hello! j'ai fait un tour dans le forum et vu que d'autre avaient le même virus que moi mais passaient par hijackthis je pense qu'il faut personnaliser les démarches alors est-ce que quelqu'un peut m'aider car je suis perdue

[virus] infecté par win 32 adan 078 et 094

Réponse 1 / 13

Kako
11 août 2006 à 13:59

rehello!
voici mon rapport

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
E:\Program Files\lg_fwupdate\fwupdate.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\System32\LVCOMSX.EXE
E:\Program Files\Logitech\Video\LogiTray.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\PDA2~1\ACTIVS~1\wcescomm.exe
E:\Program Files\Logitech\Video\FxSvr2.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\System32\nvsvc32.exe
h:\PDA2~1\ACTIVS~1\rapimgr.exe
E:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\wdfmgr.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Internet Explorer\iexplore.exe
H:\TELECHARGEMENT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zzGBK] D:\setup.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "E:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\PDA2~1\ACTIVS~1\wcescomm.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "E:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [KillAndClean] "E:\Program Files\KillAndClean\KillAndClean.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = H:\PDA 2\OUTLOOK 2002\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://e:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://e:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://e:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://e:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - h:\PDA2~1\ACTIVS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - h:\PDA2~1\ACTIVS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - h:\PDA2~1\ACTIVS~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kakololo3muxu.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7130205F-0935-4F42-B9FB-225794FB4D73}: NameServer = 85.255.113.139,85.255.112.186
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BF53A1F-25AF-4135-B312-02C32BB569CD}: NameServer = 85.255.113.139,85.255.112.186
O17 - HKLM\System\CCS\Services\Tcpip\..\{A759C0A6-B3C8-435A-9FE8-CB5C9C7BE53A}: NameServer = 85.255.113.139,85.255.112.186
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.139 85.255.112.186
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.139 85.255.112.186
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.139 85.255.112.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.139 85.255.112.186
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

Réponse 2 / 13

Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
11 août 2006 à 15:28

Salut

Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.

A+

Kako
11 août 2006 à 17:26

coucou
voilà mon rapport
Rapport fait à 17:25:49,62, 11/08/2006
Executé à partir de H:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» E:\

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Administrateur\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\ADMINI~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Réponse 3 / 13

Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
11 août 2006 à 17:38

ok

Telecharge ceci
https://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

A+

Kako
11 août 2006 à 21:54

coucou régis
voici :
Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "E:\WINDOWS\System32\ctfmon.exe" [MS]
"MsnMsgr" = ""E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"PowerBar" = (empty string)
"H/PC Connection Agent" = ""H:\PDA2~1\ACTIVS~1\wcescomm.exe"" [MS]
"LogitechSoftwareUpdate" = ""E:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""E:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
"KillAndClean" = ""E:\Program Files\KillAndClean\KillAndClean.exe"" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"zzGBK" = "D:\setup.exe" [file not found]
"High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"AlcWzrd" = "ALCWZRD.EXE" ["RealTek Semicoductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"RemoteControl" = ""E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"InCD" = "E:\Program Files\Ahead\InCD\InCD.exe" ["Nero AG"]
"NeroFilterCheck" = "E:\WINDOWS\System32\NeroCheck.exe" ["Ahead Software Gmbh"]
"LGODDFU" = ""E:\Program Files\lg_fwupdate\fwupdate.exe"" [null data]
"RealTray" = "E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"QuickTime Task" = ""E:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"LVCOMSX" = "E:\WINDOWS\System32\LVCOMSX.EXE" ["Logitech Inc."]
"LogitechVideoRepair" = "E:\Program Files\Logitech\Video\ISStart.exe " ["Logitech Inc."]
"LogitechVideoTray" = "E:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
"PinnacleDriverCheck" = "E:\WINDOWS\System32\PSDrvCheck.exe -CheckReg" [empty string]
"NWEReboot" = (empty string)
"KernelFaultCheck" = "E:\WINDOWS\system32\dumprep 0 -k" [MS]
"ccApp" = ""E:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"SSC_UserPrompt" = "E:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"dmynz.exe" = "E:\WINDOWS\System32\dmynz.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {HKLM...CLSID} = "CNavExtBho Class"
\InProcServer32\(Default) = "E:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "E:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
\InProcServer32\(Default) = "E:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "H:\PDA 2\OUTLOOK 2002\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
-> {HKLM...CLSID} = "Appareil mobile"
\InProcServer32\(Default) = "h:\PDA2~1\ACTIVS~1\Wcesview.dll" [MS]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {HKLM...CLSID} = "My Logitech Pictures"
\InProcServer32\(Default) = "E:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "E:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "E:\WINDOWS\System32\Audiodev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "E:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "E:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a-squared Context Menu Shell Extension"
-> {HKLM...CLSID} = "a-squared context menu"
\InProcServer32\(Default) = "E:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [file not found]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csbdp.exe" [null data]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "E:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "E:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {HKLM...CLSID} = "a-squared context menu"
\InProcServer32\(Default) = "E:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [file not found]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "E:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "E:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "E:\WINDOWS\System32\logon.scr" [MS]

