000066 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000067 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000068 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000069 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000070 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000071 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000072 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000073 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000074 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000075 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000076 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000077 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000078 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20090219_200523_000000079 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20090219_200522_000000000.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20090219_200522_000000001.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20090219_200523_000000002.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20090219_200523_000000003.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20090219_200523_000000004.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\res\error_nuker.ico (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\res\startup.ico (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\res\uninst.ico (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\res\vssver.scc (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\res\~trash.ico (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\res\~xpinstall.ico (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\startup_log\desc_file.txt (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\startup_log\entries_file.txt (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\startup_log\files_file.txt (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\startup_log\startup_log.txt (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\startup_log\values_file.txt (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Error Nuker.lnk (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
0
Réponse 6 / 16
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
20 févr. 2009 à 11:21
Bonjour,

Vas vider la quarantaine de Malwarebytes et ensuite fais ceci stp :

▶ télécharge smitfraudfix et enregistre le sur le bureau

▶ Ensuite double clique sur smitfraudfix puis exécuter

▶ Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

(attention : N utilises pas l option 2 si je ne te l ai pas demandé !!)

▶ copier/coller le rapport dans la réponse.


Voici un tutoriel sonore et animé en cas de problème d'utilisation



(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool".
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains,
cet utilitaire pourrait arrêter des logiciels de sécurité.)
0
Réponse 7 / 16
mnizar
20 févr. 2009 à 21:18
c'est le rapport de
SmitFraudFix v2.398

Rapport fait à 21:12:13.79, 20/02/2009
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\mmm.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WinMover\WinMover.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8A231608-2975-4A1F-9191-D40740D224A0}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8A231608-2975-4A1F-9191-D40740D224A0}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8A231608-2975-4A1F-9191-D40740D224A0}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 8 / 16
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
20 févr. 2009 à 21:21
refais un nouveau rapport hijackthis stp
0
Réponse 9 / 16
mnizar
21 févr. 2009 à 00:05
c'est le rapport de
Logfile of HijackThis v1.99.1
Scan saved at 00:02:28, on 21/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\mmm.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WinMover\WinMover.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.015\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ares.mp3.es/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll
R3 - URLSearchHook: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
R3 - URLSearchHook: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee0.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
O2 - BHO: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
O3 - Toolbar: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee0.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Mmm] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [WinMover] "C:\Program Files\WinMover\WinMover.exe" /q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: nero.bat.lnk = C:\WINDOWS\system32\nero.bat
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
0
Réponse 10 / 16
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
21 févr. 2009 à 01:50
▶ Télécharge et enregistre le fichier d installation sur ton bureau :

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

▶ Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )

▶ Ouvre le dossier Ad-remover présent sur ton bureau, et double clique sur Ad-remover.bat.

▶ Au menu principal choisi l'option "A"

▶ Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 11 / 16
mnizar
21 févr. 2009 à 19:44
c'est le rapport de
LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

Updated by C_XX on 15/02/2009 at 10:20

Start at: 19:35:51 | Sam 21/02/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: SWEET-C9A00BA05
Current User: Administrateur - Administrator
Drive(s):
- C:\ (File System: NTFS)
- E:\ (File System: CDFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 36

+-----------------| Boonty/Boonty Games Elements Found:

.
.

+-----------------| Eorezo Elements Found:

.

+-----------------| Infected Poker Softwares Elements Found:

.

+-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

.

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.6 ----

ProfilePath: mteietq8.default
.
Prefs.js: Browser.Search.SelectedEngine: "Web Search"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q="
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.13 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://ares.mp3.es/start.php

+-[HKEY_USERS\S-1-5-21-1644491937-492894223-1606980848-500\..\Internet Explorer\Main]

Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://ares.mp3.es/start.php

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://www.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~2132 Bytes] - "C:\Ad-Report-Scan-21.02.2009.log"
-

End at: 19:38:35 | 21/02/2009
.
+-----------------| E.O.F - 54 Lines
.
0
Réponse 12 / 16
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
22 févr. 2009 à 17:04
Bonjour,

▶ Télécharge Combofix de sUBs


▶ et enregistre le sur le Bureau.


▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)


Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


Je te conseille d'installer la console de récupération !!


ensuite envois le rapport et refais un nouveau rapport hijackthis stp
0
mnizar
24 févr. 2009 à 20:27
c'est le rapport de
Logfile of HijackThis v1.99.1
Scan saved at 20:22:25, on 24/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WinMover\WinMover.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX32.312\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ares.mp3.es/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll
R3 - URLSearchHook: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
R3 - URLSearchHook: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee0.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
O2 - BHO: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
O3 - Toolbar: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee0.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Mmm] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WinMover] "C:\Program Files\WinMover\WinMover.exe" /q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: nero.bat.lnk = C:\WINDOWS\system32\nero.bat
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
0
Réponse 13 / 16
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
26 févr. 2009 à 12:07
Bonjour,

as-tu fais ComboFix ??
0
mnizar
27 févr. 2009 à 00:06
c'est le rapport de
ComboFix 09-02-21.01 - Administrateur 2009-02-26 23:55:43.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.247.131 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\program files\SuperCopier2\SC2Hook.dll


((((((((((((((((((((((((((((( Fichiers créés du 2009-01-26 au 2009-02-26 ))))))))))))))))))))))))))))))))))))
.

2009-02-25 20:29 . 2009-02-25 20:31 828 -rah----- c:\windows\EPMBatch.ept
2009-02-25 19:54 . 2009-02-25 19:54 <REP> d-------- c:\program files\EASEUS
2009-02-24 23:26 . 2009-02-24 23:29 <REP> d-------- c:\program files\Free PDF to Word Converter
2009-02-21 19:23 . 2009-02-21 19:33 <REP> d-------- c:\program files\Ad-remover
2009-02-20 03:28 . 2009-02-20 03:28 268 --ah----- C:\sqmdata02.sqm
2009-02-20 03:28 . 2009-02-20 03:28 244 --ah----- C:\sqmnoopt02.sqm
2009-02-20 03:18 . 2009-02-20 03:18 <REP> d-------- c:\program files\Microsoft Synchronization Services
2009-02-20 03:18 . 2009-02-20 03:18 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-20 03:08 . 2009-02-20 03:11 <REP> d-------- c:\program files\Microsoft Visual Studio 9.0
2009-02-20 03:05 . 2009-02-20 03:05 <REP> d-------- c:\program files\Microsoft SDKs
2009-02-19 23:43 . 2009-02-19 23:43 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-19 23:43 . 2009-02-19 23:43 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-19 23:43 . 2009-02-19 23:43 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-02-19 23:43 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-19 23:43 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-18 18:50 . 2009-02-18 18:52 <REP> d-------- c:\documents and settings\Administrateur\Application Data\gtk-2.0
2009-02-18 18:50 . 2009-02-18 18:50 <REP> d-------- c:\documents and settings\Administrateur\.thumbnails
2009-02-18 18:46 . 2009-02-20 18:16 <REP> d-------- c:\documents and settings\Administrateur\.gimp-2.6
