Sujet Précédent Sujet Suivant

J'ai vraiment besoin d'aide

Résolu
DMX -  
 moe -
voici mon rapport de silent runner pour pouvoir enlever mon virus (impossible de changer de fond d'écran, plus de clic droit et écran rouge avec message de smart sécurity sur le bureau.

aidez moi !!! svp

"Silent Runners.vbs", revision 34, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"Uaf" = "C:\WINDOWS\System32\Skq.exe" [null data]
"Bkn" = "C:\WINDOWS\System32\Hho.exe" [null data]
"Jvn" = "C:\WINDOWS\Rnu.exe" [null data]
"Ass" = "C:\WINDOWS\System32\Kas.exe" [null data]
"Ksg" = "C:\WINDOWS\System32\Qlb.exe" [null data]
"Bih" = "C:\WINDOWS\System32\Mvt.exe" [null data]
"Bfg" = "C:\WINDOWS\Hut.exe" [null data]
"Itd" = "C:\WINDOWS\System32\Abn.exe" [null data]
"Hpd" = "C:\WINDOWS\Bqj.exe" [null data]
"Hts" = "C:\WINDOWS\Ihl.exe" [null data]
"Lhq" = "C:\WINDOWS\System32\Dia.exe" [null data]
"Mqd" = "C:\WINDOWS\System32\Eau.exe" [null data]
"Ana" = "C:\WINDOWS\Hus.exe" [null data]
"Udn" = "C:\WINDOWS\Ciq.exe" [null data]
"Uoq" = "C:\WINDOWS\Ivj.exe" [null data]
"Gtv" = "C:\WINDOWS\System32\Dub.exe" [null data]
"Rsr" = "C:\WINDOWS\Nmi.exe" [null data]
"Bpa" = "C:\WINDOWS\Kgv.exe" [null data]
"Itp" = "C:\WINDOWS\Pkp.exe" [null data]
"Jge" = "C:\WINDOWS\Qab.exe" [null data]
"Bje" = "C:\WINDOWS\System32\Jbp.exe" [null data]
"Kua" = "C:\WINDOWS\System32\Kqs.exe" [null data]
"Nvd" = "C:\WINDOWS\Mbq.exe" [null data]
"Jdb" = "C:\WINDOWS\System32\Obc.exe" [null data]
"Jua" = "C:\WINDOWS\System32\Amr.exe" [null data]
"Nbj" = "C:\WINDOWS\Qhv.exe" [null data]
"Ntc" = "C:\WINDOWS\Ddl.exe" [null data]
"Qps" = "C:\WINDOWS\Hor.exe" [null data]
"Cte" = "C:\WINDOWS\Lkn.exe" [null data]
"Mpl" = "C:\WINDOWS\System32\Vkf.exe" [null data]
"Uht" = "C:\WINDOWS\Tqf.exe" [null data]
"Iji" = "C:\WINDOWS\System32\Pbj.exe" [null data]
"Led" = "C:\WINDOWS\System32\Fls.exe" [null data]
"Mpm" = "C:\WINDOWS\System32\Pdq.exe" [null data]
"Dpm" = "C:\WINDOWS\System32\Mic.exe" [null data]
"Mvv" = "C:\WINDOWS\System32\Tun.exe" [null data]
"Gks" = "C:\WINDOWS\Ape.exe" [null data]
"Gbt" = "C:\WINDOWS\System32\Gnc.exe" [null data]
"Eif" = "C:\WINDOWS\System32\Lmb.exe" [null data]
"Aum" = "C:\WINDOWS\System32\Kfe.exe" [null data]
"Cuj" = "C:\WINDOWS\Oaf.exe" [null data]
"Tap" = "C:\WINDOWS\Ded.exe" [null data]