Autostart via AUTORUN.INF on local fixed drives:
------------------------------------------------

I:\
INFECTION WARNING! I:\AUTORUN.INF -> "open = welcome.exe" ["Pinnacle Systems"]

Startup items in "Administrateur" & "All Users" startup folders:
----------------------------------------------------------------

E:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Adobe Reader Speed Launch" -> shortcut to: "E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "H:\PDA 2\OUTLOOK 2002\Office10\OSA.EXE -b -l" [MS]

Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Analyser mon ordinateur - Administrateur" -> launches: "E:\PROGRA~1\NORTON~1\Navw32.exe /task:"E:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "E:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "E:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "E:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "E:\WINDOWS\System32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "h:\PDA2~1\ACTIVS~1\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Créer un favori mobile..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "h:\PDA2~1\ACTIVS~1\INetRepl.dll" [MS]

{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "E:\Program Files\Messenger\MSMSGS.EXE" [MS]

Miscellaneous IE Hijack Points
------------------------------

E:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

Missing lines (compared with English-language version):
[Strings]: 2 lines

HOSTS file
----------

E:\WINDOWS\System32\drivers\etc\HOSTS

maps: 1 domain name to an IP address,
1 of the IP addresses is *not* localhost!

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Norton AntiVirus Firewall Monitor Service, NPFMntor, ""E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
NVIDIA Display Driver Service, NVSvc, "E:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Service Norton AntiVirus Auto-Protect, navapsvc, ""E:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "E:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""E:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""E:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""E:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""E:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "E:\WINDOWS\System32\wdfmgr.exe" [MS]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 40 seconds, including 18 seconds for message boxes)

Réponse 4 / 13

Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
12 août 2006 à 10:53

ok.

2 dernieres choses stp

1/fais demarer< poste de travail < c < windows < systeme32 < drivers < etc, ouvre host avec le bloc note et copie colle son contenu

2/Telecharge ceci
https://www.cjoint.com/?imk10ZxF1D

Lance moe regis
Le bloc note s ouvre, copie colle le rapport

a+

Kako
12 août 2006 à 11:42

hello
j'ai trouvé le dossier dans E et non dans C puis en essayant de l'ouvrir il bloque, doi-je ouvrir mon pc en mode sans échec pour y parvenir?
à+

Réponse 5 / 13

Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
12 août 2006 à 11:47

Oui ou E, c est pas grave.Tout depend la lettre de ton systeme.

Il bloque, c est a dire? rien ne s ouvre?
Oui essaie en sans echec

a+

Kako
12 août 2006 à 13:28

je me suis mise en mode sans échec mais c'est pareil
j'essaie d'ouvrir : mais c'est toujours vide et ça cherche, un message c'est mis (2secondes) et j'ai pu lire : les dossiers sont cachés...
et une fois sur 2 en faisant control alt supp il met : pas de réponse

Réponse 6 / 13

Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
12 août 2006 à 13:42

Salut

1/ Dans ajout/suppression de programmes, desinstalles ceci:

kill and clean.

2/Télécharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe

:: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
http://pageperso.aol.fr/balltrap34/killbox.htm

3/Télécharge le FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes (si presentes):

O1 - Hosts: localhost 127.0.0.1

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [KillAndClean] "E:\Program Files\KillAndClean\KillAndClean.exe"

O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7130205F-0935-4F42-B9FB-225794FB4D73}: NameServer = 85.255.113.139,85.255.112.186

O17 - HKLM\System\CCS\Services\Tcpip\..\{8BF53A1F-25AF-4135-B312-02C32BB569CD}: NameServer = 85.255.113.139,85.255.112.186

O17 - HKLM\System\CCS\Services\Tcpip\..\{A759C0A6-B3C8-435A-9FE8-CB5C9C7BE53A}: NameServer = 85.255.113.139,85.255.112.186

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.139 85.255.112.186

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.139 85.255.112.186

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.139 85.255.112.186

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.139 85.255.112.186

Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.

