Mon IE me dirige vers d'autres sites web

Résolu
mido -  
 Utilisateur anonyme -
Bonjour tout le monde,
J'ai besoin de votre aide SVP. Voila depuis quelques jours j'ai telecharger su le sute de CCM quelques logiciels de securite, comme le blockeur de POPUP car je recois plein de pub. mais le probleme maintenant qu'à chaque fois que j'accede afin defaire n'importe quoi sur le net mon IE me dirige vers dèautres sitesweb commme telecharger PCDoctor, ou Protect your computer start scan Now !!! et beaucoup dèautres.

J,ai deja le Spybotseraqch, le AVG, Ad-aware et dernierement jèai loader le proxomitron (d'apres moi il fait pas le bon travail)

Je vais copier une des pages qui affichait des choses personnels dans mon ordi, afin de vous donner une idee.

===================================

Windows

WARNING: YOUR CURRENT ANTIVIRUS PROTECTION IS NOT EFFECTIVE!

Your system is currently sending private information and documents to a remote computer. One of these processes (Win32res.exe) has just sent us the following informationing information:
- \Windows\System32
- \Program Files\Internet Explorer
- \My Documents
- Drive C:\ files

WINDOW RECOMMENDED SOLUTION: SCAN YOUR SYSTEM FOR FREE! CLICK HERE

Windows

WARNING: YOUR PRIVATE INFORMATION IS EXPOSED
Your IP address: 70.81.12.23
Your Country: Canada, Montreal
Your Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.40607)
Your Operation System: unknown
System Security Status: CAUTION
Time of investigation: Wednesday 14th of March 2007 01:08:41 PM

WINDOWS RECOMMENDED SOLUTION: SCAN YOUR SYSTEM FOR FREE! CLICK HERE

SUGGESTED SOLUTION
Download and install the following Internet Security Center approved products:

WinAntiVirus Pro 2007 - FREE SCAN
• Over 40,000 viruses in the database
• Exclusive cleaning algorythm
• Eliminates Viruses AND Trojans
• Manual / automatic update system
• Built-in Personal Firewall which detects network threats and security breaches in your PC.
• FREE Expert Technical Support available 24/7

WINDOWS RECOMMENDED SOLUTION: SCAN YOUR SYSTEM FOR FREE! CLICK HERE

=======================================

je laisse ici les resultats de Hikacthis aussi
=============================
Logfile of HijackThis v1.99.1
Scan saved at 1:16:51 PM, on 14/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\nutsrv4.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Battery Checker\BtryChkr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Apoint2K\Apntex.exe
D:\Program Files\UPhotoExpress\CalCheck.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\ProxMotrix (POPUPBLocker)\Proxomitron Naoko-4\Proxomitron.exe
D:\Program Files\spybotsearchanddestry\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ahmad\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.ca/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [RavTimeXP] C:\WINDOWS\Mstray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NuTCSetupEnviron] D:\Program Files\RationalRose\Rational Test\nutcroot\bin\ncoeenv.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Boot Manager] bootmng.exe
O4 - HKLM\..\Run: [Battery Checker] C:\Program Files\TOSHIBA\Battery Checker\BtryChkr.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [Dr.Pc Puttes SpyPROTECTOR] D:\Program Files\pyprotector\SpyProtector\SpyPROTECT.exe -S
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\tedsmmfx.dll",setvm
O4 - HKLM\..\RunServices: [Boot Manager] bootmng.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dr.Pc Puttes SpyPROTECTOR] D:\Program Files\pyprotector\SpyProtector\SpyPROTECT.exe -S
O4 - Startup: Shortcut to Reboot 1.5 Minutes.lnk = C:\Documents and Settings\ahmad\Desktop\Reboot 1.5 Minutes.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Atheros Client Utility.lnk = C:\Program Files\Atheros\ACU.exe
O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = D:\Program Files\UPhotoExpress\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: NuTCRACKERService - DataFocus, Inc. - C:\WINDOWS\System32\nutsrv4.exe

======================================
j<espere que ca peut vous aider a me donner une idee a ce qui se passe

Merci en avance de votre aide
Configuration: Windows XP
Internet Explorer 6.0

25 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    Salut

    Clic sur démarrer, poste de travail, C:, et supprime ce dossier :

    - pyprotector (saloprie)

    **Si un fichier/dossier persiste lors de la suppression fait ceci:
    - Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
    Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.

    ¤ Télécharge SmitfraudFix (enregistre le sur le "bureau")
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    décompresse SmitfraudFix
    Lance le fichier SmitfraudFix ou SmitfraudFix.cmd et choisit l option 1 copie le rapport ici stp
    0
  2. mido2026
     
    merci Boulepat
    en fait j'ai pas trouver le spyprotector dans mes fichiers dans le C: ni dans le D: (je l ai telecharge sur le D: la premiere fois) je me rappelle que je lèai seinstalle.
    en out cas, j'ai lance le programme et voici le rapport obtenu

    SmitFraudFix v2.148

    Rapport fait à 18:05:00.28, 14/03/2007
    Executé à partir de D:\Program Files\stimfraudfix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ahmad

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ahmad\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ahmad\FAVORI~1

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    Merci
    0
  3. Utilisateur anonyme
     
    Merci.

    Fait ceci :

    ¤ Pour afficher tous les dossiers et fichiers cachés :

    Clique sur "démarrer", "panneau de configuration", "outils" ,"option des dossiers", "affichage"
    "
    Coche:
    ¤ afficher les fichiers et dossiers cachés
    - Clique sur "appliquer" puis "ok"
    -----------------------------------------------------------

    ¤ Clic sur démarrer, rechercher, tousles fichiers et dossiers, supprime si présent :

    - Mstray.exe
    - bootmng.exe
    - tedsmmfx.dll

    **Si un fichier/dossier persiste lors de la suppression fait ceci:
    - Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
    Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.

    ¤ Désactive le pare-feu de Windows (SP2) il ne sert à rien puis installe celui-ci pour plus de sécurité

    Kerio (pare-feu) : reste gratuit après la période d'essai en français
    ----> http://www.infos-du-net.com/telecharger/Firewall-Kerio-Personal,0301-390.html

    Regarde ce tutoriel si tu as besoin d'aide pour l'installation, la configuration et compréhension de Kerio
    --> http://kerio.probb.fr/Systemesd-exploitation-c1/Logiciels-et-tutoriels-gratuits-tries-par-categorie-f6/Tutoriel-pour-Kerio-43635-t248.htm

    Plus d'info :
    ->https://kerio.probb.fr/

    ¤ Télécharge et installe AVG anti-spyware :
    Tu fais un scan complet de ton système, dès qu'il a fini.
    Si il te trouve des espions, supprime les. Enregistre le rapport et colle le ici stp

    AVG anti-spyware : reste gratuit après la période d'essai en français
    ---->http://www.infos-du-net.com/telecharger/Anti-Spyware-AVG,0301-7063.html

    Si tu as besoin d'aide avec Ewido(devenu AVG-antispyware) regarde ce tutoriel:
    --> http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    Voilà fait déjà ça, je vais revenir avec une petite correction à appliquer dans quelques minutes ;-)
    0
  4. Utilisateur anonyme
     
