[virus rootkit downloader] pbs de connection

jimiii Messages postés 31 Statut Membre -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
[virus rootkit] pbs de connection
Bonsoir à tous(tes),

J'ai un petit souci de virus: "downloader, delf, pakes ..." J'ai windows xp et IE ?. Avast les detecte mais me dit qu'on ne peut pas les scanner car ils sont cachés. J'ai internet mais c'est lent et j'ai des pbs de connection.
Ca serait super si qq'un pouvait m'expliquer la façon de s'en débarasser! Merci d'avance.
Voici le "log file" de "hijack this" (que j'ai renommé en scanner.exe). Ensuite j'ai lu sur commentcam. qu'il fallait telecharger "combo fix" mais rumeurs de root kits dessus alors je suis un peu coincé (sinon il faut tout effacer!!!).

Merci beaucoup,

jim

Logfile of HijackThis v1.99.1
Scan saved at 18:41:33, on 19/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Internet Explorer\iexplore.exe
f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
f:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
f:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\uncerbjx.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {711980C2-8C7F-4C55-A742-25659CD1C442} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} - C:\WINDOWS\system32\qaqfvrie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\4.tmp
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [TrojanScanner] d:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\TEMP\5.tmp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [svas] C:\WINDOWS\TEMP\10.tmp
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: A12FF9D8 - - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - ATI Technologies Inc. - (no file)
O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CD76C53C - C-Dilla Ltd - (no file)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Configuration: Windows XP
Internet Explorer 6.0

17 réponses

Résumé de la discussion

Un utilisateur signale une infection Windows XP avec des composants viraux downloader, delf et pakes, et difficultés de connexion alors qu Avast les détecte mais ne peut pas les scanner car ils sont cachés.
Plusieurs membres évoquent des solutions de nettoyage comme L2mfix, Clean.zip et ComboFix, l'exécution en mode sans échec, et l'analyse de logs HijackThis pour identifier les BHO et services suspects.
En cas d'échec partiel, la discussion recommande des étapes successives puis la publication d'un nouveau rapport et éventuellement des outils complémentaires comme des scripts de réparation.
Une nuance utile rappelle que les rootkits peuvent nécessiter une réinstallation complète du système si les outils courants ne suffisent pas à restaurer une configuration propre et sécurisée.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    c'est pas triste !

    éléchargez VundoFix.exe (par Atribune) sur ton Bureau :

    http://www.atribune.org/ccount/click.php?id=4

    *Double-clique VundoFix.exe afin de le lancer.
    * Cliquez sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, cliquez sur le bouton Remove Vundo.
    * Une invite vous demandera supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    * le PC va s'éteindre ("shutdown") : clique OK
    * Démarrez votre PC à nouveau
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

    ++
    0
    1. jimiii Messages postés 31 Statut Membre
       
      voici le log de combofix

      ComboFix 07-06-18.2 - C:\Documents and Settings\Demonn\Bureau\ComboFix.exe
      "Demonn" - 2007-06-19 22:27:20 - Service Pack 2 NTFS


      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


      C:\Documents and Settings\All Users.\documents\settings
      C:\Documents and Settings\All Users.\documents\settings\desktop.ini
      C:\Documents and Settings\All Users.\documents\settings\partnership.dll
      C:\Program Files\vsadd-in
      C:\WINDOWS\764.exe
      C:\WINDOWS\avp.exe
      C:\WINDOWS\Inf\dbmio32.dll
      C:\WINDOWS\system32\5_exception.nls
      C:\WINDOWS\system32\al64.dll
      C:\WINDOWS\system32\cryptsa.dll
      C:\WINDOWS\system32\drv32dta
      C:\WINDOWS\system32\drv32dta\klg.tmp
      C:\WINDOWS\system32\drv32dta\pstore_070314_212703.txt
      C:\WINDOWS\system32\drv32dta\pstore_070314_233825.txt
      C:\WINDOWS\system32\drv32dta\pstore_070315_133838.txt
      C:\WINDOWS\system32\drv32dta\pstore_070315_134531.txt
      C:\WINDOWS\system32\drv32dta\pstore_070315_194953.txt
      C:\WINDOWS\system32\drv32dta\pstore_070316_064235.txt
      C:\WINDOWS\system32\drv32dta\pstore_070316_122013.txt
      C:\WINDOWS\system32\drv32dta\pstore_070316_171135.txt
      C:\WINDOWS\system32\drv32dta\pstore_070316_190724.txt
      C:\WINDOWS\system32\wsnpoem
      C:\WINDOWS\system32\wsnpoem\audio.dll
      C:\WINDOWS\system32\wsnpoem\video.dll


      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


      -------\LEGACY_RUNTIME
      -------\runtime


      ((((((((((((((((((((((((( Files Created from 2007-05-19 to 2007-06-19 )))))))))))))))))))))))))))))))


      2007-06-19 22:27 49,152 --a------ C:\WINDOWS\nircmd.exe
      2007-06-19 21:21 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2007-06-19 21:21 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2007-06-19 21:21 3,804 --a------ C:\WINDOWS\system32\tmp.reg
      2007-06-19 21:21 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2007-06-19 20:43 <REP> d-------- C:\VundoFix Backups
      2007-06-19 19:46 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
      2007-06-19 17:47 9,136 --a------ C:\WINDOWS\system32\Inetwh16.dll
      2007-06-19 17:47 692,736 --a------ C:\WINDOWS\system32\BatchRegister.exe
      2007-06-19 17:47 48,640 --a------ C:\WINDOWS\system32\Inetwh32.dll
      2007-06-19 17:47 409,600 --a------ C:\WINDOWS\system32\Crde96v3.dll
      2007-06-19 17:47 4,528 --a------ C:\WINDOWS\system32\Setbrows.exe
      2007-06-19 17:47 221,184 --a------ C:\WINDOWS\system32\I3spec32.dll
      2007-06-19 17:47 159,744 --a------ C:\WINDOWS\system32\Ilanot32.dll
      2007-06-19 17:47 108,032 --a------ C:\WINDOWS\system32\UNWISE.EXE
      2007-06-19 17:47 1,025,536 --a------ C:\WINDOWS\system32\SausReg.exe
      2007-06-18 20:59 93,216 --a------ C:\WINDOWS\system32\eaeabbbebcdb.dll
      2007-06-18 00:45 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
      2007-06-18 00:45 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
      2007-06-18 00:45 <REP> d-------- C:\DOCUME~1\Demonn\APPLIC~1\Simply Super Software
      2007-06-18 00:45 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
      2007-06-17 23:58 922,729 --a------ C:\WINDOWS\system32\nogyqphp.ini.ren
      2007-06-17 23:58 124,436 --a------ C:\WINDOWS\system32\phpqygon.dll.ren
      2007-06-16 01:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
      2007-06-16 01:38 125,972 --a------ C:\WINDOWS\system32\qaqfvrie.dll
      2007-06-15 23:25 <REP> d-------- C:\DOCUME~1\Demonn\APPLIC~1\Leadertech
      2007-06-15 00:14 125,972 --a------ C:\WINDOWS\system32\ncsihied.dll
      2007-06-11 12:15 <REP> d-------- C:\DOCUME~1\Demonn\APPLIC~1\SEGA
      2007-06-10 23:09 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
      2007-06-07 16:43 892,553 --a------ C:\WINDOWS\system32\rrqss.bak2.ren
      2007-06-07 07:54 901,759 --ahs---- C:\WINDOWS\system32\rrqss.ini.ren
      2007-06-07 07:54 892,890 --a------ C:\WINDOWS\system32\rrqss.bak1.ren
      2007-06-07 07:54 263,220 --a------ C:\WINDOWS\system32\ssqrr.dll.ren
      2007-06-07 04:04 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll
      2007-06-07 04:04 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll
      2007-06-04 14:08 30,770 --a------ C:\my.exe
      2007-06-04 14:08 30,770 --a------ C:\documents.exe
      2007-06-03 17:55 299,008 --a------ C:\WINDOWS\uninst.exe
      2007-06-03 17:38 32,768 --a------ C:\rgfk.exe
      2007-06-03 16:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
      2007-05-31 19:40 58,368 --a------ C:\WINDOWS\Unwash6.exe
      2007-05-19 11:16 <REP> d-------- C:\WINDOWS\Google Toolbar
      2007-05-19 11:01 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
      2007-05-19 11:01 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
      2007-05-19 11:01 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
      2007-05-19 11:01 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
      2007-05-19 11:01 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
      2007-05-19 11:01 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
      2007-05-19 11:01 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
      2007-05-19 11:01 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
      2007-05-19 01:45 101,376 --a------ C:\WINDOWS\system32\drivers\ACEDRV07.sys