Note:A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

5/Double clic sur killbox.exe (Pocket Killbox)

- coche: delete on reboot
- Dans "Full Path of File to Delete"
- copie et colle:

E:\WINDOWS\System32\dmynz.exe

-Sélectionne "single File"
- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES

Si ce message s’affiche ignore le :
http://tinypic.com/images/goodbye.jpg
Laisse le pc redémarrer.

Aller dans Démarrer > Panneau de configuration > Connexions > clic droit sur la connexion > Propriétés > onglet Gestion de réseau
Mettre en surbrillance Protocole Internet (tcp/ip) puis cliquer sur le bouton Propriétés.
Dans les options (serveur DNS préféré et serveur DNS auxiliaire) on trouvera une de ces adresses présentes dans le rapport hijackthis en ligne 017 =>(85.255.113.139,85.255.112.186)

Pour les éliminer, cocher : "Obtenir les adresses des serveurs DNS automatiquement" puis cliquer 2 fois sur"Ok" et redémarrer le PC.

Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis.

A+

Kako
12 août 2006 à 14:12

je ne trouve pas kill and clean dans les programmes, je continue quand même la procédure?
mon pc rame terrible !

Réponse 7 / 13

Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
12 août 2006 à 14:41

Oui continue.

Tu penseras a supprimer kill and clean dans programes files a la fin

a+

Kako
12 août 2006 à 18:32

me revoilà, j'ai eu chaud car j'ai fait donc toute la procédure et en dernier quand je suis allée dans les propriétés de connexion et sur serveur dns je n'avais pas les numéro que tu m'as donné(alors qu'il apparaisse maintenant) j'ai fait redémarrer et là...plus de connection internet, grand moment de solitude j'ai fait une analyse avec ad-aware pour voir s' il bloquait toujours et non plus de virus super mais plus d'internet c'est pas bien!!!
alors en fait il y quelque temps j'ai ouvert des ports pour jouer en réseau sur mon alice box est-ce que ça peut bugger à ce niveau là.
en tout cas aucune solution m'est venue sauf redémarrer à une date ultérieure mais je n'ai pas pu avant mon attaque (le mois dernier), donc j'ai à nouveau ma connexion mais win 32 aussi.
que dois-je faire sur ma connexion avant de refaire la manip'
qui à l'air de fonctionner.
merci pour ta patience

Réponse 8 / 13

Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
12 août 2006 à 20:11

Salut

Tu avais fait cela?

Aller dans Démarrer > Panneau de configuration > Connexions > clic droit sur la connexion > Propriétés > onglet Gestion de réseau
Mettre en surbrillance Protocole Internet (tcp/ip) puis cliquer sur le bouton Propriétés.
Dans les options (serveur DNS préféré et serveur DNS auxiliaire) on trouvera une de ces adresses présentes dans le rapport hijackthis en ligne 017 =>(85.255.113.139,85.255.112.186)

Pour les éliminer, cocher : "Obtenir les adresses des serveurs DNS automatiquement" puis cliquer 2 fois sur"Ok" et redémarrer le PC.

A+

Kako
12 août 2006 à 20:55

j'ai fait tout ce que tu as mis mais en fin il y avait une adresse ip et il n'y avait rien dans dns et je ne pouvais aller dans "obtenir les adresses des serveurs dns automatiquement" que en cochant "obtenir ip automatiquement" ce que j'ai fait les 2 était vides et sur automatique. je viens d'aller dans le gestionnaire de mon modem qui me donne ip et dns différents de mes paramètres sur mon pc pourtant ça marche?????
je n'avais plus de connection même avant d'avoir fait un redémarrage
à+