    Me revoilà.
    Dès que tu as supprimé ce vers : Mstray.exe et que tu as installé le pare-feu, fais ce qui suit ci-dessous. Inutile de le faire avant ça changerait rien ;-)

    Télécharge et double-clic dessus, puis accepte la fusion avec le registre c'est pour corriger l'infection fait par le vers.
    http://www.mediafire.com/?bi4yid2j35y
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. mido2026
     
    eh voila le rapport :

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 9:52:45 PM 14/03/2007

    + Résultat de l'analyse:

    C:\System Volume Information\_restore{0AD62766-4B26-467A-B86E-4529F0A886DD}\RP418\A0199334.exe -> Adware.Systemdoctor : Ignoré.
    C:\System Volume Information\_restore{0AD62766-4B26-467A-B86E-4529F0A886DD}\RP416\A0197236.exe -> Adware.Virtumonde : Ignoré.
    C:\System Volume Information\_restore{0AD62766-4B26-467A-B86E-4529F0A886DD}\RP416\A0197237.exe -> Adware.Virtumonde : Ignoré.
    C:\System Volume Information\_restore{0AD62766-4B26-467A-B86E-4529F0A886DD}\RP416\A0197239.exe -> Adware.Virtumonde : Ignoré.
    C:\System Volume Information\_restore{0AD62766-4B26-467A-B86E-4529F0A886DD}\RP418\A0199333.exe -> Adware.WinFixer : Ignoré.
    C:\Program Files\Common Files\Synacast\SynaLive\EvID4226Patch.exe -> Backdoor.Virkel.A : Nettoyé et sauvegardé (mise en quarantaine).
    D:\System Volume Information\_restore{0AD62766-4B26-467A-B86E-4529F0A886DD}\RP418\A0199350.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Ignoré.
    C:\Documents and Settings\ahmad\Cookies\ahmad@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@bfast[1].txt -> TrackingCookie.Bfast : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@clickbank[1].txt -> TrackingCookie.Clickbank : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@com[1].txt -> TrackingCookie.Com : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@revenue[2].txt -> TrackingCookie.Revenue : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@revsci[2].txt -> TrackingCookie.Revsci : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
    C:\Documents and Settings\ahmad\Cookies\ahmad@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
    C:\System Volume Information\_restore{0AD62766-4B26-467A-B86E-4529F0A886DD}\RP418\A0199352.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{0AD62766-4B26-467A-B86E-4529F0A886DD}\RP419\A0200059.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).

    Fin du rapport
    0
  7. Utilisateur anonyme
     
    Ok, merci.
    Regarde au <4> je sais pas si tu as vu, si tu n'as pas appliqué fais le et ensuite fait ce qui suit

    Télécharge lopxp :
    http://perso.numericable.fr/~altshift/Info/Fichiers/lopxpMH2.zip

    dézippe-le sur ton bureau puis double-clic sur le fichier "lopxpMH.bat"
    quand il a terminé, un rapport s'ouvre : fait un copier-coller du rapport puis mets le ici
    0
  8. mido2026
     
    et voila le rapport. merci

    Rapport fait à 16:20:39.35 le 15/03/2007

    ******************************************
    ## Répertoires Application Data

    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\Administrateur\Application Data

    16/04/2004 04:58 PM <DIR> .
    16/04/2004 04:58 PM <DIR> ..
    20/04/2004 10:32 AM <DIR> Adobe
    20/04/2004 10:55 AM <DIR> Drag'n Drop CD+DVD
    16/04/2004 04:58 PM <DIR> Identities
    20/04/2004 10:32 AM <DIR> InterTrust
    16/04/2004 04:58 PM <DIR> Microsoft
    20/04/2004 12:48 PM <DIR> Sun
    20/04/2004 01:01 PM <DIR> toshiba
    16/04/2004 04:58 PM 62 desktop.ini
    1 File(s) 62 bytes
    9 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\Administrateur\Local Settings\Application Data

    16/04/2004 04:58 PM <DIR> .
    16/04/2004 04:58 PM <DIR> ..
    20/04/2004 12:47 PM <DIR> {7148F0A6-6813-11D6-A77B-00B0D0142030}
    20/04/2004 04:52 PM <DIR> ApplicationHistory
    16/04/2004 04:58 PM <DIR> Microsoft
    20/04/2004 04:52 PM 137 fusioncache.dat
    16/04/2004 04:59 PM 6,418,884 IconCache.db
    2 File(s) 6,419,021 bytes
    5 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\Administrator\Application Data

    14/03/2007 08:17 PM <DIR> .
    14/03/2007 08:17 PM <DIR> ..
    14/03/2007 08:17 PM <DIR> Microsoft
    14/03/2007 08:17 PM 62 desktop.ini
    1 File(s) 62 bytes
    3 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\Administrator\Local Settings\Application Data

    14/03/2007 08:17 PM <DIR> .
    14/03/2007 08:17 PM <DIR> ..
    14/03/2007 08:17 PM <DIR> Microsoft
    0 File(s) 0 bytes
    3 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\ahmad\Application Data

    04/01/2005 01:35 PM <DIR> .
    04/01/2005 01:35 PM <DIR> ..
    06/01/2005 01:26 AM <DIR> Adobe
    12/12/2005 02:21 PM <DIR> AdobeUM
    16/05/2006 11:38 PM <DIR> AVG7
    25/02/2006 07:37 PM <DIR> Crae Interactives
    04/01/2005 02:16 PM <DIR> Drag'n Drop CD+DVD
    29/08/2005 10:21 PM <DIR> Google
    06/01/2005 01:10 AM <DIR> Help
    04/01/2005 01:35 PM <DIR> Identities
    06/01/2005 01:25 AM <DIR> InterTrust
    13/05/2005 03:38 PM <DIR> InterVideo
    24/03/2005 11:35 PM <DIR> Kazaa Lite
    06/01/2005 01:13 AM <DIR> Lavasoft
    06/02/2005 06:25 PM <DIR> Macromedia
    04/01/2005 01:35 PM <DIR> Microsoft
    04/02/2005 06:30 PM <DIR> Microsoft Corporation
    11/10/2006 09:16 PM <DIR> PC Tools
    25/02/2007 08:00 PM <DIR> Pixela
    12/02/2005 02:01 PM <DIR> Rational
    04/01/2005 02:27 PM <DIR> Real
    07/05/2005 07:57 PM <DIR> SSH
    20/01/2005 01:35 AM <DIR> Sun
    04/01/2005 01:58 PM <DIR> toshiba
    17/03/2006 11:38 PM <DIR> uTorrent
    27/01/2007 11:12 PM <DIR> ZipZag
    04/01/2005 01:35 PM 62 desktop.ini
    1 File(s) 62 bytes
    26 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\ahmad\Local Settings\Application Data

