Analyser mon hijackthis svp, merci

Question

Re, Re, Re et encore Re bonjour

Je résume
1; Suis nule en informatique
2 D'ou ma présence
3 Je viens de formater mon Xp
4 Je viens d'installer Avast (mécontente de Norton)
5 A peine installé (bon j'exagère) Avast me dis que j'ai des invités, voir plutôt des profiteurs dans mon PC (trojan)
6 Je supprime, je met en quarantaine, bref je panique.
7 Je me souviens de l'adresse de Comment ca marche
8 Je fais un Hitjackthis avant qu'on me le demande
9 Je vous demande (humblement) de bien vouloir y jeter un coup d'oeil et me dire ce que vous en pensez.
10 Merci d'avance
11 Je cours vite fait installer a2, adware etc avant que vous me disiez de le faire

Merci pour tout

Elise

Logfile of HijackThis v1.99.1
Scan saved at 15:48:46, on 09/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
C:\WINDOWS\System32\mssvcc.exe
C:\WINDOWS\shost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\banmanpro.exe
C:\WINDOWS\System32\mssecure.exe
C:\WINDOWS\logon.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\msvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\msvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Documents and Settings\clerice\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\System32\pmkjg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe
O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe
O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
O4 - HKLM\..\Run: [secures23] mssecure.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [winnsvc] msvc.exe
O4 - HKLM\..\Run: [NI.UERSV_0001_LP] "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSV_0001_LPNetInstaller.exe"
O4 - HKLM\..\RunServices: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DABCC1E9-25B7-4789-B500-34DB104C3CE8}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: pmkjg - C:\WINDOWS\SYSTEM32\pmkjg.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe

Afficher la suite

Kristopher · Answer

Salut,

Tu es très infecté. Tout d'abord :

-Scanne ton PC avec cet antivirus en ligne : http://www.pandasoftware.com/activescan/fr/activescan_principal.htm

-Installe un antispyware, je te conseille Microsoft AntiSpyware :
http://www.01net.com/telecharger/windows/Utilitaire/antivirus/fiches/31195.html

-Installe ce nettoyeur CCLEANER : http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Tutorial là : http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

Et après reposte un log HijackThis ;)

++

theoelliot · Answer

Bonjour,

Je n'ai pas réussi à scanner en ligne, je vais être obligée de recommencer plus tard dans la journée.
J'ai tout de même fais
--l'antispyware et le nettoyeur.
Voici donc le dernier hitjackthis, tout frais moulu de ce matin.
Merci pour votre aide.

Elise

Logfile of HijackThis v1.99.1
Scan saved at 05:33:57, on 10/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\shost.exe
C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
C:\WINDOWS\System32\mssvcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\banmanpro.exe
C:\WINDOWS\System32\mssecure.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\msvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
c:\winmc10.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\System32\pmkjh.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\System32\ddabc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe
O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe
O4 - HKLM\..\Run: [secures23] mssecure.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [winnsvc] msvc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Services] c:\winmc10.exe
O4 - HKLM\..\RunServices: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int12.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c32.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DABCC1E9-25B7-4789-B500-34DB104C3CE8}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddabc - C:\WINDOWS\SYSTEM32\ddabc.dll
O20 - Winlogon Notify: pmkjh - C:\WINDOWS\System32\pmkjh.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe

Pendant que je suis là,
Le ménage ne se fait pas................

theoelliot · Answer

Ok je fais tout cela et je reviens aux nouvelles.Merci beaucoupElise

theoelliot · Answer

Bon alors dans l'ordre des choses, je parle d abord de ce que je n'ai pas pu faire:

- Impossible de trouver les fichiers MSWSA32.exe
et
msvc.exe pour les supprimer.

- Dans msconfig, je n'avais aucune des lignes suivantes [MS Windows System Alert] MSWSA32.exe
[msconfig38] mssvcc.exe
[secures23] mssecure.exe et je n'ai donc pas pu les supprimer.

- Enfin lorsque je lance VirtumundoBegone j'ai le message d'alerte suivant " Warning, This programm may terminate running process and automatically restart the computer in VirtumundoBegone is detected, etc etc".
Par contre il me génère bien un rapport (ci - joint).

