Popups constants, à l'aide!!
Krys
-
Séb08 Messages postés 18169 Date d'inscription Statut Contributeur Dernière intervention -
Séb08 Messages postés 18169 Date d'inscription Statut Contributeur Dernière intervention -
Bonjour,
après avoir fait un peu le tour des forums concernant le meme probleme que moi, j'ai préféré vous poster mon hijackthis car chaque probleme se ressemble mais n'est pas identique.
le probleme vient d'hier lorsque je suis allée sur un site de cracks
toujours les mauzus de popup "partypoker, friend..."
j'ai scanné avec norton en mode sans échec, effacé le downloader (selon les indic. de norton) j'ai installé et runné, adaware, a-squared, avg anti-spyware,spybot, reg-cleaner. ils ont tous trouvé des spyware mais ca revient toujours!
voici mon hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 09:09:36, on 2006-10-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\crunner\cproc.exe
C:\WINDOWS\system32\YSTEM~1\lsass.exe
C:\WINDOWS\?dobe\??chost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\spyware\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\download\jeux et utilitaires\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.melaleuca.com/ProductStore/Home/ProductStoreLanding
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6F34C730-5EDC-0B77-87AA-02B59CC7DFC9} - C:\WINDOWS\system32\htvbj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04d\BrStDvPt.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [Itow] "C:\WINDOWS\system32\YSTEM~1\lsass.exe" -vt yazb
O4 - HKCU\..\Run: [Uxvarr] C:\WINDOWS\?dobe\??chost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6556CCB7-1F06-427E-89F7-218291DA3E77}: NameServer = 206.47.244.91 206.47.244.50
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: BvrpKrnl - Unknown owner - C:\Program Files\WinFax eXPert\BVRPKrnl.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
Merci à l'avance pour la marche à suivre...
Krys
après avoir fait un peu le tour des forums concernant le meme probleme que moi, j'ai préféré vous poster mon hijackthis car chaque probleme se ressemble mais n'est pas identique.
le probleme vient d'hier lorsque je suis allée sur un site de cracks
toujours les mauzus de popup "partypoker, friend..."
j'ai scanné avec norton en mode sans échec, effacé le downloader (selon les indic. de norton) j'ai installé et runné, adaware, a-squared, avg anti-spyware,spybot, reg-cleaner. ils ont tous trouvé des spyware mais ca revient toujours!
voici mon hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 09:09:36, on 2006-10-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\crunner\cproc.exe
C:\WINDOWS\system32\YSTEM~1\lsass.exe
C:\WINDOWS\?dobe\??chost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\spyware\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\download\jeux et utilitaires\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.melaleuca.com/ProductStore/Home/ProductStoreLanding
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6F34C730-5EDC-0B77-87AA-02B59CC7DFC9} - C:\WINDOWS\system32\htvbj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04d\BrStDvPt.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [Itow] "C:\WINDOWS\system32\YSTEM~1\lsass.exe" -vt yazb
O4 - HKCU\..\Run: [Uxvarr] C:\WINDOWS\?dobe\??chost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6556CCB7-1F06-427E-89F7-218291DA3E77}: NameServer = 206.47.244.91 206.47.244.50
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: BvrpKrnl - Unknown owner - C:\Program Files\WinFax eXPert\BVRPKrnl.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
Merci à l'avance pour la marche à suivre...
Krys
A voir également:
- Popups constants, à l'aide!!
- Mcafee popups - Accueil - Piratage
- Popup et a href="javascript:void(0) ✓ - Forum Javascript
- Popup fausse mise à jour adobe flash player - Forum Virus
3 réponses
Salut
tu es pas mal infecté !
installe un parfeu !
kerio
tuto: pour configurer et comprendre Kerio
https://www.vulgarisation-informatique.com/kerio.php
www.pcentraide.com/index.php?showtopic=110
ensuite fais le 1/ et 2/ de ce lien stp
virus methode preliminaire de desinfection version fr
++
tu es pas mal infecté !
installe un parfeu !
kerio
tuto: pour configurer et comprendre Kerio
https://www.vulgarisation-informatique.com/kerio.php
www.pcentraide.com/index.php?showtopic=110
ensuite fais le 1/ et 2/ de ce lien stp
virus methode preliminaire de desinfection version fr
++
Salut
ok,
Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.
