Infecté par w32.myzor.fk@yf

Bibine88 -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour, je suis infectée par le virus w32.myzor.fk@yf et j'ai déjà procédé au scan par l'intermédiaire de Hijackthis. Je vous met directement le log obtenu :

Logfile of HijackThis v1.99.1
Scan saved at 10:32:24, on 14/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\program files\mailskinner\mailskinner.exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\ismon.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\System32\isnotify.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUMENTS AND SETTINGS\BIBINE\BUREAU\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt0.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Bibine\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1049.dll,InstantAccess
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE0F132A-220A-4D79-9C2E-F838FF864776}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winqpb32 - C:\WINDOWS\SYSTEM32\winqpb32.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\System32\pmnqguh.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Que dois-je faire ensuite?
Merci

44 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Infection par le ver w32.myzor.fk@yf est signalée, et le rapport montre un système Windows XP avec de nombreux processus système et une longue liste de composants potentiellement modifiés, dont des extensions et barres d'outils. Des tentatives de suppression ciblant winqpb32.dll et une entrée Winlogon Notify ont été réalisées, mais l'accès est refusé et le fichier persiste selon les rapports. Le fil montre aussi que des éléments potentiellement légitimes — tels qu'Adobe, Google Toolbar et iTunes — cohabitent avec des composants suspects, compliquant l'identification précise des intrus. En cas de suite, une aide spécialisée ou une réinstallation pourraient être envisagées pour éradiquer les éléments persistants et rétablir une configuration saine, afin de prévenir de futures réinfections et sécuriser le poste.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Bibine88
     
    Je viens aussi de faire ce que vous proposiez ensuite à savoir télécharger SmitFraudFix dont le rapport est le suivant :

    SmitFraudFix v2.70

    Rapport fait à 10:42:24,46, 14/07/2006
    Executé à partir de C:\Documents and Settings\Bibine\Local Settings\Temp\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\ishost.exe PRESENT !
    C:\WINDOWS\system32\ismon.exe PRESENT !
    C:\WINDOWS\system32\isnotify.exe PRESENT !
    C:\WINDOWS\system32\issearch.exe PRESENT !
    C:\WINDOWS\system32\ixt?.dll PRESENT !
    C:\WINDOWS\system32\ixt??.dll PRESENT !
    C:\WINDOWS\system32\ot.ico PRESENT !
    C:\WINDOWS\system32\ts.ico PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Bibine\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Bibine\Favoris

    C:\DOCUME~1\Bibine\Favoris\Antivirus Test Online.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url PRESENT !
    C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    J'attends votre aide pour la suite.
    Merci
    0
  2. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    Relance le programme Smitfraud,
    Cette fois choisit l’option 2, répond oui a tous ;
    Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
    ----------------------------------------------------------------------------
    Télécharge Blacklight (de F-Secure) a l’une des 2 adresses :
    https://www.f-secure.com/en
    https://www.f-secure.com/en

    et sauvegarde le sur ton Bureau.

    Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next

    Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

    Copie et colle le contenu de ce rapport dans ta prochaine réponse

    a+
    0
  3. Bibine88
     
    Voilà le log avec SmitFraud en mode sans échec option 2 :

    SmitFraudFix v2.70

    Rapport fait à 13:42:46,67, 14/07/2006
    Executé à partir de C:\Documents and Settings\Bibine\Local Settings\Temp\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\System32\pmnqguh.dll -> Missing File

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\system32\ishost.exe supprimé
    C:\WINDOWS\system32\ismon.exe supprimé
    C:\WINDOWS\system32\isnotify.exe supprimé
    C:\WINDOWS\system32\issearch.exe supprimé
    C:\WINDOWS\system32\ixt?.dll supprimé
    C:\WINDOWS\system32\ot.ico supprimé
    C:\WINDOWS\system32\ts.ico supprimé
    C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url supprimé
    C:\DOCUME~1\Bibine\Favoris\Antivirus Test Online.url supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    Et voilà ce que j'ai avec Blacklight :