Réponse 9 / 13

Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
12 août 2006 à 23:12

Ok

remet un Hijack this

a+

Kako
13 août 2006 à 12:34

salut régis,
après avoir remis ma connexion j'ai pris tous les paramètres ip et dns de mon pc et du modem et j'ai refais la manip'
au moment de killbox il m'a dit qu'il ne trouvait pas le dossier mais j'ai continuer
comme précedemment je n'avais plus d'internet et j'ai remis dans les propriétés les adresses dns que j'avais sur mon modem et tout roule
je te renvoie les rapports mais j'ai lancé ad aware et avast et n'a rien trouvé pour l'instant je ne vois plus de problème
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
E:\Program Files\lg_fwupdate\fwupdate.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\System32\LVCOMSX.EXE
E:\Program Files\Logitech\Video\LogiTray.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\PDA2~1\ACTIVS~1\wcescomm.exe
E:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
E:\Program Files\Logitech\Video\FxSvr2.exe
h:\PDA2~1\ACTIVS~1\rapimgr.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Internet Explorer\iexplore.exe
H:\TELECHARGEMENT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zzGBK] D:\setup.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "E:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\PDA2~1\ACTIVS~1\wcescomm.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "E:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = H:\PDA 2\OUTLOOK 2002\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://e:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://e:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://e:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://e:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - h:\PDA2~1\ACTIVS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - h:\PDA2~1\ACTIVS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - h:\PDA2~1\ACTIVS~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kakololo3muxu.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A759C0A6-B3C8-435A-9FE8-CB5C9C7BE53A}: NameServer = 213.36.80.1,213.36.80.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