2009-02-18 18:45 . 2009-02-18 18:45 <REP> d-------- c:\documents and settings\Administrateur\.gegl-0.0
2009-02-18 18:43 . 2009-02-18 18:43 <REP> d-------- c:\program files\GIMP-2.0
2009-02-18 14:02 . 2009-02-19 20:02 <REP> d-------- C:\ToolBar SD
2009-02-06 17:04 . 2009-02-06 17:04 40 --a------ c:\windows\system32\d3d9prs.dat
2009-02-06 17:02 . 2009-02-06 17:04 <REP> d-------- c:\program files\GrandBilliards
2009-02-06 16:41 . 2009-02-06 16:41 <REP> d-------- c:\program files\PowerQuest
2009-02-05 19:46 . 2009-02-05 19:46 268 --ah----- C:\sqmdata00.sqm
2009-02-05 19:46 . 2009-02-05 19:46 244 --ah----- C:\sqmnoopt00.sqm
2009-02-05 19:46 . 2009-02-05 19:46 172 --ah----- C:\sqmnoopt01.sqm
2009-02-05 19:46 . 2009-02-05 19:46 172 --ah----- C:\sqmdata01.sqm
2009-02-04 12:46 . 2009-02-13 20:11 <REP> d-------- c:\documents and settings\Administrateur\undefined
2009-02-04 10:31 . 2009-02-04 10:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-03 21:39 . 2009-02-03 21:39 <REP> d-------- c:\program files\Messenger Plus! Live
2009-02-03 21:39 . 2009-02-03 21:40 <REP> d-------- c:\program files\Circle Developemet
2009-02-01 12:58 . 2009-02-01 12:58 <REP> d-------- c:\windows\system32\ocr
2009-02-01 12:58 . 2009-02-01 12:58 <REP> d-------- c:\windows\system32\Data
2009-02-01 12:58 . 2009-02-01 13:12 <REP> d-------- c:\program files\Driving Speed 2.exe
2009-01-30 23:53 . 2009-01-30 23:53 <REP> d-------- c:\program files\Ares
2009-01-30 23:40 . 2009-01-30 23:45 <REP> d-------- C:\Ares Tube
2009-01-30 23:37 . 2009-02-21 20:05 <REP> d-------- c:\program files\Peer2Peer-EN
2009-01-30 13:59 . 2009-01-30 13:59 <REP> d-------- C:\Nouveau dossie
2009-01-30 13:29 . 2009-01-30 13:29 <REP> d-------- c:\documents and settings\Administrateur\Application Data\vlc
2009-01-30 13:27 . 2009-01-30 13:27 <REP> d-------- c:\program files\VideoLAN
2009-01-29 22:00 . 2009-01-30 23:32 <REP> d-------- c:\documents and settings\Administrateur\Application Data\LimeWire
2009-01-29 21:59 . 2009-01-30 23:30 <REP> d-------- c:\program files\LimeWire
2009-01-26 12:30 . 2009-01-26 12:30 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 22:55 --------- d-----w c:\program files\SuperCopier2
2009-02-23 18:15 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-21 19:05 --------- d-----w c:\program files\PHPNukeEN
2009-02-21 19:05 --------- d-----w c:\program files\Eazel-FR
2009-02-20 02:17 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-06 15:43 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-28 20:16 --------- d-----w c:\program files\Hotspot_Shield
2009-01-27 10:41 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-27 10:41 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-27 00:20 --------- d-----w c:\program files\Fichiers communs\InstallShield
2009-01-23 19:15 96,384 ----a-w c:\windows\system32\drivers\sptd9917.sys
2009-01-23 19:15 664,064 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-21 13:57 --------- d-----w c:\program files\LSoft Technologies
2009-01-21 13:46 --------- d-----w c:\documents and settings\Administrateur\Application Data\ImgBurn
2009-01-21 13:29 --------- d-----w c:\program files\MagicISO
2009-01-20 20:54 --------- d-----w c:\program files\Java
2009-01-19 23:32 --------- d-----w c:\program files\Analog Devices