      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

      2007-06-19 08:16:02 -------- d-----w C:\Program Files\Google
      2007-06-17 17:50:12 -------- d-----w C:\Program Files\Club-Internet
      2007-06-15 23:07:38 -------- d--h--w C:\Program Files\InstallShield Installation Information
      2007-06-15 19:59:16 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
      2007-06-15 19:34:10 -------- d-----w C:\Program Files\Norton Security Scan
      2007-06-07 02:41:04 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
      2007-06-03 14:28:27 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
      2007-05-19 09:43:30 -------- d-----w C:\DOCUME~1\Demonn\APPLIC~1\Google
      2007-05-16 23:32:30 -------- d-----w C:\Program Files\Spyware Doctor
      2007-05-06 15:17:59 -------- d-----w C:\DOCUME~1\Demonn\APPLIC~1\PC Tools
      2007-04-30 21:00:51 -------- d-----w C:\Program Files\MSN Messenger
      2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
      2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
      2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
      2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
      2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
      2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
      2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr
      2007-04-25 14:29:28 -------- d-----w C:\Program Files\Winamp
      2007-04-24 20:41:23 -------- d-----w C:\DOCUME~1\Demonn\APPLIC~1\vlc
      2007-03-30 11:20:37 551 ----a-w C:\WINDOWS\eReg.dat
      2007-03-25 22:03:04 83,046 ----a-w C:\WINDOWS\system32\perfc00C.dat
      2007-03-25 22:03:04 504,492 ----a-w C:\WINDOWS\system32\perfh00C.dat
      2007-03-23 18:32:10 460,689 --sh--w C:\WINDOWS\system32\ilnmp.ini2
      2007-03-23 13:34:19 460,150 --sh--w C:\WINDOWS\system32\ilnmp.bak1
      2007-03-23 13:28:59 12 ----a-w C:\WINDOWS\system32\gtv_sd.bin
      2007-03-21 12:44:12 452,053 --sh--w C:\WINDOWS\system32\kjkmp.ini2
      2007-03-21 12:31:27 459,636 --sh--w C:\WINDOWS\system32\kjkmp.bak2


      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


      *Note* empty entries & legit default entries are not shown

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
      {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d}=C:\WINDOWS\system32\qaqfvrie.dll [2007-06-16 01:38]
      {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-17 17:35]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 18:16]
      "Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2005-08-24 08:51]
      "Ptipbmf"="ptipbmf.dll" [2003-06-20 09:06 C:\WINDOWS\system32\ptipbmf.dll]
      "SoundMan"="SOUNDMAN.EXE" [2004-01-08 20:54 C:\WINDOWS\SOUNDMAN.EXE]
      "@"="" []
      "Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-08-02 18:36]
      "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12]
      "avast!"="f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
      "012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678"="C:\Program Files\user32.exe" []
      "TrojanScanner"="d:\Program Files\Trojan Remover\Trjscan.exe" [2007-06-15 17:00]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" []
      "svas"="C:\WINDOWS\TEMP\10.tmp" []

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "ClearDocsOnExit"=64 (0x40)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcaxwu]
      ddcaxwu.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbawu]
      gebbawu.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkjk]
      C:\WINDOWS\system32\pmkjk.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnli]
      C:\WINDOWS\system32\pmnli.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnllm]
      ssqnllm.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrr]
      C:\WINDOWS\system32\ssqrr.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]


      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{942a8109-d7ae-11db-b001-000ea674c6d6}]
      AutoRun\command- K:\m.exe


      Contents of the 'Scheduled Tasks' folder
      2007-06-15 16:25:15 C:\WINDOWS\tasks\Norton Security Scan.job

      **************************************************************************

      catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-06-19 22:31:06
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************

      Completion time: 2007-06-19 22:33:23 - machine was rebooted
      C:\ComboFix-quarantined-files.txt ... 2007-06-19 22:33

      --- E O F ---



      voici le log de hijack this

      Logfile of HijackThis v1.99.1
      Scan saved at 22:36:53, on 19/06/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      f:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\System32\GEARSec.exe
      C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
      C:\Program Files\BroadJump\Client Foundation\CFD.exe
      C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
      F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      f:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      D:\scanner.exe.exe

      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://actus.sfr.fr
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
      O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
      O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
      O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
      O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
      O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
      O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
      O2 - BHO: (no name) - {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} - C:\WINDOWS\system32\qaqfvrie.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
      O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
      O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
      O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
      O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
      O4 - HKLM\..\Run: [TrojanScanner] d:\Program Files\Trojan Remover\Trjscan.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [svas] C:\WINDOWS\TEMP\10.tmp
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O17 - HKLM\System\CCS\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer = 194.117.200.10,194.117.200.15
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: ddcaxwu - ddcaxwu.dll (file missing)
      O20 - Winlogon Notify: gebbawu - gebbawu.dll (file missing)
      O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll (file missing)
      O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll (file missing)
      O20 - Winlogon Notify: ssqnllm - ssqnllm.dll (file missing)
      O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll (file missing)
      O23 - Service: A12FF9D8 - - (no file)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - ATI Technologies Inc. - (no file)
      O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: CD76C53C - C-Dilla Ltd - (no file)
      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
      O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



      merci et desole pour l'attente j'avais pas vu ta reponse. Merci pour ton temps. K
      0
  2. jimiii Messages postés 31 Statut Membre
     
    merci green day,

    je vais essayer tout ca. La, je suis sur Kaspersky online. On va voir. Thanks!
    0
  3. jimiii Messages postés 31 Statut Membre
     
    salut green day,

    merci encore pour ton aide.

    Voici le log de voodoo chile fix

    VundoFix V6.5.1

    Checking Java version...

    Sun Java not detected
    Scan started at 20:43:49 19/06/2007

    Listing files found while scanning....

    C:\windows\system32\fjordcat.ini
    C:\windows\system32\fjordcat.tmp
    C:\WINDOWS\system32\fyaqgobc.dll
    C:\WINDOWS\system32\rvvshjth.dll
    C:\windows\system32\tacdrojf.dll
    C:\windows\system32\ukolbfed.exe
    C:\WINDOWS\system32\uncerbjx.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\fjordcat.ini
    C:\windows\system32\fjordcat.ini Has been deleted!

    Attempting to delete C:\windows\system32\fjordcat.tmp
    C:\windows\system32\fjordcat.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rvvshjth.dll
    C:\WINDOWS\system32\rvvshjth.dll Has been deleted!

    Attempting to delete C:\windows\system32\tacdrojf.dll
    C:\windows\system32\tacdrojf.dll Has been deleted!