    07/14/06 13:49:36 [Info]: BlackLight Engine 1.0.42 initialized
    07/14/06 13:49:36 [Info]: OS: 5.1 build 2600 ()
    07/14/06 13:49:37 [Note]: 7019 4
    07/14/06 13:49:37 [Note]: 7005 0
    07/14/06 13:50:00 [Note]: 7006 0
    07/14/06 13:50:00 [Note]: 7011 552
    07/14/06 13:50:01 [Note]: 7026 0
    07/14/06 13:50:01 [Note]: 7026 0
    07/14/06 13:50:01 [Note]: 7024 3
    07/14/06 13:50:01 [Info]: Hidden process: C:\windows\system32\oracezg.exe
    07/14/06 13:50:01 [Note]: FSRAW library version 1.7.1019
    07/14/06 13:52:14 [Info]: Hidden file: c:\WINDOWS\system32\oracezg.dat
    07/14/06 13:52:14 [Note]: 10002 1
    07/14/06 13:52:14 [Info]: Hidden file: C:\windows\system32\oracezg.exe
    07/14/06 13:52:14 [Note]: 10002 1
    07/14/06 13:52:14 [Info]: Hidden file: c:\WINDOWS\system32\oracezg_nav.dat
    07/14/06 13:52:14 [Note]: 10002 1
    07/14/06 13:52:14 [Info]: Hidden file: c:\WINDOWS\system32\oracezg_navps.dat
    07/14/06 13:52:14 [Note]: 10002 1
    07/14/06 13:52:34 [Info]: Hidden file: c:\WINDOWS\system32\msclock32.dll
    07/14/06 13:52:34 [Note]: 10002 1
    07/14/06 13:52:38 [Info]: Hidden file: c:\WINDOWS\system32\msplock32.dll
    07/14/06 13:52:39 [Note]: 10002 1
    07/14/06 13:53:00 [Info]: Hidden file: c:\WINDOWS\Prefetch\ORACEZG.EXE-2F026792.pf
    07/14/06 13:53:00 [Note]: 10002 1

    Merci d'avance pour la suite
    0
  4. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut ;

    Va dans panneau de configuration < ajout suppression de programme et desinstalle ceci:

    --> mailskinner

    Télécharge Brute Force Uninstaller (de Merijn) ici:
    http://www.merijn.org/files/bfu.zip
    Créé un nouveau dossier directement à la racine de ton disque dur ou l'endroit qui te convient, nomme ce dossier BFU.
    Décompresse le fichier téléchargé dans ce nouveau dossier (par exemple C:\BFU)

    Ensuite, télécharge EGDACCESS.bfu (de Metallica) :

    Fais un clik droit ici : http://metallica.geekstogo.com/EGDACCESS.bfu et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer ; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

    Si tu utilises Internet Explorer, assure-toi lors de la sauvegarde que le champs "Type :" affiche "Tous les fichiers".
    Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1049.dll,InstantAccess

    O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe

    O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - https://www.afternic.com/domains/downloadv3.com

    O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab

    O20 - Winlogon Notify: winqpb32 - C:\WINDOWS\SYSTEM32\winqpb32.dll

    ----------------------------------------------------------------------------
    ¤Recherche et supprime ceci:
    attention seulement les fichiers (si présents).

    c:\program files\mailskinner

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    Lance "Brute Force Uninstaller" en double-cliquant BFU.exe (Dans le dossier C:\BFU)
    - Clique sur le petit dossier jaune, et clique sur : EGDACCESS.bfu
    - Coches la case Show log after script ends
    - Clique sur Execute pour que le fix fasse son boulot :-)

    Attends que le message Complete script execution apparaîsse et clique sur OK.
    Un rapport va s'afficher dans la fenetre du programme, copie et colle dans le bloc-notes, puis sauvegardes le, tu le posteras plus tard sur le forum.
    Clique Exit pour fermer le programme BFU.