    04/01/2005 01:35 PM <DIR> .
    04/01/2005 01:35 PM <DIR> ..
    20/01/2005 01:33 AM <DIR> {35A3A4F2-B792-11D6-A78A-00B0D0142060}
    20/01/2005 01:35 AM <DIR> {7148F0A6-6813-11D6-A77B-00B0D0142060}
    12/12/2005 02:21 PM <DIR> Adobe
    06/01/2005 01:10 AM <DIR> Help
    27/01/2005 09:13 AM <DIR> Identities
    04/01/2005 01:35 PM <DIR> Microsoft
    20/11/2005 08:45 PM <DIR> PathwayStudio
    12/05/2005 12:10 AM <DIR> WMTools Downloaded Files
    04/01/2005 02:37 PM 123,392 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    06/02/2005 06:16 PM 128 fusioncache.dat
    25/01/2005 11:18 AM 102,808 GDIPFONTCACHEV1.DAT
    04/01/2005 03:12 PM 1,575,394 IconCache.db
    12/02/2005 01:59 PM 74,663 rational_state.log
    5 File(s) 1,876,385 bytes
    10 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\ali\Application Data

    28/10/2004 09:56 PM <DIR> .
    28/10/2004 09:56 PM <DIR> ..
    28/10/2004 09:56 PM <DIR> Adobe
    28/10/2004 09:56 PM <DIR> Drag'n Drop CD+DVD
    24/11/2004 02:19 PM <DIR> Help
    28/10/2004 09:56 PM <DIR> Identities
    28/10/2004 09:56 PM <DIR> InterTrust
    13/11/2004 01:40 AM <DIR> InterVideo
    25/11/2004 05:36 PM <DIR> Kazaa Lite
    24/11/2004 03:59 PM <DIR> Lavasoft
    24/11/2004 02:59 PM <DIR> Macromedia
    28/10/2004 09:56 PM <DIR> Microsoft
    24/11/2004 11:49 AM <DIR> MSN6
    24/11/2004 04:04 PM <DIR> Real
    28/10/2004 09:56 PM <DIR> Sun
    28/10/2004 09:56 PM <DIR> toshiba
    28/10/2004 09:56 PM 62 desktop.ini
    1 File(s) 62 bytes
    16 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\ali\Local Settings\Application Data

    28/10/2004 09:56 PM <DIR> .
    28/10/2004 09:56 PM <DIR> ..
    28/10/2004 09:56 PM <DIR> {7148F0A6-6813-11D6-A77B-00B0D0142030}
    28/10/2004 09:56 PM <DIR> ApplicationHistory
    24/11/2004 02:19 PM <DIR> Help
    24/11/2004 12:28 PM <DIR> Identities
    28/10/2004 09:56 PM <DIR> Microsoft
    25/11/2004 04:38 PM <DIR> NFS Underground 2
    24/11/2004 03:47 PM 7,168 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    28/10/2004 09:56 PM 126 fusioncache.dat
    23/11/2004 01:20 AM 44,512 GDIPFONTCACHEV1.DAT
    24/11/2004 04:06 PM 5,334,690 IconCache.db
    4 File(s) 5,386,496 bytes
    8 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\All Users\Application Data

    16/04/2004 11:28 AM <DIR> .
    16/04/2004 11:28 AM <DIR> ..
    16/04/2004 11:28 AM <DIR> Microsoft
    26/11/2004 07:16 PM <DIR> MSN Messenger 6.2.0137
    24/11/2004 11:49 AM <DIR> MSN6
    16/04/2004 11:29 AM 62 desktop.ini
    1 File(s) 62 bytes
    5 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\All Users.WINDOWS\Application Data

    04/01/2005 08:00 AM <DIR> .
    04/01/2005 08:00 AM <DIR> ..
    19/11/2005 09:19 PM <DIR> Adobe
    16/05/2006 10:26 PM <DIR> AVG7
    23/07/2006 07:23 PM <DIR> Grisoft
    19/11/2005 09:24 PM <DIR> Macrovision
    04/01/2005 08:00 AM <DIR> Microsoft
    08/04/2006 01:16 AM <DIR> Motive
    08/04/2006 01:17 AM <DIR> MotiveSysIDs
    07/03/2007 06:28 PM <DIR> Spybot - Search & Destroy
    11/12/2005 06:53 AM <DIR> Windows Genuine Advantage
    04/01/2005 08:00 AM 62 desktop.ini
    1 File(s) 62 bytes
    11 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\Default User\Application Data

    16/04/2004 11:28 AM <DIR> .
    16/04/2004 11:28 AM <DIR> ..
    28/10/2004 09:55 PM <DIR> Adobe
    28/10/2004 09:55 PM <DIR> Drag'n Drop CD+DVD
    28/10/2004 09:55 PM <DIR> Identities
    28/10/2004 09:55 PM <DIR> InterTrust
    16/04/2004 11:28 AM <DIR> Microsoft
    28/10/2004 09:55 PM <DIR> Sun
    28/10/2004 09:55 PM <DIR> toshiba
    16/04/2004 11:29 AM 62 desktop.ini
    1 File(s) 62 bytes
    9 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\Default User\Local Settings\Application Data

    16/04/2004 11:29 AM <DIR> .
    16/04/2004 11:29 AM <DIR> ..
    28/10/2004 09:55 PM <DIR> {7148F0A6-6813-11D6-A77B-00B0D0142030}
    28/10/2004 09:55 PM <DIR> ApplicationHistory
    28/10/2004 09:55 PM <DIR> Microsoft
    28/10/2004 09:55 PM 137 fusioncache.dat
    28/10/2004 09:55 PM 6,418,884 IconCache.db
    2 File(s) 6,419,021 bytes
    5 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\Default User.WINDOWS\Application Data

    04/01/2005 08:00 AM <DIR> .
    04/01/2005 08:00 AM <DIR> ..
    04/01/2005 08:00 AM <DIR> Microsoft
    04/01/2005 08:00 AM 62 desktop.ini
    1 File(s) 62 bytes
    3 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\Default User.WINDOWS\Local Settings\Application Data

    04/01/2005 08:00 AM <DIR> .
    04/01/2005 08:00 AM <DIR> ..
    0 File(s) 0 bytes
    2 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\LocalService\Application Data

    16/04/2004 04:58 PM <DIR> .
    16/04/2004 04:58 PM <DIR> ..
    16/04/2004 04:58 PM <DIR> Microsoft
    0 File(s) 0 bytes
    3 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\LocalService\Local Settings\Application Data

    16/04/2004 04:58 PM <DIR> .
    16/04/2004 04:58 PM <DIR> ..
    16/04/2004 04:58 PM <DIR> Microsoft
    0 File(s) 0 bytes
    3 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data

    04/01/2005 01:33 PM <DIR> .
    04/01/2005 01:33 PM <DIR> ..
    16/05/2006 11:37 PM <DIR> AVG7
    04/01/2005 01:33 PM <DIR> Microsoft
    0 File(s) 0 bytes
    4 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data

    04/01/2005 01:33 PM <DIR> .
    04/01/2005 01:33 PM <DIR> ..
    04/01/2005 01:33 PM <DIR> Microsoft
    0 File(s) 0 bytes
    3 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\LogMeInRemoteUser\Application Data

    14/03/2006 02:52 AM <DIR> .
    14/03/2006 02:52 AM <DIR> ..
    14/03/2006 02:52 AM <DIR> Microsoft
    14/03/2006 02:52 AM 62 desktop.ini
    1 File(s) 62 bytes
    3 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\LogMeInRemoteUser\Local Settings\Application Data