    Attempting to delete C:\windows\system32\ukolbfed.exe
    C:\windows\system32\ukolbfed.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uncerbjx.dll
    C:\WINDOWS\system32\uncerbjx.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    voici le log de hijack

    Logfile of HijackThis v1.99.1
    Scan saved at 20:54:23, on 19/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    f:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    f:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\scanner.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} - C:\WINDOWS\system32\qaqfvrie.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
    O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\4.tmp
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [TrojanScanner] d:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\TEMP\5.tmp
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [svas] C:\WINDOWS\TEMP\10.tmp
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer = 194.117.200.10,194.117.200.15
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: A12FF9D8 - - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - ATI Technologies Inc. - (no file)
    O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: CD76C53C - C-Dilla Ltd - (no file)
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    Bon courage a lire ca, moi j'y comprends rien!! je vais promener mon chien et je reviens!

    Jim
    0
  4. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Fastoche ;-)

    Télécharge ceci: (merci a S!RI pour ce petit programme).

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
    voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
    il va générer un rapport : copie/colle le sur le poste stp.

    ++
    0
    1. jimiii Messages postés 31 Statut Membre
       
      salut green day,

      voici le rapport:



      SmitFraudFix v2.195

      Rapport fait à 21:21:26,23, 19/06/2007
      Executé à partir de C:\Documents and Settings\Demonn\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      f:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\System32\GEARSec.exe
      C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
      d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      f:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\system32\cmd.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

      C:\WINDOWS\Tasks\At?.job PRESENT !
      C:\WINDOWS\Tasks\At??.job PRESENT !

      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Demonn


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Demonn\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Demonn\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

      C:\Program Files\serial.dat PRESENT !
      C:\Program Files\serial.zip PRESENT !

      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
      "{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="Network Neighborhood"

      [HKEY_CLASSES_ROOT\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
      @="C:\WINDOWS\Inf\dbmio32.dll"

      [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
      @="C:\WINDOWS\Inf\dbmio32.dll"



      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""
      "LoadAppInit_DLLs"=dword:00000001


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Rustock



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 194.117.200.10
      DNS Server Search Order: 194.117.200.15

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer=194.117.200.10,194.117.200.15
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer=194.117.200.10,194.117.200.15
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer=194.117.200.10,194.117.200.15


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin

      Merci bien
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Re-salut !

    # Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    # Relance le programme Smitfraud :
    Cette fois choisit l’option 2, répond oui a tous ;
    Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

    ensuite :

    Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
    Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu

    ++
    0
    1. jimiii Messages postés 31 Statut Membre
       
      désolé pour l'attente le mode sans echec s'etaignait tout seul. Enfin, voici le rapport de smitfraud:

      SmitFraudFix v2.195

      Rapport fait à 21:50:22,59, 19/06/2007
      Executé à partir de C:\Documents and Settings\Demonn\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode sans echec

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
      "{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="Network Neighborhood"

      [HKEY_CLASSES_ROOT\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
      @="C:\WINDOWS\Inf\dbmio32.dll"

      [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
      @="C:\WINDOWS\Inf\dbmio32.dll"


      »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

      GenericRenosFix by S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

      C:\WINDOWS\Tasks\At?.job supprimé
      C:\WINDOWS\Tasks\At??.job supprimé
      C:\Program Files\serial.dat supprimé
      C:\Program Files\serial.zip supprimé

      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 194.117.200.10
      DNS Server Search Order: 194.117.200.15

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer=194.117.200.10,194.117.200.15
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer=194.117.200.10,194.117.200.15
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer=194.117.200.10,194.117.200.15


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

      Nettoyage terminé.

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
      "{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="Network Neighborhood"

      [HKEY_CLASSES_ROOT\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
      @="C:\WINDOWS\Inf\dbmio32.dll"

      [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
      @="C:\WINDOWS\Inf\dbmio32.dll"



      »»»»»»»»»»»»»»»»»»»»»»»» Fin

      je te renvoie celui de virtumondo des que je l'ai.
      0
    2. jimiii Messages postés 31 Statut Membre
       
      voici le begonevirtu log:


      [06/19/2007, 22:02:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Demonn\Bureau\VirtumundoBeGone.exe" )
      [06/19/2007, 22:02:42] - Detected System Information:
      [06/19/2007, 22:02:42] - Windows Version: 5.1.2600, Service Pack 2
      [06/19/2007, 22:02:42] - Current Username: Demonn (Admin)
      [06/19/2007, 22:02:42] - Windows is in NORMAL mode.
      [06/19/2007, 22:02:42] - Searching for Browser Helper Objects:
      [06/19/2007, 22:02:42] - BHO 1: {00000026-8735-428D-B81F-DD098223B25F} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
      [06/19/2007, 22:02:42] - BHO 3: {13197ace-6851-45c3-a7ff-c281324d5489} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 4: {30000273-8230-4dd4-be4f-6889d1e74167} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 5: {4e1075f4-eec4-4a86-add7-cd5f52858c31} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 6: {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 7: {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 8: {669695bc-a811-4a9d-8cdf-ba8c795f261e} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 10: {8674aea0-9d3d-11d9-99dc-00600f9a01f1} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 11: {965a592f-8efa-4250-8630-7960230792f1} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 12: {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - Checking for HKLM\...\Winlogon\Notify\qaqfvrie
      [06/19/2007, 22:02:42] - Key not found: HKLM\...\Winlogon\Notify\qaqfvrie, continuing.
      [06/19/2007, 22:02:42] - BHO 13: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [06/19/2007, 22:02:42] - BHO 14: {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} ()
      [06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:43] - No filename found. Continuing.
      [06/19/2007, 22:02:43] - BHO 15: {bb936323-19fa-4521-ba29-eca6a121bc78} ()
      [06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:43] - No filename found. Continuing.
      [06/19/2007, 22:02:43] - BHO 16: {ca1d1b05-9c66-11d5-a009-000103c1e50b} ()
      [06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:43] - No filename found. Continuing.
      [06/19/2007, 22:02:43] - BHO 17: {cf021f40-3e14-23a5-cba2-717765728274} ()
      [06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:43] - No filename found. Continuing.
      [06/19/2007, 22:02:43] - BHO 18: {fc3a74e5-f281-4f10-ae1e-733078684f3c} ()
      [06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:43] - No filename found. Continuing.
      [06/19/2007, 22:02:43] - Finished Searching Browser Helper Objects
      [06/19/2007, 22:02:43] - Finishing up...
      [06/19/2007, 22:02:43] - Nothing found! Exiting...


      et voici le dernier hijack this

      Logfile of HijackThis v1.99.1
      Scan saved at 22:05:41, on 19/06/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      f:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\System32\GEARSec.exe
      C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
      f:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      D:\scanner.exe.exe

      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://actus.sfr.fr
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - Default URLSearchHook is missing
      O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
      O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
      O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
      O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
      O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
      O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
      O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
      O2 - BHO: (no name) - {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} - C:\WINDOWS\system32\qaqfvrie.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
      O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
      O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
      O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
      O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
      O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
      O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
      O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\4.tmp
      O4 - HKLM\..\Run: [smgr] mgrs.exe
      O4 - HKLM\..\Run: [TrojanScanner] d:\Program Files\Trojan Remover\Trjscan.exe
      O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\TEMP\5.tmp
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [svas] C:\WINDOWS\TEMP\10.tmp
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O17 - HKLM\System\CCS\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer = 194.117.200.10,194.117.200.15
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O23 - Service: A12FF9D8 - - (no file)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - ATI Technologies Inc. - (no file)
      O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: CD76C53C - C-Dilla Ltd - (no file)
      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
      O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

      merci pour ton aide !!!

      jim
      0
    3. jimiii Messages postés 31 Statut Membre
       
      ecuse moi je n'avais pas redemarre, voici le denier log pour

      virtu...