[01/10/2006, 15:43:44] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\clerice\Bureau\VirtumundoBeGone.exe" )
[01/10/2006, 15:43:54] - Detected System Information:
[01/10/2006, 15:43:54] - Windows Version: 5.1.2600, Service Pack 1
[01/10/2006, 15:43:54] - Current Username: clerice (Admin)
[01/10/2006, 15:43:54] - Windows is in NORMAL mode.
[01/10/2006, 15:43:54] - Searching for Browser Helper Objects:
[01/10/2006, 15:43:54] - BHO 1: {2353FCBC-012D-487B-8BF3-865C0929FBEB} (ATLDistrib Object)
[01/10/2006, 15:43:54] - ALERT: Found ATLDistrib Object!
[01/10/2006, 15:43:54] - BHO 2: {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} ()
[01/10/2006, 15:43:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/10/2006, 15:43:54] - Checking for HKLM\...\Winlogon\Notify\ddabc
[01/10/2006, 15:43:54] - Found: HKLM\...\Winlogon\Notify\ddabc - This is probably Virtumundo.
[01/10/2006, 15:43:54] - Assigning {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} MSEvents Object
[01/10/2006, 15:43:54] - BHO list has been changed! Starting over...
[01/10/2006, 15:43:54] - BHO 1: {2353FCBC-012D-487B-8BF3-865C0929FBEB} (ATLDistrib Object)
[01/10/2006, 15:43:54] - ALERT: Found ATLDistrib Object!
[01/10/2006, 15:43:54] - BHO 2: {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} (MSEvents Object)
[01/10/2006, 15:43:54] - ALERT: Found MSEvents Object!
[01/10/2006, 15:43:54] - Finished Searching Browser Helper Objects
[01/10/2006, 15:43:54] - *** Detected ATLDistrib Object
[01/10/2006, 15:43:54] - *** Detected MSEvents Object
[01/10/2006, 15:43:54] - Trying to remove ATLDistrib Object...
[01/10/2006, 15:43:55] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 15:43:55] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 15:43:55] - Disabling Automatic Shell Restart
[01/10/2006, 15:43:55] - Terminating Process: EXPLORER.EXE
[01/10/2006, 15:43:56] - Suspending the NT Session Manager System Service
[01/10/2006, 15:43:56] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 15:43:56] - Re-enabling Automatic Shell Restart
[01/10/2006, 15:43:56] - File to disable: C:\WINDOWS\System32\pmkjh.dll
[01/10/2006, 15:43:56] - Renaming C:\WINDOWS\System32\pmkjh.dll -> C:\WINDOWS\System32\pmkjh.dll.vir
[01/10/2006, 15:43:56] - File successfully renamed!
[01/10/2006, 15:43:56] - Removing HKLM\...\Browser Helper Objects\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
[01/10/2006, 15:43:56] - Removing HKCR\CLSID\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
[01/10/2006, 15:43:56] - Adding Kill Bit for ActiveX for GUID: {2353FCBC-012D-487B-8BF3-865C0929FBEB}
[01/10/2006, 15:43:56] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 15:43:56] - Removing HKLM\...\Winlogon\Notify\pmkjh
[01/10/2006, 15:43:56] - Trying to remove MSEvents Object...
[01/10/2006, 15:43:57] - Terminating Process: IEXPLORE.EXE
[01/10/2006, 15:43:57] - Terminating Process: RUNDLL32.EXE
[01/10/2006, 15:43:57] - Disabling Automatic Shell Restart
[01/10/2006, 15:43:57] - Terminating Process: EXPLORER.EXE
[01/10/2006, 15:43:57] - Suspending the NT Session Manager System Service
[01/10/2006, 15:43:57] - Terminating Windows NT Logon/Logoff Manager
[01/10/2006, 15:43:57] - Re-enabling Automatic Shell Restart
[01/10/2006, 15:43:57] - File to disable: C:\WINDOWS\system32\ddabc.dll
[01/10/2006, 15:43:57] - Renaming C:\WINDOWS\system32\ddabc.dll -> C:\WINDOWS\system32\ddabc.dll.vir
[01/10/2006, 15:43:57] - File successfully renamed!
[01/10/2006, 15:43:57] - Removing HKLM\...\Browser Helper Objects\{EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D}
[01/10/2006, 15:43:57] - Removing HKCR\CLSID\{EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D}
[01/10/2006, 15:43:57] - Adding Kill Bit for ActiveX for GUID: {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D}
[01/10/2006, 15:43:57] - Deleting ATLEvents/MSEvents Registry entries
[01/10/2006, 15:43:57] - Removing HKLM\...\Winlogon\Notify\ddabc
[01/10/2006, 15:43:57] - Searching for Browser Helper Objects:
[01/10/2006, 15:43:57] - Finished Searching Browser Helper Objects
[01/10/2006, 15:43:57] - Finishing up...
[01/10/2006, 15:43:57] - A restart is needed.
[01/10/2006, 15:44:05] - Attempting to Restart via STOP error (Blue Screen!)

[01/10/2006, 15:46:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\clerice\Bureau\VirtumundoBeGone.exe" )
[01/10/2006, 15:47:48] - User choose NOT to continue. Exiting...

Logfile of HijackThis v1.99.1
Scan saved at 15:49:04, on 10/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\shost.exe
C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DABCC1E9-25B7-4789-B500-34DB104C3CE8}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe

J'attend les ordres avec impatience.

Merci pour les conseils.

Elise

theoelliot · Answer

Je viens de faire le scan en ligne de bitdefender.
Voici le rapport :

BitDefender Online Scanner

Scan report generated at: Tue, Jan 10, 2006 - 16:12:39

Scan path: A:\;C:\;D:\;E:\;

Statistics

Time
00:12:53

Files
98332

Folders
1155

Boot Sectors
2

Archives
904

Packed Files
12054

Results

Identified Viruses
5

Infected Files
11

Suspect Files
5

Warnings
0

Disinfected
0

Deleted Files
15

Engines Info

Virus Definitions
251012

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\dnmc10.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\dnmc10.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed

C:\dnmc10.exe=>(RAR Sfx o)=>tr.exe
Deleted

C:\dnmc10.exe=>(RAR Sfx o)
Update failed

C:\Documents and Settings\clerice\Local Settings\Temporary Internet Files\Content.IE5\GQMA9RKZ\server[1].exe
Suspected of: Dropped:Generic.Malware.SFM.A22B729B

C:\Documents and Settings\clerice\Local Settings\Temporary Internet Files\Content.IE5\GQMA9RKZ\server[1].exe
Disinfection failed

C:\Documents and Settings\clerice\Local Settings\Temporary Internet Files\Content.IE5\GQMA9RKZ\server[1].exe
Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\d[1].exe=>(RAR Sfx o)
Update failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\d[1].exe=>(RAR Sfx o)
Update failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\d[1].exe=>(RAR Sfx o)
Update failed

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP4\A0001152.exe
Suspected of: Dropped:Generic.Malware.SFM.A22B729B

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP4\A0001152.exe
Disinfection failed

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP4\A0001152.exe
Deleted

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP4\A0001170.exe
Suspected of: Dropped:Generic.Malware.SFM.A22B729B

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP4\A0001170.exe
Disinfection failed

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP4\A0001170.exe
Deleted

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP5\A0001224.exe
Infected with: Trojan.StartPage.DZ

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP5\A0001224.exe
Disinfection failed

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP5\A0001224.exe
Deleted

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP5\A0001228.exe
Infected with: Backdoor.RBot.D26B3287

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP5\A0001228.exe
Deleted

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP5\A0001277.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP5\A0001277.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP5\A0001277.exe=>(RAR Sfx o)=>tr.exe
Deleted

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP5\A0001277.exe=>(RAR Sfx o)
Update failed

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP5\A0001305.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP5\A0001305.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP5\A0001305.exe=>(RAR Sfx o)=>tr.exe
Deleted

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP5\A0001305.exe=>(RAR Sfx o)
Update failed

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP5\A0001307.exe
Suspected of: Dropped:Generic.Malware.SFM.A22B729B

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP5\A0001307.exe
Disinfection failed

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP5\A0001307.exe
Deleted

C:\WINDOWS\shost.exe
Infected with: Backdoor.Sdbot.AIG

C:\WINDOWS\shost.exe
Disinfection failed

C:\WINDOWS\shost.exe
Delete failed

C:\WINDOWS\system32\mssecure.exe
Infected with: Backdoor.RBot.D26B3287

C:\WINDOWS\system32\mssecure.exe
Deleted

C:\WINDOWS\system32\mssvcc.exe
Infected with: Backdoor.RBot.61AF745C

C:\WINDOWS\system32\mssvcc.exe
Deleted

C:\WINDOWS\system32\msvc.exe
Suspected of: Dropped:Generic.Malware.SFM.A22B729B

C:\WINDOWS\system32\msvc.exe
Disinfection failed

C:\WINDOWS\system32\msvc.exe
Deleted

Pas la peine de me dire que je suis en mauvaise posture, je l'ai deviné............

HELPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP

Merci

Elise

Utilisateur anonyme · Answer

Salut

Reposte un rapport hijackthis mais en faisant comme ceci:

Lance hijackthis, clic sur [Open the misc tools section]
A coté du bouton [Générate startuplist log]
coche les 2 cases
puis clic sur [Générate startuplist log]
copie et colle le rapport ici.
Le rapport est plus long, et c'est normal.

theoelliot · Answer

StartupList report, 10/01/2006, 16:39:51StartupList version: 1.52.2Started from : C:\hijackthis\HijackThis.EXEDetected: Windows XP SP1 (WinNT 5.01.2600)Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)* Using default options* Including empty and uninteresting sections* Showing rarely important sections==================================================Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\shost.exeC:\Program Files\Olitec\USB ADSL\CnxDslTb.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\WINDOWS\System32\ctfmon.exeC:\PROGRA~1\INCRED~1\bin\IMApp.exeC:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Crazy Browser\Crazy Browser.exeC:\hijackthis\HijackThis.exe--------------------------------------------------Listing of startup folders:Shell folders Startup:[C:\Documents and Settings\clerice\Menu Démarrer\Programmes\Démarrage]*No files*Shell folders AltStartup:*Folder not found*User shell folders Startup:*Folder not found*User shell folders AltStartup:*Folder not found*Shell folders Common Startup:[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEShell folders Common AltStartup:*Folder not found*User shell folders Common Startup:*Folder not found*User shell folders Alternate Common Startup:*Folder not found*--------------------------------------------------Checking Windows NT UserInit:[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]UserInit = C:\WINDOWS\system32\userinit.exe,[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]*Registry key not found*[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]*Registry value not found*[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunCnxDslTaskBar = C:\Program Files\Olitec\USB ADSL\CnxDslTb.exeavast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeSoundMan = SOUNDMAN.EXEgcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce*No values found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx*No values found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices*No values found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunCTFMON.EXE = C:\WINDOWS\System32\ctfmon.exeMS Windows System Alert = MSWSA32.exeIncrediMail = C:\Program Files\IncrediMail\bin\IncMail.exe /c--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\Run[OptionalComponents]*No values found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\Run*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------File association entry for .EXE:HKEY_CLASSES_ROOT\exefile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .COM:HKEY_CLASSES_ROOT\comfile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .BAT:HKEY_CLASSES_ROOT\batfile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .PIF:HKEY_CLASSES_ROOT\piffile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .SCR:HKEY_CLASSES_ROOT\scrfile\shell\open\command(Default) = "%1" /S--------------------------------------------------File association entry for .HTA:HKEY_CLASSES_ROOT\htafile\shell\open\command(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*--------------------------------------------------File association entry for .TXT:HKEY_CLASSES_ROOT	xtfile\shell\open\command(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1--------------------------------------------------Enumerating Active Setup stub paths:HKLM\Software\Microsoft\Active Setup\Installed Components(* = disabled by HKCU twin)[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP[>{26923b43-4d38-484f-9b9e-de460746276c}] *StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *StubPath = %SystemRoot%\system32egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32	hemeui.dll[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]StubPath = "C:\WINDOWS\System32undll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub[{7790769C-0471-11d2-AF11-00C04FA35D02}] *StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install[{89820200-ECBD-11cf-8B85-00AA005B4340}] *StubPath = regsvr32.exe /s /n /i:U shell32.dll[{89820200-ECBD-11cf-8B85-00AA005B4383}] *StubPath = %SystemRoot%\system32\ie4uinit.exe--------------------------------------------------Enumerating ICQ Agent Autostart apps:HKCU\Software\Mirabilis\ICQ\Agent\Apps*Registry key not found*--------------------------------------------------Load/Run keys from C:\WINDOWS\WIN.INI:load=*INI section not found*run=*INI section not found*Load/Run keys from Registry:HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*HKCU\..\Windows NT\CurrentVersion\Windows: load=HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=--------------------------------------------------Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:Shell=*INI section not found*SCRNSAVE.EXE=*INI section not found*drivers=*INI section not found*Shell & screensaver key from Registry:Shell=Explorer.exeSCRNSAVE.EXE=C:\WINDOWS\System32\logon.scrdrivers=*Registry value not found*Policies Shell key:HKCU\..\Policies: Shell=*Registry key not found*HKLM\..\Policies: Shell=*Registry value not found*--------------------------------------------------Checking for EXPLORER.EXE instances:C:\WINDOWS\Explorer.exe: PRESENT!C:\Explorer.exe: not presentC:\WINDOWS\Explorer\Explorer.exe: not presentC:\WINDOWS\System\Explorer.exe: not presentC:\WINDOWS\System32\Explorer.exe: not presentC:\WINDOWS\Command\Explorer.exe: not presentC:\WINDOWS\Fonts\Explorer.exe: not present--------------------------------------------------Checking for superhidden extensions:.lnk: HIDDEN! (arrow overlay: yes).pif: HIDDEN! (arrow overlay: yes).exe: not hidden.com: not hidden.bat: not hidden.hta: not hidden.scr: not hidden.shs: HIDDEN!.shb: HIDDEN!.vbs: not hidden.vbe: not hidden.wsh: not hidden.scf: HIDDEN! (arrow overlay: NO!).url: HIDDEN! (arrow overlay: yes).js: not hidden.jse: not hidden--------------------------------------------------Verifying REGEDIT.EXE integrity:- Regedit.exe found in C:\WINDOWS- .reg open command is normal (regedit.exe %1)- Regedit.exe has no CompanyName property! It is either missing or named something else.- Regedit.exe has no OriginalFilename property! It is either missing or named something else.- Regedit.exe has no FileDescription property! It is either missing or named something else.Registry check failed!--------------------------------------------------Enumerating Browser Helper Objects:*No BHO's found*--------------------------------------------------Enumerating Task Scheduler jobs:*No jobs found*--------------------------------------------------Enumerating Download Program Files:[DirectAnimation Java Classes]CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cabOSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd[Microsoft XML Parser for Java]CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cabOSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd[BDSCANONLINE Control]InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocxCODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab[Shockwave Flash Object]InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocxCODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab--------------------------------------------------Enumerating Winsock LSP files:NameSpace #1: C:\WINDOWS\System32\mswsock.dllNameSpace #2: C:\WINDOWS\System32\winrnr.dllNameSpace #3: C:\WINDOWS\System32\mswsock.dllProtocol #1: C:\WINDOWS\system32\mswsock.dllProtocol #2: C:\WINDOWS\system32\mswsock.dllProtocol #3: C:\WINDOWS\system32\mswsock.dllProtocol #4: C:\WINDOWS\system32svpsp.dllProtocol #5: C:\WINDOWS\system32svpsp.dllProtocol #6: C:\WINDOWS\system32\mswsock.dllProtocol #7: C:\WINDOWS\system32\mswsock.dllProtocol #8: C:\WINDOWS\system32\mswsock.dllProtocol #9: C:\WINDOWS\system32\mswsock.dllProtocol #10: C:\WINDOWS\system32\mswsock.dllProtocol #11: C:\WINDOWS\system32\mswsock.dllProtocol #12: C:\WINDOWS\system32\mswsock.dllProtocol #13: C:\WINDOWS\system32\mswsock.dllProtocol #14: C:\WINDOWS\system32\mswsock.dllProtocol #15: C:\WINDOWS\system32\mswsock.dll--------------------------------------------------Enumerating Windows NT/2000/XP servicesPilote ACPI Microsoft: System32\DRIVERS\ACPI.sys (system)ADSLAutoconnect: "C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (autostart)Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start)Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (autostart)Service for Avance AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)Avertissement: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start)Pilote de processeur AMD K7: System32\DRIVERS\amdk7.sys (system)Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X: System32\DRIVERS\AN983.sys (manual start)Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start)Contrôleur de disque dur IDE/ESDI standard: System32\DRIVERS\atapi.sys (system)Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start)Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start)avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)basic2: System32\DRIVERS\HSF_BSC2.sys (manual start)Service de transfert intelligent en arrière-plan: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Explorateur d'ordinateur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system)Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start)Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (manual start)Conexant AccessRunner USB ADSL WAN Adapter Filter Driver: System32\DRIVERS\CnxEtP.sys (manual start)Conexant AccessRunner USB ADSL Interface Device Driver: System32\DRIVERS\CnxEtU.sys (manual start)Conexant AccessRunner USB ADSL WAN Adapter Driver: System32\DRIVERS\CnxTgN.sys (manual start)Application système COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Pilote de disque: System32\DRIVERS\disk.sys (system)Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start)dmboot: System32\drivers\dmboot.sys (disabled)Pilote de Gestionnaire de disque logique: System32\drivers\dmio.sys (system)dmload: System32\drivers\dmload.sys (system)Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start)Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start)Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Journal des événements: %SystemRoot%\system32\services.exe (autostart)Système d'événements de COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)Fallback: System32\DRIVERS\HSF_FALL.sys (autostart)Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Pilote de contrôleur de lecteur de disquettes: System32\DRIVERS\fdc.sys (manual start)Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start)Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart)Pilote du Gestionnaire de volume: System32\DRIVERS\ftdisk.sys (system)Énumérateur de port jeu: System32\DRIVERS\gameenum.sys (manual start)Pilote de filtre Microsoft SideWinder Value Add: System32\DRIVERS\GcKernel.sys (manual start)GMSIPCI: \??