    14/03/2006 02:52 AM <DIR> .
    14/03/2006 02:52 AM <DIR> ..
    14/03/2006 02:52 AM <DIR> Microsoft
    0 File(s) 0 bytes
    3 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\NetworkService\Application Data

    16/04/2004 04:58 PM <DIR> .
    16/04/2004 04:58 PM <DIR> ..
    16/04/2004 04:58 PM <DIR> Microsoft
    0 File(s) 0 bytes
    3 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\NetworkService\Local Settings\Application Data

    16/04/2004 04:58 PM <DIR> .
    16/04/2004 04:58 PM <DIR> ..
    16/04/2004 04:58 PM <DIR> Microsoft
    0 File(s) 0 bytes
    3 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data

    04/01/2005 01:33 PM <DIR> .
    04/01/2005 01:33 PM <DIR> ..
    04/01/2005 01:33 PM <DIR> Microsoft
    0 File(s) 0 bytes
    3 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data

    04/01/2005 01:33 PM <DIR> .
    04/01/2005 01:33 PM <DIR> ..
    04/01/2005 01:33 PM <DIR> Microsoft
    0 File(s) 0 bytes
    3 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\WINDOWS\system32\config\systemprofile\Application Data

    16/04/2004 04:54 PM <DIR> .
    16/04/2004 04:54 PM <DIR> ..
    28/10/2004 09:55 PM <DIR> Adobe
    28/10/2004 09:55 PM <DIR> Drag'n Drop CD+DVD
    28/10/2004 09:55 PM <DIR> Identities
    28/10/2004 09:55 PM <DIR> InterTrust
    16/04/2004 04:54 PM <DIR> Microsoft
    28/10/2004 09:55 PM <DIR> Sun
    28/10/2004 09:55 PM <DIR> toshiba
    04/01/2005 01:26 PM 62 desktop.ini
    1 File(s) 62 bytes
    9 Dir(s) 6,570,348,544 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

    16/04/2004 04:54 PM <DIR> .
    16/04/2004 04:54 PM <DIR> ..
    28/10/2004 09:55 PM <DIR> {7148F0A6-6813-11D6-A77B-00B0D0142030}
    28/10/2004 09:55 PM <DIR> ApplicationHistory
    27/04/2004 09:51 AM <DIR> Microsoft
    0 File(s) 0 bytes
    5 Dir(s) 6,570,348,544 bytes free

    ******************************************
    Recherche des taches planifiées dans C:\WINDOWS\tasks

    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\WINDOWS\Tasks

    04/01/2005 01:23 PM 6 SA.DAT
    04/01/2005 01:20 PM 65 desktop.ini
    16/04/2004 04:49 PM <DIR> ..
    16/04/2004 04:49 PM <DIR> .
    2 File(s) 71 bytes
    2 Dir(s) 6,570,348,544 bytes free

    ******************************************
    ## Répertoires de C:\Program Files

    Volume in drive C has no label.
    Volume Serial Number is 0065-0D81

    Directory of C:\Program Files

    14/03/2007 10:56 PM <DIR> .
    14/03/2007 10:56 PM <DIR> ..
    19/11/2005 09:19 PM <DIR> Adobe
    04/01/2005 02:08 PM <DIR> Apoint2K
    06/02/2005 06:16 PM <DIR> ASP.NET
    04/01/2005 02:05 PM <DIR> Atheros
    19/04/2004 12:52 PM <DIR> ATI Technologies
    23/07/2006 07:22 PM <DIR> AVG Anti Virus
    20/04/2004 10:45 AM <DIR> B's CLiP
    24/11/2004 01:18 PM <DIR> Colubris Networks
    13/06/2006 06:34 PM <DIR> Common Files
    16/04/2004 04:47 PM <DIR> ComPlus Applications
    20/04/2004 02:02 PM <DIR> DataLode
    06/01/2005 12:57 AM <DIR> Diamond
    20/04/2004 10:49 AM <DIR> Drag'n Drop CD+DVD
    23/11/2006 10:40 PM <DIR> DssEvolution.com
    06/01/2005 12:58 AM <DIR> D-Tools
    20/04/2004 10:56 AM <DIR> DVD-RAM
    04/01/2005 02:01 PM <DIR> EzButton
    25/11/2004 01:31 PM <DIR> Fichiers communs
    24/11/2004 02:38 PM <DIR> FSI
    18/07/2006 08:42 PM <DIR> GAMES
    29/08/2005 10:20 PM <DIR> Google
    25/11/2004 04:08 PM <DIR> GRETECH
    08/03/2007 08:57 PM <DIR> Grisoft
    14/09/2005 07:20 PM <DIR> IMSI
    17/02/2007 09:12 AM <DIR> Internet Explorer
    20/04/2004 12:21 PM <DIR> InterVideo
    20/01/2005 01:35 AM <DIR> Java
    04/01/2005 02:02 PM <DIR> ltmoh
    28/02/2005 02:54 PM <DIR> Messenger
    24/11/2004 03:39 PM <DIR> Metrowerks
    25/11/2004 01:32 PM <DIR> Microsoft ActiveSync
    24/11/2004 04:17 PM <DIR> microsoft frontpage
    26/04/2005 11:27 PM <DIR> Microsoft Office
    04/02/2005 06:20 PM <DIR> Microsoft SQL Server
    04/01/2005 02:50 PM <DIR> Microsoft Visual Studio
    04/01/2005 02:51 PM <DIR> Microsoft Works
    25/11/2004 01:32 PM <DIR> Microsoft.NET
    24/02/2005 10:51 AM <DIR> Movie Maker
    16/04/2004 04:47 PM <DIR> MSN
    16/04/2004 04:43 PM <DIR> MSN Gaming Zone
    24/02/2005 10:46 AM <DIR> NetMeeting
    04/01/2005 01:21 PM <DIR> Online Services
    16/12/2006 12:33 PM <DIR> Outlook Express
    28/01/2005 05:01 PM <DIR> QuickTime
    24/11/2004 04:04 PM <DIR> Real
    16/04/2004 04:49 PM <DIR> Services en ligne
    25/01/2005 06:11 PM <DIR> SWIProlog
    24/11/2004 02:36 PM <DIR> Symantec
    04/02/2005 03:26 PM <DIR> The KMPlayer
    20/04/2004 02:06 PM <DIR> TOSHIBA
    14/03/2007 10:56 PM <DIR> VSAdd-in
    04/02/2005 05:33 PM <DIR> WebMatrix
    18/02/2006 12:01 PM <DIR> Windows Media Player
    24/02/2005 10:46 AM <DIR> Windows NT
    29/11/2005 01:20 AM <DIR> WinRAR
    04/01/2005 02:26 PM <DIR> WinZip
    16/04/2004 04:52 PM <DIR> xerox
    0 File(s) 0 bytes
    59 Dir(s) 6,570,348,544 bytes free

    ******************************************
    ## Popups autorisées

    * Internet Explorer

    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
    *.courrier.uqam.ca REG_BINARY
    www.aljazeera.net REG_BINARY
    www.playlebanon.com REG_BINARY
    www.lebanese-goal.com REG_BINARY

    * Mozilla Firefox (1 autorisé 2 interdit)

    ******************************************
    ## Registre

    ******************************************
    ## Zones de sécurité

    * HKCU Domains (4)

    * P3P History (5)

    ******************************************
    ## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"

    *************** Fin du rapport ****************
    0
  9. Utilisateur anonyme
     
    Salut

    Clic sur poste de travail, C:, program files et supprime ce dossier :

    - VSAdd-in

    **Si un fichier/dossier persiste lors de la suppression fait ceci:
    - Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
    Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.