voici l'autre rapport

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...
* csr.exe E:\WINDOWS\System32\CSCHG.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
E:\WINDOWS\SYSTEM32\CSCHG.EXE 51 250 2006-07-30
E:\WINDOWS\SYSTEM32\DMJDA.EXE 62 043 2002-08-29
E:\WINDOWS\SYSTEM32\DMVIK.EXE 62 043 2002-08-29
E:\WINDOWS\SYSTEM32\DMVTS.EXE 62 043 2002-08-29
Other suspects
Directory of E:\WINDOWS\system32
{88282620-AEC5-4546-A1E5-F75BE63D68A9}.exe
{B7493015-2312-4BED-8717-961D687B92F0}.exe
{2E096D9E-C15F-458C-8AEF-F73C40DDA2D0}.exe
{C1D75DE0-58F8-41C7-B248-4E8881CCD734}.exe
{0B178087-4255-4CA8-891A-329B28EC3BCB}.exe
{6A07111D-0E3B-47F4-9943-F6E1A53796C9}.exe
{B40F0C1E-ACBE-4D78-80FB-0596E59BEB03}.exe
{3BDDC81A-881B-46A1-868A-D95F03392179}.exe
{E21F0FC6-58C2-4CB6-AD9E-38419D1865DB}.exe
{2B18417C-5E8F-4413-804F-A8224CF8CBD7}.exe
{ABDD1461-39E8-40C7-ACD0-D57DCBAD12BE}.exe
{C475ECC3-4A5F-43EE-861C-EB57B372B69D}.exe
{ECA9FAFB-8D2E-4A46-927F-366A6CBD06CC}.exe
{A9C979FC-3A9B-4767-A1D6-7E4C441ACB21}.exe
{9CF31BEC-549C-4164-9A9F-9DC87B441510}.exe
{FD1C59E2-C205-400C-B605-7DBE1E1CD591}.exe
{1CCADE4A-0627-45BB-9DF8-BDACF2DB2EC3}.exe
{4B157425-F398-42C0-8397-D345B87B2166}.exe
{96589717-5C01-41A6-8D59-68924CAD1049}.exe
{963862FF-C459-48F2-A0B8-D9BAD62F3168}.exe
{A1A69A2B-2871-4FE2-86F5-DBAF1CA6CFF8}.exe
{954D1B2F-CC4D-4F03-9CA5-A195F4743F4E}.exe
{1832246F-D426-4C0C-A08A-A58FAD09B902}.exe
{DBC7E2CF-350A-40A0-9FC7-47EB0AF853D5}.exe
{94248D10-399D-42AE-9AC0-E18B9742B54D}.exe
{8E18E3A7-A720-4952-8ECB-4413119BD79A}.exe
{EB9ECB0A-4AF9-4AE7-8D64-4C71B9F7A191}.exe
{318E79CF-62B4-4FCB-955C-B4508A4D8514}.exe
{17292A9C-65E0-4B74-9DAB-AF25FD419199}.exe
{173CDFAA-2604-44AE-AF9D-6272D8536DB8}.exe
{828A1FE0-EC17-42D3-8E14-BB4F083F0579}.exe
{5375AD14-5E26-4216-A3A8-1DE8944987F3}.exe
{7DDB3FB8-6067-43FD-B0D9-E2102A498462}.exe
{DFE97414-AA15-4AB8-851C-607D246A7E0A}.exe
{FBFCE557-93D1-4DB5-944F-0DC40F2023F7}.exe
{16B99AC1-0FA0-4D10-A61C-78B5714133C9}.exe
{2EE6B669-E196-40E4-B8C7-15F8F86CB25D}.exe
{16FA1211-FC15-4F7C-AD91-B87BE7D2B82D}.exe
{45C88C2D-34B9-4F76-A3CC-1442DC137EC9}.exe
{5EFC6187-437F-4BE5-8C9C-AAEA337AAC22}.exe
{36CEFC91-D6F2-4E37-8559-BE5228452CDF}.exe
{A9A24EE6-6B08-4ABF-A371-A352D44ED46E}.exe
{4BA78228-205E-42D0-96BF-46B6A4877165}.exe
{13A278A2-927E-415A-89BB-FC086B980C21}.exe
{107EEB19-FEC6-4DF4-A77C-C7AA30438960}.exe
{967BF1E9-0745-4A9D-88E4-A767E8207F87}.exe
{0A988FD6-F1B7-4481-9F48-89B674AC30EC}.exe
{27324F8E-0929-4CE4-A594-3407468D38D0}.exe
{6D4AD8EC-794B-46EE-9847-8AB088B79E9A}.exe
{B67F8222-6474-46DD-A240-13D6C2DC3A80}.exe
{9767C2F6-BA7A-4D32-A5ED-DAB5E3DD1CA5}.exe
{890654CD-7693-4649-BD90-723FA1572A91}.exe
{952A030E-8C1E-4151-B7D9-D53FE394C0B8}.exe
{06AD8B73-6D36-4058-BCC0-A44A33F79A38}.exe
{26965F7B-E96D-4670-A9D2-E7211AD7E4B4}.exe
{A399DBE2-537E-4D35-A128-6E25A2115C19}.exe
{056AFAB8-1749-4446-AA2B-599FE6F80257}.exe
{D0B460AE-6A24-4EA8-BAFF-21DB74E29A42}.exe
{565B75CD-F3AD-4266-9CDD-6113EFBFE28C}.exe
{25DD6A4E-E7E4-43E0-88D8-DEB70756EB39}.exe
{56DC5832-05C8-42D9-8937-D075E74830EF}.exe
{07EDB1B8-1619-45B4-9FBC-2AA4F9BA4813}.exe
{D4FDCF4E-3D9B-4015-A3DA-0EDA1CA0632D}.exe
{2759ABE0-7FBE-4D40-ADBA-4D3CBD2A79EA}.exe