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    Ensuite, lance Blacklight en double cliquant sur blbeta.exe et accepte la licence.
    Clique sur Scan pour lancer l'analyse.
    Une fois fait, selectionnes chaques fichiers trouvés et clic sur "RENAME"
    Puis valide.
    Réponds oui aux messages d'avertissements et te demandant si tu autorises le reboot du pc.

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    Après le reboot du pc, les fichiers :

    Cc:\WINDOWS\system32\oracezg.dat
    C:\windows\system32\oracezg.exe
    c:\WINDOWS\system32\oracezg_nav.dat
    c:\WINDOWS\system32\oracezg_navps.dat
    c:\WINDOWS\system32\msclock32.dll
    c:\WINDOWS\system32\msplock32.dll
    c:\WINDOWS\Prefetch\ORACEZG.EXE-2F026792.pf

    devraient être visible et pouvoir être supprimés sans aucuns soucis.
    Blacklight ne les supprimes pas, il les renommes simplement et il va falloir que tu les vires toi même:
    Va dans C:\windows\system32\ et recherches et effaces:

    oracezg.dat.ren
    oracezg.exe.ren
    oracezg_nav.dat.ren
    oracezg_navps.dat.ren
    msclock32.dll.ren
    msplock32.dll.ren

    Une fois fait, reposte un rapport hijackthis + le rapport de BFU que tu auras sauvegardé et un nouveau rapport de blacklight.

    bon nettoyage et bon courage ;-)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Bibine88
     
    Ouh là là... que de manip à afire pour nettoyer tout ça!! Mais je pense m'en être bien sortie tout de même... en tous cas déjà un gand merci à toi jusque là.

    Juste 2 choses que je n'ai pas pu faire :
    - dans le scan hijackthis, je n'ai pas pu cocher la case :
    O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
    car elle n'y était pas.

    - dans le dossier c:\program files\mailskinner je n'ai pas pu supprimer le fichier OESkinner.dll

    Sinon voilà le nouveau rapport Hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 19:27:54, on 14/07/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Mozilla firefox\firefox.exe
    C:\Documents and Settings\Bibine\Bureau\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt0.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Bibine\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [oracezg] c:\windows\system32\oracezg.exe oracezg
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll (file missing)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE0F132A-220A-4D79-9C2E-F838FF864776}: NameServer = 212.27.32.176,212.27.32.177
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: winqpb32 - C:\WINDOWS\SYSTEM32\winqpb32.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    Puis voilà le rapport BFU de tout à l'heure :

    BFU v1.00.9
    Windows XP (WinNT 5.01.2600 )
    Script started at 19:03:37, on 14/07/2006

    Option Delete files to Recycle Bin: Yes
    Failed: DllUnregister C:\WINDOWS\System32\MSWBM32.DLL|1 (file not found)
    Failed: FileDelete C:\WINDOWS\System32\msclock32.dll (operation failed)
    Failed: FileDelete C:\WINDOWS\System32\msplock32.dll (operation failed)
    Failed: FolderDelete C:\Program Files\dialpass (folder not found)
    Failed: FolderDelete C:\Program Files\eghtmldialer (folder not found)
    Failed: FolderDelete C:\Program Files\egroup (folder not found)
    Failed: FolderDelete C:\Program Files\Instant Access (folder not found)
    Failed: FolderDelete C:\Program Files\MailSkinner (operation failed)
    Failed: DllUnregister C:\WINDOWS\mslagent\2_mslagent.dll|1 (file not found)
    Failed: DllUnregister C:\WINDOWS\navmpc\2_navmpc.dll|1 (file not found)
    Failed: FolderDelete C:\WINDOWS\mslagent (folder not found)
    Failed: FolderDelete C:\WINDOWS\navmpc (folder not found)
    Failed: FileDelete C:\DOCUME~1\Bibine\LOCALS~1\Temp\~DFC2B7.tmp (operation failed)
    Failed: FileDelete C:\DOCUME~1\Bibine\LOCALS~1\Temp\~DFC2C2.tmp (operation failed)
    Failed: FileDelete C:\DOCUME~1\Bibine\LOCALS~1\Temp\~DFD3DF.tmp (operation failed)
    Failed: FileDelete C:\DOCUME~1\Bibine\LOCALS~1\Temp\~DFE3AE.tmp (operation failed)
    Failed: FileDelete C:\DOCUME~1\Bibine\LOCALS~1\Temp\~DFE3BF.tmp (operation failed)
    Script completed.

