Popups intempestifs et virus
Gérard
-
^^Marie^^ Messages postés 126523 Date d'inscription Statut Membre Dernière intervention -
^^Marie^^ Messages postés 126523 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
J'ai pas mal de popup intempestifs qui m'embêtent au boulot, sous XP, et j'ai des process bizarres qui tournent : lsass.exe, clcl4.exe, svehost.exe, etc...
J'ai passé Spybot, AVG 7.5, et Ad-Aware, mais ils ne trouvent rien...
Sauriez-vous m'aider à restaurer mon système ?
J'ai pas mal de popup intempestifs qui m'embêtent au boulot, sous XP, et j'ai des process bizarres qui tournent : lsass.exe, clcl4.exe, svehost.exe, etc...
J'ai passé Spybot, AVG 7.5, et Ad-Aware, mais ils ne trouvent rien...
Sauriez-vous m'aider à restaurer mon système ?
A voir également:
- Popups intempestifs et virus
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Virus facebook demande d'amis - Accueil - Facebook
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
34 réponses
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"
O1 - Hosts: 62.23.82.219 srvaltiris
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmp299.tmp.dll
O4 - HKLM\..\Run: [clcl4] C:\WINDOWS\system32\clcl4.exe
O15 - Trusted Zone: *.destino.amadeus.com
O15 - Trusted Zone: *.amadeus.com
O15 - Trusted Zone: *.amadeus.fr
O15 - Trusted Zone: *.amadeus.net
O15 - Trusted Zone: *.amadeuscruise.com
O15 - Trusted Zone: *.amadeusferry.com
O15 - Trusted Zone: *.amadeusproweb.com
O15 - Trusted Zone: *.amadeusvista.com
O15 - Trusted Zone: *.start.de
O15 - Trusted Zone: *.vianeo.com
O15 - Trusted Zone: http://*.amadeusproweb.com (HKLM)
O15 - Trusted Zone: http://*.amadeusvista.com (HKLM)
O16 - DPF: {B151B524-F451-4036-9663-B3944FA710DF} (ExecuteAgent2p Class) - http://www.vianeo.com/Vianeo/fo/activex/FraClientPro.cab
Démarrer, Rechercher, supprime ce qui est en gras
C:\WINDOWS\system32\tmp299.tmp.dll
C:\WINDOWS\system32\clcl4.exe
Vide ta corbeille
Et refais un hitjakthis
O1 - Hosts: 62.23.82.219 srvaltiris
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmp299.tmp.dll
O4 - HKLM\..\Run: [clcl4] C:\WINDOWS\system32\clcl4.exe
O15 - Trusted Zone: *.destino.amadeus.com
O15 - Trusted Zone: *.amadeus.com
O15 - Trusted Zone: *.amadeus.fr
O15 - Trusted Zone: *.amadeus.net
O15 - Trusted Zone: *.amadeuscruise.com
O15 - Trusted Zone: *.amadeusferry.com
O15 - Trusted Zone: *.amadeusproweb.com
O15 - Trusted Zone: *.amadeusvista.com
O15 - Trusted Zone: *.start.de
O15 - Trusted Zone: *.vianeo.com
O15 - Trusted Zone: http://*.amadeusproweb.com (HKLM)
O15 - Trusted Zone: http://*.amadeusvista.com (HKLM)
O16 - DPF: {B151B524-F451-4036-9663-B3944FA710DF} (ExecuteAgent2p Class) - http://www.vianeo.com/Vianeo/fo/activex/FraClientPro.cab
Démarrer, Rechercher, supprime ce qui est en gras
C:\WINDOWS\system32\tmp299.tmp.dll
C:\WINDOWS\system32\clcl4.exe
Vide ta corbeille
Et refais un hitjakthis
Voilà :
Logfile of HijackThis v1.99.1
Scan saved at 16:59:41, on 21/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Automatic Update\AutoUpdate.exe
C:\Program Files\Amadeus\Pro Printer\Mainsrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Amadeus\Pro Printer\AmaPrt.exe
C:\Program Files\Amadeus\Pro Printer\AmaPrt.exe
C:\Program Files\Amadeus\Pro Printer\AmaPrt.exe
C:\Program Files\Amadeus\Pro Printer\ComAdapt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ScanToPc.exe
C:\Program Files\Hijackthis Version Française\abcde.EXE
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://216.95.196.22/dc/20534018/462/2048/31/0/html1176878050.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 62.23.82.219 srvaltiris
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {924b6c42-9f52-4e04-a986-ee5da905f3d6} - C:\WINDOWS\system32\bitify.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Documents and Settings\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\xxyyab.dll",realset
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Numérisation PC.lnk = C:\WINDOWS\ScanToPc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.destino.amadeus.com
O15 - Trusted Zone: *.amadeus.com
O15 - Trusted Zone: *.amadeus.fr
O15 - Trusted Zone: *.amadeus.net
O15 - Trusted Zone: *.amadeuscruise.com
O15 - Trusted Zone: *.amadeusferry.com
O15 - Trusted Zone: *.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: *.amadeusvista.com
O15 - Trusted Zone: http://*.amadeusvista.com
O15 - Trusted Zone: *.start.de
O15 - Trusted Zone: *.vianeo.com
O15 - Trusted Zone: http://*.amadeusproweb.com (HKLM)