\E:\INSTALL\GMSIPCI.SYS (manual start)Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start)Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)Minipilote de périphérique Microsoft SideWinder HID virtuel: System32\DRIVERS\HIDSwvd.sys (manual start)Pilote de classe HID Microsoft: System32\DRIVERS\hidusb.sys (manual start)hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system)Pilote de filtre de gravure CD: System32\DRIVERS\imapi.sys (system)Service COM de gravage de CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start)Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start)Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start)Traducteur d'adresses réseau IP: System32\DRIVERS\ipnat.sys (manual start)Pilote IPSEC: System32\DRIVERS\ipsec.sys (system)Service énumérateur IR: System32\DRIVERS\irenum.sys (manual start)Pilote de bus Plug-and-Play ISA/EISA: System32\DRIVERS\isapnp.sys (system)K56: System32\DRIVERS\HSF_K56K.sys (autostart)Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system)Pilote HID de clavier: System32\DRIVERS\kbdhid.sys (system)Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start)Serveur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Station de travail: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Assistance TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)Affichage des messages: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)Partage de Bureau à distance NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start)Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system)Pilote HID de souris: System32\DRIVERS\mouhid.sys (manual start)Redirecteur client WebDav: System32\DRIVERS\mrxdav.sys (manual start)MRXSMB: System32\DRIVERS\mrxsmb.sys (system)Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start)Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start)Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start)Pilote TAPI NDIS d'accès distant: System32\DRIVERS
distapi.sys (manual start)NDIS mode utilisateur E/S Protocole: System32\DRIVERS
disuio.sys (manual start)Pilote réseau étendu NDIS d'accès distant: System32\DRIVERS
diswan.sys (manual start)Interface NetBIOS: System32\DRIVERS
etbios.sys (system)NetBIOS sur TCP/IP: System32\DRIVERS
etbt.sys (system)DDE réseau: %SystemRoot%\system32
etdde.exe (manual start)DSDM DDE réseau: %SystemRoot%\system32
etdde.exe (manual start)Ouverture de session réseau: %SystemRoot%\System32\lsass.exe (manual start)Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\System32\lsass.exe (manual start)Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)nv: System32\DRIVERS
v4_mini.sys (manual start)Pilote de filtre de trafic IPX: System32\DRIVERS
wlnkflt.sys (manual start)Pilote de transfert de trafic IPX: System32\DRIVERS
wlnkfwd.sys (manual start)Pilote de port parallèle: System32\DRIVERS\parport.sys (manual start)Pilote de bus PCI: System32\DRIVERS\pci.sys (system)Plug-and-Play: %SystemRoot%\system32\services.exe (autostart)Services IPSEC: %SystemRoot%\System32\lsass.exe (autostart)Miniport réseau étendu (PPTP): System32\DRIVERSaspptp.sys (manual start)Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart)Planificateur de paquets QoS: System32\DRIVERS\psched.sys (manual start)Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start)Pilote de connexion automatique d'accès distant: System32\DRIVERSasacd.sys (system)Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Miniport réseau étendu (L2TP): System32\DRIVERSasl2tp.sys (manual start)Gestionnaire de connexions d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Pilote PPPOE d'accès à distance: System32\DRIVERSaspppoe.sys (manual start)Parallèle direct: System32\DRIVERSaspti.sys (manual start)Rdbss: System32\DRIVERSdbss.sys (system)RDPCDD: System32\DRIVERS\RDPCDD.sys (system)Pilote de redirecteur de périphérique Terminal Server: System32\DRIVERSdpdr.sys (manual start)Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start)Pilote de filtre de lecture digitale de CD audio: System32\DRIVERSedbook.sys (system)Routage et accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)Accès à distance au Registre: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start)Localisateur d'appels de procédure distante (RPC): %SystemRoot%\System32\locator.exe (manual start)Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)QoS RSVP: %SystemRoot%\System32svp.exe (manual start)Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart)Prise en charge des cartes à puces: %SystemRoot%\System32\SCardSvr.exe (manual start)Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start)Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Secdrv: System32\DRIVERS\secdrv.sys (manual start)Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Pilote de filtre Serenum: System32\DRIVERS\serenum.sys (manual start)Pilote de port série: System32\DRIVERS\serial.sys (system)Service Hosts: "C:\WINDOWS\shost.exe" (autostart)Pare-feu de connexion Internet (ICF) / Partage de connexion Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart)Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start)Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart)Pilote de filtre de restauration système: System32\DRIVERS\sr.sys (system)Service de restauration système: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Srv: System32\DRIVERS\srv.sys (manual start)Service de découvertes SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)Acquisition d'image Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start)Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start)MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{725816D6-0457-466E-A01C-68FB212E7F6F} (manual start)Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start)Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start)Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Pilote du protocole TCP/IP: System32\DRIVERS	cpip.sys (system)Pilote de périphérique terminal: System32\DRIVERS	ermdd.sys (system)Services Terminal Server: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Telnet: C:\WINDOWS\System32	lntsvr.exe (disabled)Tones: System32\DRIVERS\HSF_TONE.sys (autostart)Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Pilote de mise à jour microcode: System32\DRIVERS\update.sys (manual start)Gestionnaire de téléchargement: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Hôte de périphérique universel Plug-and-Play: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)Onduleur: %SystemRoot%\System32\ups.exe (manual start)Pilote de concentrateur standard USB Microsoft: System32\DRIVERS\usbhub.sys (manual start)Pilote miniport de contrôleur hôte universel USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start)V124: System32\DRIVERS\HSF_V124.sys (autostart)VgaSave: \SystemRoot\System32\drivers\vga.sys (system)Filtre de bus AGP VIA: System32\DRIVERS\viaagp.sys (system)ViaIde: System32\DRIVERS\viaide.sys (system)Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start)Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Pilote ARP IP d'accès distant: System32\DRIVERS\wanarp.sys (manual start)Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start)WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)Numéro de série du média portable: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Extensions du pilote WMI: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Carte de performance WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (disabled)Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)--------------------------------------------------Enumerating Windows NT logon/logoff scripts:*No scripts set to run*Windows NT checkdisk command:BootExecute = autocheck autochk *Windows NT 'Wininit.ini':PendingFileRenameOperations: *Registry value not found*--------------------------------------------------Enumerating ShellServiceObjectDelayLoad items:PostBootReminder: C:\WINDOWS\system32\SHELL32.dllCDBurn: C:\WINDOWS\system32\SHELL32.dllWebCheck: C:\WINDOWS\System32\webcheck.dllSysTray: C:\WINDOWS\System32\stobject.dll--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run*Registry key not found*--------------------------------------------------End of report, 31 508 bytesReport generated in 0,110 secondsCommand line options:   /verbose  - to add additional info on each section   /complete - to include empty sections and unsuspicious data   /full     - to include several rarely-important sections   /force9x  - to include Win9x-only startups even if running on WinNT   /forcent  - to include WinNT-only startups even if running on Win9x   /forceall - to include all Win9x and WinNT startups, regardless of platform   /history  - to list version history onlyMouai ca ne me parle pas trop moi.................Elise