++
ok,
Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.
++
<souligne>j'commence vraiment à avoir le gout de tout formatter!!!
krys</souligne>
SmitFraudFix v2.113
Rapport fait à 10:08:14,07, 2006-10-23
Executé à partir de C:\smitfra\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\christkrys
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\christkrys\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHRIST~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="dxclib303562752.dll"
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
krys</souligne>
SmitFraudFix v2.113
Rapport fait à 10:08:14,07, 2006-10-23
Executé à partir de C:\smitfra\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\christkrys
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\christkrys\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHRIST~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="dxclib303562752.dll"
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Salut!
J'étais en connection avec "Green Day" et maintenant avec toi, Seb08, j'espère que ca ne dérangera rien ??????... je sais que lorsqu'on fait affaire avec une personne en particulier, il est habituellement mieux de finir les actions avec cette personne... je ne voudrais pas faire de malentendus... pour ma part, j'ai hâte que ce soit réglé alors... advienne que pourra... voici le résultat!!!
en passant ... le virus... c'est downloader.purity.scan.... tk, c ca qui m,apparait le plus souvent (avg anti-spyware)
christkrys - 06-10-23 11:12:40,50 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\christkrys\Bureau"
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\christkrys\Application Data\Dxccwrd.dll
C:\Documents and Settings\christkrys\Application Data\Dxcknwrd.dll
C:\Documents and Settings\christkrys\Application Data\Dxcuknwrd.dll
C:\WINDOWS\system32\bkd.exe
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Inetget2
C:\Program Files\Ipwins
C:\Program Files\PrintView
C:\Program Files\Fichiers communs\{1419F4A8-0BB0-3084-0624-050517200002}
C:\Program Files\Fichiers communs\{3419F4A8-0BB0-3084-0624-050517200002}
C:\WINDOWS\system32\crunner
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\WINDOWS\system32\SSTEM~1
C:\QooBox\Purity\WINDOWS\system32\YSTEM~1
C:\QooBox\Purity\WINDOWS\system32\YSTEM~1\__delete_on_reboot__l_s_a_s_s_._e_x_e_
C:\QooBox\Purity\WINDOWS\system32\YSTEM~1\?ystem
((((((((((((((((((((((((((((((( Files Created from 2006-09-23 to 2006-10-23 ))))))))))))))))))))))))))))))))))
2006-10-23 10:07 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-23 10:07 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-23 10:07 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-23 10:07 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-22 13:42 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-10-22 13:42 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-10-22 13:42 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-10-22 13:42 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-10-22 13:42 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-10-22 13:42 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-10-22 13:42 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-10-21 08:30 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-18 11:44 2 --a------ C:\WINDOWS\system32\wnscpcc.exe
2006-10-18 00:22 1,283,585 C:\WINDOWS\system32Big Kahuna Reef 2.scr
2006-10-14 23:29 47,360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2006-10-08 07:29 20,096 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-10-02 18:41 81,920 --------- C:\WINDOWS\system32\BrWebIns.dll
2006-10-02 18:41 65,536 --a------ C:\WINDOWS\system32\Brmfrmps.exe
2006-10-02 18:41 65,536 --------- C:\WINDOWS\system32\Brwebup.exe
2006-10-02 18:41 57,344 --a------ C:\WINDOWS\system32\brsvc01a.exe
2006-10-02 18:41 54,272 --------- C:\WINDOWS\system32\brinsstr.dll
2006-10-02 18:41 45,056 --a------ C:\WINDOWS\system32\brss01a.exe
2006-10-02 18:41 258,048 --a------ C:\WINDOWS\system32\bsplmf01.dll
2006-10-02 18:41 176,128 --------- C:\WINDOWS\system32\Pdrvinst.dll
2006-10-02 18:41 147,456 --------- C:\WINDOWS\brunin03.dll