O15 - Trusted Zone: http://*.amadeusvista.com (HKLM)
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - file://E:\html\AutoUpdateATL24P210.CAB
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://ww17.mophun.com/codebase/mophun.cab
O16 - DPF: {B151B524-F451-4036-9663-B3944FA710DF} (ExecuteAgent2p Class) - http://www.vianeo.com/Vianeo/fo/activex/FraClientPro.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E224546-8D03-41A3-95D3-60F476E0C7ED}: NameServer = 10.228.211.10,10.228.211.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6D1A30A-22D1-4DBC-90EA-93EF685FCC36}: NameServer = 10.228.211.10,10.228.211.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: AUWinLogon - C:\WINDOWS\SYSTEM32\AUWinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Amadeus Automatic Update - Amadeus - C:\Program Files\Automatic Update\AutoUpdate.exe
O23 - Service: AmadeusProPrinter - Amadeus - C:\Program Files\Amadeus\Pro Printer\Mainsrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Logfile of HijackThis v1.99.1
Scan saved at 16:59:41, on 21/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Automatic Update\AutoUpdate.exe
C:\Program Files\Amadeus\Pro Printer\Mainsrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Amadeus\Pro Printer\AmaPrt.exe
C:\Program Files\Amadeus\Pro Printer\AmaPrt.exe
C:\Program Files\Amadeus\Pro Printer\AmaPrt.exe
C:\Program Files\Amadeus\Pro Printer\ComAdapt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ScanToPc.exe
C:\Program Files\Hijackthis Version Française\abcde.EXE
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://216.95.196.22/dc/20534018/462/2048/31/0/html1176878050.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 62.23.82.219 srvaltiris
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {924b6c42-9f52-4e04-a986-ee5da905f3d6} - C:\WINDOWS\system32\bitify.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Documents and Settings\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\xxyyab.dll",realset
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Numérisation PC.lnk = C:\WINDOWS\ScanToPc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.destino.amadeus.com
O15 - Trusted Zone: *.amadeus.com
O15 - Trusted Zone: *.amadeus.fr
O15 - Trusted Zone: *.amadeus.net
O15 - Trusted Zone: *.amadeuscruise.com
O15 - Trusted Zone: *.amadeusferry.com
O15 - Trusted Zone: *.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: *.amadeusvista.com
O15 - Trusted Zone: http://*.amadeusvista.com
O15 - Trusted Zone: *.start.de
O15 - Trusted Zone: *.vianeo.com
O15 - Trusted Zone: http://*.amadeusproweb.com (HKLM)
O15 - Trusted Zone: http://*.amadeusvista.com (HKLM)
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - file://E:\html\AutoUpdateATL24P210.CAB
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://ww17.mophun.com/codebase/mophun.cab
O16 - DPF: {B151B524-F451-4036-9663-B3944FA710DF} (ExecuteAgent2p Class) - http://www.vianeo.com/Vianeo/fo/activex/FraClientPro.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E224546-8D03-41A3-95D3-60F476E0C7ED}: NameServer = 10.228.211.10,10.228.211.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6D1A30A-22D1-4DBC-90EA-93EF685FCC36}: NameServer = 10.228.211.10,10.228.211.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: AUWinLogon - C:\WINDOWS\SYSTEM32\AUWinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Amadeus Automatic Update - Amadeus - C:\Program Files\Automatic Update\AutoUpdate.exe
O23 - Service: AmadeusProPrinter - Amadeus - C:\Program Files\Amadeus\Pro Printer\Mainsrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut
On va commencer par
Télécharge clean.zip --> tu l'as déjà
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 1
Poste le rapport qui se trouve ici C:\rapport_clean.txt
ensuite :
# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 2
Poste le rapport qui se trouve ici C:\rapport_clean.txt
On va commencer par
Télécharge clean.zip --> tu l'as déjà
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 1
Poste le rapport qui se trouve ici C:\rapport_clean.txt
ensuite :
# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 2
Poste le rapport qui se trouve ici C:\rapport_clean.txt
Pardon, je regardais mes messages privés, et pas le fil...
23/04/2007 a 16:05:17,39
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
Drôle de rapport...
23/04/2007 a 16:05:17,39
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
Drôle de rapport...
