Virus malwarewipe

Résolu
roland26 Messages postés 32 Statut Membre -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
Suite au message du 08/7/06 de green day j'ai suivi la procedure de fandango (virus methode primaire desinfection version fr)
je poste donc les trois rapports

Ewido

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:37:20 26/07/2006

+ Scan result:

C:\WINDOWS\system32\jkhff.dll -> Adware.Virtumonde : No action taken.
:mozilla.13:C:\Documents and Settings\roland\Application Data\Mozilla\Firefox\Profiles\0z244q4b.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.16:C:\Documents and Settings\roland\Application Data\Mozilla\Firefox\Profiles\0z244q4b.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.17:C:\Documents and Settings\roland\Application Data\Mozilla\Firefox\Profiles\0z244q4b.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.11:C:\Documents and Settings\roland\Application Data\Mozilla\Firefox\Profiles\0z244q4b.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.10:C:\Documents and Settings\roland\Application Data\Mozilla\Firefox\Profiles\0z244q4b.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.8:C:\Documents and Settings\roland\Application Data\Mozilla\Firefox\Profiles\0z244q4b.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.9:C:\Documents and Settings\roland\Application Data\Mozilla\Firefox\Profiles\0z244q4b.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.6:C:\Documents and Settings\roland\Application Data\Mozilla\Firefox\Profiles\0z244q4b.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.7:C:\Documents and Settings\roland\Application Data\Mozilla\Firefox\Profiles\0z244q4b.default\cookies.txt -> TrackingCookie.Weborama : No action taken.

::Report end

Rapport BitDefender

BitDefender Online Scanner - Real Time Virus Report

Generated at: Wed, Jul 26, 2006 - 19:59:38

Scan Info

Scanned Files

563987

Infected Files

0

Virus Detected

No virus found.

Rapport hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 20:08:10, on 26/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {308A2D36-B5F4-9E74-A145-E72B51C082C9} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {ACC73579-2FC4-4580-863D-D8A4C08DC963} - C:\WINDOWS\system32\jkhff.dll
O2 - BHO: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\cmd.dll
O20 - Winlogon Notify: jkhff - C:\WINDOWS\system32\jkhff.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winxzl32 - winxzl32.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Merci de votre aide
Configuration: windows XP srvice pack 2
pentium intel IV 3,00 GHz
carte mere  Asus P4P800 luxe

13 réponses

  1. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Désactive le temps de la manip, le Tea timer de Spybot
    lance Spybot >mode avancé> outils >> résident
    Décoche la case résident "tea timer"
    referme Spybot

    Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
    Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
    0
    1. roland26 Messages postés 32 Statut Membre
       