    Enfin voilà le dernier rapport blacklight :

    07/14/06 19:29:27 [Info]: BlackLight Engine 1.0.42 initialized
    07/14/06 19:29:27 [Info]: OS: 5.1 build 2600 ()
    07/14/06 19:29:28 [Note]: 7019 4
    07/14/06 19:29:28 [Note]: 7005 0
    07/14/06 19:29:42 [Note]: 7006 0
    07/14/06 19:29:43 [Note]: 7011 292
    07/14/06 19:29:43 [Note]: 7026 0
    07/14/06 19:29:43 [Note]: 7026 0
    07/14/06 19:29:51 [Note]: FSRAW library version 1.7.1019
    07/14/06 19:33:01 [Note]: 7007 0

    Voilà tout est mis. Merci encore pour votre aide. Y a-t-il encore quelque chose à faire ou suis-je enfin quitte avec ce virus?
    0
  7. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    Beau travail ;-)

    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    O4 - HKLM\..\Run: [oracezg] c:\windows\system32\oracezg.exe oracezg

    Ferme Hijack this.

    Supprime ce dossier:
    C:\Program Files\MailSkinner

    ---> Si tu n y arrives pas, supprime le en mode sans echec
    ¤Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).

    Redemarre ton PC, et remet un Hijack this pour que je controle.

    a+
    ;-)
    0
  8. Bibine88
     
    Voilà le dernier rapport hikackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 10:57:49, on 15/07/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\Bibine\Bureau\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt0.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Bibine\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll (file missing)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE0F132A-220A-4D79-9C2E-F838FF864776}: NameServer = 212.27.32.176,212.27.32.177
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: winqpb32 - C:\WINDOWS\SYSTEM32\winqpb32.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    Alors... c ok?
    0
  9. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    1-Fixe ceci:
    O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt0.dll (file missing)

    2-Rend toi sur ce site :
    http://www.virustotal.com/xhtml/virustotal_en.html
    Clik sur parcourir
    Recherche ceci :
    C:\WINDOWS\SYSTEM32\winqpb32.dll

    Clik send et colle le rapport stp

    A+
    0
  10. Bibine88
     
    Voilà le rapport de virustotal :

    Complete scanning result of "winqpb32.dll", received in VirusTotal at 07.15.2006, 13:49:15 (CET).

    Antivirus Version Update Result
    AntiVir 6.35.0.21 07.15.2006 TR/PCK.Klone.G.14
    Authentium 4.93.8 07.14.2006 no virus found
    Avast 4.7.844.0 07.14.2006 no virus found
    AVG 386 07.14.2006 no virus found
    BitDefender 7.2 07.15.2006 no virus found
    CAT-QuickHeal 8.00 07.13.2006 no virus found
    ClamAV devel-20060426 07.14.2006 no virus found
    DrWeb 4.33 07.15.2006 no virus found
    eTrust-InoculateIT 23.72.69 07.14.2006 no virus found
    eTrust-Vet 12.6.2297 07.14.2006 no virus found
    Ewido 4.0 07.15.2006 no virus found
    Fortinet 2.77.0.0 07.15.2006 W32/Klone.G
    F-Prot 3.16f 07.14.2006 no virus found
    F-Prot4 4.2.1.29 07.14.2006 no virus found
    Ikarus 0.2.65.0 07.14.2006 no virus found
    Kaspersky 4.0.2.24 07.15.2006 Packed.Win32.Klone.g
    McAfee 4807 07.14.2006 no virus found
    Microsoft 1.1508 07.15.2006 no virus found
    NOD32v2 1.1662 07.15.2006 no virus found
    Norman 5.90.23 07.14.2006 no virus found
    Panda 9.0.0.4 07.14.2006 Adware/SuperSpider
    Sophos 4.07.0 07.14.2006 no virus found
    Symantec 8.0 07.15.2006 Trojan Horse
    TheHacker 5.9.8.175 07.13.2006 no virus found
    UNA 1.83 07.14.2006 no virus found
    VBA32 3.11.0 07.14.2006 no virus found
    VirusBuster 4.3.7:9 07.14.2006 no virus found