Rapport après désinfection :
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 23/04/2007 a 16:10:25,64
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
*** Suppression des fichiers dans C:\Program Files
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Toujours mes rudll manquants : bitify & xxyyab
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 23/04/2007 a 16:10:25,64
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
*** Suppression des fichiers dans C:\Program Files
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Toujours mes rudll manquants : bitify & xxyyab
Scanne ton PC avec cet antivirus en ligne : --> normal et sans échec
https://www.kaspersky.fr/downloads
- Choisis "Kaspersky Online Scanner"
- Clique sur "Accept" -> "Next" -> "My computer"
- Laisse le scan se faire et copie/colle le rapport ici
https://www.kaspersky.fr/downloads
- Choisis "Kaspersky Online Scanner"
- Clique sur "Accept" -> "Next" -> "My computer"
- Laisse le scan se faire et copie/colle le rapport ici
mode normal :
KASPERSKY ONLINE SCANNER REPORT
Monday, April 23, 2007 6:24:39 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/04/2007
Kaspersky Anti-Virus database records: 283568
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
J:\
W:\
Scan Statistics
Total number of scanned objects 87326
Number of viruses found 3
Number of infected objects 17 / 0
Number of suspicious objects 0
Duration of the scan process 00:36:32
Infected Object Name Virus Name Last Action
C:\Documents and Settings\Agent\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Agent\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Agent\Local Settings\Temp\fgnc.exe Infected: Trojan.Win32.Agent.kq skipped
C:\Documents and Settings\Agent\Local Settings\Temp\Temporary Internet Files\Content.IE5\0P0JYLIF\fish20070418[1] Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\Agent\Local Settings\Temp\tmp299.tmp.exe Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\Agent\Local Settings\Temp\tmp8A.tmp.exe Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\Agent\Local Settings\Temporary Internet Files\Content.IE5\0HQJST2F\fish20070418[1] Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\Agent\Local Settings\Temporary Internet Files\Content.IE5\0HQJST2F\up[1].php Infected: Trojan.Win32.Agent.kq skipped
C:\Documents and Settings\Agent\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02B80000.VBN Infected: Trojan-Downloader.Win32.Agent.bjk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02B80001.VBN Infected: Trojan-Downloader.Win32.Agent.bjk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\066C0001.VBN Infected: Trojan.Win32.Agent.kq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\066C0002.VBN Infected: Trojan.Win32.Agent.kq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A7C0000.VBN Infected: Trojan-Downloader.Win32.Agent.bjk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A7C0001.VBN Infected: Trojan-Downloader.Win32.Agent.bjk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C000000.VBN Infected: Trojan-Downloader.Win32.Agent.bjk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C000001.VBN Infected: Trojan-Downloader.Win32.Agent.bjk skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Respagence\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Respagence\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Respagence\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Respagence\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Respagence\Local Settings\Historique\History.IE5\MSHist012007042320070424\index.dat Object is locked skipped
C:\Documents and Settings\Respagence\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Respagence\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Respagence\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Altiris\Altiris Agent\Software Delivery\pkgdlvlk.tmp Object is locked skipped
C:\Program Files\Altiris\Altiris Agent\Tasks\AeXTaskSchedulerLock\taskSchedulerLock.tmp Object is locked skipped
C:\Program Files\Hijackthis Version Française\backups\backup-20070421-165411-167.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\FP00006.SHD Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\FP00006.SPL Object is locked skipped
C:\WINDOWS\system32\tmp181.tmp.dll Infected: Trojan.Win32.BHO.g skipped
C:\WINDOWS\system32\tmp8A.tmp.dll Infected: Trojan.Win32.BHO.g skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\buf101.tmp Object is locked skipped
C:\WINDOWS\Temp\buf102.tmp Object is locked skipped
C:\WINDOWS\Temp\buf107.tmp Object is locked skipped
C:\WINDOWS\Temp\buf1825.tmp Object is locked skipped
C:\WINDOWS\Temp\buf50.tmp Object is locked skipped
C:\WINDOWS\Temp\bufA9.tmp Object is locked skipped
C:\WINDOWS\Temp\bufAA.tmp Object is locked skipped
C:\WINDOWS\Temp\bufAF.tmp Object is locked skipped
C:\WINDOWS\Temp\bufD1.tmp Object is locked skipped
C:\WINDOWS\Temp\bufE.tmp Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
W:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
KASPERSKY ONLINE SCANNER REPORT
Monday, April 23, 2007 6:24:39 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/04/2007