2006-10-02 18:41 131,072 --a------ C:\WINDOWS\system32\bsplmf01.exe
2006-10-02 18:41 126,976 --------- C:\WINDOWS\system32\BrfxD04a.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-23 11:13 -------- d-------- C:\Program Files\Fichiers communs
2006-10-22 13:41 -------- d-------- C:\Program Files\Alwil Software
2006-10-21 15:01 -------- d-------- C:\Program Files\a-squared Anti-Malware
2006-10-21 14:49 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-21 14:30 -------- d-------- C:\Program Files\Sunbelt Software
2006-10-21 08:30 -------- d-------- C:\Program Files\spyware
2006-10-21 08:01 -------- d-------- C:\Program Files\BFG
2006-10-20 20:25 -------- d-------- C:\Program Files\Lavasoft
2006-10-20 20:25 -------- d-------- C:\Documents and Settings\christkrys\Application Data\Lavasoft
2006-10-20 20:24 -------- d-------- C:\Program Files\RegCleaner
2006-10-18 23:09 83 ---hs---- C:\Documents and Settings\christkrys\Application Data\.zreglib
2006-10-18 11:45 -------- d-------- C:\Program Files\Common Files
2006-10-17 18:12 -------- d-------- C:\Documents and Settings\christkrys\Application Data\Sun
2006-10-17 11:14 -------- d-------- C:\Program Files\1Click DVD Copy Pro
2006-10-15 11:47 1080 --a------ C:\WINDOWS\AUTOLNCH.REG
2006-10-15 00:25 -------- d-------- C:\Documents and Settings\christkrys\Application Data\Elaborate Bytes
2006-10-15 00:18 -------- d-------- C:\Program Files\Elaborate Bytes
2006-10-14 22:57 -------- d-------- C:\Documents and Settings\christkrys\Application Data\dvdcss
2006-10-14 22:56 -------- d-------- C:\Program Files\SlySoft
2006-10-05 14:47 -------- dr------- C:\Documents and Settings\christkrys\Application Data\Brother
2006-10-02 19:58 -------- d-------- C:\Program Files\Mystery Case Files Huntsville
2006-10-02 19:45 -------- d-------- C:\Program Files\Mystery Case Files - Prime Suspects
2006-10-02 18:41 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-02 18:41 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-10-02 18:41 -------- d-------- C:\Program Files\Brother
2006-10-01 21:27 -------- d-------- C:\Program Files\LiveUpdate
2006-09-29 13:05 -------- d-------- C:\Program Files\GameHouse
2006-09-28 14:34 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-09-26 18:42 -------- d-------- C:\Program Files\Big Kahuna Reef
2006-09-18 13:57 -------- d-------- C:\Program Files\LimeWire
2006-09-18 13:57 -------- d-------- C:\Program Files\Java
2006-09-18 13:52 -------- d-------- C:\Program Files\Fichiers communs\Java
2006-09-13 01:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 13:25 -------- d-------- C:\Program Files\DYAD Digital Studios
2006-09-06 00:34 -------- d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2006-08-25 11:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 08:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 07:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-27 09:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"cprocsvc"="C:\\WINDOWS\\system32\\crunner\\cproc.exe"
"Uxvarr"="C:\\WINDOWS\\?dobe\\??chost.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Itow"="\"C:\\WINDOWS\\system32\\YSTEM~1\\lsass.exe\" -vt ndrv"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"SetDefPrt"="C:\\Program Files\\Brother\\Brmfl04d\\BrStDvPt.exe"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"SoundMan"="SOUNDMAN.EXE"
"SMSERIAL"="sm56hlpr.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LVCOMS"="C:\\Program Files\\Fichiers communs\\Logitech\\QCDriver\\LVCOMS.EXE"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\spyware\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,a6,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-10-23 11:16:19.82
C:\ComboFix.txt ... 06-10-23 11:16
J'étais en connection avec "Green Day" et maintenant avec toi, Seb08, j'espère que ca ne dérangera rien ??????... je sais que lorsqu'on fait affaire avec une personne en particulier, il est habituellement mieux de finir les actions avec cette personne... je ne voudrais pas faire de malentendus... pour ma part, j'ai hâte que ce soit réglé alors... advienne que pourra... voici le résultat!!!