Utilisateur anonyme · Answer

Salut

Imprime, ou enregistre la manip dans un fichier txt (bloc notes, par exemple) pour etre sur ne rien oublier et de tout faire dans l'ordre.

Avant de commencer quoi que ce soit, il est important que tu fasses ceci:

Déconnecte toi d'internet et ferme tout les programmes en cours.

Désactive la restauration systéme.
Clic droit sur poste de travail > propriétés > onglet restauration système
puis cocher "désactiver la restauration système".
clic sur ok pour valider

Redémarre en mode sans échec
Redemarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.

Rend visible les fichiers cachés et systeme
panneau de configuration > options des dossiers > onglet affichage
Cocher la case devant " afficher les fichiers et dossiers cachés "
Décocher la case devant " masquer les extentions des fichiers dont le type est connu"
Décocher la case devant " masquer les fichiers protégés du système"
clic sur [Appliquer] puis sur [ok] pour valider

/!\ Ne pas oublier une fois le nettoyage terminé de faire l'inverse pour recacher les fichiers.

_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Lance hijackthis et clic sur [Do a system scan only]
cocher la case au début des lignes suivantes:

O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe

valider en cliquant sur le bouton [Fix checked]

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Ouvre le gestionnaire des taches (ctrl+alt+suppr) et arrete ce processus s'il est présent :
shost.exe

ne confond pas avec svchost qui lui est ok

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Dans le menu Demarrer>Executer >tape: Services.msc
recherche le service avec cette orthographe exacte:
Service Hosts
Double clic dessus et clic sur [arreter] puis dans :
type de demarrage --> sélectionne désactivé.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Recherche et supprime ces fichiers ou dossiers:

Supprimer les fichiers en suivant le chemin des fichiers infectés si possible, plutot que d'utiliser la fonction "Rechercher", pour éviter un maximum le risque d'erreurs.

S'ils sont présents, supprime ces fichiers ou dossiers:

C:\WINDOWS\shost.exe
C:\WINDOWS\System32\mswsa32.exe
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Ensuite, tres important:

:: Supprimer les fichiers temporaires ::

Vider tout le contenu des dossiers Temp :

ils se trouvent ici:
* C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Windows\Temp

Vider le contenu du dossier Prefetch :

il se trouve ici:
* C:\WINDOWS\Prefetch <= supprimer tout ce qui se trouve à l'intérieur, sauf le fichier layout.ini

Vider le cache de tous tes navigateurs et supprimer les cookies:

Pour Internet Explorer:
* Panneau de configuration >> Options internet >> Onglet "Général"
- Clic sur [supprimer les cookies]
- Clic sur [Supprimer les fichiers] et coche la case "Supprimer tout le contenu hors connexion"
Valide avec ok

* Ne pas oublier de vider la corbeille !

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Redemarre le pc normalement et dans :
demarrer>executer tape cmd et valide avec ok
dans la fenetre qui s'ouvre, tape ou copie et colle ceci:

sc delete ServiceHost

et valide avec la touche Entrée.

