[virus] infecté par win 32 adan 078 et 094

Kako -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
hello!
j'ai fait un tour dans le forum et vu que d'autre avaient le même virus que moi mais passaient par hijackthis je pense qu'il faut personnaliser les démarches alors est-ce que quelqu'un peut m'aider car je suis perdue
Configuration: windows xp pro

13 réponses

  1. Kako
     
    rehello!
    voici mon rapport

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\csrss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\Explorer.EXE
    E:\WINDOWS\system32\spoolsv.exe
    E:\WINDOWS\RTHDCPL.EXE
    E:\WINDOWS\SOUNDMAN.EXE
    E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    E:\Program Files\lg_fwupdate\fwupdate.exe
    E:\Program Files\Real\RealPlayer\RealPlay.exe
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    E:\WINDOWS\System32\RUNDLL32.EXE
    E:\Program Files\QuickTime\qttask.exe
    E:\WINDOWS\System32\LVCOMSX.EXE
    E:\Program Files\Logitech\Video\LogiTray.exe
    E:\WINDOWS\System32\ctfmon.exe
    E:\Program Files\MSN Messenger\MsnMsgr.Exe
    H:\PDA2~1\ACTIVS~1\wcescomm.exe
    E:\Program Files\Logitech\Video\FxSvr2.exe
    E:\WINDOWS\System32\alg.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    E:\WINDOWS\System32\nvsvc32.exe
    h:\PDA2~1\ACTIVS~1\rapimgr.exe
    E:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\System32\wdfmgr.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Internet Explorer\iexplore.exe
    H:\TELECHARGEMENT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [zzGBK] D:\setup.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [LGODDFU] "E:\Program Files\lg_fwupdate\fwupdate.exe"
    O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\PDA2~1\ACTIVS~1\wcescomm.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "E:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [KillAndClean] "E:\Program Files\KillAndClean\KillAndClean.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = H:\PDA 2\OUTLOOK 2002\Office10\OSA.EXE
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://e:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://e:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://e:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://e:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - h:\PDA2~1\ACTIVS~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - h:\PDA2~1\ACTIVS~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - h:\PDA2~1\ACTIVS~1\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kakololo3muxu.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7130205F-0935-4F42-B9FB-225794FB4D73}: NameServer = 85.255.113.139,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8BF53A1F-25AF-4135-B312-02C32BB569CD}: NameServer = 85.255.113.139,85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A759C0A6-B3C8-435A-9FE8-CB5C9C7BE53A}: NameServer = 85.255.113.139,85.255.112.186
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.139 85.255.112.186
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.139 85.255.112.186
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.139 85.255.112.186
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.139 85.255.112.186
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
    0
  2. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Télécharge ceci: (merci a S!RI pour ce programme).
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
    Copie/colle le sur le poste stp.

    A+
    0
    1. Kako
       
      coucou
      voilà mon rapport
      Rapport fait à 17:25:49,62, 11/08/2006
      Executé à partir de H:\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» E:\


      »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS


      »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Administrateur\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\ADMINI~1\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
  3. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    ok

    Telecharge ceci
    https://www.silentrunners.org/Silent%20Runners.vbs
    Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

    A+
    0
    1. Kako
       
      coucou régis
      voici :
      Startup items buried in registry:
      ---------------------------------

      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
      "CTFMON.EXE" = "E:\WINDOWS\System32\ctfmon.exe" [MS]
      "MsnMsgr" = ""E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
      "PowerBar" = (empty string)
      "H/PC Connection Agent" = ""H:\PDA2~1\ACTIVS~1\wcescomm.exe"" [MS]
      "LogitechSoftwareUpdate" = ""E:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""E:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
      "KillAndClean" = ""E:\Program Files\KillAndClean\KillAndClean.exe"" [file not found]

      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
      "zzGBK" = "D:\setup.exe" [file not found]
      "High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
      "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
      "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
      "AlcWzrd" = "ALCWZRD.EXE" ["RealTek Semicoductor Corp."]
      "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
      "RemoteControl" = ""E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
      "InCD" = "E:\Program Files\Ahead\InCD\InCD.exe" ["Nero AG"]
      "NeroFilterCheck" = "E:\WINDOWS\System32\NeroCheck.exe" ["Ahead Software Gmbh"]
      "LGODDFU" = ""E:\Program Files\lg_fwupdate\fwupdate.exe"" [null data]
      "RealTray" = "E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]
      "NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
      "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
      "NvMediaCenter" = "RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
      "QuickTime Task" = ""E:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
      "LVCOMSX" = "E:\WINDOWS\System32\LVCOMSX.EXE" ["Logitech Inc."]
      "LogitechVideoRepair" = "E:\Program Files\Logitech\Video\ISStart.exe " ["Logitech Inc."]
      "LogitechVideoTray" = "E:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
      "PinnacleDriverCheck" = "E:\WINDOWS\System32\PSDrvCheck.exe -CheckReg" [empty string]
      "NWEReboot" = (empty string)
      "KernelFaultCheck" = "E:\WINDOWS\system32\dumprep 0 -k" [MS]
      "ccApp" = ""E:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
      "SSC_UserPrompt" = "E:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
      "Symantec NetDriver Monitor" = "E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
      "dmynz.exe" = "E:\WINDOWS\System32\dmynz.exe" [null data]

      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
      -> {HKLM...CLSID} = "AcroIEHlprObj Class"
      \InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
      {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
      -> {HKLM...CLSID} = "Google Toolbar Helper"
      \InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]
      {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
      -> {HKLM...CLSID} = "CNavExtBho Class"
      \InProcServer32\(Default) = "E:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

      HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
      "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
      -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
      \InProcServer32\(Default) = "deskpan.dll" [file not found]
      "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
      -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
      \InProcServer32\(Default) = "E:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
      "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
      -> {HKLM...CLSID} = "Shell Extension for CDRW"
      \InProcServer32\(Default) = "E:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"]
      "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
      -> {HKLM...CLSID} = "Outlook File Icon Extension"
      \InProcServer32\(Default) = "H:\PDA 2\OUTLOOK 2002\Office10\OLKFSTUB.DLL" [MS]
      "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
      -> {HKLM...CLSID} = (no title provided)
      \InProcServer32\(Default) = "E:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
      "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
      -> {HKLM...CLSID} = "DesktopContext Class"
      \InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
      "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
      -> {HKLM...CLSID} = "NVIDIA CPL Extension"
      \InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
      "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
      -> {HKLM...CLSID} = "Desktop Explorer"
      \InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
      "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
      -> {HKLM...CLSID} = (no title provided)
      \InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
      "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
      -> {HKLM...CLSID} = "nView Desktop Context Menu"
      \InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
      "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
      -> {HKLM...CLSID} = "Appareil mobile"
      \InProcServer32\(Default) = "h:\PDA2~1\ACTIVS~1\Wcesview.dll" [MS]
      "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
      -> {HKLM...CLSID} = "My Logitech Pictures"
      \InProcServer32\(Default) = "E:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
      "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
      -> {HKLM...CLSID} = "WinRAR"
      \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
      "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
      -> {HKLM...CLSID} = "Portable Media Devices"
      \InProcServer32\(Default) = "E:\WINDOWS\System32\Audiodev.dll" [MS]
      "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
      -> {HKLM...CLSID} = "Portable Media Devices Menu"
      \InProcServer32\(Default) = "E:\WINDOWS\System32\Audiodev.dll" [MS]
      "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
      -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
      \InProcServer32\(Default) = "E:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
      "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
      -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
      \InProcServer32\(Default) = "E:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
      "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a-squared Context Menu Shell Extension"
      -> {HKLM...CLSID} = "a-squared context menu"
      \InProcServer32\(Default) = "E:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [file not found]

      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
      INFECTION WARNING! "System" = "csbdp.exe" [null data]

      HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
      {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
      -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
      \InProcServer32\(Default) = "E:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
      {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
      -> {HKLM...CLSID} = "PDF Shell Extension"
      \InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

      HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
      Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
      -> {HKLM...CLSID} = "IEContextMenu Class"
      \InProcServer32\(Default) = "E:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
      WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
      -> {HKLM...CLSID} = "WinRAR"
      \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

      HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
      WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
      -> {HKLM...CLSID} = "WinRAR"
      \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

      HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
      a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
      -> {HKLM...CLSID} = "a-squared context menu"
      \InProcServer32\(Default) = "E:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [file not found]
      Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
      -> {HKLM...CLSID} = "IEContextMenu Class"
      \InProcServer32\(Default) = "E:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
      WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
      -> {HKLM...CLSID} = "WinRAR"
      \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]


      Active Desktop and Wallpaper:
      -----------------------------

      Active Desktop is disabled at this entry:
      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

      HKCU\Control Panel\Desktop\
      "Wallpaper" = "E:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


      Enabled Screen Saver:
      ---------------------

      HKCU\Control Panel\Desktop\
      "SCRNSAVE.EXE" = "E:\WINDOWS\System32\logon.scr" [MS]


      Autostart via AUTORUN.INF on local fixed drives:
      ------------------------------------------------

      I:\
      INFECTION WARNING! I:\AUTORUN.INF -> "open = welcome.exe" ["Pinnacle Systems"]


      Startup items in "Administrateur" & "All Users" startup folders:
      ----------------------------------------------------------------

      E:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
      "Adobe Reader Speed Launch" -> shortcut to: "E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
      "Microsoft Office" -> shortcut to: "H:\PDA 2\OUTLOOK 2002\Office10\OSA.EXE -b -l" [MS]


      Enabled Scheduled Tasks:
      ------------------------

      "Norton AntiVirus - Analyser mon ordinateur - Administrateur" -> launches: "E:\PROGRA~1\NORTON~1\Navw32.exe /task:"E:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
      "Symantec NetDetect" -> launches: "E:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


      Winsock2 Service Provider DLLs:
      -------------------------------

      Namespace Service Providers

      HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
      000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
      000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
      000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

      Transport Service Providers

      HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
      0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
      %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
      %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


      Toolbars, Explorer Bars, Extensions:
      ------------------------------------

      Toolbars

      HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
      "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
      -> {HKLM...CLSID} = "&Google"
      \InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]

      HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
      "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
      -> {HKLM...CLSID} = "&Google"
      \InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]
      "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
      -> {HKLM...CLSID} = "Norton AntiVirus"
      \InProcServer32\(Default) = "E:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

      HKLM\Software\Microsoft\Internet Explorer\Toolbar\
      "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
      -> {HKLM...CLSID} = "&Google"
      \InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]
      "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
      -> {HKLM...CLSID} = "Norton AntiVirus"
      \InProcServer32\(Default) = "E:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

      Explorer Bars

      HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
      {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
      -> {HKLM...CLSID} = "Real.com"
      \InProcServer32\(Default) = "E:\WINDOWS\System32\Shdocvw.dll" [MS]

      Extensions (Tools menu items, main toolbar menu buttons)

      HKLM\Software\Microsoft\Internet Explorer\Extensions\
      {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
      "ButtonText" = "Create Mobile Favorite"
      "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
      -> {HKLM...CLSID} = "Create Mobile Favorite"
      \InProcServer32\(Default) = "h:\PDA2~1\ACTIVS~1\INetRepl.dll" [MS]