Kaspersky Anti-Virus database records: 283568
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
J:\
W:\
Scan Statistics
Total number of scanned objects 87326
Number of viruses found 3
Number of infected objects 17 / 0
Number of suspicious objects 0
Duration of the scan process 00:36:32
Infected Object Name Virus Name Last Action
C:\Documents and Settings\Agent\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Agent\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Agent\Local Settings\Temp\fgnc.exe Infected: Trojan.Win32.Agent.kq skipped
C:\Documents and Settings\Agent\Local Settings\Temp\Temporary Internet Files\Content.IE5\0P0JYLIF\fish20070418[1] Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\Agent\Local Settings\Temp\tmp299.tmp.exe Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\Agent\Local Settings\Temp\tmp8A.tmp.exe Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\Agent\Local Settings\Temporary Internet Files\Content.IE5\0HQJST2F\fish20070418[1] Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\Agent\Local Settings\Temporary Internet Files\Content.IE5\0HQJST2F\up[1].php Infected: Trojan.Win32.Agent.kq skipped
C:\Documents and Settings\Agent\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02B80000.VBN Infected: Trojan-Downloader.Win32.Agent.bjk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02B80001.VBN Infected: Trojan-Downloader.Win32.Agent.bjk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\066C0001.VBN Infected: Trojan.Win32.Agent.kq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\066C0002.VBN Infected: Trojan.Win32.Agent.kq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A7C0000.VBN Infected: Trojan-Downloader.Win32.Agent.bjk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A7C0001.VBN Infected: Trojan-Downloader.Win32.Agent.bjk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C000000.VBN Infected: Trojan-Downloader.Win32.Agent.bjk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C000001.VBN Infected: Trojan-Downloader.Win32.Agent.bjk skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Respagence\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Respagence\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Respagence\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Respagence\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Respagence\Local Settings\Historique\History.IE5\MSHist012007042320070424\index.dat Object is locked skipped
C:\Documents and Settings\Respagence\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Respagence\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Respagence\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Altiris\Altiris Agent\Software Delivery\pkgdlvlk.tmp Object is locked skipped
C:\Program Files\Altiris\Altiris Agent\Tasks\AeXTaskSchedulerLock\taskSchedulerLock.tmp Object is locked skipped
C:\Program Files\Hijackthis Version Française\backups\backup-20070421-165411-167.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\FP00006.SHD Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\FP00006.SPL Object is locked skipped
C:\WINDOWS\system32\tmp181.tmp.dll Infected: Trojan.Win32.BHO.g skipped
C:\WINDOWS\system32\tmp8A.tmp.dll Infected: Trojan.Win32.BHO.g skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\buf101.tmp Object is locked skipped
C:\WINDOWS\Temp\buf102.tmp Object is locked skipped
C:\WINDOWS\Temp\buf107.tmp Object is locked skipped
C:\WINDOWS\Temp\buf1825.tmp Object is locked skipped
C:\WINDOWS\Temp\buf50.tmp Object is locked skipped
C:\WINDOWS\Temp\bufA9.tmp Object is locked skipped
C:\WINDOWS\Temp\bufAA.tmp Object is locked skipped
C:\WINDOWS\Temp\bufAF.tmp Object is locked skipped
C:\WINDOWS\Temp\bufD1.tmp Object is locked skipped
C:\WINDOWS\Temp\bufE.tmp Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
W:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Autre chose ==> adress IP
10.228.211.10
10.228.211.11
Tu les connais ? car elles me sont inconnues ;-(
10.228.211.10
10.228.211.11
Tu les connais ? car elles me sont inconnues ;-(
Ensuite
Tu vas sur ce lien
http://www.virustotal.com/en/virustotalx.html
En haut à droite tu as "parcourir" tu cherches
C:\WINDOWS\SYSTEM32\AUWinLogon.dll
Tu cliks sur "send"
Copies colles le rapport ici
A++
Tu vas sur ce lien
http://www.virustotal.com/en/virustotalx.html
En haut à droite tu as "parcourir" tu cherches
C:\WINDOWS\SYSTEM32\AUWinLogon.dll
Tu cliks sur "send"
Copies colles le rapport ici
A++
Hello MArie.
STATUS: FINISHEDComplete scanning result of "AUWinLogon.dll", received in VirusTotal at 04.23.2007, 18:50:38 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.4.24.0 04.23.2007 no virus found
AntiVir 7.4.0.14 04.23.2007 no virus found
Authentium 4.93.8 04.23.2007 no virus found
Avast 4.7.981.0 04.23.2007 no virus found
AVG 7.5.0.464 04.22.2007 no virus found
BitDefender 7.2 04.23.2007 no virus found
CAT-QuickHeal 9.00 04.23.2007 no virus found
ClamAV devel-20070416 04.23.2007 no virus found
DrWeb 4.33 04.23.2007 no virus found
eSafe 7.0.15.0 04.23.2007 no virus found
eTrust-Vet 30.7.3589 04.23.2007 no virus found