      Bonsoir Régis

      voila les elements demandes

      rapportVBG


      [07/26/2006, 23:57:51] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\roland\Bureau\VirtumundoBeGone.exe" )
      [07/26/2006, 23:57:59] - Detected System Information:
      [07/26/2006, 23:57:59] - Windows Version: 5.1.2600, Service Pack 2
      [07/26/2006, 23:57:59] - Current Username: roland (Admin)
      [07/26/2006, 23:57:59] - Windows is in NORMAL mode.
      [07/26/2006, 23:57:59] - Searching for Browser Helper Objects:
      [07/26/2006, 23:57:59] - BHO 1: {0000CC75-ACF3-4cac-A0A9-DD3868E06852} (DAPHelper Class)
      [07/26/2006, 23:57:59] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
      [07/26/2006, 23:57:59] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
      [07/26/2006, 23:57:59] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
      [07/26/2006, 23:57:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [07/26/2006, 23:57:59] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [07/26/2006, 23:57:59] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [07/26/2006, 23:57:59] - BHO 5: {ACC73579-2FC4-4580-863D-D8A4C08DC963} ()
      [07/26/2006, 23:57:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [07/26/2006, 23:57:59] - Checking for HKLM\...\Winlogon\Notify\jkhff
      [07/26/2006, 23:57:59] - Found: HKLM\...\Winlogon\Notify\jkhff - This is probably Virtumundo.
      [07/26/2006, 23:57:59] - Assigning {ACC73579-2FC4-4580-863D-D8A4C08DC963} MSEvents Object
      [07/26/2006, 23:57:59] - BHO list has been changed! Starting over...
      [07/26/2006, 23:57:59] - BHO 1: {0000CC75-ACF3-4cac-A0A9-DD3868E06852} (DAPHelper Class)
      [07/26/2006, 23:57:59] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
      [07/26/2006, 23:57:59] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
      [07/26/2006, 23:57:59] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
      [07/26/2006, 23:57:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [07/26/2006, 23:57:59] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [07/26/2006, 23:57:59] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [07/26/2006, 23:57:59] - BHO 5: {ACC73579-2FC4-4580-863D-D8A4C08DC963} (MSEvents Object)
      [07/26/2006, 23:57:59] - ALERT: Found MSEvents Object!
      [07/26/2006, 23:57:59] - BHO 6: {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} ()
      [07/26/2006, 23:57:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [07/26/2006, 23:57:59] - No filename found. Continuing.
      [07/26/2006, 23:57:59] - Finished Searching Browser Helper Objects
      [07/26/2006, 23:57:59] - *** Detected MSEvents Object
      [07/26/2006, 23:57:59] - Trying to remove MSEvents Object...
      [07/26/2006, 23:58:00] - Terminating Process: IEXPLORE.EXE
      [07/26/2006, 23:58:04] - Terminating Process: RUNDLL32.EXE
      [07/26/2006, 23:58:05] - Disabling Automatic Shell Restart
      [07/26/2006, 23:58:05] - Terminating Process: EXPLORER.EXE
      [07/26/2006, 23:58:06] - Suspending the NT Session Manager System Service
      [07/26/2006, 23:58:09] - Terminating Windows NT Logon/Logoff Manager
      [07/26/2006, 23:58:15] - Re-enabling Automatic Shell Restart
      [07/26/2006, 23:58:15] - File to disable: C:\WINDOWS\system32\jkhff.dll
      [07/26/2006, 23:58:15] - Renaming C:\WINDOWS\system32\jkhff.dll -> C:\WINDOWS\system32\jkhff.dll.vir
      [07/26/2006, 23:58:15] - File successfully renamed!
      [07/26/2006, 23:58:15] - Removing HKLM\...\Browser Helper Objects\{ACC73579-2FC4-4580-863D-D8A4C08DC963}
      [07/26/2006, 23:58:15] - Removing HKCR\CLSID\{ACC73579-2FC4-4580-863D-D8A4C08DC963}
      [07/26/2006, 23:58:15] - Adding Kill Bit for ActiveX for GUID: {ACC73579-2FC4-4580-863D-D8A4C08DC963}
      [07/26/2006, 23:58:15] - Deleting ATLEvents/MSEvents Registry entries
      [07/26/2006, 23:58:15] - Removing HKLM\...\Winlogon\Notify\jkhff
      [07/26/2006, 23:58:15] - Searching for Browser Helper Objects:
      [07/26/2006, 23:58:15] - BHO 1: {0000CC75-ACF3-4cac-A0A9-DD3868E06852} (DAPHelper Class)
      [07/26/2006, 23:58:15] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
      [07/26/2006, 23:58:15] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
      [07/26/2006, 23:58:15] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
      [07/26/2006, 23:58:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [07/26/2006, 23:58:15] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [07/26/2006, 23:58:15] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [07/26/2006, 23:58:15] - BHO 5: {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} ()
      [07/26/2006, 23:58:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [07/26/2006, 23:58:15] - No filename found. Continuing.
      [07/26/2006, 23:58:15] - Finished Searching Browser Helper Objects
      [07/26/2006, 23:58:15] - Finishing up...
      [07/26/2006, 23:58:15] - A restart is needed.
      [07/26/2006, 23:58:20] - Attempting to Restart via STOP error (Blue Screen!)

      [07/27/2006, 0:03:49] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\roland\Bureau\VirtumundoBeGone.exe" )
      [07/27/2006, 0:04:03] - Detected System Information:
      [07/27/2006, 0:04:03] - Windows Version: 5.1.2600, Service Pack 2
      [07/27/2006, 0:04:03] - Current Username: roland (Admin)
      [07/27/2006, 0:04:03] - Windows is in NORMAL mode.
      [07/27/2006, 0:04:03] - Searching for Browser Helper Objects:
      [07/27/2006, 0:04:03] - BHO 1: {0000CC75-ACF3-4cac-A0A9-DD3868E06852} (DAPHelper Class)
      [07/27/2006, 0:04:03] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
      [07/27/2006, 0:04:03] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
      [07/27/2006, 0:04:03] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
      [07/27/2006, 0:04:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [07/27/2006, 0:04:03] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [07/27/2006, 0:04:03] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [07/27/2006, 0:04:03] - BHO 5: {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} ()
      [07/27/2006, 0:04:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [07/27/2006, 0:04:03] - No filename found. Continuing.
      [07/27/2006, 0:04:03] - Finished Searching Browser Helper Objects
      [07/27/2006, 0:04:03] - Finishing up...
      [07/27/2006, 0:04:03] - Nothing found! Exiting...