"Eog" = "C:\WINDOWS\System32\Krp.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"SSC_UserPrompt" = "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"QuickTime Task" = ""C:\WINDOWS\system32\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Uaf" = "C:\WINDOWS\System32\Skq.exe" [null data]
"Bkn" = "C:\WINDOWS\System32\Hho.exe" [null data]
"Jvn" = "C:\WINDOWS\Rnu.exe" [null data]
"Ass" = "C:\WINDOWS\System32\Kas.exe" [null data]
"Ksg" = "C:\WINDOWS\System32\Qlb.exe" [null data]
"Bih" = "C:\WINDOWS\System32\Mvt.exe" [null data]
"Bfg" = "C:\WINDOWS\Hut.exe" [null data]
"Itd" = "C:\WINDOWS\System32\Abn.exe" [null data]
"Hpd" = "C:\WINDOWS\Bqj.exe" [null data]
"Hts" = "C:\WINDOWS\Ihl.exe" [null data]
"Lhq" = "C:\WINDOWS\System32\Dia.exe" [null data]
"Mqd" = "C:\WINDOWS\System32\Eau.exe" [null data]
"Ana" = "C:\WINDOWS\Hus.exe" [null data]
"Udn" = "C:\WINDOWS\Ciq.exe" [null data]
"Uoq" = "C:\WINDOWS\Ivj.exe" [null data]
"Gtv" = "C:\WINDOWS\System32\Dub.exe" [null data]
"Rsr" = "C:\WINDOWS\Nmi.exe" [null data]
"Bpa" = "C:\WINDOWS\Kgv.exe" [null data]
"Itp" = "C:\WINDOWS\Pkp.exe" [null data]
"Jge" = "C:\WINDOWS\Qab.exe" [null data]
"Bje" = "C:\WINDOWS\System32\Jbp.exe" [null data]
"Kua" = "C:\WINDOWS\System32\Kqs.exe" [null data]
"Nvd" = "C:\WINDOWS\Mbq.exe" [null data]
"Jdb" = "C:\WINDOWS\System32\Obc.exe" [null data]
"Jua" = "C:\WINDOWS\System32\Amr.exe" [null data]
"Nbj" = "C:\WINDOWS\Qhv.exe" [null data]
"Ntc" = "C:\WINDOWS\Ddl.exe" [null data]
"Qps" = "C:\WINDOWS\Hor.exe" [null data]
"Cte" = "C:\WINDOWS\Lkn.exe" [null data]
"Mpl" = "C:\WINDOWS\System32\Vkf.exe" [null data]
"Uht" = "C:\WINDOWS\Tqf.exe" [null data]
"Iji" = "C:\WINDOWS\System32\Pbj.exe" [null data]
"Led" = "C:\WINDOWS\System32\Fls.exe" [null data]
"Mpm" = "C:\WINDOWS\System32\Pdq.exe" [null data]
"Dpm" = "C:\WINDOWS\System32\Mic.exe" [null data]
"Mvv" = "C:\WINDOWS\System32\Tun.exe" [null data]
"Gks" = "C:\WINDOWS\Ape.exe" [null data]
"Gbt" = "C:\WINDOWS\System32\Gnc.exe" [null data]
"Eif" = "C:\WINDOWS\System32\Lmb.exe" [null data]
"Aum" = "C:\WINDOWS\System32\Kfe.exe" [null data]
"Cuj" = "C:\WINDOWS\Oaf.exe" [null data]
"Tap" = "C:\WINDOWS\Ded.exe" [null data]
"Eog" = "C:\WINDOWS\System32\Krp.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."]