    ¤ Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2(en haut) va se mettre à clignoter, clique dessus et choisit "accepter l'active X" pour faire fonctionner le scan anti-virus.
    Une fois qu'il a terminé colle le rapport ici stp

    ---> https://www.kaspersky.fr/downloads

    - Kaspersky Online Scanner
    - Accept
    0
  10. mido
     
    voila le scan pour le C: et le D:

    Je ne sais pas si mon prob. est complique je vois toujours des pages come info diet, coupon dollard et winanti2007 et plein de chose.
    Concernanr le fichier - tedsmmfx.dll windows affiche un message dèerreur a chaque fois qu'il restart !!!! est ce que c'est normal.
    J'ai refais l etape 4 une autre fois aussi.

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Friday, March 16, 2007 6:40:14 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 16/03/2007
    Kaspersky Anti-Virus database records: 266181
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - Critical Areas:
    C:\WINDOWS
    C:\DOCUME~1\ahmad\LOCALS~1\Temp\

    Scan Statistics:
    Total number of scanned objects: 19102
    Number of viruses found: 0
    Number of infected objects: 0 / 0
    Number of suspicious objects: 0
    Duration of the scan process: 00:18:47

    Infected Object Name / Virus Name / Last Action
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_754.dat Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.

    ==================

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Friday, March 16, 2007 7:19:47 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 16/03/2007
    Kaspersky Anti-Virus database records: 266181
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - Folders:
    D:\

    Scan Statistics:
    Total number of scanned objects: 44219
    Number of viruses found: 1
    Number of infected objects: 3 / 0
    Number of suspicious objects: 0
    Duration of the scan process: 00:30:33

    Infected Object Name / Virus Name / Last Action
    D:\My documents\abou7med\INF5370\JTAG FTA\Unlocker\unlock.exe Infected: Backdoor.Win32.Hupigon.bbh skipped
    D:\My documents\abou7med\INF5370\JTAG FTA\Unlocker.zip/unlock.exe Infected: Backdoor.Win32.Hupigon.bbh skipped
    D:\My documents\abou7med\INF5370\JTAG FTA\Unlocker.zip ZIP: infected - 1 skipped
    D:\Program Files\FirewallSunbeltKerio\logs\debug.log Object is locked skipped
    D:\Program Files\FirewallSunbeltKerio\logs\debug.log.idx Object is locked skipped
    D:\Program Files\FirewallSunbeltKerio\logs\error.log Object is locked skipped
    D:\Program Files\FirewallSunbeltKerio\logs\error.log.idx Object is locked skipped
    D:\Program Files\FirewallSunbeltKerio\logs\hips.log Object is locked skipped
    D:\Program Files\FirewallSunbeltKerio\logs\hips.log.idx Object is locked skipped
    D:\Program Files\FirewallSunbeltKerio\logs\ids.log Object is locked skipped
    D:\Program Files\FirewallSunbeltKerio\logs\ids.log.idx Object is locked skipped
    D:\Program Files\FirewallSunbeltKerio\logs\network.log Object is locked skipped
    D:\Program Files\FirewallSunbeltKerio\logs\network.log.idx Object is locked skipped
    D:\Program Files\FirewallSunbeltKerio\logs\system.log Object is locked skipped
    D:\Program Files\FirewallSunbeltKerio\logs\system.log.idx Object is locked skipped
    D:\Program Files\FirewallSunbeltKerio\logs\warning.log Object is locked skipped
    D:\Program Files\FirewallSunbeltKerio\logs\warning.log.idx Object is locked skipped
    D:\Program Files\FirewallSunbeltKerio\logs\web.log Object is locked skipped
    D:\Program Files\FirewallSunbeltKerio\logs\web.log.idx Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    D:\System Volume Information\_restore{0AD62766-4B26-467A-B86E-4529F0A886DD}\RP421\change.log Object is locked skipped

    Scan process completed.

    A+
    0
  11. Utilisateur anonyme
     
    Salut

    Fait ceci dans l'ordre :

    ¤ Clic sur D:, My documents\abou7med\INF5370\JTAG FTA et supprime :

    - Unlocker (il devrait y en avoir deux vire les)

    ¤ Fait ce nettoyage: à faire réguliérement

    ¤ Télécharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
    ---> http://www.infos-du-net.com/telecharger/CCleaner,0301-1039.html

    - Dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, clic sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
    Les sauvegardes que tu aura faites, tu pourra les supprimer si ton ordinateur n'a plus de problémes.

    - Relance Ccleaner, vas dans l'onglet "nettoyeur" présent sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"

    Si tu as besoin d'aide avec Ccleaner, regarde ce tutoriel :
    https://kerio.probb.fr/t242-tuto-ccleaner-v-2

    ¤ Télécharge VundoFix
    http://www.atribune.org/ccount/click.php?id=4

    double clic dessus choisis "start for vundo"
    attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
    un message te demandera si tu veux supprimes les fichiers sur "yes"
    Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer sinon, fais le par toit même
    Une fois qu'il a redemarré colle le rapport C:\vundofix.txt et un nouveau rapport hijackthis stp
    0
  12. mido
     
    Salut, voila les rapports :

    Vundofix :
    =======

    VundoFix V6.3.16

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Java version is 1.4.2.6
    Old versions of java are exploitable and should be removed.

    Scan started at 11:01:49 PM 16/03/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gbqddnan.exe
    C:\WINDOWS\system32\npqss.bak1
    C:\WINDOWS\system32\npqss.bak2
    C:\WINDOWS\system32\npqss.ini
    C:\WINDOWS\system32\pmnmklk.dll
    C:\WINDOWS\system32\rbugkslx.exe
    C:\WINDOWS\system32\ssqpn.dll
    C:\WINDOWS\system32\ubvcrqti.exe
    C:\WINDOWS\system32\urqqnmm.dll
    C:\WINDOWS\system32\wxbavmnm.exe
    C:\WINDOWS\system32\xqypjmao.exe
    C:\WINDOWS\system32\yrvgomnl.exe

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gbqddnan.exe
    C:\WINDOWS\system32\gbqddnan.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\npqss.bak1
    C:\WINDOWS\system32\npqss.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\npqss.bak2
    C:\WINDOWS\system32\npqss.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\npqss.ini
    C:\WINDOWS\system32\npqss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnmklk.dll
    C:\WINDOWS\system32\pmnmklk.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\rbugkslx.exe
    C:\WINDOWS\system32\rbugkslx.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqpn.dll
    C:\WINDOWS\system32\ssqpn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ubvcrqti.exe
    C:\WINDOWS\system32\ubvcrqti.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\urqqnmm.dll
    C:\WINDOWS\system32\urqqnmm.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wxbavmnm.exe
    C:\WINDOWS\system32\wxbavmnm.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xqypjmao.exe
    C:\WINDOWS\system32\xqypjmao.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yrvgomnl.exe
    C:\WINDOWS\system32\yrvgomnl.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\pmnmklk.dll
    C:\WINDOWS\system32\pmnmklk.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    =======