    Aditional Information
    File size: 18432 bytes
    MD5: d89f684bdee3fe0369d5865042afb1df
    SHA1: 23185a456c85becc5967b1c3470d1e11b69f463c
    packers: PecBundle, PECompact

    Merci
    0
  11. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re,

    fixe ceci
    O20 - Winlogon Notify: winqpb32 - C:\WINDOWS\SYSTEM32\winqpb32.dll

    Redemarre et remet un Hijack this pour voir si tout est ok.

    A+
    0
  12. Bibine88
     
    Le dernier rapport :

    Logfile of HijackThis v1.99.1
    Scan saved at 14:22:36, on 15/07/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Bibine\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Bibine\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll (file missing)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE0F132A-220A-4D79-9C2E-F838FF864776}: NameServer = 212.27.32.176,212.27.32.177
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: winqpb32 - C:\WINDOWS\SYSTEM32\winqpb32.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    0
  13. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    re,

    Télécharger haxfix.exe
    http://users.telenet.be/marcvn/tools/haxfix.exe
    et le sauvegarde sur le bureau.

    Double cliquer sur haxfix.exe pour installer haxfix. (l'installation standard est c:\program Files\haxfix)
    Cocher "Create a desktop icon"
    Cliquer "Next"
    Quand l'installation est terminée, s'assurer que "Launch HaxFix" est coché
    Cliquer "Finish"
    Une "fenêtre DOS" à fond rouge s'ouvre avec les options suivantes:

    1. Make logfile (créer un rapport)
    2. Run auto fix (lancer la réparation en mode automatique)
    3. Run manual fix (lancer la réparation en mode manuel)
    4. Run wnlogow fix (lancer la réparation pour wnlogow)
    E. Exit Haxfix (quitter Haxfix)

    Selectionner l'option 1. Make logfile en tapant 1 puis taper "Entrée"
    Haxfix va analyser le système. Quand il a fini, un rapport s'ouvrira: haxlog.txt > (c:\haxlog.txt)
    Copier le contenu de ce rapport et l'inclure (coller) dans votre réponse.

    A+
    0
  14. Bibine88
     
    HAXFIX logfile - by Marckie
    ______________
    version 3.07
    15/07/2006 14:36:04,41

    checking for haxdoor
    --------------------
    checking for a3d files....
    a3d files not found

    checking for matching notify keys....
    no matching notify keys found

    checking for matching services....
    matching services found
    CmBatt

    checking for matching safeboot services....
    no matching safeboot services found

    Checking for goldun
    -------------------
    checking for notify keys....
    no notify keys found

    checking for services....
    no services found

    Finished
    0
  15. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut;

    Lance ce scan en ligne:
    http://www.bitdefender.fr/scan8/ie.html
    Copie/colle le rapport
    0
  16. Bibine88
     
    rapport :

    BitDefender Online Scanner

    Rapport d'analyse généré à: Sat, Jul 15, 2006 - 16:14:33

    Voie d'analyse: C:\;D:\;E:\;