      [06/19/2007, 22:02:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Demonn\Bureau\VirtumundoBeGone.exe" )
      [06/19/2007, 22:02:42] - Detected System Information:
      [06/19/2007, 22:02:42] - Windows Version: 5.1.2600, Service Pack 2
      [06/19/2007, 22:02:42] - Current Username: Demonn (Admin)
      [06/19/2007, 22:02:42] - Windows is in NORMAL mode.
      [06/19/2007, 22:02:42] - Searching for Browser Helper Objects:
      [06/19/2007, 22:02:42] - BHO 1: {00000026-8735-428D-B81F-DD098223B25F} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
      [06/19/2007, 22:02:42] - BHO 3: {13197ace-6851-45c3-a7ff-c281324d5489} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 4: {30000273-8230-4dd4-be4f-6889d1e74167} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 5: {4e1075f4-eec4-4a86-add7-cd5f52858c31} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 6: {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 7: {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 8: {669695bc-a811-4a9d-8cdf-ba8c795f261e} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 10: {8674aea0-9d3d-11d9-99dc-00600f9a01f1} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 11: {965a592f-8efa-4250-8630-7960230792f1} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - No filename found. Continuing.
      [06/19/2007, 22:02:42] - BHO 12: {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} ()
      [06/19/2007, 22:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:42] - Checking for HKLM\...\Winlogon\Notify\qaqfvrie
      [06/19/2007, 22:02:42] - Key not found: HKLM\...\Winlogon\Notify\qaqfvrie, continuing.
      [06/19/2007, 22:02:42] - BHO 13: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [06/19/2007, 22:02:42] - BHO 14: {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} ()
      [06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:43] - No filename found. Continuing.
      [06/19/2007, 22:02:43] - BHO 15: {bb936323-19fa-4521-ba29-eca6a121bc78} ()
      [06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:43] - No filename found. Continuing.
      [06/19/2007, 22:02:43] - BHO 16: {ca1d1b05-9c66-11d5-a009-000103c1e50b} ()
      [06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:43] - No filename found. Continuing.
      [06/19/2007, 22:02:43] - BHO 17: {cf021f40-3e14-23a5-cba2-717765728274} ()
      [06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:43] - No filename found. Continuing.
      [06/19/2007, 22:02:43] - BHO 18: {fc3a74e5-f281-4f10-ae1e-733078684f3c} ()
      [06/19/2007, 22:02:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:02:43] - No filename found. Continuing.
      [06/19/2007, 22:02:43] - Finished Searching Browser Helper Objects
      [06/19/2007, 22:02:43] - Finishing up...
      [06/19/2007, 22:02:43] - Nothing found! Exiting...

      [06/19/2007, 22:10:34] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Demonn\Bureau\VirtumundoBeGone.exe" )
      [06/19/2007, 22:10:40] - Detected System Information:
      [06/19/2007, 22:10:40] - Windows Version: 5.1.2600, Service Pack 2
      [06/19/2007, 22:10:40] - Current Username: Demonn (Admin)
      [06/19/2007, 22:10:40] - Windows is in NORMAL mode.
      [06/19/2007, 22:10:40] - Searching for Browser Helper Objects:
      [06/19/2007, 22:10:41] - BHO 1: {00000026-8735-428D-B81F-DD098223B25F} ()
      [06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:10:41] - No filename found. Continuing.
      [06/19/2007, 22:10:41] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
      [06/19/2007, 22:10:41] - BHO 3: {13197ace-6851-45c3-a7ff-c281324d5489} ()
      [06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:10:41] - No filename found. Continuing.
      [06/19/2007, 22:10:41] - BHO 4: {30000273-8230-4dd4-be4f-6889d1e74167} ()
      [06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:10:41] - No filename found. Continuing.
      [06/19/2007, 22:10:41] - BHO 5: {4e1075f4-eec4-4a86-add7-cd5f52858c31} ()
      [06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:10:41] - No filename found. Continuing.
      [06/19/2007, 22:10:41] - BHO 6: {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} ()
      [06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:10:41] - No filename found. Continuing.
      [06/19/2007, 22:10:41] - BHO 7: {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} ()
      [06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:10:41] - No filename found. Continuing.
      [06/19/2007, 22:10:41] - BHO 8: {669695bc-a811-4a9d-8cdf-ba8c795f261e} ()
      [06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:10:41] - No filename found. Continuing.
      [06/19/2007, 22:10:41] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:10:41] - No filename found. Continuing.
      [06/19/2007, 22:10:41] - BHO 10: {8674aea0-9d3d-11d9-99dc-00600f9a01f1} ()
      [06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:10:41] - No filename found. Continuing.
      [06/19/2007, 22:10:41] - BHO 11: {965a592f-8efa-4250-8630-7960230792f1} ()
      [06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:10:41] - No filename found. Continuing.
      [06/19/2007, 22:10:41] - BHO 12: {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} ()
      [06/19/2007, 22:10:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:10:41] - Checking for HKLM\...\Winlogon\Notify\qaqfvrie
      [06/19/2007, 22:10:42] - Key not found: HKLM\...\Winlogon\Notify\qaqfvrie, continuing.
      [06/19/2007, 22:10:42] - BHO 13: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [06/19/2007, 22:10:42] - BHO 14: {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} ()
      [06/19/2007, 22:10:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:10:42] - No filename found. Continuing.
      [06/19/2007, 22:10:42] - BHO 15: {bb936323-19fa-4521-ba29-eca6a121bc78} ()
      [06/19/2007, 22:10:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:10:42] - No filename found. Continuing.
      [06/19/2007, 22:10:42] - BHO 16: {ca1d1b05-9c66-11d5-a009-000103c1e50b} ()
      [06/19/2007, 22:10:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:10:42] - No filename found. Continuing.
      [06/19/2007, 22:10:42] - BHO 17: {cf021f40-3e14-23a5-cba2-717765728274} ()
      [06/19/2007, 22:10:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:10:42] - No filename found. Continuing.
      [06/19/2007, 22:10:42] - BHO 18: {fc3a74e5-f281-4f10-ae1e-733078684f3c} ()
      [06/19/2007, 22:10:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/19/2007, 22:10:42] - No filename found. Continuing.
      [06/19/2007, 22:10:42] - Finished Searching Browser Helper Objects
      [06/19/2007, 22:10:42] - Finishing up...
      [06/19/2007, 22:10:42] - Nothing found! Exiting...


      et pour hijack


      Logfile of HijackThis v1.99.1
      Scan saved at 22:14:19, on 19/06/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      f:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\System32\GEARSec.exe
      C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
      d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      f:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\WINDOWS\system32\wuauclt.exe
      D:\scanner.exe.exe

      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://actus.sfr.fr
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - Default URLSearchHook is missing
      O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
      O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
      O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
      O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
      O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
      O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
      O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
      O2 - BHO: (no name) - {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} - C:\WINDOWS\system32\qaqfvrie.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
      O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
      O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
      O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
      O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
      O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
      O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
      O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\4.tmp
      O4 - HKLM\..\Run: [smgr] mgrs.exe
      O4 - HKLM\..\Run: [TrojanScanner] d:\Program Files\Trojan Remover\Trjscan.exe
      O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\TEMP\5.tmp
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [svas] C:\WINDOWS\TEMP\10.tmp
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O17 - HKLM\System\CCS\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer = 194.117.200.10,194.117.200.15
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O23 - Service: A12FF9D8 - - (no file)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - ATI Technologies Inc. - (no file)
      O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: CD76C53C - C-Dilla Ltd - (no file)
      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
      O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe




      merciiiiiiii!
      0
  7. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok, on continue :