Refais un scan de controle chez bitdefender, puis réactive la restauration systeme:
Clic droit sur poste de travail > propriétés > onglet restauration système
puis recoches "désactiver la restauration système".
clic sur ok pour valider

Bah, une fois que tu auras fait tout ça, reposte un hijackthis+le rapport de bitdef

a++

theoelliot · Answer

Bon alors voici les problèmes rencontrés :

Lance hijackthis et clic sur [Do a system scan only]
cocher la case au début des lignes suivantes:

O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe

valider en cliquant sur le bouton [Fix checked] LIGNE PAS TROUVEE

Dans le menu Demarrer>Executer >tape: Services.msc
recherche le service avec cette orthographe exacte:
Service Hosts
Double clic dessus et clic sur [arreter] puis dans : ETAIT DEJA ARRETEtype de demarrage --> sélectionne désactivé.

Supprimer les fichiers en suivant le chemin des fichiers infectés si possible, plutot que d'utiliser la fonction "Rechercher", pour éviter un maximum le risque d'erreurs.

S'ils sont présents, supprime ces fichiers ou dossiers:

C:\WINDOWS\shost.exe PAS TROUVE
C:\WINDOWS\System32\mswsa32.exe PAS TROUVE

VOICI DONC LES RAPPORTS :

BitDefender Online Scanner

Scan report generated at: Tue, Jan 10, 2006 - 19:06:15

Scan path: A:\;C:\;D:\;E:\;

Statistics

Time
00:13:07

Files
98507

Folders
1182

Boot Sectors
2

Archives
887

Packed Files
12048

Results

Identified Viruses
2

Infected Files
6

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
5

Engines Info

Virus Definitions
251034

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\dnmc10.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\dnmc10.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed

C:\dnmc10.exe=>(RAR Sfx o)=>tr.exe
Deleted

C:\dnmc10.exe=>(RAR Sfx o)
Update failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\d[1].exe=>(RAR Sfx o)
Update failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\d[1].exe=>(RAR Sfx o)
Update failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\d[1].exe=>(RAR Sfx o)
Update failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\d[1].exe=>(RAR Sfx o)
Update failed

C:\WINDOWS\shost.exe
Infected with: Backdoor.Sdbot.AIG

C:\WINDOWS\shost.exe
Disinfection failed

C:\WINDOWS\shost.exe
Delete failed

Logfile of HijackThis v1.99.1
Scan saved at 19:07:24, on 10/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\shost.exe
C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\System32\geedd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DABCC1E9-25B7-4789-B500-34DB104C3CE8}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: geedd - C:\WINDOWS\SYSTEM32\geedd.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

C'est mieux non???

Merci beaucoup

Elise

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Pendant que je suis là,
Le ménage ne se fait pas................

jpdeclermont · Answer

bonsoir,

on continue le nettoyage ?

relance hijackthis
coches ces lignes et clique sur 'fix checked'
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\System32\geedd.dll
O20 - Winlogon Notify: geedd - C:\WINDOWS\SYSTEM32\geedd.dll

redémarre en mode sans echec,
recherche et supprime
C:\WINDOWS\System32\geedd.dll <--- ce Fichier

redémarre en mode normal
et reposte un log

-------------------------------
... WinErr 01B : Erreur illégale - Windows ne vous a pas autorisé à avoir cette erreur

theoelliot · Answer

coches ces lignes et clique sur 'fix checked'
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\System32\geedd.dll
O20 - Winlogon Notify: geedd - C:\WINDOWS\SYSTEM32\geedd.dll

NE VEUX PAS ME LES FIXER? En tout cas message d erreur me disant de fermer Internet Explorer pour avoir toutes mes chances et quand je relance, ils apparaissent toujours...............

Utilisateur anonyme · Answer

Telecharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe
l'aide détaillé de la manip avex le bloc note ici:
http://pageperso.aol.fr/balltrap34/killbox.htm

ouvre le bloc note et copie et colle la liste des fichiers à supprimer ci-dessous
une fois fait, enregistre le à un endroit ou tu pourras le retrouver facilement (sur le bureau par exemple).

C:\dnmc10.exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\d[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\d[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\d[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\d[1].exe
C:\WINDOWS\shost.exe 
C:\WINDOWS\System32\geedd.dll

1/ lance killbox.exe
2/ ouvre le fichier txt qui contient la liste des fichiers à supprimer, clic sur edition dans le menu du haut et clic sur "selectionner tout"
3/ clic une seconde fois sur "edition" et clic sur "copier"
4/ referme le bloc note.
5/ Dans killbox, selectionne "Delete on Reboot"
6/ Dans le menu du haut clic sur File, puis sur paste from clipboard
(tu devrais voir apparaitre la liste des fichier qu'il va supprimer)
7/ clic sur le rond rouge
8/ une fenetre va apparaitre pour confirmation clic sur OUI
9/ une seconde fenetre te demande si tu veux redemarrer clic sur OUI

Si le pc ne redemarre pas automatiquement ou si killbox t'envois ce message:
"Pending file Rename Operations Registry Data has been Removed by External Process"
ignore le et redemarre le pc normallement.

Une fois fait, reposte un hijackthis.

a+

theoelliot · Answer

Logfile of HijackThis v1.99.1
Scan saved at 20:26:16, on 10/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\System32\mljgh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DABCC1E9-25B7-4789-B500-34DB104C3CE8}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljgh - C:\WINDOWS\System32\mljgh.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Utilisateur anonyme · Answer

Dur, dur, il y en a de nouveaux à chaques fois...

On va essayer autre chose:

Imprime, ou fais un copier coller dans le bloc note pour ne rien oublier

telecharge process xp ici:
http://www.sysinternals.com/files/procexpnt.zip

Redémarre en mode sans échec
Laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.