Ewido 4.0 04.23.2007 no virus found
FileAdvisor 1 04.23.2007 no virus found
Fortinet 2.85.0.0 04.23.2007 no virus found
F-Prot 4.3.2.48 04.23.2007 no virus found
F-Secure 6.70.13030.0 04.23.2007 no virus found
Ikarus T3.1.1.5 04.23.2007 no virus found
Kaspersky 4.0.2.24 04.23.2007 no virus found
McAfee 5015 04.23.2007 no virus found
Microsoft 1.2405 04.23.2007 no virus found
NOD32v2 2213 04.23.2007 no virus found
Norman 5.80.02 04.23.2007 no virus found
Panda 9.0.0.4 04.23.2007 no virus found
Prevx1 V2 04.23.2007 no virus found
Sophos 4.16.0 04.20.2007 no virus found
Sunbelt 2.2.907.0 04.19.2007 no virus found
Symantec 10 04.23.2007 no virus found
TheHacker 6.1.6.095 04.15.2007 no virus found
VBA32 3.11.4 04.23.2007 no virus found
VirusBuster 4.3.7:9 04.23.2007 no virus found
Webwasher-Gateway 6.0.1 04.23.2007 no virus found
Aditional Information
File size: 57344 bytes
MD5: d4d36f7a82612dc92d32f59b497cdca7
SHA1: e2687ecc94aa25545b7eb149812f773dc6e5f7f8
STATUS: FINISHEDComplete scanning result of "AUWinLogon.dll", received in VirusTotal at 04.23.2007, 18:50:38 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.4.24.0 04.23.2007 no virus found
AntiVir 7.4.0.14 04.23.2007 no virus found
Authentium 4.93.8 04.23.2007 no virus found
Avast 4.7.981.0 04.23.2007 no virus found
AVG 7.5.0.464 04.22.2007 no virus found
BitDefender 7.2 04.23.2007 no virus found
CAT-QuickHeal 9.00 04.23.2007 no virus found
ClamAV devel-20070416 04.23.2007 no virus found
DrWeb 4.33 04.23.2007 no virus found
eSafe 7.0.15.0 04.23.2007 no virus found
eTrust-Vet 30.7.3589 04.23.2007 no virus found
Ewido 4.0 04.23.2007 no virus found
FileAdvisor 1 04.23.2007 no virus found
Fortinet 2.85.0.0 04.23.2007 no virus found
F-Prot 4.3.2.48 04.23.2007 no virus found
F-Secure 6.70.13030.0 04.23.2007 no virus found
Ikarus T3.1.1.5 04.23.2007 no virus found
Kaspersky 4.0.2.24 04.23.2007 no virus found
McAfee 5015 04.23.2007 no virus found
Microsoft 1.2405 04.23.2007 no virus found
NOD32v2 2213 04.23.2007 no virus found
Norman 5.80.02 04.23.2007 no virus found
Panda 9.0.0.4 04.23.2007 no virus found
Prevx1 V2 04.23.2007 no virus found
Sophos 4.16.0 04.20.2007 no virus found
Sunbelt 2.2.907.0 04.19.2007 no virus found
Symantec 10 04.23.2007 no virus found
TheHacker 6.1.6.095 04.15.2007 no virus found
VBA32 3.11.4 04.23.2007 no virus found
VirusBuster 4.3.7:9 04.23.2007 no virus found
Webwasher-Gateway 6.0.1 04.23.2007 no virus found
Aditional Information
File size: 57344 bytes
MD5: d4d36f7a82612dc92d32f59b497cdca7
SHA1: e2687ecc94aa25545b7eb149812f773dc6e5f7f8
Salut
Fais ceci dans l'ordre :
Télécharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> http://www.infos-du-net.com/telecharger/CCleaner,0301-1039.html
Redémarre le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) dès le démarrage et tu choisis le mode sans échec)
Dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis clic en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs" et tu auras un message pour sauvegarder ta base de registre tu clic "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites, tu pourras les supprimer si ton ordinateur n'a plus de problémes.
- Relance Ccleaner, vas dans l'onglet "nettoyeur" présent sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Si tu as besoin d'aide avec Ccleaner, regarde ce tutoriel :
https://kerio.probb.fr/t242-tuto-ccleaner-v-2
Dès que c'est fait redémarre normalement.
Ensuite :
Télécharge ComboScan sur ton Bureau.
---> http://www.techsupportforum.com/sectools/Deckard/comboscan.exe
Ferme toutes les applications en cours ; antivirus, pare-feu, etc ..
Double-clic sur comboscan.exe A la fenêtre qui s'affiche, clic sur OK.
Soit patient ..
Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.
Fais ceci dans l'ordre :
Télécharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> http://www.infos-du-net.com/telecharger/CCleaner,0301-1039.html
Redémarre le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) dès le démarrage et tu choisis le mode sans échec)
Dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis clic en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs" et tu auras un message pour sauvegarder ta base de registre tu clic "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites, tu pourras les supprimer si ton ordinateur n'a plus de problémes.
- Relance Ccleaner, vas dans l'onglet "nettoyeur" présent sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Si tu as besoin d'aide avec Ccleaner, regarde ce tutoriel :
https://kerio.probb.fr/t242-tuto-ccleaner-v-2
Dès que c'est fait redémarre normalement.
Ensuite :
Télécharge ComboScan sur ton Bureau.
---> http://www.techsupportforum.com/sectools/Deckard/comboscan.exe
Ferme toutes les applications en cours ; antivirus, pare-feu, etc ..
Double-clic sur comboscan.exe A la fenêtre qui s'affiche, clic sur OK.
Soit patient ..
Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.
Merci, et voilà :
ComboScan v20070306.20 run by Respagence on 2007-04-24 at 12:18:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2007-04-24 10:18:25 UTC - RP1 - Point de vérification système
Performed disk cleanup.