en passant ... le virus... c'est downloader.purity.scan.... tk, c ca qui m,apparait le plus souvent (avg anti-spyware)
christkrys - 06-10-23 11:12:40,50 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\christkrys\Bureau"
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\christkrys\Application Data\Dxccwrd.dll
C:\Documents and Settings\christkrys\Application Data\Dxcknwrd.dll
C:\Documents and Settings\christkrys\Application Data\Dxcuknwrd.dll
C:\WINDOWS\system32\bkd.exe
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Inetget2
C:\Program Files\Ipwins
C:\Program Files\PrintView
C:\Program Files\Fichiers communs\{1419F4A8-0BB0-3084-0624-050517200002}
C:\Program Files\Fichiers communs\{3419F4A8-0BB0-3084-0624-050517200002}
C:\WINDOWS\system32\crunner
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\WINDOWS\system32\SSTEM~1
C:\QooBox\Purity\WINDOWS\system32\YSTEM~1
C:\QooBox\Purity\WINDOWS\system32\YSTEM~1\__delete_on_reboot__l_s_a_s_s_._e_x_e_
C:\QooBox\Purity\WINDOWS\system32\YSTEM~1\?ystem
((((((((((((((((((((((((((((((( Files Created from 2006-09-23 to 2006-10-23 ))))))))))))))))))))))))))))))))))
2006-10-23 10:07 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-23 10:07 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-23 10:07 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-23 10:07 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-22 13:42 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-10-22 13:42 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-10-22 13:42 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-10-22 13:42 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-10-22 13:42 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-10-22 13:42 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-10-22 13:42 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-10-21 08:30 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-18 11:44 2 --a------ C:\WINDOWS\system32\wnscpcc.exe
2006-10-18 00:22 1,283,585 C:\WINDOWS\system32Big Kahuna Reef 2.scr
2006-10-14 23:29 47,360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2006-10-08 07:29 20,096 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-10-02 18:41 81,920 --------- C:\WINDOWS\system32\BrWebIns.dll
2006-10-02 18:41 65,536 --a------ C:\WINDOWS\system32\Brmfrmps.exe
2006-10-02 18:41 65,536 --------- C:\WINDOWS\system32\Brwebup.exe
2006-10-02 18:41 57,344 --a------ C:\WINDOWS\system32\brsvc01a.exe
2006-10-02 18:41 54,272 --------- C:\WINDOWS\system32\brinsstr.dll
2006-10-02 18:41 45,056 --a------ C:\WINDOWS\system32\brss01a.exe
2006-10-02 18:41 258,048 --a------ C:\WINDOWS\system32\bsplmf01.dll
2006-10-02 18:41 176,128 --------- C:\WINDOWS\system32\Pdrvinst.dll
2006-10-02 18:41 147,456 --------- C:\WINDOWS\brunin03.dll
2006-10-02 18:41 131,072 --a------ C:\WINDOWS\system32\bsplmf01.exe
2006-10-02 18:41 126,976 --------- C:\WINDOWS\system32\BrfxD04a.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-23 11:13 -------- d-------- C:\Program Files\Fichiers communs
2006-10-22 13:41 -------- d-------- C:\Program Files\Alwil Software
2006-10-21 15:01 -------- d-------- C:\Program Files\a-squared Anti-Malware
2006-10-21 14:49 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-21 14:30 -------- d-------- C:\Program Files\Sunbelt Software
2006-10-21 08:30 -------- d-------- C:\Program Files\spyware
2006-10-21 08:01 -------- d-------- C:\Program Files\BFG
2006-10-20 20:25 -------- d-------- C:\Program Files\Lavasoft
2006-10-20 20:25 -------- d-------- C:\Documents and Settings\christkrys\Application Data\Lavasoft
2006-10-20 20:24 -------- d-------- C:\Program Files\RegCleaner
2006-10-18 23:09 83 ---hs---- C:\Documents and Settings\christkrys\Application Data\.zreglib
2006-10-18 11:45 -------- d-------- C:\Program Files\Common Files
2006-10-17 18:12 -------- d-------- C:\Documents and Settings\christkrys\Application Data\Sun
2006-10-17 11:14 -------- d-------- C:\Program Files\1Click DVD Copy Pro
2006-10-15 11:47 1080 --a------ C:\WINDOWS\AUTOLNCH.REG
2006-10-15 00:25 -------- d-------- C:\Documents and Settings\christkrys\Application Data\Elaborate Bytes
2006-10-15 00:18 -------- d-------- C:\Program Files\Elaborate Bytes
2006-10-14 22:57 -------- d-------- C:\Documents and Settings\christkrys\Application Data\dvdcss
2006-10-14 22:56 -------- d-------- C:\Program Files\SlySoft
2006-10-05 14:47 -------- dr------- C:\Documents and Settings\christkrys\Application Data\Brother
2006-10-02 19:58 -------- d-------- C:\Program Files\Mystery Case Files Huntsville