2009-01-18 16:13 --------- d-----w c:\program files\Common Files
2009-01-18 16:11 --------- d-----w c:\program files\Neoact
2009-01-18 10:25 --------- d-----w c:\program files\GOA
2009-01-15 20:47 --------- d-----w c:\documents and settings\Administrateur\Application Data\Leadertech
2009-01-15 20:27 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-15 18:25 --------- d-----w c:\program files\Notepad++
2009-01-14 02:21 --------- d-----w c:\program files\AnalogX
2009-01-13 19:31 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-13 19:31 --------- d-----w c:\program files\Fichiers communs\Nero
2009-01-13 19:30 --------- d-----w c:\program files\FlashFXP
2009-01-13 19:29 --------- d-----w c:\program files\CMenu
2009-01-13 18:09 --------- d-----w c:\program files\Adolix
2009-01-12 21:40 --------- d-----w c:\documents and settings\Administrateur\Application Data\AVGTOOLBAR
2009-01-11 14:44 --------- d-----w c:\program files\Unlocker
2009-01-10 18:14 --------- d-----w c:\documents and settings\Administrateur\Application Data\Notepad++
2009-01-10 15:52 --------- d-----w c:\documents and settings\Administrateur\Application Data\ACD Systems
2009-01-08 13:01 --------- d-----w c:\program files\Conduit
2009-01-07 23:37 --------- d-----w c:\program files\AVG
2009-01-07 18:03 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-07 14:00 --------- d-----w c:\documents and settings\Administrateur\Application Data\Thunderbird
2009-01-07 13:58 --------- d-----w c:\program files\Real Alternative
2009-01-07 13:58 --------- d-----w c:\program files\QT Lite
2009-01-07 13:58 --------- d-----w c:\program files\Media Player Classic
2009-01-07 13:56 --------- d-----w c:\program files\Xtremsplit
2009-01-07 13:56 --------- d-----w c:\program files\Fichiers communs\ACD Systems
2009-01-07 13:56 --------- d-----w c:\program files\ACD Systems
2009-01-07 13:56 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-07 13:55 --------- d-----w c:\program files\Windows Live Safety Center
2009-01-07 13:55 --------- d-----w c:\program files\Windows Live
2009-01-07 13:55 --------- d-----w c:\program files\ImgBurn
2009-01-07 13:55 --------- d-----w c:\program files\DAMN NFO Viewer
2009-01-07 13:53 --------- d-----w c:\program files\Utilitaires
2009-01-07 13:53 --------- d-----w c:\program files\Reference Assemblies
2009-01-07 13:53 --------- d-----w c:\program files\PuTTY
2009-01-07 13:53 --------- d-----w c:\program files\MSBuild
2009-01-07 13:52 --------- d-----w c:\program files\WinMover
2009-01-07 13:52 --------- d-----w c:\program files\Epsilon Squared
2009-01-07 13:52 --------- d-----w c:\documents and settings\All Users\Application Data\FlashFXP
2009-01-07 13:52 --------- d-----w c:\documents and settings\Administrateur\Application Data\EliasAE
2009-01-07 13:51 --------- d-----w c:\program files\MSECache
2009-01-07 13:43 --------- d-----w c:\program files\Microsoft Works
2009-01-07 13:42 --------- d-----w c:\program files\Microsoft.NET
2009-01-07 13:37 --------- d-----w c:\program files\Fichiers communs\Java
2009-01-07 13:24 --------- d-----w c:\program files\Microsoft Silverlight
2009-01-07 13:23 --------- d-----w c:\program files\Services en ligne
2009-01-07 13:20 --------- d-----w c:\program files\Windows Media Connect 2
.