      {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
      "MenuText" = "Créer un favori mobile..."
      "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
      -> {HKLM...CLSID} = "Create Mobile Favorite"
      \InProcServer32\(Default) = "h:\PDA2~1\ACTIVS~1\INetRepl.dll" [MS]

      {85D1F590-48F4-11D9-9669-0800200C9A66}\
      "MenuText" = "Uninstall BitDefender Online Scanner v8"
      "Exec" = "%windir%\bdoscandel.exe" [null data]

      {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
      "ButtonText" = "Real.com"

      {FB5F1910-F110-11D2-BB9E-00C04F795683}\
      "ButtonText" = "Messenger"
      "MenuText" = "Messenger"
      "Exec" = "E:\Program Files\Messenger\MSMSGS.EXE" [MS]


      Miscellaneous IE Hijack Points
      ------------------------------

      E:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

      Added lines (compared with English-language version):
      [Strings]: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
      [Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

      Missing lines (compared with English-language version):
      [Strings]: 2 lines


      HOSTS file
      ----------

      E:\WINDOWS\System32\drivers\etc\HOSTS

      maps: 1 domain name to an IP address,
      1 of the IP addresses is *not* localhost!


      Running Services (Display Name, Service Name, Path {Service DLL}):
      ------------------------------------------------------------------

      Norton AntiVirus Firewall Monitor Service, NPFMntor, ""E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
      NVIDIA Display Driver Service, NVSvc, "E:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
      Service Norton AntiVirus Auto-Protect, navapsvc, ""E:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
      Symantec Core LC, Symantec Core LC, "E:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
      Symantec Event Manager, ccEvtMgr, ""E:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
      Symantec Network Drivers Service, SNDSrvc, ""E:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
      Symantec Settings Manager, ccSetMgr, ""E:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
      Symantec SPBBCSvc, SPBBCSvc, ""E:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
      Windows User Mode Driver Framework, UMWdf, "E:\WINDOWS\System32\wdfmgr.exe" [MS]


      ----------
      + This report excludes default entries except where indicated.
      + To see *everywhere* the script checks and *everything* it finds,
      launch it from a command prompt or a shortcut with the -all parameter.
      + To search all directories of local fixed drives for DESKTOP.INI
      DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
      use the -supp parameter or answer "No" at the first message box.
      ---------- (total run time: 40 seconds, including 18 seconds for message boxes)
      0
  4. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    ok.

    2 dernieres choses stp

    1/fais demarer< poste de travail < c < windows < systeme32 < drivers < etc, ouvre host avec le bloc note et copie colle son contenu

    2/Telecharge ceci
    https://www.cjoint.com/?imk10ZxF1D

    Lance moe regis
    Le bloc note s ouvre, copie colle le rapport

    a+
    0
    1. Kako
       
      hello
      j'ai trouvé le dossier dans E et non dans C puis en essayant de l'ouvrir il bloque, doi-je ouvrir mon pc en mode sans échec pour y parvenir?
      à+
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Oui ou E, c est pas grave.Tout depend la lettre de ton systeme.

    Il bloque, c est a dire? rien ne s ouvre?
    Oui essaie en sans echec

    a+
    0
    1. Kako
       
      je me suis mise en mode sans échec mais c'est pareil
      j'essaie d'ouvrir : mais c'est toujours vide et ça cherche, un message c'est mis (2secondes) et j'ai pu lire : les dossiers sont cachés...
      et une fois sur 2 en faisant control alt supp il met : pas de réponse
      0
  7. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    1/ Dans ajout/suppression de programmes, desinstalles ceci:

    kill and clean.

    2/Télécharge: Pocket Killbox ici
    http://www.downloads.subratam.org/KillBox.exe

    :: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
    http://pageperso.aol.fr/balltrap34/killbox.htm

    3/Télécharge le FixWareout d'un de ces deux sites sur le bureau:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe

    Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
    Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

    Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes (si presentes):

    O1 - Hosts: localhost 127.0.0.1

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O4 - HKCU\..\Run: [KillAndClean] "E:\Program Files\KillAndClean\KillAndClean.exe"

    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{7130205F-0935-4F42-B9FB-225794FB4D73}: NameServer = 85.255.113.139,85.255.112.186

    O17 - HKLM\System\CCS\Services\Tcpip\..\{8BF53A1F-25AF-4135-B312-02C32BB569CD}: NameServer = 85.255.113.139,85.255.112.186

    O17 - HKLM\System\CCS\Services\Tcpip\..\{A759C0A6-B3C8-435A-9FE8-CB5C9C7BE53A}: NameServer = 85.255.113.139,85.255.112.186

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.139 85.255.112.186

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.139 85.255.112.186

    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.139 85.255.112.186

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.139 85.255.112.186

    Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.

    Note:A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

    5/Double clic sur killbox.exe (Pocket Killbox)

    - coche: delete on reboot
    - Dans "Full Path of File to Delete"
    - copie et colle:

    E:\WINDOWS\System32\dmynz.exe

    -Sélectionne "single File"
    - clique sur la croix rouge
    - une fenêtre va apparaître pour confirmation clique sur YES
    - une seconde fenêtre te demande si tu veux redémarrer clique sur YES

    Si ce message s’affiche ignore le :
    http://tinypic.com/images/goodbye.jpg
    Laisse le pc redémarrer.

    Aller dans Démarrer > Panneau de configuration > Connexions > clic droit sur la connexion > Propriétés > onglet Gestion de réseau
    Mettre en surbrillance Protocole Internet (tcp/ip) puis cliquer sur le bouton Propriétés.
    Dans les options (serveur DNS préféré et serveur DNS auxiliaire) on trouvera une de ces adresses présentes dans le rapport hijackthis en ligne 017 =>(85.255.113.139,85.255.112.186)

    Pour les éliminer, cocher : "Obtenir les adresses des serveurs DNS automatiquement" puis cliquer 2 fois sur"Ok" et redémarrer le PC.

    Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis.

    A+
    0
    1. Kako
       
      je ne trouve pas kill and clean dans les programmes, je continue quand même la procédure?
      mon pc rame terrible !
      0
  8. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Oui continue.

    Tu penseras a supprimer kill and clean dans programes files a la fin

    a+
    0
    1. Kako
       
      me revoilà, j'ai eu chaud car j'ai fait donc toute la procédure et en dernier quand je suis allée dans les propriétés de connexion et sur serveur dns je n'avais pas les numéro que tu m'as donné(alors qu'il apparaisse maintenant) j'ai fait redémarrer et là...plus de connection internet, grand moment de solitude j'ai fait une analyse avec ad-aware pour voir s' il bloquait toujours et non plus de virus super mais plus d'internet c'est pas bien!!!
      alors en fait il y quelque temps j'ai ouvert des ports pour jouer en réseau sur mon alice box est-ce que ça peut bugger à ce niveau là.
      en tout cas aucune solution m'est venue sauf redémarrer à une date ultérieure mais je n'ai pas pu avant mon attaque (le mois dernier), donc j'ai à nouveau ma connexion mais win 32 aussi.
      que dois-je faire sur ma connexion avant de refaire la manip'
      qui à l'air de fonctionner.
      merci pour ta patience
      0
  9. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Tu avais fait cela?

    Aller dans Démarrer > Panneau de configuration > Connexions > clic droit sur la connexion > Propriétés > onglet Gestion de réseau
    Mettre en surbrillance Protocole Internet (tcp/ip) puis cliquer sur le bouton Propriétés.
    Dans les options (serveur DNS préféré et serveur DNS auxiliaire) on trouvera une de ces adresses présentes dans le rapport hijackthis en ligne 017 =>(85.255.113.139,85.255.112.186)

    Pour les éliminer, cocher : "Obtenir les adresses des serveurs DNS automatiquement" puis cliquer 2 fois sur"Ok" et redémarrer le PC.

    A+
    0
    1. Kako
       
      j'ai fait tout ce que tu as mis mais en fin il y avait une adresse ip et il n'y avait rien dans dns et je ne pouvais aller dans "obtenir les adresses des serveurs dns automatiquement" que en cochant "obtenir ip automatiquement" ce que j'ai fait les 2 était vides et sur automatique. je viens d'aller dans le gestionnaire de mon modem qui me donne ip et dns différents de mes paramètres sur mon pc pourtant ça marche?????
      je n'avais plus de connection même avant d'avoir fait un redémarrage
      à+
      0
  10. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Ok

    remet un Hijack this

    a+
    0
    1. Kako
       
      salut régis,
      après avoir remis ma connexion j'ai pris tous les paramètres ip et dns de mon pc et du modem et j'ai refais la manip'
      au moment de killbox il m'a dit qu'il ne trouvait pas le dossier mais j'ai continuer
      comme précedemment je n'avais plus d'internet et j'ai remis dans les propriétés les adresses dns que j'avais sur mon modem et tout roule
      je te renvoie les rapports mais j'ai lancé ad aware et avast et n'a rien trouvé pour l'instant je ne vois plus de problème
      Running processes:
      E:\WINDOWS\System32\smss.exe
      E:\WINDOWS\system32\winlogon.exe
      E:\WINDOWS\system32\services.exe
      E:\WINDOWS\system32\lsass.exe
      E:\WINDOWS\system32\svchost.exe
      E:\WINDOWS\System32\svchost.exe
      E:\WINDOWS\Explorer.EXE
      E:\WINDOWS\system32\spoolsv.exe
      E:\WINDOWS\RTHDCPL.EXE
      E:\WINDOWS\SOUNDMAN.EXE
      E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
      E:\Program Files\lg_fwupdate\fwupdate.exe
      E:\Program Files\Real\RealPlayer\RealPlay.exe
      E:\WINDOWS\System32\RUNDLL32.EXE
      E:\Program Files\QuickTime\qttask.exe
      E:\WINDOWS\System32\LVCOMSX.EXE
      E:\Program Files\Logitech\Video\LogiTray.exe
      E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      E:\WINDOWS\System32\ctfmon.exe
      E:\Program Files\MSN Messenger\MsnMsgr.Exe
      H:\PDA2~1\ACTIVS~1\wcescomm.exe
      E:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
      E:\Program Files\Logitech\Video\FxSvr2.exe
      h:\PDA2~1\ACTIVS~1\rapimgr.exe
      E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      E:\Program Files\Alwil Software\Avast4\ashServ.exe
      E:\WINDOWS\System32\nvsvc32.exe
      E:\WINDOWS\System32\svchost.exe
      E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      E:\Program Files\Internet Explorer\iexplore.exe
      H:\TELECHARGEMENT\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [zzGBK] D:\setup.exe
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
      O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\System32\NeroCheck.exe
      O4 - HKLM\..\Run: [LGODDFU] "E:\Program Files\lg_fwupdate\fwupdate.exe"
      O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\System32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
      O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\PDA2~1\ACTIVS~1\wcescomm.exe"
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "E:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = H:\PDA 2\OUTLOOK 2002\Office10\OSA.EXE
      O8 - Extra context menu item: &Traduire à partir de l'anglais - res://e:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: Pages liées - res://e:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
      O8 - Extra context menu item: Pages similaires - res://e:\program files\google\GoogleToolbar2.dll/cmsimilar.html
      O8 - Extra context menu item: Recherche &Google - res://e:\program files\google\GoogleToolbar2.dll/cmsearch.html
      O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - h:\PDA2~1\ACTIVS~1\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - h:\PDA2~1\ACTIVS~1\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - h:\PDA2~1\ACTIVS~1\INetRepl.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
      O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
      O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kakololo3muxu.spaces.msn.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{A759C0A6-B3C8-435A-9FE8-CB5C9C7BE53A}: NameServer = 213.36.80.1,213.36.80.2
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe


      voici l'autre rapport

      PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
      Example ipsec6.exe is legitimate