    Télécharge ComboFix (par sUBs) d'un de ces liens sur ton bureau:

    http://www.techsupportforum.com/sectools/combofix.exe

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    avec un nouveau hijack stp

    ++
    0
    1. jimiii Messages postés 31 Statut Membre
       
      green day: do you have the time to listen to me whine?? jimi
      0
      1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166 > jimiii Messages postés 31 Statut Membre
         
        Cf poste 13 :)
        0
  8. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Pas de soucis, je sais que ces scans mettent un certain temps ;-)

    fais ce qui est indiqué ici stp :

    virus methode preliminaire de desinfection version fr

    ++
    0
    1. jimiii Messages postés 31 Statut Membre
       
      Ok, cette fois je suis au bon endroit. j'ai fait scan bitdef hier à 1h du mat, j'ai laissé finir (et allumé) pdt la nuit, rapport copié à 9 h ce matin -est-il encore valable? "hijack this" de taleur. Apparemment je me suis planté sur avg car il faut les mettre en 40aine avt de faire le log?! salut a Lyonnais pour la suite du chemin.
      J'écoute tes indications Green day car "sometimes I give myself the creeps". connection est ok mais avast montre 1 virus au redem. (il en reste qqs uns...)


      Jim
      0
    2. jimiii Messages postés 31 Statut Membre
       
      j'avais presque oublié!!!

      BitDefender Online Scanner - Real Time Virus Report
      Generated at: Wed, Jun 20, 2007 - 09:09:02

      Scan Info
      Scanned Files 266798
      Infected Files 18


      Virus Detected
      Trojan.Dropper.Small.NCA 2
      Trojan.BHO.BP 1
      Trojan.Clicker.Costrat.AZ 1
      Trojan.BHO.AR 2
      Win32.Grum.A 1
      Trojan.Horse3.RJ 2
      Trojan.Clicker.CM 2
      Application.JS.ForcePopup.I 1
      GenPack:Trojan.Vundo.DLZ 1
      MemScan:Trojan.Virtumonde.IC 2
      Trojan.Vundo.DLY 2
      BehavesLike:Win32.ExplorerHijack 1



      This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.



      et hijack this

      Logfile of HijackThis v1.99.1
      Scan saved at 13:45:11, on 20/06/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      f:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
      F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\spoolsv.exe
      d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\System32\GEARSec.exe
      C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
      d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      f:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      D:\scanner.exe.exe

      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://actus.sfr.fr
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
      O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
      O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
      O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
      O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
      O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
      O2 - BHO: (no name) - {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} - C:\WINDOWS\system32\qaqfvrie.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
      O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
      O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
      O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [TrojanScanner] d:\Program Files\Trojan Remover\Trjscan.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer = 194.117.200.10,194.117.200.15
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: ddcaxwu - ddcaxwu.dll (file missing)
      O20 - Winlogon Notify: gebbawu - gebbawu.dll (file missing)
      O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll (file missing)
      O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll (file missing)
      O20 - Winlogon Notify: ssqnllm - ssqnllm.dll (file missing)
      O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll (file missing)
      O23 - Service: A12FF9D8 - - (no file)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - ATI Technologies Inc. - (no file)
      O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: CD76C53C - C-Dilla Ltd - (no file)
      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
      O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



      Merci, Jim
      0
  9. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    ok, poste celui d'avg aussi stp !

    ++
    0
    1. jimiii Messages postés 31 Statut Membre
       
      le voici:

      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 23:59:36 19/06/2007

      + Résultat de l'analyse:



      [3324] C:\WINDOWS\system32\qaqfvrie.dll -> Adware.BHO : Ignoré.
      [3732] C:\WINDOWS\system32\qaqfvrie.dll -> Adware.BHO : Ignoré.
      [556] C:\WINDOWS\system32\qaqfvrie.dll -> Adware.BHO : Ignoré.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} -> Adware.Generic : Ignoré.
      HKU\S-1-5-21-1409082233-308236825-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP116\A0045733.exe -> Adware.Virtumonde : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP116\A0045746.exe -> Adware.Virtumonde : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP116\A0045747.exe -> Adware.Virtumonde : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP116\A0045748.exe -> Adware.Virtumonde : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP119\A0046737.exe -> Adware.Virtumonde : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048728.dll -> Adware.Virtumonde : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048729.dll -> Adware.Virtumonde : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048730.dll -> Adware.Virtumonde : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048731.dll -> Adware.Virtumonde : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048732.dll -> Adware.Virtumonde : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048735.dll -> Adware.Virtumonde : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048736.dll -> Adware.Virtumonde : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048737.dll -> Adware.Virtumonde : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048738.dll -> Adware.Virtumonde : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048739.dll -> Adware.Virtumonde : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048740.dll -> Adware.Virtumonde : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048741.dll -> Adware.Virtumonde : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP135\A0048746.dll -> Adware.Virtumonde : Ignoré.
      C:\documents.exe -> Adware.Virtumonde : Ignoré.
      C:\my.exe -> Adware.Virtumonde : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP143\A0055126.sys -> Downloader.Agent.acl : Ignoré.
      C:\QooBox\Quarantine\catchme2007-06-19_223105.70.zip/al64.dll -> Downloader.Agent.bga : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP143\A0061184.dll -> Downloader.Agent.bga : Ignoré.
      C:\QooBox\Quarantine\C\WINDOWS\system32\cryptsa.dll.vir -> Downloader.Agent.btd : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP143\A0061183.dll -> Downloader.Agent.btd : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP141\A0051999.exe -> Downloader.Alphabet : Ignoré.
      C:\QooBox\Quarantine\C\WINDOWS\avp.exe.vir -> Downloader.Alphabet.b : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP143\A0061182.exe -> Downloader.Alphabet.b : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP141\A0051998.exe -> Downloader.Small.ddy : Ignoré.
      C:\16.tmp -> Proxy.Xorpix.ar : Ignoré.
      C:\QooBox\Quarantine\C\Documents and Settings\All Users\Documents\Settings\partnership.dll.vir -> Proxy.Xorpix.ar : Ignoré.
      C:\Documents and Settings\Demonn\Cookies\demonn@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
      C:\Documents and Settings\Demonn\Cookies\demonn@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré.
      C:\Documents and Settings\Demonn\Cookies\demonn@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
      C:\Documents and Settings\Demonn\Cookies\demonn@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Ignoré.
      C:\Documents and Settings\Demonn\Cookies\demonn@weborama[2].txt -> TrackingCookie.Weborama : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP138\A0048904.exe -> Trojan.Agent.aom : Ignoré.
      C:\System Volume Information\_restore{8E08931B-B59C-40E9-B9EA-3C014452B80C}\RP143\A0061168.dll -> Trojan.Agent.j : Ignoré.