-- HijackThis (run as Respagence.exe) ------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:19:20, on 24/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Automatic Update\AutoUpdate.exe
C:\Program Files\Amadeus\Pro Printer\Mainsrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Amadeus\Pro Printer\AmaPrt.exe
C:\Program Files\Amadeus\Pro Printer\AmaPrt.exe
C:\Program Files\Amadeus\Pro Printer\AmaPrt.exe
C:\Program Files\Amadeus\Pro Printer\ComAdapt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Respagence\Bureau\comboscan.exe
C:\PROGRA~1\HIJACK~2\Respagence.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://216.95.196.22/dc/20534018/462/2048/31/0/html1176878050.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 62.23.82.219 srvaltiris
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {924b6c42-9f52-4e04-a986-ee5da905f3d6} - (no file)
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\bak\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Numérisation PC.lnk = C:\WINDOWS\ScanToPc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.destino.amadeus.com
O15 - Trusted Zone: *.amadeus.com
O15 - Trusted Zone: *.amadeus.fr
O15 - Trusted Zone: *.amadeus.net
O15 - Trusted Zone: *.amadeuscruise.com
O15 - Trusted Zone: *.amadeusferry.com
O15 - Trusted Zone: *.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: *.amadeusvista.com
O15 - Trusted Zone: http://*.amadeusvista.com
O15 - Trusted Zone: *.start.de
O15 - Trusted Zone: *.vianeo.com
O15 - Trusted Zone: http://*.amadeusproweb.com (HKLM)
O15 - Trusted Zone: http://*.amadeusvista.com (HKLM)
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - file://E:\html\AutoUpdateATL24P210.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://ww17.mophun.com/codebase/mophun.cab
O16 - DPF: {B151B524-F451-4036-9663-B3944FA710DF} (ExecuteAgent2p Class) - http://www.vianeo.com/Vianeo/fo/activex/FraClientPro.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E224546-8D03-41A3-95D3-60F476E0C7ED}: NameServer = 10.228.211.10,10.228.211.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6D1A30A-22D1-4DBC-90EA-93EF685FCC36}: NameServer = 10.228.211.10,10.228.211.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: AUWinLogon - C:\WINDOWS\SYSTEM32\AUWinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Amadeus Automatic Update - Amadeus - C:\Program Files\Automatic Update\AutoUpdate.exe
O23 - Service: AmadeusProPrinter - Amadeus - C:\Program Files\Amadeus\Pro Printer\Mainsrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
-- File Associations -----------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
3R aeaudio - C:\WINDOWS\system32\drivers\aeaudio.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
3R b57w2k (Broadcom NetXtreme Gigabit Ethernet) - C:\WINDOWS\system32\drivers\b57xp32.sys
1R clntmgmt - C:\WINDOWS\system32\drivers\Clntmgmt.sys
2R DgivEcp (Team MFP Comm Driver) - C:\WINDOWS\system32\drivers\DgivEcp.sys
3S HdAudAddService (Pilote de fonction Microsoft UAA pour Service High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudio.sys
3S HDAudBus (Pilote de bus Microsoft UAA pour High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3S hidusb (Pilote de classe HID Microsoft) - C:\WINDOWS\system32\drivers\hidusb.sys
3R ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys
3S IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.Sys
1R intelppm (Pilote de processeur Intel) - C:\WINDOWS\system32\drivers\intelppm.sys
3S mouhid (Pilote HID de souris) - C:\WINDOWS\system32\drivers\mouhid.sys
3R NAVENG - C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20070423.019\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20070423.019\NAVEX15.SYS
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
1R SAVRT - C:\Program Files\Symantec AntiVirus\savrt.sys
2R SAVRTPEL - C:\Program Files\Symantec AntiVirus\Savrtpel.sys
3R smwdm - C:\WINDOWS\system32\drivers\smwdm.sys
3R SymEvent - C:\Program Files\Symantec\SYMEVENT.SYS
3S SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
3R usbehci (Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0) - C:\WINDOWS\system32\drivers\usbehci.sys
3S USBSTOR (Pilote de stockage de masse USB) - C:\WINDOWS\system32\drivers\usbstor.sys
1R WmiAcpi (Interface de gestion Microsoft Windows pour ACPI) - C:\WINDOWS\system32\drivers\wmiacpi.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
2R AeXNSClient (Altiris Agent) - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
2R Amadeus Automatic Update - C:\Program Files\Automatic Update\AutoUpdate.exe
2R AmadeusProPrinter - C:\Program Files\Amadeus\Pro Printer\Mainsrv.exe
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"
3S ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe"
2S ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"
2R DefWatch (Symantec AntiVirus Definition Watcher) - "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
3S SavRoam - "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
3S SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"
2R Symantec AntiVirus - "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe
2R UPHClean (User Profile Hive Cleanup) - C:\Program Files\UPHClean\uphclean.exe
3S usnjsvc (Service Messenger Sharing Folders USN Journal Reader) - "C:\Program Files\MSN Messenger\usnsvc.exe"