      »»»»» Search by size and names...
      * csr.exe E:\WINDOWS\System32\CSCHG.EXE

      »»»»» Misc files

      »»»»» Checking for older varients covered by the Rem3 tool

      »»»»»
      Search five digit cs, dm and jb files
      This WILL/CAN also list Legit Files, Submit them at Virustotal
      E:\WINDOWS\SYSTEM32\CSCHG.EXE 51 250 2006-07-30
      E:\WINDOWS\SYSTEM32\DMJDA.EXE 62 043 2002-08-29
      E:\WINDOWS\SYSTEM32\DMVIK.EXE 62 043 2002-08-29
      E:\WINDOWS\SYSTEM32\DMVTS.EXE 62 043 2002-08-29
      Other suspects
      Directory of E:\WINDOWS\system32
      {88282620-AEC5-4546-A1E5-F75BE63D68A9}.exe
      {B7493015-2312-4BED-8717-961D687B92F0}.exe
      {2E096D9E-C15F-458C-8AEF-F73C40DDA2D0}.exe
      {C1D75DE0-58F8-41C7-B248-4E8881CCD734}.exe
      {0B178087-4255-4CA8-891A-329B28EC3BCB}.exe
      {6A07111D-0E3B-47F4-9943-F6E1A53796C9}.exe
      {B40F0C1E-ACBE-4D78-80FB-0596E59BEB03}.exe
      {3BDDC81A-881B-46A1-868A-D95F03392179}.exe
      {E21F0FC6-58C2-4CB6-AD9E-38419D1865DB}.exe
      {2B18417C-5E8F-4413-804F-A8224CF8CBD7}.exe
      {ABDD1461-39E8-40C7-ACD0-D57DCBAD12BE}.exe
      {C475ECC3-4A5F-43EE-861C-EB57B372B69D}.exe
      {ECA9FAFB-8D2E-4A46-927F-366A6CBD06CC}.exe
      {A9C979FC-3A9B-4767-A1D6-7E4C441ACB21}.exe
      {9CF31BEC-549C-4164-9A9F-9DC87B441510}.exe
      {FD1C59E2-C205-400C-B605-7DBE1E1CD591}.exe
      {1CCADE4A-0627-45BB-9DF8-BDACF2DB2EC3}.exe
      {4B157425-F398-42C0-8397-D345B87B2166}.exe
      {96589717-5C01-41A6-8D59-68924CAD1049}.exe
      {963862FF-C459-48F2-A0B8-D9BAD62F3168}.exe
      {A1A69A2B-2871-4FE2-86F5-DBAF1CA6CFF8}.exe
      {954D1B2F-CC4D-4F03-9CA5-A195F4743F4E}.exe
      {1832246F-D426-4C0C-A08A-A58FAD09B902}.exe
      {DBC7E2CF-350A-40A0-9FC7-47EB0AF853D5}.exe
      {94248D10-399D-42AE-9AC0-E18B9742B54D}.exe
      {8E18E3A7-A720-4952-8ECB-4413119BD79A}.exe
      {EB9ECB0A-4AF9-4AE7-8D64-4C71B9F7A191}.exe
      {318E79CF-62B4-4FCB-955C-B4508A4D8514}.exe
      {17292A9C-65E0-4B74-9DAB-AF25FD419199}.exe
      {173CDFAA-2604-44AE-AF9D-6272D8536DB8}.exe
      {828A1FE0-EC17-42D3-8E14-BB4F083F0579}.exe
      {5375AD14-5E26-4216-A3A8-1DE8944987F3}.exe
      {7DDB3FB8-6067-43FD-B0D9-E2102A498462}.exe
      {DFE97414-AA15-4AB8-851C-607D246A7E0A}.exe
      {FBFCE557-93D1-4DB5-944F-0DC40F2023F7}.exe
      {16B99AC1-0FA0-4D10-A61C-78B5714133C9}.exe
      {2EE6B669-E196-40E4-B8C7-15F8F86CB25D}.exe
      {16FA1211-FC15-4F7C-AD91-B87BE7D2B82D}.exe
      {45C88C2D-34B9-4F76-A3CC-1442DC137EC9}.exe
      {5EFC6187-437F-4BE5-8C9C-AAEA337AAC22}.exe
      {36CEFC91-D6F2-4E37-8559-BE5228452CDF}.exe
      {A9A24EE6-6B08-4ABF-A371-A352D44ED46E}.exe
      {4BA78228-205E-42D0-96BF-46B6A4877165}.exe
      {13A278A2-927E-415A-89BB-FC086B980C21}.exe
      {107EEB19-FEC6-4DF4-A77C-C7AA30438960}.exe
      {967BF1E9-0745-4A9D-88E4-A767E8207F87}.exe
      {0A988FD6-F1B7-4481-9F48-89B674AC30EC}.exe
      {27324F8E-0929-4CE4-A594-3407468D38D0}.exe
      {6D4AD8EC-794B-46EE-9847-8AB088B79E9A}.exe
      {B67F8222-6474-46DD-A240-13D6C2DC3A80}.exe
      {9767C2F6-BA7A-4D32-A5ED-DAB5E3DD1CA5}.exe
      {890654CD-7693-4649-BD90-723FA1572A91}.exe
      {952A030E-8C1E-4151-B7D9-D53FE394C0B8}.exe
      {06AD8B73-6D36-4058-BCC0-A44A33F79A38}.exe
      {26965F7B-E96D-4670-A9D2-E7211AD7E4B4}.exe
      {A399DBE2-537E-4D35-A128-6E25A2115C19}.exe
      {056AFAB8-1749-4446-AA2B-599FE6F80257}.exe
      {D0B460AE-6A24-4EA8-BAFF-21DB74E29A42}.exe
      {565B75CD-F3AD-4266-9CDD-6113EFBFE28C}.exe
      {25DD6A4E-E7E4-43E0-88D8-DEB70756EB39}.exe
      {56DC5832-05C8-42D9-8937-D075E74830EF}.exe
      {07EDB1B8-1619-45B4-9FBC-2AA4F9BA4813}.exe
      {D4FDCF4E-3D9B-4015-A3DA-0EDA1CA0632D}.exe
