Trojan coriace!

Résolu
deicidenono Messages postés 16 Statut Membre -  
 deicidenono -
Bonjour.
Aidez moi!! Mon ordi est infecté, et pas moyen de nettoyer. Avast detecte et supprime de nouveau vers a chaque demarrage.
AVG anti spy ne voi rien, spy doctor lui, supprime; mai apparemment le virus change de nom et d'emplacement au redemarrage, et a egalement tendance a faire des petits.
Il a donc plusieur nom, mai le plus souvent c'est un " W32:onlinegames-". Je poste d'ores et deja mon rapport Hijackthis.
Merci d'avance.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:13:47, on 30/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hotkey Management\FuncKey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Arnaud\Mes documents\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe
O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe
O4 - HKLM\..\Run: [DiskMan32] C:\WINDOWS\pfdncx.exe
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [RAVZXMON] C:\Program Files\Internet Explorer\LSASS.EXE
O4 - HKLM\..\Run: [ravqqsgmon] C:\Program Files\NetMeeting\ravqqsgmon.exe
O4 - HKLM\..\Run: [RAVDHMON] C:\Program Files\Internet Explorer\RAVDHMON.exe
O4 - HKLM\..\Run: [RAV00B2] C:\WINDOWS\system32\RAV00B2.exe
O4 - HKLM\..\Run: [RAV009B] C:\WINDOWS\system32\RAV009B.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [nmhly] 6.tmp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: qjgpri.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FspadSvc - Unknown owner - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
O23 - Service: Telepho (ie7) - Unknown owner - C:\WINDOWS\system32\ie7.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Win32 Debug Service (MSDebugsvc) - Unknown owner - C:\WINDOWS\system32\rundll32.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\system32\ntsokele.exe (file missing)
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Wireless Service (WZCSRVC) - Unknown owner - C:\WINDOWS\system32\rundll32.exe

--
End of file - 7572 bytes
Configuration: Windows XP
Firefox 2.0

54 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Infection informatique persistante sur Windows XP provoquant des alertes et des suppressions répétées, détectées par Avast, AVG et Spyware Doctor à chaque redémarrage, avec des noms variables tels que W32:onlinegames-.
Les analyses HijackThis révèlent de nombreuses entrées et composants malveillants dans les démarrages et les DLL, notamment AppInit_DLLs et des BHO suspects, nécessitant une correction manuelle en mode sans échec.
Des intervenants recommandent de démarrer en mode sans échec, d'exécuter HiJackThis pour supprimer les éléments indésirables, puis de lancer ComboFix et des outils antivirus afin d'éliminer les résidus et de sécuriser le système.
Une nuance utile est que l'infection peut provenir de composants matériels et de réinstallations incomplètes, soulignant l'utilité d'une remise à niveau et de sauvegardes régulières.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. O VertigO Messages postés 862 Statut Membre 32
     
    Salut,

    Tu possèdes Avast!, tu n'es donc pas, pour moi et beaucoup d'autres helpers, protégé au mieux. Je te recommande d'en changer pour Avira Antivir, qui est beaucoup plus performant et réactif. Le petit défaut est qu'il est en anglais, c'est pourquoi voici quelques liens qui t'aideront à en changer sans problème:
    - Tutoriel: http://forum.malekal.com/ftopic4192.php
    - Comparatif de Malekal: http://forum.malekal.com/ftopic3528.php
    - Comparatif de PC INpact: http://www.pcinpact.com/actu/news/31149-Antivirus-resultats-dun-test-de-performances.htm
    Saches que ce petit défaut de langage n'est rien comparé aux grands apports d'Antivir.

    Si tu l'installes, tu dois désinstaller Avast! !

    Fais un scan avec Antivir et poste le rapport qu'il te donne.

    Amicalement,
    0
  2. deicidenono
     
    J'ai eu beaucou de mal avec antivir, une foi installé, le pense que le lombric a fait de la resistance. Mon pc a commencé a buggé dans tou les sens.
    Bref, en mode sans echec, j'ai reussi. Voilà donc le rapport.