-- Files created between 2007-03-24 and 2007-04-24 -----------------------------
2007-04-24 12:08:17 0 d-------- C:\Program Files\CCleaner
2007-04-23 17:39:28 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-04-21 14:35:15 0 d---s---- C:\Documents and Settings\Respagence\UserData
2007-04-21 14:35:11 0 d-------- C:\Documents and Settings\Respagence\Application Data\Amadeus
2007-04-20 10:15:31 1450 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-19 16:42:42 0 d-------- C:\Program Files\Hijackthis Version Française<HIJACK~1>
2007-04-19 11:10:57 0 d-------- C:\WINDOWS\Profiles
2007-04-18 18:51:19 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-18 18:51:17 0 d-------- C:\Program Files\Grisoft
2007-04-18 11:51:21 0 d-------- C:\Program Files\RegCleaner<REGCLE~1>
2007-04-18 08:34:24 0 d-------- C:\Documents and Settings\Respagence\Application Data\Lavasoft
2007-04-17 08:39:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-04-16 12:31:43 0 d-------- C:\Documents and Settings\Agent\Application Data\Lavasoft
2007-04-16 12:31:33 0 d-------- C:\Program Files\Lavasoft
2007-04-13 17:23:05 0 d-------- C:\WINDOWS\system32\bak
-- Find3M Report ---------------------------------------------------------------
2007-04-24 12:17:22 367658 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-04-24 12:17:22 48616 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-04-24 12:16:18 0 d-------- C:\Program Files\Symantec AntiVirus<SYMANT~1>
2007-04-19 18:21:15 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared<SYMANT~1>
2007-04-18 18:46:40 0 d-------- C:\Documents and Settings\Respagence\Application Data\Macromedia<MACROM~1>
2007-04-13 17:23:05 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-04-04 15:29:48 0 d-------- C:\Program Files\Automatic Update<AUTOMA~1>
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\bak\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe"
"RTHDCPL"="RTHDCPL.EXE"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000
"NoSMBalloonTip"=dword:00000000
"NoWindowsUpdate"=dword:00000001
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AUWinLogon
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
-- Hosts -----------------------------------------------------------------------
62.23.82.219 srvaltiris
-- End of ComboScan: finished at 2007-04-24 at 12:19:42 ------------------------
ComboScan v20070306.20 run by Respagence on 2007-04-24 at 12:18:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2007-04-24 10:18:25 UTC - RP1 - Point de vérification système
Performed disk cleanup.
-- HijackThis (run as Respagence.exe) ------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:19:20, on 24/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Automatic Update\AutoUpdate.exe
C:\Program Files\Amadeus\Pro Printer\Mainsrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Amadeus\Pro Printer\AmaPrt.exe
C:\Program Files\Amadeus\Pro Printer\AmaPrt.exe
C:\Program Files\Amadeus\Pro Printer\AmaPrt.exe
C:\Program Files\Amadeus\Pro Printer\ComAdapt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Respagence\Bureau\comboscan.exe
C:\PROGRA~1\HIJACK~2\Respagence.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://216.95.196.22/dc/20534018/462/2048/31/0/html1176878050.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 62.23.82.219 srvaltiris
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {924b6c42-9f52-4e04-a986-ee5da905f3d6} - (no file)
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\bak\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Numérisation PC.lnk = C:\WINDOWS\ScanToPc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.destino.amadeus.com
O15 - Trusted Zone: *.amadeus.com
O15 - Trusted Zone: *.amadeus.fr
O15 - Trusted Zone: *.amadeus.net
O15 - Trusted Zone: *.amadeuscruise.com
O15 - Trusted Zone: *.amadeusferry.com
O15 - Trusted Zone: *.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: *.amadeusvista.com
O15 - Trusted Zone: http://*.amadeusvista.com
O15 - Trusted Zone: *.start.de
O15 - Trusted Zone: *.vianeo.com
O15 - Trusted Zone: http://*.amadeusproweb.com (HKLM)
O15 - Trusted Zone: http://*.amadeusvista.com (HKLM)
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - file://E:\html\AutoUpdateATL24P210.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://ww17.mophun.com/codebase/mophun.cab
O16 - DPF: {B151B524-F451-4036-9663-B3944FA710DF} (ExecuteAgent2p Class) - http://www.vianeo.com/Vianeo/fo/activex/FraClientPro.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E224546-8D03-41A3-95D3-60F476E0C7ED}: NameServer = 10.228.211.10,10.228.211.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6D1A30A-22D1-4DBC-90EA-93EF685FCC36}: NameServer = 10.228.211.10,10.228.211.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: AUWinLogon - C:\WINDOWS\SYSTEM32\AUWinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Amadeus Automatic Update - Amadeus - C:\Program Files\Automatic Update\AutoUpdate.exe
O23 - Service: AmadeusProPrinter - Amadeus - C:\Program Files\Amadeus\Pro Printer\Mainsrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
-- File Associations -----------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
3R aeaudio - C:\WINDOWS\system32\drivers\aeaudio.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