    Statistiques

    Temps

    01:14:01

    Fichiers

    399725

    Directoires

    3667

    Secteurs de boot

    4

    Archives

    5726

    Paquets programmes

    57878

    Résultats

    Virus identifiés

    6

    Fichiers infectés

    7

    Fichiers suspects

    0

    Avertissements

    0

    Désinfectés

    0

    Fichiers effacés

    7

    Info sur les moteurs

    Définition virus

    407958

    Version des moteurs

    AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

    Analyse des plugins

    13

    Archive des plugins

    39

    Unpack des plugins

    5

    E-mail plugins

    6

    Système plugins

    1

    Paramètres d'analyse

    Première action

    Désinfecté

    Seconde Action

    Supprimé

    Heuristique

    Oui

    Acceptez les avertissements

    Oui

    Extensions analysées

    *;

    Excludez les extensions

    Analyse d'emails

    Oui

    Analyse des Archives

    Oui

    Analyser paquets programmes

    Oui

    Analyse des fichiers

    Oui

    Analyse de boot

    Oui

    Fichier analysé

    Statut

    C:\System Volume Information\_restore{DC9DC567-F234-4F3B-86A4-A697F6666889}\RP190\A0057081.exe

    Infecté par: Dropped:Trojan.Downloader.Zlob.SO

    C:\System Volume Information\_restore{DC9DC567-F234-4F3B-86A4-A697F6666889}\RP190\A0057081.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{DC9DC567-F234-4F3B-86A4-A697F6666889}\RP190\A0057081.exe

    Supprimé

    C:\System Volume Information\_restore{DC9DC567-F234-4F3B-86A4-A697F6666889}\RP190\A0057082.exe

    Infecté par: Trojan.Downloader.Zlob.SO

    C:\System Volume Information\_restore{DC9DC567-F234-4F3B-86A4-A697F6666889}\RP190\A0057082.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{DC9DC567-F234-4F3B-86A4-A697F6666889}\RP190\A0057082.exe

    Supprimé

    C:\System Volume Information\_restore{DC9DC567-F234-4F3B-86A4-A697F6666889}\RP190\A0057083.exe

    Infecté par: Trojan.Agent.TC

    C:\System Volume Information\_restore{DC9DC567-F234-4F3B-86A4-A697F6666889}\RP190\A0057083.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{DC9DC567-F234-4F3B-86A4-A697F6666889}\RP190\A0057083.exe

    Supprimé

    C:\System Volume Information\_restore{DC9DC567-F234-4F3B-86A4-A697F6666889}\RP190\A0057084.exe

    Infecté par: Trojan.Downloader.Zlob.SI

    C:\System Volume Information\_restore{DC9DC567-F234-4F3B-86A4-A697F6666889}\RP190\A0057084.exe

    Echec de la désinfection

    C:\System Volume Information\_restore{DC9DC567-F234-4F3B-86A4-A697F6666889}\RP190\A0057084.exe

    Supprimé

    C:\System Volume Information\_restore{DC9DC567-F234-4F3B-86A4-A697F6666889}\RP190\A0057085.dll

    Infecté par: Trojan.Downloader.Zlob.SI

    C:\System Volume Information\_restore{DC9DC567-F234-4F3B-86A4-A697F6666889}\RP190\A0057085.dll

    Echec de la désinfection

    C:\System Volume Information\_restore{DC9DC567-F234-4F3B-86A4-A697F6666889}\RP190\A0057085.dll

    Supprimé

    C:\WINDOWS\system32\components\flx1.dll

    Infecté par: Trojan.FakeAlert.CO

    C:\WINDOWS\system32\components\flx1.dll

    Echec de la désinfection

    C:\WINDOWS\system32\components\flx1.dll

    Supprimé

    C:\WINDOWS\system32\i

    Infecté par: Backdoor.BotGet.FtpB.Gen

    C:\WINDOWS\system32\i

    Supprimé
    0
  17. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    ok,

    Ou en sont tes soucis

    a+
    0
  18. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Télécharge la version d'évaluation d'Ewido:
    https://www.avg.com/en-ww/homepage

    Installe et mets à jour.