------- Sigcheck -------

2008-06-25 18:31 579584 de4a4ac7328fc80156034e7eb283676d c:\windows\system32\user32.dll

2008-06-25 18:31 971264 b8fcd84f253a7eb9f14de1163fd68379 c:\windows\system32\wininet.dll

2008-06-25 18:30 361344 6e7a77e1e13d3dafe77af1012112a2c3 c:\windows\system32\drivers\tcpip.sys

2008-06-25 18:31 561152 de669722494cf41f6e39a62b3b08525c c:\windows\system32\winlogon.exe

2008-06-25 18:30 2165760 338d062fc6f9631bc55980a75ed809a4 c:\windows\system32\ntkrnlpa.exe

2008-06-25 18:30 2287104 a9db7b8fae4d18fbf86331c2e33bd6f7 c:\windows\system32\ntoskrnl.exe

2008-06-25 18:30 1573888 3c127370aa63c7d9fd756bb4be173427 c:\windows\explorer.exe

2008-06-25 18:30 40960 58db2ee838d5b7bad0f7f10a6c920390 c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-24_19.37.54.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-07 13:24:21 8,738 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
+ 2009-02-24 19:04:07 8,972 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
- 2009-01-07 13:24:19 86,331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2009-02-24 19:08:50 86,331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2009-01-07 13:24:21 2,116 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-02-24 19:08:50 2,430 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-02-20 17:12:16 213,504 ----a-w c:\windows\system32\BootMan.exe
+ 2009-02-20 17:10:26 6,656 ----a-w c:\windows\system32\CallbackOperator.dll
+ 2009-02-20 17:10:24 68,096 ----a-w c:\windows\system32\Device.dll
+ 2009-02-20 17:10:28 10,752 ----a-w c:\windows\system32\DeviceAdapter.dll
+ 2009-02-20 17:11:06 180,224 ----a-w c:\windows\system32\DeviceManager.dll
+ 2009-02-23 11:52:52 8,704 ----a-w c:\windows\system32\epmntdrv.sys
+ 2009-02-23 11:51:46 14,848 ----a-w c:\windows\system32\EuEpmGdi.dll
+ 2009-02-23 11:52:48 3,072 ----a-w c:\windows\system32\EuGdiDrv.sys
+ 2009-02-20 17:12:48 65,536 ----a-w c:\windows\system32\FatCopy.dll
+ 2009-02-20 17:09:54 25,088 ----a-w c:\windows\system32\FATFileSystemAnalyser.dll
+ 2009-02-20 17:10:48 22,016 ----a-w c:\windows\system32\FatFormat.dll
+ 2009-02-20 17:10:32 31,744 ----a-w c:\windows\system32\FatLib.dll
+ 2009-02-20 17:11:42 61,952 ----a-w c:\windows\system32\FatResizeMove.dll
+ 2009-02-20 17:10:12 14,848 ----a-w c:\windows\system32\FileSystemAnalyser.dll
+ 2009-02-20 17:11:24 45,568 ----a-w c:\windows\system32\FileSystemCheck.dll
+ 2009-02-20 17:10:14 21,504 ----a-w c:\windows\system32\Fixup.dll
+ 2009-02-20 17:12:34 139,776 ----a-w c:\windows\system32\NTFSCopy.dll
+ 2009-02-20 17:10:08 24,576 ----a-w c:\windows\system32\NTFSFileSystemAnalyser.dll
+ 2009-02-20 17:10:52 472,064 ----a-w c:\windows\system32\NTFSFormat.dll
+ 2009-02-20 17:10:44 86,528 ----a-w c:\windows\system32\NTFSLib.dll
+ 2009-02-20 17:11:20 93,184 ----a-w c:\windows\system32\Partition.dll
+ 2009-02-20 17:11:48 86,016 ----a-w c:\windows\system32\ResizeNTFS.dll
+ 2009-02-20 17:12:38 17,920 ----a-w c:\windows\system32\SectorCopy.dll
+ 2009-02-23 11:52:48 86,408 ----a-w c:\windows\system32\setupempdrv03.exe
+ 2009-02-26 22:42:01 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_710.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}"= "c:\program files\Eazel-FR\tbEaze.dll" [2008-11-23 1784856]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2008-11-23 1784856]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot0.dll" [2008-06-24 1569304]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee0.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]
2008-11-23 23:03 1784856 --a------ c:\program files\Eazel-FR\tbEaze.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2008-06-24 23:17 1569304 --a------ c:\program files\Hotspot_Shield\tbHot0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
2008-09-15 06:47 1784856 --a------ c:\program files\Peer2Peer-EN\tbPee0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2008-11-23 23:03 1784856 --a------ c:\program files\PHPNukeEN\tbPHPN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}"= "c:\program files\Eazel-FR\tbEaze.dll" [2008-11-23 1784856]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2008-11-23 1784856]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot0.dll" [2008-06-24 1569304]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee0.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A8F9752D-E2B8-4E7A-86B5-499F4330E2FE}"= "c:\program files\Eazel-FR\tbEaze.dll" [2008-11-23 1784856]
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2008-11-23 1784856]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot0.dll" [2008-06-24 1569304]
"{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPee0.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMover"="c:\program files\WinMover\WinMover.exe" [2005-12-02 10240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-01-21 5724184]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"ares"="c:\program files\Ares\Ares.exe" [2009-01-27 983040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-08-15 1404928]
"Mmm"="c:\windows\system32\mmm.exe" [2005-07-05 828416]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-20 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
nero.bat.lnk - c:\windows\system32\nero.bat [2008-11-20 180]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-27 11:41 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-08 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-08 107272]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-02-25 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-02-25 3072]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://ares.mp3.es/start.php
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2095689&SearchSource=13
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}\components\FFAlert.dll
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}\components\FFAlert.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 23:57:55
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
.
Heure de fin: 2009-02-26 23:59:47
ComboFix-quarantined-files.txt 2009-02-26 22:59:40
ComboFix2.txt 2009-02-24 18:38:43