3R b57w2k (Broadcom NetXtreme Gigabit Ethernet) - C:\WINDOWS\system32\drivers\b57xp32.sys
1R clntmgmt - C:\WINDOWS\system32\drivers\Clntmgmt.sys
2R DgivEcp (Team MFP Comm Driver) - C:\WINDOWS\system32\drivers\DgivEcp.sys
3S HdAudAddService (Pilote de fonction Microsoft UAA pour Service High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudio.sys
3S HDAudBus (Pilote de bus Microsoft UAA pour High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3S hidusb (Pilote de classe HID Microsoft) - C:\WINDOWS\system32\drivers\hidusb.sys
3R ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys
3S IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.Sys
1R intelppm (Pilote de processeur Intel) - C:\WINDOWS\system32\drivers\intelppm.sys
3S mouhid (Pilote HID de souris) - C:\WINDOWS\system32\drivers\mouhid.sys
3R NAVENG - C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20070423.019\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20070423.019\NAVEX15.SYS
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
1R SAVRT - C:\Program Files\Symantec AntiVirus\savrt.sys
2R SAVRTPEL - C:\Program Files\Symantec AntiVirus\Savrtpel.sys
3R smwdm - C:\WINDOWS\system32\drivers\smwdm.sys
3R SymEvent - C:\Program Files\Symantec\SYMEVENT.SYS
3S SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
3R usbehci (Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0) - C:\WINDOWS\system32\drivers\usbehci.sys
3S USBSTOR (Pilote de stockage de masse USB) - C:\WINDOWS\system32\drivers\usbstor.sys
1R WmiAcpi (Interface de gestion Microsoft Windows pour ACPI) - C:\WINDOWS\system32\drivers\wmiacpi.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
2R AeXNSClient (Altiris Agent) - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
2R Amadeus Automatic Update - C:\Program Files\Automatic Update\AutoUpdate.exe
2R AmadeusProPrinter - C:\Program Files\Amadeus\Pro Printer\Mainsrv.exe
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"
3S ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe"
2S ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"
2R DefWatch (Symantec AntiVirus Definition Watcher) - "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
3S SavRoam - "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
3S SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"
2R Symantec AntiVirus - "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe
2R UPHClean (User Profile Hive Cleanup) - C:\Program Files\UPHClean\uphclean.exe
3S usnjsvc (Service Messenger Sharing Folders USN Journal Reader) - "C:\Program Files\MSN Messenger\usnsvc.exe"
-- Files created between 2007-03-24 and 2007-04-24 -----------------------------
2007-04-24 12:08:17 0 d-------- C:\Program Files\CCleaner
2007-04-23 17:39:28 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-04-21 14:35:15 0 d---s---- C:\Documents and Settings\Respagence\UserData
2007-04-21 14:35:11 0 d-------- C:\Documents and Settings\Respagence\Application Data\Amadeus
2007-04-20 10:15:31 1450 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-19 16:42:42 0 d-------- C:\Program Files\Hijackthis Version Française<HIJACK~1>
2007-04-19 11:10:57 0 d-------- C:\WINDOWS\Profiles
2007-04-18 18:51:19 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-18 18:51:17 0 d-------- C:\Program Files\Grisoft
2007-04-18 11:51:21 0 d-------- C:\Program Files\RegCleaner<REGCLE~1>
2007-04-18 08:34:24 0 d-------- C:\Documents and Settings\Respagence\Application Data\Lavasoft
2007-04-17 08:39:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-04-16 12:31:43 0 d-------- C:\Documents and Settings\Agent\Application Data\Lavasoft
2007-04-16 12:31:33 0 d-------- C:\Program Files\Lavasoft
2007-04-13 17:23:05 0 d-------- C:\WINDOWS\system32\bak
-- Find3M Report ---------------------------------------------------------------
2007-04-24 12:17:22 367658 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-04-24 12:17:22 48616 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-04-24 12:16:18 0 d-------- C:\Program Files\Symantec AntiVirus<SYMANT~1>
2007-04-19 18:21:15 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared<SYMANT~1>
2007-04-18 18:46:40 0 d-------- C:\Documents and Settings\Respagence\Application Data\Macromedia<MACROM~1>
2007-04-13 17:23:05 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-04-04 15:29:48 0 d-------- C:\Program Files\Automatic Update<AUTOMA~1>
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\bak\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe"
"RTHDCPL"="RTHDCPL.EXE"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000
"NoSMBalloonTip"=dword:00000000
"NoWindowsUpdate"=dword:00000001
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AUWinLogon
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
-- Hosts -----------------------------------------------------------------------
62.23.82.219 srvaltiris
-- End of ComboScan: finished at 2007-04-24 at 12:19:42 ------------------------
Refais un nettoyage complet avec CCleaner, que je t'ai donné au dessus pour régler le problème de fichiers manquants
Pas de souci pour lsass ;-)
Pas de souci pour lsass ;-)
Bon ne fais rien pour l'instant
Je vais demander du renfort
Inscrit toi sur le forum
J'ai besoin de renseignement concernant ton boulot