      {2759ABE0-7FBE-4D40-ADBA-4D3CBD2A79EA}.exe
      {B14BDE53-C6C4-4E12-BCCE-07540EE73BFA}.exe
      {CD920A02-3325-467D-BC20-D348E31385B4}.exe
      {392402EE-30A6-4A2D-A47F-A1BFEE3B5003}.exe
      {B293EA99-AF08-4B21-87F8-3ED4C268760B}.exe
      {AD606264-FA42-480C-9B85-5142E9D9FBE0}.exe
      {85D080FC-3F9C-4ED4-8A80-D38DFDA31EFE}.exe
      {326FCCE2-2D73-4C1C-B91C-988D149A916F}.exe
      {E4472E4A-3D30-4D18-910E-182B7F0C410B}.exe
      {3AF1C7F3-4659-415F-978C-1043572EF5AD}.exe
      {352537F5-1007-408D-A6DD-3E67B487F15F}.exe
      {1FC17EDE-B308-4C6B-90B2-78DA0E1272E3}.exe
      {B03AFFC8-476F-4ED3-9492-CA4D3CC63F30}.exe
      {98B4623B-83BE-4F70-B3EE-26197FD6A479}.exe
      {62824BC4-23F8-41D6-A0AA-0905BD77455B}.exe
      {D8DDA7EA-5930-4996-B7AF-30D939F43D3B}.exe
      {77E2F0A1-FCFF-4A7A-90D0-8D6473AFD67D}.exe
      {F1E7BEE7-3F11-4915-A0EC-0D2F87CD6CBD}.exe
      {F5899079-71F9-425B-B00C-9FB52BB8F120}.exe
      {11330480-F01B-4815-A67B-B4A4403743E3}.exe
      {DC9B0086-AE1B-4EFB-9E6D-F4FB94247825}.exe
      {E7D36A95-B5CD-42E5-9326-5B988B45EE17}.exe
      {5EDFF223-1FC7-4DF4-AD4C-AA5E8826C493}.exe
      {34803B15-1E22-43C9-9824-F38BA09351E0}.exe
      {FAB088A4-63F9-4986-91A2-B4E068D031A0}.exe
      {D60F58EA-F6AF-4F9E-B030-299465921197}.exe
      {EEC5BA75-8A09-4E69-9CBB-58FBCB26EA75}.exe
      {CC40FAAB-CF22-415B-93EE-8AC1ACAAFE71}.exe
      {63988A32-5795-49A1-8BB6-F869B8318431}.exe
      {91DF39A0-358B-42A0-AC74-E58767612DB6}.exe
      {E48E3B16-05E1-48E9-82B1-333B76147EEF}.exe
      {EEC41EFC-6802-4309-9322-CC09483D9851}.exe
      {82474EC0-0530-47AC-9244-6B6D754F272B}.exe
      {84B1F9EB-A785-41ED-8E5A-B4935F2B5A11}.exe
      {070D3FC9-2B84-4621-86AF-75C82BFFD25F}.exe
      {D888764D-30AC-4224-B812-AC252E4C68B2}.exe
      {8A45FB32-32D7-408F-9D40-A8DE0D4A91C5}.exe
      {1D427795-27B3-43EE-BE74-6F08A477CA20}.exe
      {79212ADB-10E9-4EE0-9692-98E4784E521E}.exe
      {0DD4D277-265E-4382-891F-FCC100B253D7}.exe
      {BD711187-BC34-426E-91F4-4FDB8FB24C9F}.exe
      {CC6A9442-BC8D-4251-BD7D-ACE59640D252}.exe
      {21F68338-132F-487B-B455-39E063BBC72B}.exe
      {4FAFD353-B900-47BC-ADF5-FAC3D9C1E5BA}.exe
      {7AA6FDA9-B880-4A8A-8AA7-353310862C6C}.exe
      {1E7B6AEC-A232-4896-8914-35172CE4AFD1}.exe
      {41697266-C9B5-443B-8A8E-25CDCDC71435}.exe
      {A99A836B-C25D-4786-919F-3CF784C5853F}.exe
      {B6FC47E9-0DD4-4333-99EC-D3C13D09B054}.exe
      {3CB3E60A-2ACE-48D6-AEEC-5822BFF3AAB7}.exe
      {33FBC4E3-BCC2-4101-BF83-89325F979460}.exe
      {36D2498A-DC4F-4B2D-962C-E18CD2D81808}.exe
      {3344DEBD-353C-4520-A10F-922E896716B5}.exe
      {72F10384-965F-4085-8504-A2FF5D07AB4B}.exe
      {E30B7913-9055-458C-B595-869B77DA5D1B}.exe
      {FB0A1ABF-6219-4EE9-A1AD-24392D84C52A}.exe
      {A7A08ABC-5873-4E42-9752-E9C017DB5E1D}.exe
      {B35A9F79-557C-4AF5-8F85-006EB86AFA84}.exe
      {FA119CF1-9373-4CB7-B0E5-9DFA48C460DE}.exe
      {60EEC985-905D-4775-A1EE-695EA18591A6}.exe
      {4E857537-95BA-4053-9754-F762F3E4F541}.exe
      {DDE04587-8F7E-4592-8A41-72410CBFFBD7}.exe
      {4C25F570-D084-4822-BCEA-72F95D8D1B6B}.exe
      {A53BDDB7-995E-4581-856A-89D7B3845C27}.exe
      {F51C3667-2345-4A69-AD0C-1EA96EBCEDD1}.exe
      {19E3652A-A1A0-4C21-B187-F115764BB051}.exe
      {531F2820-388F-4E2C-A4E3-FFF507933810}.exe
      {7C9AC1AB-6ED4-4772-B682-5BCAB118A606}.exe
      {973FC4DC-586B-4476-8231-FAD5BD30F4CF}.exe
      {ED1290A6-4F6C-41A3-B749-CC94A5C162C5}.exe
      {C8BAC2E8-17AF-4AB0-A6F1-BBF9FB19B6CD}.exe
      {500A0BB5-36EF-4232-ADEA-E55475F7B24E}.exe
      {404572E5-5B11-494F-885F-5F0918DB713A}.exe
      {46A9118D-5609-474D-9BA9-68C48AE8EF88}.exe