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\sstext3d.scr" [MS]

Enabled Wallpaper and Active Desktop:
-------------------------------------

Active Desktop is disabled.

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\desktop.html"

Startup items in "DMX" & "All Users" startup folders:
-----------------------------------------------------

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"InterVideo WinCinema Manager" -> shortcut to: "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]
"Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g" -> shortcut to: "C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe" [" "]

Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Analyser mon ordinateur - DMX" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {CLSID}\(Default) = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {CLSID}\(Default) = "&Google"
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {CLSID}\(Default) = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {CLSID}\(Default) = "&Google"
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Carte de performance WMI, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS]
Norton AntiVirus Firewall Monitor Service, NPFMntor, "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" ["Symantec Corporation"]
SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\System32\UAService7.exe" [null data]
Service Norton AntiVirus Auto-Protect, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

3 réponses

Réponse 1 / 3
moe
 
redemarre en mode sans echecs

ouvre l'éditeur de registre:
demarrer>executer tape regedit

deplace toi jusqu'a cette clé:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Dans la partie droite, supprime toute ces entrées:
"Uaf" = "C:\WINDOWS\System32\Skq.exe"
"Bkn" = "C:\WINDOWS\System32\Hho.exe"
"Jvn" = "C:\WINDOWS\Rnu.exe"
"Ass" = "C:\WINDOWS\System32\Kas.exe"
"Ksg" = "C:\WINDOWS\System32\Qlb.exe"
"Bih" = "C:\WINDOWS\System32\Mvt.exe"
"Bfg" = "C:\WINDOWS\Hut.exe"
"Itd" = "C:\WINDOWS\System32\Abn.exe"
"Hpd" = "C:\WINDOWS\Bqj.exe"
"Mqd" = "C:\WINDOWS\System32\Eau.exe"
"Ana" = "C:\WINDOWS\Hus.exe"
"Udn" = "C:\WINDOWS\Ciq.exe"
"Uoq" = "C:\WINDOWS\Ivj.exe"
"Gtv" = "C:\WINDOWS\System32\Dub.exe"
"Rsr" = "C:\WINDOWS\Nmi.exe"
"Bpa" = "C:\WINDOWS\Kgv.exe"
"Itp" = "C:\WINDOWS\Pkp.exe"
"Jge" = "C:\WINDOWS\Qab.exe"
"Bje" = "C:\WINDOWS\System32\Jbp.exe"
"Kua" = "C:\WINDOWS\System32\Kqs.exe"
"Nvd" = "C:\WINDOWS\Mbq.exe"
"Jdb" = "C:\WINDOWS\System32\Obc.exe"
"Jua" = "C:\WINDOWS\System32\Amr.exe"
"Nbj" = "C:\WINDOWS\Qhv.exe"
"Ntc" = "C:\WINDOWS\Ddl.exe"
"Qps" = "C:\WINDOWS\Hor.exe"
"Cte" = "C:\WINDOWS\Lkn.exe"
"Mpl" = "C:\WINDOWS\System32\Vkf.exe"
"Uht" = "C:\WINDOWS\Tqf.exe"
"Iji" = "C:\WINDOWS\System32\Pbj.exe"
"Led" = "C:\WINDOWS\System32\Fls.exe"
"Mpm" = "C:\WINDOWS\System32\Pdq.exe"
"Dpm" = "C:\WINDOWS\System32\Mic.exe"
"Mvv" = "C:\WINDOWS\System32\Tun.exe"
"Gks" = "C:\WINDOWS\Ape.exe"
"Gbt" = "C:\WINDOWS\System32\Gnc.exe"
"Eif" = "C:\WINDOWS\System32\Lmb.exe"
"Aum" = "C:\WINDOWS\System32\Kfe.exe"
"Cuj" = "C:\WINDOWS\Oaf.exe"
"Tap" = "C:\WINDOWS\Ded.exe"
"Eog" = "C:\WINDOWS\System32\Krp.exe"