    Hijackthis
    =======

    Logfile of HijackThis v1.99.1
    Scan saved at 11:29:34 PM, on 16/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
    D:\Program Files\AVG ANtispyware\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\nutsrv4.exe
    C:\Program Files\EzButton\EzButton.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\TOSHIBA\Battery Checker\BtryChkr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
    C:\Program Files\Apoint2K\Apntex.exe
    D:\Program Files\AVG ANtispyware\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    D:\Program Files\UPhotoExpress\CalCheck.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\ahmad\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.ca/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {AE3E75DA-220E-4FB3-8DD2-8B8A1407DDFF} - C:\WINDOWS\system32\ssqpn.dll (file missing)
    O2 - BHO: (no name) - {AFC37E94-71A5-4E7B-9480-BCA74A5EFE39} - C:\WINDOWS\system32\pmnmklk.dll (file missing)
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NuTCSetupEnviron] D:\Program Files\RationalRose\Rational Test\nutcroot\bin\ncoeenv.exe
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [Boot Manager] bootmng.exe
    O4 - HKLM\..\Run: [Battery Checker] C:\Program Files\TOSHIBA\Battery Checker\BtryChkr.exe
    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
    O4 - HKLM\..\Run: [Dr.Pc Puttes SpyPROTECTOR] D:\Program Files\pyprotector\SpyProtector\SpyPROTECT.exe -S
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\tedsmmfx.dll",setvm
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG ANtispyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunServices: [Boot Manager] bootmng.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Dr.Pc Puttes SpyPROTECTOR] D:\Program Files\pyprotector\SpyProtector\SpyPROTECT.exe -S
    O4 - Startup: Shortcut to Reboot 1.5 Minutes.lnk = C:\Documents and Settings\ahmad\Desktop\Reboot 1.5 Minutes.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Atheros Client Utility.lnk = C:\Program Files\Atheros\ACU.exe
    O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = D:\Program Files\UPhotoExpress\CalCheck.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG ANtispyware\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: NuTCRACKERService - DataFocus, Inc. - C:\WINDOWS\System32\nutsrv4.exe

    =======

    J'espere que ca va mettre fin a mes cauchemards ;)
    0
  13. Utilisateur anonyme
     
    ¤ Bon y'a des choses qui ne vont pas tu n'as pas installé Kerio le pare-feu, celui de Windows ne sert à rien, ce n'est pas compliqué à comprendre et ça te protégera plus que celui de Windows qui est une passoire.

    ¤ Clic sur D:, program files, et supprime ce dossier :

    D:\Program Files\pyprotector\SpyProtector

    Désolé pour toi si tu ne veux pas le supprimer, peut-être l'as-tu acheté ? mais c'est une saloprie, ça nous aide pas du tout.

    ¤ Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"

    O2 - BHO: (no name) - {AE3E75DA-220E-4FB3-8DD2-8B8A1407DDFF} - C:\WINDOWS\system32\ssqpn.dll (file missing)
    O2 - BHO: (no name) - {AFC37E94-71A5-4E7B-9480-BCA74A5EFE39} - C:\WINDOWS\system32\pmnmklk.dll (file missing)
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
    O4 - HKLM\..\Run: [Dr.Pc Puttes SpyPROTECTOR] D:\Program Files\pyprotector\SpyProtector\SpyPROTECT.exe -S
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\tedsmmfx.dll",setvm
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = D:\Program Files\UPhotoExpress\CalCheck.exe

    ¤ Connais-tu ceci ? si non, supprime le.

    C:\Documents and Settings\ahmad\Desktop\Reboot 1.5 Minutes.exe

    ¤ Télécharge ComboScan sur ton Bureau.
    http://www.techsupportforum.com/sectools/Deckard/comboscan.exe

    Ferme toutes les applications en cours.
    Double-clique sur comboscan.exe pour lancer l'outil.
    A la fenêtre de prévention, clique sur OK.
    L'analyse peut prendre quelques minutes.
    A la fenêtre indiquant la fin de l'analyse, clique sur OK.
    Le rapport Comboscan.txt s'affichera, envoie ce rapport dans ta future réponse.

    Note : Désactive ton pare-feu ainsi que ton antivirus lors de l'exécution de ComboScan.

    http://www.techsupportforum.com/sectools/Deckard/comboscan.exe

    A++
    0
  14. mido
     
    Bonjour
    Concernnat le kerio firwall, je l'avais mais j'ai remarque des virus la dedans en plus il gele beaucoup alors je vais installe le zone alarm ca me semble que c'est mieux car jel'ai utilise dans le passe.

    pour le fichiers que tu me demande de l'effacer comme le pyprotector.....je le trouve pas dans mon systeme je l'ai efface depuis la premiere fois que tu m'as contacte

    concernant l'autre fichier C:\Documents and Settings\ahmad\Desktop\Reboot 1.5 Minutes.exe
    je l'ai efface depuis 5-6 mois

    Alors je trouve ca bizarre que ca apparait toujours dans mon systeme lors d'un scan ou Hijackthis
    je vais proceder aux autres etapes en commencant par installer zonealarme de nouveau

    je vais faire tout ce tu me demandes a faire ;) sauf que le probleme sera regle

    a+
    0
  15. mido
     
    Combo Scan:
    ===========

    ComboScan v20070306.20 run by ahmad on 2007-03-17 at 11:25:06
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- HijackThis (run as ahmad.exe) -----------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 11:25:07 AM, on 17/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
    D:\Program Files\AVG ANtispyware\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\System32\nutsrv4.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\EzButton\EzButton.EXE
    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\TOSHIBA\Battery Checker\BtryChkr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\ahmad\Desktop\comboscan.exe
    C:\HIJACK~1\ahmad.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.ca/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NuTCSetupEnviron] D:\Program Files\RationalRose\Rational Test\nutcroot\bin\ncoeenv.exe
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [Boot Manager] bootmng.exe
    O4 - HKLM\..\Run: [Battery Checker] C:\Program Files\TOSHIBA\Battery Checker\BtryChkr.exe
    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG ANtispyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Alarme\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\RunServices: [Boot Manager] bootmng.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Dr.Pc Puttes SpyPROTECTOR] D:\Program Files\pyprotector\SpyProtector\SpyPROTECT.exe -S
    O4 - Startup: Shortcut to Reboot 1.5 Minutes.lnk = C:\Documents and Settings\ahmad\Desktop\Reboot 1.5 Minutes.exe
    O4 - Global Startup: Atheros Client Utility.lnk = C:\Program Files\Atheros\ACU.exe
    O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG ANtispyware\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: NuTCRACKERService - DataFocus, Inc. - C:\WINDOWS\System32\nutsrv4.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    -- Files created between 2007-02-17 and 2007-03-17 -----------------------------