2006-10-02 19:45 -------- d-------- C:\Program Files\Mystery Case Files - Prime Suspects
2006-10-02 18:41 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-02 18:41 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-10-02 18:41 -------- d-------- C:\Program Files\Brother
2006-10-01 21:27 -------- d-------- C:\Program Files\LiveUpdate
2006-09-29 13:05 -------- d-------- C:\Program Files\GameHouse
2006-09-28 14:34 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-09-26 18:42 -------- d-------- C:\Program Files\Big Kahuna Reef
2006-09-18 13:57 -------- d-------- C:\Program Files\LimeWire
2006-09-18 13:57 -------- d-------- C:\Program Files\Java
2006-09-18 13:52 -------- d-------- C:\Program Files\Fichiers communs\Java
2006-09-13 01:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 13:25 -------- d-------- C:\Program Files\DYAD Digital Studios
2006-09-06 00:34 -------- d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2006-08-25 11:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 08:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 07:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-27 09:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"cprocsvc"="C:\\WINDOWS\\system32\\crunner\\cproc.exe"
"Uxvarr"="C:\\WINDOWS\\?dobe\\??chost.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Itow"="\"C:\\WINDOWS\\system32\\YSTEM~1\\lsass.exe\" -vt ndrv"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"SetDefPrt"="C:\\Program Files\\Brother\\Brmfl04d\\BrStDvPt.exe"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"SoundMan"="SOUNDMAN.EXE"
"SMSERIAL"="sm56hlpr.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LVCOMS"="C:\\Program Files\\Fichiers communs\\Logitech\\QCDriver\\LVCOMS.EXE"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\spyware\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,a6,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-10-23 11:16:19.82
C:\ComboFix.txt ... 06-10-23 11:16
en regardant dans mon c: j'ai découvert un nouveau dossier:
Qoobox/purity/windows/system32/ (sstem1, ystem1, from.txt)
Ca a certainement rapport...
Voici mon Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:47:39, on 2006-10-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\spyware\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\?dobe\??chost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnapViewer.exe
C:\download\jeux et utilitaires\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.melaleuca.com/ProductStore/Home/ProductStoreLanding
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6F34C730-5EDC-0B77-87AA-02B59CC7DFC9} - C:\WINDOWS\system32\htvbj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04d\BrStDvPt.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
O4 - HKCU\..\Run: [Uxvarr] C:\WINDOWS\?dobe\??chost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Itow] "C:\PROGRA~1\YSTEM~1\spool32.exe" -vt ndrv
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6556CCB7-1F06-427E-89F7-218291DA3E77}: NameServer = 206.47.244.91 206.47.244.50
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: BvrpKrnl - Unknown owner - C:\Program Files\WinFax eXPert\BVRPKrnl.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
Qoobox/purity/windows/system32/ (sstem1, ystem1, from.txt)
Ca a certainement rapport...
Voici mon Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:47:39, on 2006-10-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\spyware\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\?dobe\??chost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnapViewer.exe
C:\download\jeux et utilitaires\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.melaleuca.com/ProductStore/Home/ProductStoreLanding
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6F34C730-5EDC-0B77-87AA-02B59CC7DFC9} - C:\WINDOWS\system32\htvbj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04d\BrStDvPt.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
O4 - HKCU\..\Run: [Uxvarr] C:\WINDOWS\?dobe\??chost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Itow] "C:\PROGRA~1\YSTEM~1\spool32.exe" -vt ndrv
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6556CCB7-1F06-427E-89F7-218291DA3E77}: NameServer = 206.47.244.91 206.47.244.50
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: BvrpKrnl - Unknown owner - C:\Program Files\WinFax eXPert\BVRPKrnl.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
Quand j'ai cliqué sur ewido, c'est avg qui a starté!... j'espère que ca fait la meme chose!!... et un peu plus bas.. le bitdefender...