      [07/27/2006, 0:04:46] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\roland\Bureau\VirtumundoBeGone.exe" )
      [07/27/2006, 0:05:01] - Detected System Information:
      [07/27/2006, 0:05:01] - Windows Version: 5.1.2600, Service Pack 2
      [07/27/2006, 0:05:02] - Current Username: roland (Admin)
      [07/27/2006, 0:05:02] - Windows is in NORMAL mode.
      [07/27/2006, 0:05:02] - Searching for Browser Helper Objects:
      [07/27/2006, 0:05:02] - BHO 1: {0000CC75-ACF3-4cac-A0A9-DD3868E06852} (DAPHelper Class)
      [07/27/2006, 0:05:02] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
      [07/27/2006, 0:05:02] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
      [07/27/2006, 0:05:02] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
      [07/27/2006, 0:05:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [07/27/2006, 0:05:02] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [07/27/2006, 0:05:02] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [07/27/2006, 0:05:02] - BHO 5: {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} ()
      [07/27/2006, 0:05:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [07/27/2006, 0:05:02] - No filename found. Continuing.
      [07/27/2006, 0:05:02] - Finished Searching Browser Helper Objects
      [07/27/2006, 0:05:02] - Finishing up...
      [07/27/2006, 0:05:02] - Nothing found! Exiting...

      Rapport HijackThis

      ogfile of HijackThis v1.99.1
      Scan saved at 00:06:12, on 27/07/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\ewido anti-spyware 4.0\guard.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
      C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
      C:\Program Files\DAP\DAP.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      C:\Program Files\ewido anti-spyware 4.0\ewido.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
      C:\WINDOWS\system32\devldr32.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {308A2D36-B5F4-9E74-A145-E72B51C082C9} - (no file)
      O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
      O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
      O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
      O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
      O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
      O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
      O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O20 - AppInit_DLLs: C:\WINDOWS\system32\cmd.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O20 - Winlogon Notify: winxzl32 - winxzl32.dll (file missing)
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

      Merci et plus encore

      Je viens de découvrir le lien vers le site d'entraide et je trouve cela formidable. J'aimerai m'investir dans cette démarche mais je ne maitrise pas encore assez le sujet ; donc je bosse, merci pour les lecons sur le site, je ne sais pas encore comment participer mais je sais que je vais participer (j'ai du temps !)

      Merci encore a vous tous Roland
      0
  2. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut roland,

    Nous avons mis en ligne quelques notions et cours pour maitriser ce qu est la securité informatique. Tu peux le consulter sans problemes. Si tu souhaites apprendre mais aussi t investir, nous poser tes questions, il te suffit de t inscrire sur le forum a cette adresse:
    http://entraide.aceboard.fr/inscription.php?login=175280

    Ensuite,

    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    R3 - URLSearchHook: (no name) - {308A2D36-B5F4-9E74-A145-E72B51C082C9} - (no file)

    O2 - BHO: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)

    O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)

    O20 - Winlogon Notify: winxzl32 - winxzl32.dll (file missing)

    Et enfin,

    Rend toi sur ce site :
    http://www.virustotal.com/xhtml/virustotal_en.html
    Clik sur parcourir
    Recherche ceci :
    C:\WINDOWS\system32\cmd.dll
    Clik send et colle le rapport stp

    A+
    0
    1. roland26
       
      Bonjour Regis,

      Merci pour cette aide au nettoyage, en ce qui concerne la dernière partie sur le site de virustotal, je n'ai pas de fichier cmd.dll dans windows/system32 (tout au plus un cmd.exe) je ne sais pas si c'est grave !