      Fin du rapport
      0
  10. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok ! :)

    à refaire en supprimant tout ce qu'il te trouve stp ;-)

    ++
    0
    1. jimiii Messages postés 31 Statut Membre
       
      ok thanks! ataleur
      0
    2. jimiii Messages postés 31 Statut Membre
       
      je me suis planté d'endroit

      voici donc log avg avant suppression



      ---------------------------------------------------------
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 16:19:48 20/06/2007

      + Résultat de l'analyse:



      [2296] C:\WINDOWS\system32\qaqfvrie.dll -> Adware.BHO : Aucune action entreprise.
      [384] C:\WINDOWS\system32\qaqfvrie.dll -> Adware.BHO : Aucune action entreprise.
      C:\Documents and Settings\Demonn\Cookies\demonn@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
      C:\Documents and Settings\Demonn\Cookies\demonn@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
      C:\Documents and Settings\Demonn\Cookies\demonn@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
      C:\Documents and Settings\Demonn\Cookies\demonn@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Aucune action entreprise.
      C:\Documents and Settings\Demonn\Cookies\demonn@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
      C:\Documents and Settings\Demonn\Cookies\demonn@serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
      C:\Documents and Settings\Demonn\Cookies\demonn@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
      C:\Documents and Settings\Demonn\Cookies\demonn@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.


      Fin du rapport



      et avg apres suppression

      ---------------------------------------------------------
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 16:21:08 20/06/2007

      + Résultat de l'analyse:



      [2296] C:\WINDOWS\system32\qaqfvrie.dll -> Adware.BHO : Nettoyé.
      [384] C:\WINDOWS\system32\qaqfvrie.dll -> Adware.BHO : Nettoyé.
      C:\Documents and Settings\Demonn\Cookies\demonn@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\Demonn\Cookies\demonn@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
      C:\Documents and Settings\Demonn\Cookies\demonn@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
      C:\Documents and Settings\Demonn\Cookies\demonn@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
      C:\Documents and Settings\Demonn\Cookies\demonn@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
      C:\Documents and Settings\Demonn\Cookies\demonn@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
      C:\Documents and Settings\Demonn\Cookies\demonn@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
      C:\Documents and Settings\Demonn\Cookies\demonn@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.


      Fin du rapport




      dernier hi jack this

      Logfile of HijackThis v1.99.1
      Scan saved at 16:22:21, on 20/06/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      f:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
      F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\spoolsv.exe
      d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\System32\GEARSec.exe
      C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
      d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      f:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Windows Media Player\wmplayer.exe
      D:\scanner.exe.exe

      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://actus.sfr.fr
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
      O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
      O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
      O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
      O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
      O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
      O2 - BHO: (no name) - {A7DF7DB0-6103-455F-A54F-76D5D82A7D0d} - C:\WINDOWS\system32\qaqfvrie.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
      O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
      O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
      O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [TrojanScanner] d:\Program Files\Trojan Remover\Trjscan.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{CD15A7DD-1A3E-45D3-8D8A-357915722CCF}: NameServer = 194.117.200.10,194.117.200.15
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: ddcaxwu - ddcaxwu.dll (file missing)
      O20 - Winlogon Notify: gebbawu - gebbawu.dll (file missing)
      O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll (file missing)
      O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll (file missing)
      O20 - Winlogon Notify: ssqnllm - ssqnllm.dll (file missing)
      O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll (file missing)
      O23 - Service: A12FF9D8 - - (no file)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - ATI Technologies Inc. - (no file)
      O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: CD76C53C - C-Dilla Ltd - (no file)
      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
      O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



      merci bcp.
      0
    3. jimiii Messages postés 31 Statut Membre
       
      salut green day,

      t'as eu les infos? Juste pour etre sur que tu ne m'as pas oublié!!!

      Jim
      0
    4. jimiii Messages postés 31 Statut Membre
       
      je vais faire une course et je reviens!

      jim
      0
    5. jimiii Messages postés 31 Statut Membre
       
      L'ordi marche bien mais

      1erement avast indique:

      this file is in use/locked. It can't be scanned
      C:windows/system32/drivers/sptd.sys

      (chemin) hklm/system/Currentcontrolset/services/sptd/"image path"

      last modified 21-3 15:15 (qd j'ai repris l'ordi et scan avg)


      2ement
      trojan remover me dit pbs sur:
      ddcaxwu.dll
      adresse hklm/software/microsoft/windowsNT/
      current person/winloogn/notify/ddcaxwu

      tout ca pareil 5x avec a la fin de chaque ligne
      /gebbawu
      pmkjk
      pmnli
      ssqnlm
      ssqrr

      j'y comprends rien, j'ai pas trop surfé pour cause pbs pas sur reglés mais la connection tient bien depuis hier soir.


      3eme truc: sue les pages web en bas il y a un attenttion jaune et "des erreurs sur la page".

      C'est pas evident ces machins. Tu pourras m'indiquer un lien pour comment mieux proteger pc (pare feu windows est-il ok? sites a eviter etc...). Aussi les tutoriels pour ghost please. Merci et j'espere qu'on va les avoir. En tout cas c'est marrant d'apprendre a connaitre l'ordi comme ca.

      Jim
      0
  11. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    don't worry ! tu remontes dans mes interventions, donc je ne risques pas de te perdre ;-))

    Suite :

    o Prendre connaissance du contenu du lien suivant: http://www.f-secure.com/products/license-terms/eult_fra.pdf
    o Vous avez donc pris connaissance et accepté les conditions d'utilisations du programme blacklight qui est inclus dans le dossier compressé navilog1.zip que vous allez télécharger.
    o Faire un clic droit sur ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
    o Enregistrez la cible (du lien) sous... et enregistrez-le sur le bureau.
    o Faire un clic droit sur navilog1.zip et choisir "tout extraire"
    o Double-cliquez sur navilog1.bat
    o Arriver au menu principal, choisir l'option 1 et valider.
    o Patientez jusqu'au message : Analyse Termine le ...
    o Le rapport sera en outre sauvegardé à la racine du disque (fixnavi.txt) , poste le stp

    @+

    0
    1. jimiii Messages postés 31 Statut Membre
       
      yes c'est cool,

      voici le rapport.

      Merci , je reviens dans 30 min.

      jim

      Search Navipromo version 2.0.3 commencé le 20/06/2007 à 19:11:12,70

      !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
      !!! Poster ce rapport sur le forum pour le faire analyser !!!
      !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

      Fix lancé depuis C:\Program Files\navilog1
      Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

      Executé en mode normal

      *** Recherche Programmes installes ***




      *** Recherche dossiers dans C:\WINDOWS ***




      *** Recherche dossiers dans C:\Program Files ***




      *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




      *** Recherche dossiers dans C:\Documents and Settings\Demonn\Application Data ***



      *** Recherche avec BlackLight Engine/F-secure ***
      BlackLight Engine est un produit de F-secure, pour + d'infos :
      https://www.f-secure.com/en


      F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
      ======================================

      Copyright 2005-2006 F-Secure Corporation. All rights reserved.
      This is a beta version. It will expire on 1st of April, 2007.
      Version information: 2.2.1061.

      [+] Started on 06/20/07 at 19:11:14.
      [+] Initializing ...
      [+] Starting scan, press Ctrl-C to abort.
      [+] Scanning for hidden items ....................................
      [+] Scan complete.
      [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
      [+] Exited on 06/20/07 at 19:13:50 (return code = 0).


      *** Recherche fichiers ***




      *** Recherche cles registre ***


      Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



      Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



      Recherche Clé Magic Control



      *** Module de Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche fichiers connus:

      C:\WINDOWS\system32\ilnmp.ini2 trouvé ! infection Vundo possible non traité par cet outil !
      C:\WINDOWS\system32\kjkmp.ini2 trouvé ! infection Vundo possible non traité par cet outil !
      C:\WINDOWS\system32\ilnmp.bak1 trouvé ! infection Vundo possible non traité par cet outil !
      C:\WINDOWS\system32\kjkmp.bak1 trouvé ! infection Vundo possible non traité par cet outil !
      C:\WINDOWS\system32\tstwa.bak1 trouvé ! infection Vundo possible non traité par cet outil !
      C:\WINDOWS\system32\kjkmp.bak2 trouvé ! infection Vundo possible non traité par cet outil !