Merci beaucoup du temps que tu prends pour m'aider! c'est très apprécié!
krys
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 11:25:54 2006-10-22
+ Résultat de l'analyse:
C:\Documents and Settings\christkrys\Cookies\christkrys@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\christkrys\Cookies\christkrys@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
Fin du rapport
BitDefender Online Scanner
Scan report generated at: Sun, Oct 22, 2006 - 12:17:15
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
00:40:42
Files
181295
Folders
3205
Boot Sectors
2
Archives
2281
Packed Files
14397
Results
Identified Viruses
3
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
6
Engines Info
Virus Definitions
478165
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\christkrys\Local Settings\Temp\b116.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Downloader.PurityScan.AR
C:\Documents and Settings\christkrys\Local Settings\Temp\b116.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\Documents and Settings\christkrys\Local Settings\Temp\b116.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\Documents and Settings\christkrys\Local Settings\Temp\b116.exe=>(NSIS o)
Update failed
C:\Documents and Settings\christkrys\Local Settings\Temp\b126.exe=>(NSIS o)=>lzma_solid_nsis0002=>(NSIS o)=>zlib_nsis0004
Detected with: Adware.Clickspring.AA
C:\Documents and Settings\christkrys\Local Settings\Temp\b126.exe=>(NSIS o)=>lzma_solid_nsis0002=>(NSIS o)=>zlib_nsis0004
Disinfection failed
C:\Documents and Settings\christkrys\Local Settings\Temp\b126.exe=>(NSIS o)=>lzma_solid_nsis0002=>(NSIS o)=>zlib_nsis0004
Deleted
C:\Documents and Settings\christkrys\Local Settings\Temp\b126.exe=>(NSIS o)=>lzma_solid_nsis0002=>(NSIS o)
Update failed
C:\Documents and Settings\christkrys\Local Settings\Temp\b126.exe=>(NSIS o)=>lzma_solid_nsis0002=>(NSIS o)=>zlib_nsis0006
Detected with: Adware.Clickspring.AA
C:\Documents and Settings\christkrys\Local Settings\Temp\b126.exe=>(NSIS o)=>lzma_solid_nsis0002=>(NSIS o)=>zlib_nsis0006
Disinfection failed
C:\Documents and Settings\christkrys\Local Settings\Temp\b126.exe=>(NSIS o)=>lzma_solid_nsis0002=>(NSIS o)=>zlib_nsis0006
Deleted
C:\Documents and Settings\christkrys\Local Settings\Temp\b126.exe=>(NSIS o)=>lzma_solid_nsis0002=>(NSIS o)
Update failed
C:\Program Files\a-squared Anti-Malware\Quarantine\2b80a3e5f6b6705f98972ab32d259d78.a2q=>DOCUME~1/CHRIST~1/LOCALS~1/Temp/!update.exe=>(Quarantine-PE)
Infected with: Trojan.Downloader.PurityScan.BP
C:\Program Files\a-squared Anti-Malware\Quarantine\2b80a3e5f6b6705f98972ab32d259d78.a2q=>DOCUME~1/CHRIST~1/LOCALS~1/Temp/!update.exe=>(Quarantine-PE)
Disinfection failed
C:\Program Files\a-squared Anti-Malware\Quarantine\2b80a3e5f6b6705f98972ab32d259d78.a2q=>DOCUME~1/CHRIST~1/LOCALS~1/Temp/!update.exe=>(Quarantine-PE)
Deleted
C:\Program Files\a-squared Anti-Malware\Quarantine\2b80a3e5f6b6705f98972ab32d259d78.a2q
Updated
C:\WINDOWS\system32\crunner\cproc.exe.config
Detected with: Adware.Clickspring.AA
C:\WINDOWS\system32\crunner\cproc.exe.config
Disinfection failed
C:\WINDOWS\system32\crunner\cproc.exe.config
Deleted
j'viens de voir que j'avais aussi un autre rapport de bitdefender, le voici...
merci encore...
BitDefender Online Scanner - Real Time Virus Report
Generated at: Sun, Oct 22, 2006 - 12:26:01
--------------------------------------------------------------------------------
Scan Info
Scanned Files
181457
Infected Files
5
Virus Detected
Adware.Clickspring.AA
3
Trojan.Downloader.PurityScan.BP
1
Trojan.Downloader.PurityScan.AR
1
--------------------------------------------------------------------------------
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.