    2007-03-17 10:40:13 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2007-03-17 10:39:56 42920 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll<VSUTIL~1.DLL>
    2007-03-17 10:39:40 0 d-------- C:\WINDOWS\system32\ZoneLabs
    2007-03-17 10:38:22 0 d-------- C:\WINDOWS\Internet Logs<INTERN~1>
    2007-03-16 23:01:49 0 d------c- C:\VundoFix Backups<VUNDOF~1>
    2007-03-16 22:49:48 0 d------c- C:\HiJackThis<HIJACK~1>
    2007-03-15 22:56:39 0 d------c- C:\Program Files\VSAdd-in
    2007-03-15 18:48:44 0 d------c- C:\EE_TEST
    2007-03-15 18:21:51 118784 --a------ C:\WINDOWS\system32\EEGenFn1.dll
    2007-03-15 18:21:50 32768 --a------ C:\WINDOWS\system32\eetransx.exe
    2007-03-15 18:21:50 61440 --a------ C:\WINDOWS\system32\Eeshellx.dll
    2007-03-15 18:21:47 165376 --a------ C:\WINDOWS\UNWISE.EXE
    2007-03-15 18:21:47 368912 --a------ C:\WINDOWS\system32\vbar332.dll
    2007-03-14 20:45:42 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-03-14 20:17:03 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
    2007-03-14 18:05:07 4168 --a------ C:\WINDOWS\system32\tmp.reg
    2007-03-12 18:46:51 89088 --a------ C:\WINDOWS\system32\atl71.dll
    2007-03-11 12:59:30 28903 --a------ C:\WINDOWS\system32\ddcya.dll
    2007-03-11 12:59:17 36203 --a------ C:\WINDOWS\system32\pmnlj.dll
    2007-03-11 12:50:44 47883 --a------ C:\WINDOWS\system32\jkklk.dll
    2007-03-11 12:50:36 20143 --a------ C:\WINDOWS\system32\ddccb.dll
    2007-03-10 01:59:01 49343 --a------ C:\WINDOWS\system32\jkhff.dll
    2007-03-07 20:45:06 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
    2007-03-07 20:45:06 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
    2007-03-07 18:28:43 0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy<SPYBOT~1>
    2007-02-25 20:00:21 0 d------c- C:\Documents and Settings\ahmad\Application Data\Pixela

    -- Find3M Report ---------------------------------------------------------------

    2007-03-15 18:33:02 0 d------c- C:\Documents and Settings\ahmad\Application Data\uTorrent
    2007-03-15 18:32:50 0 d------c- C:\Documents and Settings\ahmad\Application Data\AVG7
    2007-03-13 22:58:21 0 d---s--c- C:\Documents and Settings\ahmad\Application Data\Microsoft<MICROS~1>
    2007-03-11 23:52:16 0 d------c- C:\Documents and Settings\ahmad\Application Data\Adobe
    2007-03-08 20:57:58 0 d-------- C:\Program Files\Grisoft
    2007-02-25 19:55:57 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
    2007-02-08 18:34:40 5248 --a------ C:\WINDOWS\system32\giveio.sys
    2007-01-29 04:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
    2007-01-27 23:12:44 0 d------c- C:\Documents and Settings\ahmad\Application Data\ZipZag
    2006-12-19 17:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
    2006-12-19 14:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll

    -- Registry Dump ---------------------------------------------------------------

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Dr.Pc Puttes SpyPROTECTOR"="D:\\Program Files\\pyprotector\\SpyProtector\\SpyPROTECT.exe -S"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
    "TPNF"="C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe"
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_06\\bin\\jusched.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "NuTCSetupEnviron"="D:\\Program Files\\RationalRose\\Rational Test\\nutcroot\\bin\\ncoeenv.exe"
    "NETCONNECT"=""
    "LogMeIn GUI"="\"C:\\Program Files\\LogMeIn\\LogMeInSystray.exe\""
    "EzButton"="C:\\Program Files\\EzButton\\EzButton.EXE"
    "CeEPOWER"="C:\\Program Files\\TOSHIBA\\Power Management\\CePMTray.exe"
    "CeEKEY"="C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe"
    "Boot Manager"="bootmng.exe"
    "Battery Checker"="C:\\Program Files\\TOSHIBA\\Battery Checker\\BtryChkr.exe"
    "B'sCLiP"="C:\\PROGRA~1\\B'SCLI~1\\Win2K\\BSCLIP.exe"
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
    "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "ATIModeChange"="Ati2mdxx.exe"
    "Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
    "AGRSMMSG"="AGRSMMSG.exe"
    "!AVG Anti-Spyware"="\"D:\\Program Files\\AVG ANtispyware\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    "Zone Labs Client"="\"D:\\Program Files\\Zone Alarme\\ZoneAlarm\\zlclient.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "Boot Manager"="bootmng.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AFC37E94-71A5-4E7B-9480-BCA74A5EFE39}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLowDiskSpaceChecks"=dword:00000001

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
    Shell\AutoRun\command E:\Autorun.exe

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e986578-5e47-11d9-98f6-806d6172696f}]
    Shell\AutoRun\command E:\Autorun.exe
    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SRESCAN
    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_VSMON

    -- End of ComboScan: finished at 2007-03-17 at 11:25:26 ------------------------

    ===========

    Hijackthis une autre fois
    ==================

    Logfile of HijackThis v1.99.1
    Scan saved at 11:25:07 AM, on 17/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
    D:\Program Files\AVG ANtispyware\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\System32\nutsrv4.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\EzButton\EzButton.EXE
    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\TOSHIBA\Battery Checker\BtryChkr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\ahmad\Desktop\comboscan.exe
    C:\HIJACK~1\ahmad.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.ca/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NuTCSetupEnviron] D:\Program Files\RationalRose\Rational Test\nutcroot\bin\ncoeenv.exe
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [Boot Manager] bootmng.exe
    O4 - HKLM\..\Run: [Battery Checker] C:\Program Files\TOSHIBA\Battery Checker\BtryChkr.exe
    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG ANtispyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Alarme\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\RunServices: [Boot Manager] bootmng.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Dr.Pc Puttes SpyPROTECTOR] D:\Program Files\pyprotector\SpyProtector\SpyPROTECT.exe -S
    O4 - Startup: Shortcut to Reboot 1.5 Minutes.lnk = C:\Documents and Settings\ahmad\Desktop\Reboot 1.5 Minutes.exe
    O4 - Global Startup: Atheros Client Utility.lnk = C:\Program Files\Atheros\ACU.exe
    O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG ANtispyware\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: NuTCRACKERService - DataFocus, Inc. - C:\WINDOWS\System32\nutsrv4.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    ==================
    0
  16. Utilisateur anonyme
     
    Salut

    ¤ Télécharge VundoFix
    http://www.atribune.org/ccount/click.php?id=4

    Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..

    double clic dessus choisis "start for vundo"
    attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
    un message te demandera si tu veux supprimes les fichiers sur "yes"
    Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer sinon, fais le par toit même
    Une fois qu'il a redemarré colle le rapport C:\vundofix.txt

    ¤ Télécharge et double clic sur ce fichier et accepte la fusion au registre pour virer les machins récalcitrants.
    http://www.mediafire.com/?23mrjdyzmd4

    ¤ Clic sur C: et supprime ce dossier : VundoFix Backups

    Clic sur C:, program files et supprime : VSAdd-in

    ¤ Rends toi sur se site, en haut à droite clique sur "choisir"
    Tu vas dans C:, windows, system32 tu cherches lse processus ci-dessous et tu clic sur "ouvrir" dès que c'est fait, clic sur "send"
    Tu attends un peu et colle le rapport ici une fois qu'il a terminé stp

    http://www.virustotal.com/en/virustotalx.html

    C:\WINDOWS\system32\wiaservc.dll
    C:\WINDOWS\system32\ddcya.dll

    A++
    0
  17. mido
     
    salut

    1- mon ordi ne veut plus redemarrez en mode sans echec !!!!
    je l'ai redemarre normalement

    2- repport de vundo

    ==========

    VundoFix V6.3.16

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Java version is 1.4.2.6
    Old versions of java are exploitable and should be removed.