      merci de me dire si je suis débarrasée
      à+
      0
  11. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    tu peux me remettre un silent runner?

    merci
    0
    1. kako
       
      peux-tu me redonner le lien pour silent runner
      merci
      0
  12. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Telecharge ceci
    https://www.silentrunners.org/Silent%20Runners.vbs
    Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

    A+
    0
    1. Kako
       
      coucou!
      voici donc mon dernier rapport

      Startup items buried in registry:
      ---------------------------------

      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
      "CTFMON.EXE" = "E:\WINDOWS\System32\ctfmon.exe" [MS]
      "MsnMsgr" = ""E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
      "PowerBar" = (empty string)
      "H/PC Connection Agent" = ""H:\PDA2~1\ACTIVS~1\wcescomm.exe"" [MS]
      "LogitechSoftwareUpdate" = ""E:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""E:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]

      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
      "zzGBK" = "D:\setup.exe" [file not found]
      "High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
      "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
      "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
      "AlcWzrd" = "ALCWZRD.EXE" ["RealTek Semicoductor Corp."]
      "RemoteControl" = ""E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
      "InCD" = "E:\Program Files\Ahead\InCD\InCD.exe" ["Nero AG"]
      "NeroFilterCheck" = "E:\WINDOWS\System32\NeroCheck.exe" ["Ahead Software Gmbh"]
      "LGODDFU" = ""E:\Program Files\lg_fwupdate\fwupdate.exe"" [null data]
      "RealTray" = "E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]
      "NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
      "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
      "NvMediaCenter" = "RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
      "QuickTime Task" = ""E:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
      "LVCOMSX" = "E:\WINDOWS\System32\LVCOMSX.EXE" ["Logitech Inc."]
      "LogitechVideoRepair" = "E:\Program Files\Logitech\Video\ISStart.exe " ["Logitech Inc."]
      "LogitechVideoTray" = "E:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
      "PinnacleDriverCheck" = "E:\WINDOWS\System32\PSDrvCheck.exe -CheckReg" [empty string]
      "NWEReboot" = (empty string)
      "avast!" = "E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
      -> {HKLM...CLSID} = "AcroIEHlprObj Class"
      \InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
      {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
      -> {HKLM...CLSID} = "Google Toolbar Helper"
      \InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]

      HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
      "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
      -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
      \InProcServer32\(Default) = "deskpan.dll" [file not found]
      "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
      -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
      \InProcServer32\(Default) = "E:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
      "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
      -> {HKLM...CLSID} = "Shell Extension for CDRW"
      \InProcServer32\(Default) = "E:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"]
      "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
      -> {HKLM...CLSID} = "Outlook File Icon Extension"
      \InProcServer32\(Default) = "H:\PDA 2\OUTLOOK 2002\Office10\OLKFSTUB.DLL" [MS]
      "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
      -> {HKLM...CLSID} = (no title provided)
      \InProcServer32\(Default) = "E:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
      "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
      -> {HKLM...CLSID} = "DesktopContext Class"
      \InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
      "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
      -> {HKLM...CLSID} = "NVIDIA CPL Extension"
      \InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
      "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
      -> {HKLM...CLSID} = "Desktop Explorer"
      \InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
      "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
      -> {HKLM...CLSID} = (no title provided)
      \InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
      "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
      -> {HKLM...CLSID} = "nView Desktop Context Menu"
      \InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
      "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
      -> {HKLM...CLSID} = "Appareil mobile"
      \InProcServer32\(Default) = "h:\PDA2~1\ACTIVS~1\Wcesview.dll" [MS]
      "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
      -> {HKLM...CLSID} = "My Logitech Pictures"
      \InProcServer32\(Default) = "E:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
      "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
      -> {HKLM...CLSID} = "WinRAR"
      \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
      "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
      -> {HKLM...CLSID} = "Portable Media Devices"
      \InProcServer32\(Default) = "E:\WINDOWS\System32\Audiodev.dll" [MS]
      "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
      -> {HKLM...CLSID} = "Portable Media Devices Menu"
      \InProcServer32\(Default) = "E:\WINDOWS\System32\Audiodev.dll" [MS]
      "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
      -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
      \InProcServer32\(Default) = "E:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
      "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
      -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
      \InProcServer32\(Default) = "E:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
      "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a-squared Context Menu Shell Extension"
      -> {HKLM...CLSID} = "a-squared context menu"
      \InProcServer32\(Default) = "E:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [file not found]
      "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
      -> {HKLM...CLSID} = "avast"
      \InProcServer32\(Default) = "E:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
      "System" = (value not set)

      HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
      {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
      -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
      \InProcServer32\(Default) = "E:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
      {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
      -> {HKLM...CLSID} = "PDF Shell Extension"
      \InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

      HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
      avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
      -> {HKLM...CLSID} = "avast"
      \InProcServer32\(Default) = "E:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
      WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
      -> {HKLM...CLSID} = "WinRAR"
      \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

      HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
      WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
      -> {HKLM...CLSID} = "WinRAR"
      \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

      HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
      a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
      -> {HKLM...CLSID} = "a-squared context menu"
      \InProcServer32\(Default) = "E:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [file not found]
      avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
      -> {HKLM...CLSID} = "avast"
      \InProcServer32\(Default) = "E:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
      WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
      -> {HKLM...CLSID} = "WinRAR"
      \InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]


      Active Desktop and Wallpaper:
      -----------------------------

      Active Desktop is disabled at this entry:
      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

      HKCU\Control Panel\Desktop\
      "Wallpaper" = "E:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


      Enabled Screen Saver:
      ---------------------

      HKCU\Control Panel\Desktop\
      "SCRNSAVE.EXE" = "E:\WINDOWS\System32\logon.scr" [MS]


      Autostart via AUTORUN.INF on local fixed drives:
      ------------------------------------------------

      I:\
      INFECTION WARNING! I:\AUTORUN.INF -> "open = welcome.exe" ["Pinnacle Systems"]


      Startup items in "Administrateur" & "All Users" startup folders:
      ----------------------------------------------------------------

      E:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
      "Adobe Reader Speed Launch" -> shortcut to: "E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
      "Microsoft Office" -> shortcut to: "H:\PDA 2\OUTLOOK 2002\Office10\OSA.EXE -b -l" [MS]


      Winsock2 Service Provider DLLs:
      -------------------------------

      Namespace Service Providers

      HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
      000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
      000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
      000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

      Transport Service Providers

      HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
      0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
      %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
      %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


      Toolbars, Explorer Bars, Extensions:
      ------------------------------------

      Toolbars

      HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
      "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
      -> {HKLM...CLSID} = "&Google"
      \InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]

      HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
      "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
      -> {HKLM...CLSID} = "&Google"
      \InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]

      HKLM\Software\Microsoft\Internet Explorer\Toolbar\
      "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
      -> {HKLM...CLSID} = "&Google"
      \InProcServer32\(Default) = "e:\program files\google\googletoolbar2.dll" ["Google Inc."]

      Explorer Bars

      HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
      {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
      -> {HKLM...CLSID} = "Real.com"
      \InProcServer32\(Default) = "E:\WINDOWS\System32\Shdocvw.dll" [MS]

      Extensions (Tools menu items, main toolbar menu buttons)

      HKLM\Software\Microsoft\Internet Explorer\Extensions\
      {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
      "ButtonText" = "Create Mobile Favorite"
      "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
      -> {HKLM...CLSID} = "Create Mobile Favorite"
      \InProcServer32\(Default) = "h:\PDA2~1\ACTIVS~1\INetRepl.dll" [MS]

      {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
      "MenuText" = "Créer un favori mobile..."
      "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
      -> {HKLM...CLSID} = "Create Mobile Favorite"
      \InProcServer32\(Default) = "h:\PDA2~1\ACTIVS~1\INetRepl.dll" [MS]

      {85D1F590-48F4-11D9-9669-0800200C9A66}\
      "MenuText" = "Uninstall BitDefender Online Scanner v8"
      "Exec" = "%windir%\bdoscandel.exe" [null data]

      {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
      "ButtonText" = "Real.com"

      {FB5F1910-F110-11D2-BB9E-00C04F795683}\
      "ButtonText" = "Messenger"
      "MenuText" = "Messenger"
      "Exec" = "E:\Program Files\Messenger\MSMSGS.EXE" [MS]


      Miscellaneous IE Hijack Points
      ------------------------------

      E:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

      Added lines (compared with English-language version):
      [Strings]: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
      [Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

      Missing lines (compared with English-language version):
      [Strings]: 2 lines


      Running Services (Display Name, Service Name, Path {Service DLL}):
      ------------------------------------------------------------------

      avast! Antivirus, avast! Antivirus, ""E:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
      avast! iAVS4 Control Service, aswUpdSv, ""E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
      avast! Mail Scanner, avast! Mail Scanner, ""E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
      avast! Web Scanner, avast! Web Scanner, ""E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
      NVIDIA Display Driver Service, NVSvc, "E:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
      Windows User Mode Driver Framework, UMWdf, "E:\WINDOWS\System32\wdfmgr.exe" [MS]


      ----------
      + This report excludes default entries except where indicated.
      + To see *everywhere* the script checks and *everything* it finds,
      launch it from a command prompt or a shortcut with the -all parameter.
      + To search all directories of local fixed drives for DESKTOP.INI
      DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
      use the -supp parameter or answer "No" at the first message box.
      ---------- (total run time: 34 seconds, including 18 seconds for message boxes)

      à +
      0
  13. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    salut

    ca semble ok ou en sont tes soucis

    a+
    0
    1. kako
       
      salut régis,
      je reviens sur le net et après bidouillage il me semble que tout est en ordre, que faut-il que je fasse pour éviter une autre contamination de la sorte car avast et norton sont in compérents pour l'éradiquer aussi?
      je te remercie de ta patience et bonne fin d'été!!
      0
  14. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    consultes ceci
    http://entraide.aceboard.fr/175280-2008-988-0-Securiser-Proteger-ordinateur-contr...

    a+
    0