      2)Recherche Heuristique :
      *
      **
      ***
      ****
      *****
      ******
      *******
      ********


      *** Analyse Terminé le 20/06/2007 à 19:14:04,04 ***
      0
  12. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Nos messages sont sont croisés ! :) Cf poste 23 !
    0
    1. jimiii Messages postés 31 Statut Membre
       
      pas compris? t'as eu le bon rapport navilog? je reviens, ataleur.
      et encore merci!
      0
  13. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Vu ! comment se comporte le PC ?

    ++
    0
    1. jimiii Messages postés 31 Statut Membre
       
      a priori ca a l'air nickel, j'essaye de redemarrer pour voir ce que me dit avast? thanks.
      0
    2. jimiii Messages postés 31 Statut Membre
       
      cf post 30 j'ai pas fait gaffe. merci
      0
    3. jimiii Messages postés 31 Statut Membre
       
      t'es toujours la? Juste pour dire que je vais pas tarder a aller dormir. Cf post 30 pour dernieres infos. Merci pour ton temps en tout cas. Je reste encore ~ demi heure.

      jim
      0
  14. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    minute papillon ! je prépare la manip :)

    ++
    0
  15. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    à la rigueur, tu pourras le faire pour demain, car ça risque de prendre un peu de temps !

    See you ;-)

    ++
    0
    1. jimiii Messages postés 31 Statut Membre
       
      ok, on fait ca demain. Je ne me rends pas trop compte de combien de personnes tu depannes et le temps qu'il faut pour preparer la soluc etc... Ouais j'eteins la machine et je te rappelle demain vers 13h si t'es la ou alors en soiree. C'est super cool en tout cas. Bonne nuit (tu dors quand meme?)

      Jim
      0
  16. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Encore une petite vérification !

    télécharge l2mfix ici:
    http://www.downloads.subratam.org/l2mfix.exe
    Double-cliquer sur l2mfix.exe pour lancer l'extraction
    Dans le dossier l2mfix, double clic sur l2mfix.bat, appuyer sur n'importe quelle touche puis choisir l'option #1 (et pas autre chose) et valider avec la touche entre.
    Le bloc note va s'ouvrir avec le résultat du scan.copie/colles le rapport ici

    ++
    0
  17. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Combien de personne par jour ? ça dépend si je suis en forme/occupée ou pas :)

    Le temps que je mets ? ça dépend si je fais autre chose en même temps ou pas :)

    Est-ce que je dors ? oui et non ! :))

    @+
    0
    1. jimiii Messages postés 31 Statut Membre
       
      salut greenday,

      de retour sur le pc. Voici le rapport demandé au dernier msg. Ok donc tu dors quand meme.
      merci pour l'aide!

      L2MFIX find log 051206
      These are the registry keys present
      **********************************************************************************
      Winlogon/notify:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
      "DLLName"="Ati2evxx.dll"
      "Asynchronous"=dword:00000000
      "Impersonate"=dword:00000001
      "Lock"="AtiLockEvent"
      "Logoff"="AtiLogoffEvent"
      "Logon"="AtiLogonEvent"
      "Disconnect"="AtiDisConnectEvent"
      "Reconnect"="AtiReConnectEvent"
      "Safe"=dword:00000000
      "Shutdown"="AtiShutdownEvent"
      "StartScreenSaver"="AtiStartScreenSaverEvent"
      "StartShell"="AtiStartShellEvent"
      "Startup"="AtiStartupEvent"
      "StopScreenSaver"="AtiStopScreenSaverEvent"
      "Unlock"="AtiUnLockEvent"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
      "Asynchronous"=dword:00000000
      "Impersonate"=dword:00000000
      "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
      6c,00,00,00
      "Logoff"="ChainWlxLogoffEvent"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
      "Asynchronous"=dword:00000000
      "Impersonate"=dword:00000000
      "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Logoff"="CryptnetWlxLogoffEvent"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
      "DLLName"="cscdll.dll"
      "Logon"="WinlogonLogonEvent"
      "Logoff"="WinlogonLogoffEvent"
      "ScreenSaver"="WinlogonScreenSaverEvent"
      "Startup"="WinlogonStartupEvent"
      "Shutdown"="WinlogonShutdownEvent"
      "StartShell"="WinlogonStartShellEvent"
      "Impersonate"=dword:00000000
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcaxwu]
      "Asynchronous"=dword:00000001
      "DllName"="ddcaxwu.dll"
      "Impersonate"=dword:00000000
      "Logon"="Logon"
      "Logoff"="Logoff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebbawu]
      "Asynchronous"=dword:00000001
      "DllName"="gebbawu.dll"
      "Impersonate"=dword:00000000
      "Logon"="Logon"
      "Logoff"="Logoff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkjk]
      "Asynchronous"=dword:00000001
      "DllName"="C:\\WINDOWS\\system32\\pmkjk.dll"
      "Impersonate"=dword:00000000
      "Startup"="SysLogon"
      "Logoff"="SysLogoff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnli]
      "Asynchronous"=dword:00000001
      "DllName"="C:\\WINDOWS\\system32\\pmnli.dll"
      "Impersonate"=dword:00000000
      "Startup"="SysLogon"
      "Logoff"="SysLogoff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
      "DLLName"="wlnotify.dll"
      "Logon"="SCardStartCertProp"
      "Logoff"="SCardStopCertProp"
      "Lock"="SCardSuspendCertProp"
      "Unlock"="SCardResumeCertProp"
      "Enabled"=dword:00000001
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
      "Asynchronous"=dword:00000000
      "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Impersonate"=dword:00000000
      "StartShell"="SchedStartShell"
      "Logoff"="SchedEventLogOff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
      "Logoff"="WLEventLogoff"
      "Impersonate"=dword:00000000
      "Asynchronous"=dword:00000001
      "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
      "DLLName"="WlNotify.dll"
      "Lock"="SensLockEvent"
      "Logon"="SensLogonEvent"
      "Logoff"="SensLogoffEvent"
      "Safe"=dword:00000001
      "MaxWait"=dword:00000258
      "StartScreenSaver"="SensStartScreenSaverEvent"
      "StopScreenSaver"="SensStopScreenSaverEvent"
      "Startup"="SensStartupEvent"
      "Shutdown"="SensShutdownEvent"
      "StartShell"="SensStartShellEvent"
      "PostShell"="SensPostShellEvent"
      "Disconnect"="SensDisconnectEvent"
      "Reconnect"="SensReconnectEvent"
      "Unlock"="SensUnlockEvent"
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqnllm]
      "Asynchronous"=dword:00000001
      "DllName"="ssqnllm.dll"
      "Impersonate"=dword:00000000
      "Logon"="Logon"
      "Logoff"="Logoff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqrr]
      "Asynchronous"=dword:00000001
      "DllName"="C:\\WINDOWS\\system32\\ssqrr.dll"
      "Impersonate"=dword:00000000
      "Startup"="RealLogon"
      "Logoff"="RealLogoff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
      "Asynchronous"=dword:00000000
      "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Impersonate"=dword:00000000
      "Logoff"="TSEventLogoff"
      "Logon"="TSEventLogon"
      "PostShell"="TSEventPostShell"
      "Shutdown"="TSEventShutdown"
      "StartShell"="TSEventStartShell"
      "Startup"="TSEventStartup"
      "MaxWait"=dword:00000258
      "Reconnect"="TSEventReconnect"
      "Disconnect"="TSEventDisconnect"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
      "DLLName"="wlnotify.dll"
      "Logon"="RegisterTicketExpiredNotificationEvent"
      "Logoff"="UnregisterTicketExpiredNotificationEvent"
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      **********************************************************************************
      useragent:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
      "SV1"=""