1/

Dézippe process xp et double clic sur processxp.exe

* Dans la fenetre principale de processxp double clic sur winlogon.exe
Dans la nouvelle fenetre qui s'ouvre clic sur threads
selectionne seulement les lignes qui contiennent mljgh.dll puis clic sur kill pour chacunes des lignes trouvées.
une fois fait, valider avec ok

* Dans la fenetre principale de processxp double clic sur explorer.exe
Dans la nouvelle fenetre qui s'ouvre clic sur threads
selectionner seulement les lignes qui contiennent mljgh.dll puis clic sur kill pour chacunes des lignes trouvées.
une fois fait, valider avec ok

3/

puis lancer hijackthis:

clic sur "do a system scan only"

* Cocher la case au début de ces lignes:

O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\System32\mljgh.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O20 - Winlogon Notify: mljgh - C:\WINDOWS\System32\mljgh.dll

* Valider avec fix checked

4/

Double clic sur killbox.exe (Pocket Killbox)

- clic sur tool > delete temp files
- coche: delete on reboot
- Dans "Full Path of File to Delete"
copie et colle:

C:\WINDOWS\System32\mljgh.dll

- clic sur la croix blanche dans le rond rouge
- une fenetre va apparaitre pour confirmation clic sur YES
- une seconde fenetre te demande si tu veux redemarrer clic sur YES

Laisse le pc redemarrer et puis relance hijackthis:
* Cocher la case au début de ces lignes:

O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe

* Valider avec fix checked

Ensuite reposte un log hijackthis.

a+

theoelliot · Answer

C'est fait patron...............;

Alors ca donne quoi tout cela, parce que moi obéir à vous mais moi rien comprendre........

En tout cas merci pour le temps, l'esprit d'équipe et tout et tout............

Elise

Logfile of HijackThis v1.99.1
Scan saved at 20:59:10, on 10/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DABCC1E9-25B7-4789-B500-34DB104C3CE8}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Utilisateur anonyme · Answer

Bah, ca donne.... du tout bon pour l'instant lol, je ne vois plus rien de suspect dans ton hijack, faudrait peut-être refaire un dernier scan chez bitdef histoire de confirmer.
Faudrait aussi que tu penses à faire tes maj de windows sur windowsupdate et que tu installe un firewall, celui d'xp étant insuffisant.

a++

jpdeclermont · Answer

re-

perso ton log me parait propre :)
on va attendre l'avis des autres ..... ( pour pervertir un peu le dicton : vaut mieux 100 qui savent que 1 qui cherche)

Après restera le "menage" et l'optimisation ...
-------------------------------
... WinErr 01B : Erreur illégale - Windows ne vous a pas autorisé à avoir cette erreur

theoelliot · Answer

Lequel me conseilles tu?Merci

theoelliot · Answer

Ha oui aussi, comment faire pour que mon pc me propose des maj en systématique?Re re re re re encore merci

theoelliot · Answer

Comme promis mon dernier rapport de Bidef en ligne :

BitDefender Online Scanner

Scan report generated at: Tue, Jan 10, 2006 - 22:19:59

Scan path: A:\;C:\;D:\;E:\;

Statistics

Time
00:13:26

Files
99599

Folders
1212

Boot Sectors
2

Archives
909

Packed Files
12103

Results

Identified Viruses
2

Infected Files
8

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
8

Engines Info

Virus Definitions
251044

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\!KillBox\dnmc10.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\!KillBox\dnmc10.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed

C:\!KillBox\dnmc10.exe=>(RAR Sfx o)=>tr.exe
Deleted

C:\!KillBox\dnmc10.exe=>(RAR Sfx o)
Update failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\d[1].exe=>(RAR Sfx o)
Update failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\d[1].exe=>(RAR Sfx o)
Update failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\d[1].exe=>(RAR Sfx o)
Update failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\d[1].exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\d[1].exe=>(RAR Sfx o)=>tr.exe
Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\d[1].exe=>(RAR Sfx o)=>tr.exe
Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\d[1].exe=>(RAR Sfx o)
Update failed

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000001.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000001.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000001.exe=>(RAR Sfx o)=>tr.exe
Deleted

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000001.exe=>(RAR Sfx o)
Update failed

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000019.exe=>(RAR Sfx o)=>tr.exe
Infected with: BehavesLike:Win32.ExplorerHijack

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000019.exe=>(RAR Sfx o)=>tr.exe
Disinfection failed

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000019.exe=>(RAR Sfx o)=>tr.exe
Deleted

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000019.exe=>(RAR Sfx o)
Update failed

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000051.exe
Infected with: Backdoor.Sdbot.AIG

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000051.exe
Disinfection failed

C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000051.exe
Deleted

Merci

Elise

Utilisateur anonyme · Answer

tu peux supprimer sans problème le dossier C:\!KillBox, il a été crée par le prog killbox, c'est un dossier de sauvegarde en cas de fausses manips.Pour les autres fichiers détectés par bitdef dans:C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5Rends visible les fichier cachés et système:panneau de configuration > options des dossiers > onglet affichage Cocher la case devant " afficher les fichiers et dossiers cachés " Décocher la case devant " masquer les fichiers protégés du système"clic sur [Appliquer] puis sur [ok] pour validersinon tu ne verra pas le dossier LocalService,  ensuite, rends toi jusque dans le dossier Content.IE5 et supprime tous les dossiers qui se trouvent à l'intérieur.Pour ceux trouvés dans C:\System Volume Information\_restore, il te suffis de désactiver et de réactiver la restauration système, cela supprimera tous les points de sauvegardes dont ceux crées pendant que le pc était infecté.Désactive la restauration systéme.Clic droit sur poste de travail > propriétés > onglet restauration système puis cocher "désactiver la restauration système".clic sur ok pour validerredemarre le pc et réactive là en recochant la case devant  "désactiver la restauration système"a+