Avant-CF: 44 441 747 456 octets libres
Après-CF: 44,485,218,304 octets libres

296











et c'est le rapport de

Logfile of HijackThis v1.99.1
Scan saved at 00:04:01, on 27/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WinMover\WinMover.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.797\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ares.mp3.es/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll
R3 - URLSearchHook: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
R3 - URLSearchHook: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee0.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
O2 - BHO: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
O3 - Toolbar: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee0.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Mmm] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WinMover] "C:\Program Files\WinMover\WinMover.exe" /q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: nero.bat.lnk = C:\WINDOWS\system32\nero.bat
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
0
Réponse 14 / 16
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
27 févr. 2009 à 11:25
Bonjour,

va supprimer ces dossier mis en gras ci-dessous :

C:\Program Files\Eazel-FR
C:\Program Files\PHPNukeEN
C:\Program Files\Hotspot_Shield
C:\Program Files\Peer2Peer-EN

ensuite :

Télécharge CCleaner

Tu auras un tutoriel pour l'installer et l'utiliser correctement.

Fais le nettoyage et recherche les erreurs du registre comme expliqué en bas du tutoriel.

Ensuite refais un nouveau rapport hijackthis pour vérifier stp
0
mnizar
27 févr. 2009 à 21:51
c'est la rapport
Logfile of HijackThis v1.99.1
Scan saved at 21:48:58, on 27/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WinMover\WinMover.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Notepad++\notepad++.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.312\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ares.mp3.es/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll (file missing)
R3 - URLSearchHook: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (file missing)
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
R3 - URLSearchHook: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee0.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll (file missing)
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
O2 - BHO: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee0.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll (file missing)
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (file missing)
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
O3 - Toolbar: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee0.dll (file missing)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Mmm] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WinMover] "C:\Program Files\WinMover\WinMover.exe" /q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: nero.bat.lnk = C:\WINDOWS\system32\nero.bat
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
0
Réponse 15 / 16
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
1 mars 2009 à 12:50
Bonjour,

relance hijackthis en cliquant sur scan only et coches ces lignes stp :

R3 - URLSearchHook: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll (file missing)
R3 - URLSearchHook: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (file missing)
R3 - URLSearchHook: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee0.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll (file missing)
O2 - BHO: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee0.dll (file missing)
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll (file missing)
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll (file missing)
O3 - Toolbar: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee0.dll (file missing)
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)

puis tu cliques sur fix checked.

Est-ce que tu as encore des problèmes ??
0
mnizar
3 mars 2009 à 19:31
c'est le rapport de hijackthis apres le formatage de l'ordinateur
Logfile of HijackThis v1.99.1
Scan saved at 19:21:23, on 03/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.344\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
0
Réponse 16 / 16
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
3 mars 2009 à 20:03
Bonsoir,

pourquoi avoir formaté ?? Tu avais encore des problèmes ??
0
mnizar
6 mars 2009 à 21:38
c le rapport de
est ce que j'ai des infections dans mon ordinateur
Logfile of HijackThis v1.99.1
Scan saved at 21:35:43, on 06/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.875\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.hiyo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPeer.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPeer.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPeer.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
0

Discussions similaires

virus Torjan
bachirrou -
totobetourne -

3 réponses
comment éliminer un virus torjan svp
njouba -
Wildou -

6 réponses
torjan
gentlepape -
gentlepape -

5 réponses
Formule anti Torjan
creation -
Bangs -

2 réponses
Je galére tjrs avec les Torjan.
shafer25 -
shafer25 -

5 réponses