      Merci encore - cordialement
      Roland
      0
  3. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Grave non, inquiétant plutot

    Remet un Hijack this stp

    a+
    0
    1. roland26 Messages postés 32 Statut Membre
       
      Salut Regis,
      Zut je vais mal dormir
      voila le rapport hijackthis

      Logfile of HijackThis v1.99.1
      Scan saved at 22:20:17, on 27/07/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\ewido anti-spyware 4.0\guard.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
      C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
      C:\Program Files\DAP\DAP.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Winamp\winampa.exe
      C:\WINDOWS\system32\devldr32.exe
      C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      C:\Program Files\ewido anti-spyware 4.0\ewido.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
      O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
      O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
      O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
      O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
      O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O20 - AppInit_DLLs: C:\WINDOWS\system32\cmd.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

      Merci de me concsacrer autant d'energie

      Roland
      0
  4. roland26 Messages postés 32 Statut Membre
     
    Regis,
    Desole de te faire perdre du temps, près avoir eteint et rallume de PC pour cause d'orage je viens de voir que le fichier cdm.dll est bien dans windows/system 32 je fais donc le manip
    Merci - roland
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut roland

    pas de soucis :-)

    a+
    0
  7. roland26 Messages postés 32 Statut Membre
     
    Regis
    Mille pardon ; ce n'est pas cmd.dll que j'ai trouvé mais cdm.dll ; je confirme n'avoir point de fichier cmd.dll dans /windows/system 32 - ni dans toute la machine !

    Merci
    0
  8. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Lol permet moi de dire que c est curieux lol

    Télécharge:
    http://www.billsway.com/vbspage/vbsfiles/FileInfo.zip

    Une fois que fileinfo.vbs est lancé, il demande sur quel dique dur on veut rechercher le fichier
    Soit on tape la lettre du lecteur, soit on tape * pour rechercher sur tous les DD.Tape etoilé.
    Et on valide avec OK

    Ensuite il faut taper le nom du fichier sans l'extention:

    Tape ceci: cmd

    Un rapport est donné, copie colle le moi.

    a+
    0
  9. roland26 Messages postés 32 Statut Membre
     
    Bonjour regis

    Voila le rapport demande ; d'habitude j'ai des fichiers en trop avec des virus planques alors que la il m'en manque lol

    c:\windows\$ntservicepackuninstall$\cmd.exe
    Version: 5.1.2600.0
    Created: 22/06/2006 23:02:14
    Modified: 28/08/2001 14:00:00
    Size: 388 096 bytes
    Attributes: Compressed

    c:\windows\servicepackfiles\i386\cmd.exe
    Version: 5.1.2600.2180
    Created: 22/06/2006 23:06:17
    Modified: 19/08/2004 16:09:52
    Size: 400 896 bytes
    c:\windows\system32\cmd.exe
    Version: 5.1.2600.2180
    Created: 28/08/2001 14:00:00
    Modified: 19/08/2004 16:09:52
    Size: 400 896 bytes
    Attributes: Archive

    Bon courage - roland
    0
  10. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re Roland,

    Fixe la
    O20 - AppInit_DLLs: C:\WINDOWS\system32\cmd.dll

    En cas de probleme, on la restaurera.

    A+
    0
  11. roland26 Messages postés 32 Statut Membre
     
    Merci Regis
    j'ai fixé la 020 ; j'ai eu un message qui commencait approximativement par "operation illegale error run time... ce message sera copié dans le clipboard
    Manque de pot je ne trouve rien dans le clipboard ; la ligne 020 s'est bien effacée et tout semble marcher correctement ; a tout hasart je te poste un dernier hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 17:28:58, on 28/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\DAP\DAP.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Par rapport au fix de la ligne 020 y a t il des problemes particulier a surveiller ?

    En tous les cas un grand merci pour ton aide patiente et chaleureuse
    roland
    0
  12. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    non rien a surveiller, par contre si tu as un eventuel disfonctionnement dans les prochains jours, peut etre qu il viendra de la et on la restaurera.

    Tes soucis sont donc resolus?

    Merci pour tes compliments et ce fut un plaisir de te rendre service

    Si tu as des questions, n hesites pas !

    a+
    0
  13. roland26 Messages postés 32 Statut Membre
     
    Regis,
    je pense que mes problemes sont resolus, je n'ai plus d'apparition d'ecrans sauvages me proposant d'acheter winwirus pro
    Longue vie a cette forme d'entraide que vous pratiquez et merci a tous pour votre generosite
    Roland
    0
  14. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut Roland,

    Merci de tes encouragements, ca fait plaisir !

    N'hesite pas a en parler autour de toi, y a que comme ca qu on pourra gagner !

    a+
    0