theoelliot · Answer

Bonjour,J'ai tout fait et voici ce que donnent les rapports :(en fait Bitdefender me dit que je suis toujours infectée, j'ai le moral qui capote .....)BitDefender Online Scanner     Scan report generated at: Wed, Jan 11, 2006 - 09:43:52       Scan path: A:\;C:\;D:\;E:\;           Statistics Time 00:12:40 Files 99798 Folders 1247 Boot Sectors 2 Archives 922 Packed Files 12108      Results Identified Viruses  1 Infected Files  5 Suspect Files  0 Warnings 0 Disinfected 0 Deleted Files 5      Engines Info Virus Definitions 251089 Engine build AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29) Scan plugins 13 Archive plugins 39 Unpack plugins 4 E-mail plugins 6 System plugins 1      Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions   Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes        Scanned File  Status C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc10\d[1].exe=>(RAR Sfx o)=>tr.exe Infected with: BehavesLike:Win32.ExplorerHijack C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc10\d[1].exe=>(RAR Sfx o)=>tr.exe Disinfection failed C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc10\d[1].exe=>(RAR Sfx o)=>tr.exe Deleted C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc10\d[1].exe=>(RAR Sfx o) Update failed C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc11\d[1].exe=>(RAR Sfx o)=>tr.exe Infected with: BehavesLike:Win32.ExplorerHijack C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc11\d[1].exe=>(RAR Sfx o)=>tr.exe Disinfection failed C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc11\d[1].exe=>(RAR Sfx o)=>tr.exe Deleted C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc11\d[1].exe=>(RAR Sfx o) Update failed C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc12\d[1].exe=>(RAR Sfx o)=>tr.exe Infected with: BehavesLike:Win32.ExplorerHijack C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc12\d[1].exe=>(RAR Sfx o)=>tr.exe Disinfection failed C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc12\d[1].exe=>(RAR Sfx o)=>tr.exe Deleted C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc12\d[1].exe=>(RAR Sfx o) Update failed C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc6\dnmc10.exe=>(RAR Sfx o)=>tr.exe Infected with: BehavesLike:Win32.ExplorerHijack C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc6\dnmc10.exe=>(RAR Sfx o)=>tr.exe Disinfection failed C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc6\dnmc10.exe=>(RAR Sfx o)=>tr.exe Deleted C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc6\dnmc10.exe=>(RAR Sfx o) Update failed C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc9\d[1].exe=>(RAR Sfx o)=>tr.exe Infected with: BehavesLike:Win32.ExplorerHijack C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc9\d[1].exe=>(RAR Sfx o)=>tr.exe Disinfection failed C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc9\d[1].exe=>(RAR Sfx o)=>tr.exe Deleted C:\RECYCLER\S-1-5-21-1343024091-2049760794-1801674531-1003\Dc9\d[1].exe=>(RAR Sfx o) Update failed       Logfile of HijackThis v1.99.1Scan saved at 09:30:18, on 11/01/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Olitec\USB ADSL\CnxDslTb.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\WINDOWS\System32\ctfmon.exeC:\PROGRA~1\INCRED~1\bin\IMApp.exeC:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\USB ADSL\CnxDslTb.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /cO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136924273687O17 - HKLM\System\CCS\Services\Tcpip\..\{DABCC1E9-25B7-4789-B500-34DB104C3CE8}: NameServer = 213.36.80.1 213.36.80.1O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)MerciElise

Utilisateur anonyme · Answer

Salut EliseTu avais vidé la poubelle avant de faire ton scan chez bitdef ?C:\Recycler, c'est le dossier qui correspond à la poubelle...a+

Utilisateur anonyme · Answer

Salut EliseTu avais vidé la poubelle avant de faire ton scan chez bitdef ?C:\Recycler, c'est le dossier qui correspond à la poubelle...a+Oups ! desolé pour le doublon

theoelliot · Answer

Oups...........;Je recommence big boss

theoelliot · Answer

Je me suis contentée de vider ma corbeille et de refaire un scan chez Bitdefender et de refaire un Hitjackthis. je ne sais pas si cela aura suffit.........Help!!!!!!!!!!!!!!!Merci à vous tousEliseBitDefender Online Scanner     Scan report generated at: Wed, Jan 11, 2006 - 11:15:07       Scan path: A:\;C:\;D:\;E:\;           Statistics Time 00:34:08 Files 243669 Folders 1612 Boot Sectors 2 Archives 1360 Packed Files 13450      Results Identified Viruses  1 Infected Files  5 Suspect Files  0 Warnings 0 Disinfected 0 Deleted Files 5      Engines Info Virus Definitions 251089 Engine build AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29) Scan plugins 13 Archive plugins 39 Unpack plugins 4 E-mail plugins 6 System plugins 1      Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions   Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes        Scanned File  Status C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000009.exe=>(RAR Sfx o)=>tr.exe Infected with: BehavesLike:Win32.ExplorerHijack C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000009.exe=>(RAR Sfx o)=>tr.exe Disinfection failed C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000009.exe=>(RAR Sfx o)=>tr.exe Deleted C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000009.exe=>(RAR Sfx o) Update failed C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000010.exe=>(RAR Sfx o)=>tr.exe Infected with: BehavesLike:Win32.ExplorerHijack C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000010.exe=>(RAR Sfx o)=>tr.exe Disinfection failed C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000010.exe=>(RAR Sfx o)=>tr.exe Deleted C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000010.exe=>(RAR Sfx o) Update failed C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000013.exe=>(RAR Sfx o)=>tr.exe Infected with: BehavesLike:Win32.ExplorerHijack C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000013.exe=>(RAR Sfx o)=>tr.exe Disinfection failed C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000013.exe=>(RAR Sfx o)=>tr.exe Deleted C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000013.exe=>(RAR Sfx o) Update failed C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000015.exe=>(RAR Sfx o)=>tr.exe Infected with: BehavesLike:Win32.ExplorerHijack C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000015.exe=>(RAR Sfx o)=>tr.exe Disinfection failed C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000015.exe=>(RAR Sfx o)=>tr.exe Deleted C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000015.exe=>(RAR Sfx o) Update failed C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000017.exe=>(RAR Sfx o)=>tr.exe Infected with: BehavesLike:Win32.ExplorerHijack C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000017.exe=>(RAR Sfx o)=>tr.exe Disinfection failed C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000017.exe=>(RAR Sfx o)=>tr.exe Deleted C:\System Volume Information\_restore{2EE72031-6904-4444-B943-DF884CC852DE}\RP1\A0000017.exe=>(RAR Sfx o) Update failed          Logfile of HijackThis v1.99.1Scan saved at 11:23:41, on 11/01/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Olitec\USB ADSL\CnxDslTb.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\WINDOWS\System32\ctfmon.exeC:\PROGRA~1\INCRED~1\bin\IMApp.exeC:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Crazy Browser\Crazy Browser.exeC:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\USB ADSL\CnxDslTb.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /cO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136924273687O17 - HKLM\System\CCS\Services\Tcpip\..\{DABCC1E9-25B7-4789-B500-34DB104C3CE8}: NameServer = 213.36.80.1 213.36.80.1O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Utilisateur anonyme · Answer

T'inquiètes, c'est la dernière ligne droite, lolDésactive et réactive la restauration système, bitdef ne trouve que des points de restau infectés.Désactive la restauration systéme.Clic droit sur poste de travail > propriétés > onglet restauration système puis cocher "désactiver la restauration système".clic sur ok pour validerredemarre ton pc, refais un dernier scan chez bitdef et s'il ne trouve plus rien, à ce moment là, tu la reactive:Clic droit sur poste de travail > propriétés > onglet restauration système puis décocher "désactiver la restauration système".a+

Analyser mon hijackthis svp, merci

27 réponses

Votre réponse

Discussions similaires

Newsletters