    Scan started at 12:36:10 AM 18/03/2007

    Listing files found while scanning....

    No infected files were found.

    Beginning removal...

    ==========

    3- resultat de deux scan :

    a) C:\WINDOWS\system32\wiaservc.dll

    STATUS: FINISHEDComplete scanning result of "wiaservc.dll", received in VirusTotal at 03.18.2007, 05:54:42 (CET).

    Antivirus Version Update Result
    AhnLab-V3 2007.3.17.0 03.16.2007 no virus found
    AntiVir 7.3.1.43 03.17.2007 no virus found
    Authentium 4.93.8 03.17.2007 no virus found
    Avast 4.7.936.0 03.16.2007 no virus found
    AVG 7.5.0.447 03.17.2007 no virus found
    BitDefender 7.2 03.18.2007 no virus found
    CAT-QuickHeal 9.00 03.15.2007 no virus found
    ClamAV 0.90.1 03.18.2007 no virus found
    DrWeb 4.33 03.17.2007 no virus found
    eSafe 7.0.14.0 03.16.2007 no virus found
    eTrust-Vet 30.6.3486 03.16.2007 no virus found
    Ewido 4.0 03.17.2007 no virus found
    FileAdvisor 1 03.18.2007 Not analyzed yet
    Fortinet 2.85.0.0 03.18.2007 no virus found
    F-Prot 4.3.1.45 03.17.2007 no virus found
    F-Secure 6.70.13030.0 03.17.2007 no virus found
    Ikarus T3.1.1.3 03.17.2007 no virus found
    Kaspersky 4.0.2.24 03.18.2007 no virus found
    McAfee 4986 03.16.2007 no virus found
    Microsoft 1.2306 03.18.2007 no virus found
    NOD32v2 2124 03.17.2007 no virus found
    Norman 5.80.02 03.16.2007 no virus found
    Panda 9.0.0.4 03.17.2007 no virus found
    Prevx1 V2 03.18.2007 no virus found
    Sophos 4.15.0 03.13.2007 no virus found
    Sunbelt 2.2.907.0 03.16.2007 no virus found
    Symantec 10 03.18.2007 no virus found
    TheHacker 6.1.6.076 03.15.2007 no virus found
    UNA 1.83 03.16.2007 no virus found
    VBA32 3.11.2 03.16.2007 no virus found
    VirusBuster 4.3.7:9 03.17.2007 no virus found

    Aditional Information
    File size: 333824 bytes
    MD5: b6763f8534ac547cf1af98afdff2edc8
    SHA1: 79a0fe558d161e5769ab7bc858eab4f34160460e
    Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=b6763f8534ac547cf1af98afdff2edc8

    b) C:\WINDOWS\system32\ddcya.dll

    STATUS: FINISHEDComplete scanning result of "ddcya.dll", received in VirusTotal at 03.18.2007, 06:00:29 (CET).

    Antivirus Version Update Result
    AhnLab-V3 2007.3.17.0 03.16.2007 no virus found
    AntiVir 7.3.1.43 03.17.2007 no virus found
    Authentium 4.93.8 03.17.2007 no virus found
    Avast 4.7.936.0 03.16.2007 no virus found
    AVG 7.5.0.447 03.17.2007 no virus found
    BitDefender 7.2 03.18.2007 no virus found
    CAT-QuickHeal 9.00 03.15.2007 no virus found
    ClamAV 0.90.1 03.18.2007 no virus found
    DrWeb 4.33 03.17.2007 no virus found
    eSafe 7.0.14.0 03.16.2007 no virus found
    eTrust-Vet 30.6.3486 03.16.2007 no virus found
    Ewido 4.0 03.17.2007 no virus found
    FileAdvisor 1 03.18.2007 no virus found
    Fortinet 2.85.0.0 03.18.2007 no virus found
    F-Prot 4.3.1.45 03.17.2007 no virus found
    F-Secure 6.70.13030.0 03.17.2007 no virus found
    Ikarus T3.1.1.3 03.17.2007 no virus found
    Kaspersky 4.0.2.24 03.18.2007 no virus found
    McAfee 4986 03.16.2007 no virus found
    Microsoft 1.2306 03.18.2007 no virus found
    NOD32v2 2124 03.17.2007 no virus found
    Norman 5.80.02 03.16.2007 no virus found
    Panda 9.0.0.4 03.17.2007 no virus found
    Prevx1 V2 03.18.2007 no virus found
    Sophos 4.15.0 03.13.2007 no virus found
    Sunbelt 2.2.907.0 03.16.2007 no virus found
    Symantec 10 03.18.2007 no virus found
    TheHacker 6.1.6.076 03.15.2007 no virus found
    UNA 1.83 03.16.2007 no virus found
    VBA32 3.11.2 03.16.2007 no virus found
    VirusBuster 4.3.7:9 03.17.2007 no virus found

    Aditional Information
    File size: 28903 bytes
    MD5: f9a4733266b3c301bc22fff139531a61
    SHA1: edd0e9b442cbe6f2b9da8a9f4694210ac8eb8b8e

    Merci beaucoup pour votre temps

    mais je me demande toujours pkoi je recois un message comme quiçoi le fichier tedsmmfx.dll

    et puisque windows ne demarre pas en mode sans echec est ce que ca veut qu'on a endomage quelques fichiers dans le windows

    A+
    0
  18. Utilisateur anonyme
     
    Non on a rien touché, le problème vient des virus.

    ¤ Télécharge et double-clic sur ce fichier.
    Accepte la fusion au registre et redémare ton PC.
    http://www.mediafire.com/?dotjn0tn4mo

    ¤ Ensuite redémarre en mode sans echec, puis exécute VundoFix (oui encore)

    ¤ Quand tu fais une recherche de ce fichier (tedsmmfx.dll) le trouves-tu ?
    0
  19. mido
     
    salut

    Bon j'ai fais les etapes precedants

    Vundo ne trouve pas des erreurs
    le fichier tedsmmfx.dll est disparu de mon ordi.
    l'ordi ne redemarre pas en mode sans echec

    a+
    0
  20. Utilisateur anonyme
     
    As-tu accepté le fichier et la fusion au registre ?

    Avant tu arrivais à démarré en mode sans echec ?
    0
  21. mido
     
    oui j'ai accepte la fusion au registre.

    concernant le demarrage sans echec oui je le faisais auparavant...meme lorsqu'on a commence les traitements au debut, mais apres je ne sais pas quelle etape je n'arrivais plus a le faire.

    en passsant j'ai plus des problemes des sites indesirables, mais j'aime de cote technique que tu me confirmes que mon systeme est '' SAFE''
    0
  • 1
  • 2