    Important: Pendant l'installation, sur la page "Additional Options" décoche les deux options "Install background guard" et "Install scan via context menu".

    Démarre Ewido avec l'icône qui se trouve sur ton Bureau. Clique sur mise à jour, attendre la fin de cette mise à jour puis, ferme le programme.

    Redémarre en mode Sans Échec (au démarrage, tapote immédiatement la touche F8, puis tu verras un écran avec choix de démarrages : choisis "Mode sans échec" avec les flèches du clavier, puis valide avec "Entrée". Choisis ton compte usuel (et non Administrateur). Relance Ewido et clique sur scanner puis sur scan complet du système.

    Si des fichiers infectés sont trouvés, garde l'option par défaut Supprimer (avec la ligne "Créer des copies de sauvegarde cryptées dans la quarantaine" cochée), et coche "Effectuer cette action avec toutes les infections".

    A la fin du scan, sauvegarde le rapport (Fichier/Enregistrer sous...) sur le Bureau. Redémarre en mode normal.
    0
  19. Bibine88
     
    Voici le rapport, je n'ai pas pu cocher les 2 cases dont vous m'avez parlé car elle n'étaient pas présentes sur la page de scan :

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 18:58:55 15/07/2006

    + Scan result:

    C:\WINDOWS\system32\eraseme_62871.exe -> Backdoor.Aimbot.bc : No action taken.
    :mozilla.10:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\p5811ffq.Utilisateur par défaut\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.11:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\p5811ffq.Utilisateur par défaut\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.125:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.12:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\p5811ffq.Utilisateur par défaut\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.13:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\p5811ffq.Utilisateur par défaut\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.9:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\p5811ffq.Utilisateur par défaut\cookies.txt -> TrackingCookie.247realmedia : No action taken.
    :mozilla.11:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.12:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.13:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.14:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.15:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.64:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.86:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.8:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.9:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.34:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
    :mozilla.35:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
    :mozilla.104:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.105:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.106:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.107:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.82:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Bibine\Cookies\bibine@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
    :mozilla.17:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\p5811ffq.Utilisateur par défaut\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
    :mozilla.43:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
    :mozilla.84:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.55:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
    :mozilla.57:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
    :mozilla.58:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
    :mozilla.7:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
    :mozilla.67:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Estat : No action taken.
    :mozilla.87:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.88:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.89:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.90:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.91:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.92:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.93:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.94:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.95:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.126:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.127:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.128:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.155:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.186:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.187:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.216:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.217:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.220:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.221:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.222:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.223:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.145:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
    :mozilla.146:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.147:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.148:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.149:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.150:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.151:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.100:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.101:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.102:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.103:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.14:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\p5811ffq.Utilisateur par défaut\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
    :mozilla.15:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\p5811ffq.Utilisateur par défaut\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
    :mozilla.16:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\p5811ffq.Utilisateur par défaut\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
    :mozilla.59:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
    :mozilla.60:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
    :mozilla.61:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
    :mozilla.206:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.207:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.37:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
    :mozilla.38:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
    :mozilla.39:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
    :mozilla.40:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
    :mozilla.41:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
    :mozilla.42:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
    :mozilla.21:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\p5811ffq.Utilisateur par défaut\cookies.txt -> TrackingCookie.Weborama : No action taken.
    :mozilla.97:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
    :mozilla.98:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
    :mozilla.99:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
    :mozilla.160:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.161:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.196:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.197:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.198:C:\Documents and Settings\Bibine\Application Data\Mozilla\Firefox\Profiles\c43ssqag.default\cookies.txt -> TrackingCookie.Zedo : No action taken.