{B14BDE53-C6C4-4E12-BCCE-07540EE73BFA}.exe
{CD920A02-3325-467D-BC20-D348E31385B4}.exe
{392402EE-30A6-4A2D-A47F-A1BFEE3B5003}.exe
{B293EA99-AF08-4B21-87F8-3ED4C268760B}.exe
{AD606264-FA42-480C-9B85-5142E9D9FBE0}.exe
{85D080FC-3F9C-4ED4-8A80-D38DFDA31EFE}.exe
{326FCCE2-2D73-4C1C-B91C-988D149A916F}.exe
{E4472E4A-3D30-4D18-910E-182B7F0C410B}.exe
{3AF1C7F3-4659-415F-978C-1043572EF5AD}.exe
{352537F5-1007-408D-A6DD-3E67B487F15F}.exe
{1FC17EDE-B308-4C6B-90B2-78DA0E1272E3}.exe
{B03AFFC8-476F-4ED3-9492-CA4D3CC63F30}.exe
{98B4623B-83BE-4F70-B3EE-26197FD6A479}.exe
{62824BC4-23F8-41D6-A0AA-0905BD77455B}.exe
{D8DDA7EA-5930-4996-B7AF-30D939F43D3B}.exe
{77E2F0A1-FCFF-4A7A-90D0-8D6473AFD67D}.exe
{F1E7BEE7-3F11-4915-A0EC-0D2F87CD6CBD}.exe
{F5899079-71F9-425B-B00C-9FB52BB8F120}.exe
{11330480-F01B-4815-A67B-B4A4403743E3}.exe
{DC9B0086-AE1B-4EFB-9E6D-F4FB94247825}.exe
{E7D36A95-B5CD-42E5-9326-5B988B45EE17}.exe
{5EDFF223-1FC7-4DF4-AD4C-AA5E8826C493}.exe
{34803B15-1E22-43C9-9824-F38BA09351E0}.exe
{FAB088A4-63F9-4986-91A2-B4E068D031A0}.exe
{D60F58EA-F6AF-4F9E-B030-299465921197}.exe
{EEC5BA75-8A09-4E69-9CBB-58FBCB26EA75}.exe
{CC40FAAB-CF22-415B-93EE-8AC1ACAAFE71}.exe
{63988A32-5795-49A1-8BB6-F869B8318431}.exe
{91DF39A0-358B-42A0-AC74-E58767612DB6}.exe
{E48E3B16-05E1-48E9-82B1-333B76147EEF}.exe
{EEC41EFC-6802-4309-9322-CC09483D9851}.exe
{82474EC0-0530-47AC-9244-6B6D754F272B}.exe
{84B1F9EB-A785-41ED-8E5A-B4935F2B5A11}.exe
{070D3FC9-2B84-4621-86AF-75C82BFFD25F}.exe
{D888764D-30AC-4224-B812-AC252E4C68B2}.exe
{8A45FB32-32D7-408F-9D40-A8DE0D4A91C5}.exe
{1D427795-27B3-43EE-BE74-6F08A477CA20}.exe
{79212ADB-10E9-4EE0-9692-98E4784E521E}.exe
{0DD4D277-265E-4382-891F-FCC100B253D7}.exe
{BD711187-BC34-426E-91F4-4FDB8FB24C9F}.exe
{CC6A9442-BC8D-4251-BD7D-ACE59640D252}.exe
{21F68338-132F-487B-B455-39E063BBC72B}.exe
{4FAFD353-B900-47BC-ADF5-FAC3D9C1E5BA}.exe
{7AA6FDA9-B880-4A8A-8AA7-353310862C6C}.exe
{1E7B6AEC-A232-4896-8914-35172CE4AFD1}.exe
{41697266-C9B5-443B-8A8E-25CDCDC71435}.exe
{A99A836B-C25D-4786-919F-3CF784C5853F}.exe
{B6FC47E9-0DD4-4333-99EC-D3C13D09B054}.exe
{3CB3E60A-2ACE-48D6-AEEC-5822BFF3AAB7}.exe
{33FBC4E3-BCC2-4101-BF83-89325F979460}.exe
{36D2498A-DC4F-4B2D-962C-E18CD2D81808}.exe
{3344DEBD-353C-4520-A10F-922E896716B5}.exe
{72F10384-965F-4085-8504-A2FF5D07AB4B}.exe
{E30B7913-9055-458C-B595-869B77DA5D1B}.exe
{FB0A1ABF-6219-4EE9-A1AD-24392D84C52A}.exe
{A7A08ABC-5873-4E42-9752-E9C017DB5E1D}.exe
{B35A9F79-557C-4AF5-8F85-006EB86AFA84}.exe
{FA119CF1-9373-4CB7-B0E5-9DFA48C460DE}.exe
{60EEC985-905D-4775-A1EE-695EA18591A6}.exe
{4E857537-95BA-4053-9754-F762F3E4F541}.exe
{DDE04587-8F7E-4592-8A41-72410CBFFBD7}.exe
{4C25F570-D084-4822-BCEA-72F95D8D1B6B}.exe
{A53BDDB7-995E-4581-856A-89D7B3845C27}.exe
{F51C3667-2345-4A69-AD0C-1EA96EBCEDD1}.exe
{19E3652A-A1A0-4C21-B187-F115764BB051}.exe
{531F2820-388F-4E2C-A4E3-FFF507933810}.exe
{7C9AC1AB-6ED4-4772-B682-5BCAB118A606}.exe
{973FC4DC-586B-4476-8231-FAD5BD30F4CF}.exe
{ED1290A6-4F6C-41A3-B749-CC94A5C162C5}.exe
{C8BAC2E8-17AF-4AB0-A6F1-BBF9FB19B6CD}.exe
{500A0BB5-36EF-4232-ADEA-E55475F7B24E}.exe
{404572E5-5B11-494F-885F-5F0918DB713A}.exe
{46A9118D-5609-474D-9BA9-68C48AE8EF88}.exe