      **********************************************************************************
      Shell Extension key:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
      "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
      "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
      "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
      "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
      "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
      "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
      "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
      "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
      "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
      "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
      "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
      "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
      "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
      "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
      "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
      "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
      "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
      "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
      "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
      "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
      "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
      "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
      "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
      "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
      "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
      "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
      "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
      "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
      "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
      "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
      "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
      "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
      "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
      "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
      "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
      "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
      "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
      "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
      "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
      "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
      "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
      "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
      "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
      "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
      "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
      "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
      "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
      "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
      "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
      "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
      "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
      "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
      "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
      "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
      "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
      "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
      "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
      "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
      "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
      "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
      "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
      "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
      "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
      "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
      "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
      "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
      "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
      "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
      "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
      "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
      "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
      "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
      "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
      "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
      "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
      "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
      "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
      "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
      "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
      "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
      "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
      "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
      "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
      "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
      "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
      "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
      "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
      "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
      "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
      "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
      "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
      "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
      "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
      "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
      "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
      "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
      "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
      "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
      "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
      "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
      "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
      "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
      "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
      "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
      "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
      "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
      "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
      "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
      "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
      "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
      "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
      "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
      "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
      "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
      "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
      "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
      "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
      "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
      "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
      "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
      "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
      "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
      "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
      "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
      "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
      "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
      "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
      "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
      "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
      "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
      "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
      "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
      "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
      "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
      "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
      "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
      "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
      "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
      "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
      "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
      "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
      "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
      "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
      "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
      "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
      "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
      "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
      "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
      "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
      "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
      "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
      "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
      "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
      "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
      "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
      "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
      "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
      "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
      "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
      "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
      "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
      "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
      "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
      "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
      "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
      "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
      "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
      "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
      "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
      "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
      "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
      "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
      "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
      "{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office Binder Unbind"
      "{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"
      "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
      "{45670FA8-ED97-4F44-BC93-305082590BFB}"="Microsoft.XPS.Shell.Metadata.1"
      "{44121072-A222-48f2-A58A-6D9AD51EBBE9}"="Microsoft.XPS.Shell.Thumbnail.1"
      "{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"
      "{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
      "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
      "{6EE51AA0-77A0-11D7-B4E1-000347126E46}"="Window Washer Shredding Utility"
      "{A155339D-CCCD-4714-85EB-3754B804C9DF}"="a-squared Free Context Menu Shell Extension"
      "{52B87208-9CCF-42C9-B88E-069281105805}"="Trojan Remover Shell Extension"
      "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"="Multiscan"

      **********************************************************************************
      HKEY ROOT CLASSIDS:
      **********************************************************************************
      Files Found are not all bad files:

      C:\WINDOWS\SYSTEM32\
      cmdlin~1.dll Thu 7 Jun 2007 4:41:06 A.... 98 304 96,00 K
      cmdlin~2.dll Sun 10 Jun 2007 23:10:28 A.... 43 520 42,50 K
      eaeabb~1.dll Mon 18 Jun 2007 20:59:28 A.... 93 216 91,03 K
      libeay32.dll Thu 7 Jun 2007 4:04:08 A.... 1 040 384 1016,00 K
      ssleay32.dll Thu 7 Jun 2007 4:04:02 A.... 196 608 192,00 K

      5 items found: 5 files, 0 directories.
      Total of file sizes: 1 472 032 bytes 1,40 M
      Locate .tmp files:

      C:\WINDOWS\SYSTEM32\
      ilnmp.tmp Fri 23 Mar 2007 20:24:52 ..SH. 460 689 449,89 K
      mcrh.tmp Thu 14 Jun 2007 14:19:56 A.... 0 0,00 K
      mjmwygsi.tmp Thu 14 Jun 2007 0:12:32 A.... 0 0,00 K

      3 items found: 3 files (1 H/S), 0 directories.
      Total of file sizes: 460 689 bytes 449,89 K
      **********************************************************************************
      Directory Listing of system files:
      Le volume dans le lecteur C n'a pas de nom.
      Le num‚ro de s‚rie du volume est 3C3F-E464

      R‚pertoire de C:\WINDOWS\System32

      19/06/2007 17:14 <REP> dllcache
      18/06/2007 00:48 901ÿ759 rrqss.ini.ren
      17/06/2007 23:55 922ÿ705 whmtakqo.ini
      17/06/2007 17:35 922ÿ490 wknrnmeh.ini
      16/06/2007 01:39 922ÿ199 wnewcmbt.ini
      13/06/2007 14:24 3ÿ740ÿ880 mjmwygsi.ini
      12/06/2007 23:15 2ÿ796ÿ870 jjaywmsg.ini
      12/06/2007 00:10 1ÿ875ÿ661 tvxatquu.ini
      11/06/2007 10:28 955ÿ675 hmuptqym.ini
      26/03/2007 12:28 1ÿ709ÿ769 umtfthsd.ini
      23/03/2007 20:24 460ÿ689 ilnmp.tmp
      21/03/2007 14:31 1ÿ599ÿ504 ddenjgar.ini
      19/03/2007 20:30 1ÿ613ÿ311 nropymox.ini
      17/03/2007 17:24 459ÿ689 kjkmp.ini
      17/03/2007 17:24 459ÿ617 kjkmp.tmp
      17/03/2007 17:22 1ÿ614ÿ091 pckulyvu.ini
      16/03/2007 21:39 456ÿ054 tstwa.ini
      16/02/2007 22:24 <REP> Microsoft
      21/07/2002 19:01 353 onnmp.ini
      17 fichier(s) 21ÿ411ÿ316 octets
      2 R‚p(s) 24ÿ612ÿ786ÿ176 octets libres

      bonne lecture....

      jim
      0
    2. jimiii Messages postés 31 Statut Membre
       
      salut a toi "dors peu car pense jusqu'au petit matin", ici "petite taupe des machines de l'homme blanc".

      Ou la je suis un peu "out" là. je vais me crouter comme on dit par ici. J'espere que mon log ne t'a pas hypnotisé. En tout cas l'ordi est une fusée maintenant. Je ne m'etais pas rendu compte de la vitesse que je perdais. mais il y a tjs le meme msg (cf post 30) quand j'allume. A part ca r.a.s. Donc deja un grand merci. Bonne nuit les petits. On reprend plus tard (merci).

      Jim
      0
  18. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    c'est pas encore propre tout ça !

    Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
    - Double-cliquer sur l2mfix.bat ;
    - Choisir OPTION 2 (Run fix) et valider par la touche [Entrée] ;
    - A l'invite, appuyer sur une touche du clavier pour redémarrer le PC ;
    => Au redémarrage, le nettoyage de L2mFix se poursuit, puis génère le résultat du nettoyage en ouvrant le Bloc-notes ; se reconnecter pour le poster au forum.

    ensuite fais ceci stp :

    Télécharge clean.zip
    http://www.malekal.com/download/clean.zip
    Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
    Ouvre le dossier Clean qui se trouve sur ton bureau.
    Double-clic sur clean.cmd.
    Une fenêtre noire va apparaître, choisis l'option 1
    Poste le rapport qui se trouve ici C:\rapport_clean.txt

    ensuite :

    # Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Double-clic sur clean.cmd.
    Une fenêtre noire va apparaître, choisis l'option 2
    Poste le rapport qui se trouve ici C:\rapport_clean.txt

    et enfin, poste un nouveau hijack !

    @+

    ;-))
    0