en fait toutes les lignes avec des exe de 3 lettres aleatoires

puis dans cette clé:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

supprime:
"Uaf" = "C:\WINDOWS\System32\Skq.exe"
"Bkn" = "C:\WINDOWS\System32\Hho.exe"
"Jvn" = "C:\WINDOWS\Rnu.exe"
"Ass" = "C:\WINDOWS\System32\Kas.exe"
"Ksg" = "C:\WINDOWS\System32\Qlb.exe"
"Bih" = "C:\WINDOWS\System32\Mvt.exe"
"Bfg" = "C:\WINDOWS\Hut.exe"
"Itd" = "C:\WINDOWS\System32\Abn.exe"
"Hpd" = "C:\WINDOWS\Bqj.exe"
"Hts" = "C:\WINDOWS\Ihl.exe"
"Lhq" = "C:\WINDOWS\System32\Dia.exe"
"Mqd" = "C:\WINDOWS\System32\Eau.exe"
"Ana" = "C:\WINDOWS\Hus.exe"
"Udn" = "C:\WINDOWS\Ciq.exe"
"Uoq" = "C:\WINDOWS\Ivj.exe"
"Gtv" = "C:\WINDOWS\System32\Dub.exe"
"Rsr" = "C:\WINDOWS\Nmi.exe"
"Bpa" = "C:\WINDOWS\Kgv.exe"
"Itp" = "C:\WINDOWS\Pkp.exe"
"Jge" = "C:\WINDOWS\Qab.exe"
"Bje" = "C:\WINDOWS\System32\Jbp.exe"
"Kua" = "C:\WINDOWS\System32\Kqs.exe"
"Nvd" = "C:\WINDOWS\Mbq.exe"
"Jdb" = "C:\WINDOWS\System32\Obc.exe"
"Jua" = "C:\WINDOWS\System32\Amr.exe"
"Nbj" = "C:\WINDOWS\Qhv.exe"
"Ntc" = "C:\WINDOWS\Ddl.exe"
"Qps" = "C:\WINDOWS\Hor.exe"
"Cte" = "C:\WINDOWS\Lkn.exe"
"Mpl" = "C:\WINDOWS\System32\Vkf.exe"
"Uht" = "C:\WINDOWS\Tqf.exe"
"Iji" = "C:\WINDOWS\System32\Pbj.exe"
"Led" = "C:\WINDOWS\System32\Fls.exe"
"Mpm" = "C:\WINDOWS\System32\Pdq.exe"
"Dpm" = "C:\WINDOWS\System32\Mic.exe"
"Mvv" = "C:\WINDOWS\System32\Tun.exe"
"Gks" = "C:\WINDOWS\Ape.exe"
"Gbt" = "C:\WINDOWS\System32\Gnc.exe"
"Eif" = "C:\WINDOWS\System32\Lmb.exe"
"Aum" = "C:\WINDOWS\System32\Kfe.exe"
"Cuj" = "C:\WINDOWS\Oaf.exe"
"Tap" = "C:\WINDOWS\Ded.exe"
"Eog" = "C:\WINDOWS\System32\Krp.exe"

supprime aussi le dossier C:\desktop

ensuite tu supprime tout les exescorrespondants(essaye de ne pas en oublier LOL)

une fois fait, lance le fichier background.reg que tu as telechargé.

redemarre le pc normalement, et reposte un log hijack.

croisons les doigts...
0
moe
 
dsl, mauvais copier coller, il manque le debut de mon post

on va essayer de faire sans hijackthis
telecharge ceci, mais ne l'utilise pas encore
http://pageperso.aol.fr/Balltrap34/Background.zip
0
Réponse 2 / 3
DMX
 
ça y est c'est bon impeccable !!! j'ai retrouvé toutes mes fonction et j'ai enfin pu changer de' fond d'écran !!!

merci mille fois

Logfile of HijackThis v1.99.1
Scan saved at 20:11:48, on 11/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\programes\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
0
Réponse 3 / 3
moe
 
le log est ok, ca roule!!

Il me semble que la manip a la main, a été payante+le reg de balltrap.
tu peux maintenant réactiver la restauration systeme.
sacré salo**ie ce trojan, et surtout pas beaucoup d'infos à son sujet.
En tout cas, c'est réglé pour toi ;-)

a+
0