merci de me dire si je suis débarrasée
à+

Réponse 10 / 13

Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
13 août 2006 à 15:24

Salut

tu peux me remettre un silent runner?

merci

kako
13 août 2006 à 17:43

peux-tu me redonner le lien pour silent runner
merci

Réponse 11 / 13

Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
13 août 2006 à 17:48

Telecharge ceci
https://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

A+

Kako
13 août 2006 à 22:25

coucou!
voici donc mon dernier rapport

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "E:\WINDOWS\System32\ctfmon.exe" [MS]
"MsnMsgr" = ""E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"PowerBar" = (empty string)
"H/PC Connection Agent" = ""H:\PDA2~1\ACTIVS~1\wcescomm.exe"" [MS]
"LogitechSoftwareUpdate" = ""E:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""E:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"zzGBK" = "D:\setup.exe" [file not found]
"High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"AlcWzrd" = "ALCWZRD.EXE" ["RealTek Semicoductor Corp."]
"RemoteControl" = ""E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"InCD" = "E:\Program Files\Ahead\InCD\InCD.exe" ["Nero AG"]
"NeroFilterCheck" = "E:\WINDOWS\System32\NeroCheck.exe" ["Ahead Software Gmbh"]
"LGODDFU" = ""E:\Program Files\lg_fwupdate\fwupdate.exe"" [null data]
"RealTray" = "E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"QuickTime Task" = ""E:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"LVCOMSX" = "E:\WINDOWS\System32\LVCOMSX.EXE" ["Logitech Inc."]
"LogitechVideoRepair" = "E:\Program Files\Logitech\Video\ISStart.exe " ["Logitech Inc."]
"LogitechVideoTray" = "E:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
"PinnacleDriverCheck" = "E:\WINDOWS\System32\PSDrvCheck.exe -CheckReg" [empty string]
"NWEReboot" = (empty string)
"avast!" = "E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "E:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
\InProcServer32\(Default) = "E:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "H:\PDA 2\OUTLOOK 2002\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
-> {HKLM...CLSID} = "Appareil mobile"
\InProcServer32\(Default) = "h:\PDA2~1\ACTIVS~1\Wcesview.dll" [MS]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {HKLM...CLSID} = "My Logitech Pictures"
\InProcServer32\(Default) = "E:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "E:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "E:\WINDOWS\System32\Audiodev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "E:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "E:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a-squared Context Menu Shell Extension"
-> {HKLM...CLSID} = "a-squared context menu"
\InProcServer32\(Default) = "E:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [file not found]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "E:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System" = (value not set)

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "E:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "E:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {HKLM...CLSID} = "a-squared context menu"
\InProcServer32\(Default) = "E:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [file not found]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "E:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "E:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "E:\WINDOWS\System32\logon.scr" [MS]

Autostart via AUTORUN.INF on local fixed drives:
------------------------------------------------

I:\
INFECTION WARNING! I:\AUTORUN.INF -> "open = welcome.exe" ["Pinnacle Systems"]

Startup items in "Administrateur" & "All Users" startup folders:
----------------------------------------------------------------

E:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Adobe Reader Speed Launch" -> shortcut to: "E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "H:\PDA 2\OUTLOOK 2002\Office10\OSA.EXE -b -l" [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "E:\WINDOWS\System32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "h:\PDA2~1\ACTIVS~1\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Créer un favori mobile..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "h:\PDA2~1\ACTIVS~1\INetRepl.dll" [MS]

{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "E:\Program Files\Messenger\MSMSGS.EXE" [MS]

Miscellaneous IE Hijack Points
------------------------------

E:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

Missing lines (compared with English-language version):
[Strings]: 2 lines

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""E:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
NVIDIA Display Driver Service, NVSvc, "E:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "E:\WINDOWS\System32\wdfmgr.exe" [MS]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 34 seconds, including 18 seconds for message boxes)

à +

Réponse 12 / 13

Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
14 août 2006 à 11:47

salut

ca semble ok ou en sont tes soucis

a+

kako
16 août 2006 à 10:27

salut régis,
je reviens sur le net et après bidouillage il me semble que tout est en ordre, que faut-il que je fasse pour éviter une autre contamination de la sorte car avast et norton sont in compérents pour l'éradiquer aussi?
je te remercie de ta patience et bonne fin d'été!!

Réponse 13 / 13

Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
16 août 2006 à 14:18

Salut

consultes ceci
http://entraide.aceboard.fr/175280-2008-988-0-Securiser-Proteger-ordinateur-contr...

a+

[virus] infecté par win 32 adan 078 et 094

13 réponses

Discussions similaires