    ::Report end
    0
  20. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re;

    Telecharge ceci
    https://www.silentrunners.org/Silent%20Runners.vbs
    Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

    A+
    0
  21. Bibine88
     
    "Silent Runners.vbs", revision 46, https://www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
    "MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
    "msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
    "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" ["Sun Microsystems, Inc."]
    "UIUCU" = "C:\DOCUME~1\Bibine\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S" [file not found]
    "HP Software Update" = ""C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"]
    "TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
    "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
    "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
    "SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]
    "NeroFilterCheck" = "C:\WINDOWS\System32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "LVCOMSX" = "C:\WINDOWS\System32\LVCOMSX.EXE" ["Labtec Inc."]
    "LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe " ["Labtec Inc."]
    "LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Labtec Inc."]
    "SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
    "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
    "MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]
    "!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]

    HKLM\Software\Microsoft\Active Setup\Installed Components\
    {ACC563BC-4266-43f0-B6ED-9D38C4202C7E}\(Default) = "Accès Internet Explorer"
    \StubPath = "rundll32 iesetup.dll,IEAccessUserInst" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "AcroIEHlprObj Class"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "ST"
    \InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Google Toolbar Helper"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "MSNToolBandBHO"
    \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
    "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
    -> {HKLM...CLSID} = "AVG7 Find Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
    \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Outlook File Icon Extension"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
    "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Labtec Pictures"
    -> {HKLM...CLSID} = "My Labtec Pictures"
    \InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Labtec Inc."]
    "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}" = "CopyToCD shell extension"
    -> {HKLM...CLSID} = "CopyToCD shell extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
    "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
    -> {HKLM...CLSID} = "iTunes"
    \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {HKLM...CLSID} = "Portable Media Devices"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {HKLM...CLSID} = "Portable Media Devices Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
    -> {HKLM...CLSID} = "Mes dossiers de partage"
    \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
    -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
    \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

    HKLM\System\CurrentControlSet\Control\Session Manager\
    INFECTION WARNING! "BootExecute" = "autocheck autochk * stera" [file not found], [MS], [file not found], [file not found]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    INFECTION WARNING! winqpb32\DLLName = "winqpb32.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"
    -> {HKLM...CLSID} = "CopyToCD shell extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
    ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"
    -> {HKLM...CLSID} = "CopyToCD shell extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
    ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"
    -> {HKLM...CLSID} = "CopyToCD shell extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Startup items in "Bibine" & "All Users" startup folders:
    --------------------------------------------------------

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe /W" [empty string]
    "Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
    "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 28
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
    -> {HKLM...CLSID} = "MSN"
    \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
    -> {HKLM...CLSID} = "Yahoo! Toolbar avec bloqueur de fenêtres pop-up"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
    -> {HKLM...CLSID} = "Yahoo! Toolbar avec bloqueur de fenêtres pop-up"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
    "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
    -> {HKLM...CLSID} = "MSN"
    \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Console Java (Sun)"
    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}"
    -> {HKLM...CLSID} = "Java Plug-in 1.5.0_05"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll" [file not found]

    {85D1F590-48F4-11D9-9669-0800200C9A66}\
    "MenuText" = "Uninstall BitDefender Online Scanner v8"
    "Exec" = "%windir%\bdoscandel.exe" [null data]

    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

    Missing lines (compared with English-language version):
    [Strings]: 1 line

    HOSTS file
    ----------

    C:\WINDOWS\System32\drivers\etc\HOSTS

    maps: 2 domain names to IP addresses,
    1 of the IP addresses is *not* localhost!

    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
    AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
    AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
    ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
    iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
    Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
    Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\HPZipm12.exe" ["HP"]
    Service Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\System32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    HP Standard TCP/IP Port\Driver = "hptcpmon.dll" ["Hewlett Packard"]
    hpzlnt12\Driver = "hpzlnt12.dll" ["HP"]

    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
    use the -supp parameter or answer "No" at the first message box.
    ---------- (total run time: 163 seconds, including 9 seconds for message boxes)
    0
  • 1
  • 2
  • 3