    AntiVir PersonalEdition Classic
    Report file date: jeudi 30 août 2007 12:28

    Scanning for 740715 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Arnaud
    Computer name: FUJITSU-9756B35

    Version information:
    BUILD.DAT : 248 14437 Bytes 31/05/2007 16:59:00
    AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
    AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
    LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
    LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
    ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
    ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 13:09:01
    ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/2007 13:09:02
    ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/2007 13:09:02
    AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/2007 13:04:24
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/2007 07:48:28
    AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
    AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
    AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
    RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

    Configuration settings for the scan:
    Jobname..........................: Local Drives
    Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 30 août 2007 12:28

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'SDTrayApp.exe' - '1' Module(s) have been scanned
    Scan process 'swdsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svcntaux.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    17 processes with 17 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    C:\WINDOWS\ervugl.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] HEUR/Malware:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<DiskMan32>=sz:ervugl.exe
    [INFO] The file was moved to '474c9c37.qua'!
    C:\WINDOWS\ervugl.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    C:\WINDOWS\DbgHlp32.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] HEUR/Malware:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<DbgHlp32>=sz:DbgHlp32.exe
    [INFO] The file was moved to '473d9c2a.qua'!
    C:\WINDOWS\DbgHlp32.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    C:\Program Files\NetMeeting\ravqqsgmon.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] HEUR/Malware:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<ravqqsgmon>=sz:ravqqsgmon.exe
    [INFO] The file was moved to '474c9c2c.qua'!
    C:\Program Files\NetMeeting\ravqqsgmon.exe
    [DETECTION] Contains suspicious code HEUR/Malware

    The registry was scanned ( '20' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\ie7.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '470d9c37.qua'!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Arnaud\Local Settings\Temporary Internet Files\Content.IE5\A5IJQXJZ\101[1].exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47079c12.qua'!
    C:\Documents and Settings\Arnaud\Local Settings\Temporary Internet Files\Content.IE5\VNOE8SG2\sms[1].exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47499c58.qua'!
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QIBT0AP5\101[1].exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47079c37.qua'!
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QIBT0AP5\101[2].exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '468c51e4.qua'!
    C:\Program Files\Internet Explorer\LSASS.DAT
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47179c9f.qua'!
    C:\Program Files\NetMeeting\ravqqsgmon.dat
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '474c9ce9.qua'!
    C:\WINDOWS\bymrzk.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47439d28.qua'!
    C:\WINDOWS\jhmjuc.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47439d18.qua'!
    C:\WINDOWS\video.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '473a9d1d.qua'!
    C:\WINDOWS\system32\101.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47079d69.qua'!
    C:\WINDOWS\system32\ayvxas.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '474c9db4.qua'!
    C:\WINDOWS\system32\DbgHlp32.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '473d9da1.qua'!
    C:\WINDOWS\system32\DiskMan32.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47499da9.qua'!
    C:\WINDOWS\system32\evbbnp.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47389db8.qua'!
    C:\WINDOWS\system32\ie7.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '470d9da9.qua'!
    C:\WINDOWS\system32\jzipri.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\myfpri.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\NVDispDrv.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '471a9df8.qua'!
    C:\WINDOWS\system32\pgqmnj.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47479e0d.qua'!
    C:\WINDOWS\system32\qhdpri.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\qhfins.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '473c9e1c.qua'!
    C:\WINDOWS\system32\qhfpri.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\qjgpri.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\wgfpri.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\wlhins.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '473e9e2e.qua'!
    C:\WINDOWS\system32\wlhpri.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    Begin scan in 'D:\'
    Search path D:\ could not be opened!
    Le périphérique n'est pas prêt.

    End of the scan: jeudi 30 août 2007 12:37
    Used time: 09:34 min

    The scan has been done completely.

    1598 Scanning directories
    58996 Files were scanned
    30 viruses and/or unwanted programs were found
    30 classified as suspicious:
    0 files were deleted
    0 files were repaired
    23 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    58936 Files not concerned
    753 Archives were scanned
    8 Warnings
    0 Notes
    0 Hidden objects were found
    0
  3. deicidenono Messages postés 16 Statut Membre
     
    En fait, en mode normal, le rapport est different.
    Dans le doute le poste aussi :

    AntiVir PersonalEdition Classic
    Report file date: jeudi 30 août 2007 12:28

    Scanning for 740715 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Arnaud
    Computer name: FUJITSU-9756B35

    Version information:
    BUILD.DAT : 248 14437 Bytes 31/05/2007 16:59:00
    AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
    AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
    LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
    LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
    ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
    ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 13:09:01
    ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/2007 13:09:02
    ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/2007 13:09:02
    AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/2007 13:04:24
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/2007 07:48:28
    AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
    AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
    AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
    RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

    Configuration settings for the scan:
    Jobname..........................: Local Drives
    Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 30 août 2007 12:28

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'SDTrayApp.exe' - '1' Module(s) have been scanned
    Scan process 'swdsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svcntaux.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    17 processes with 17 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    C:\WINDOWS\ervugl.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] HEUR/Malware:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<DiskMan32>=sz:ervugl.exe
    [INFO] The file was moved to '474c9c37.qua'!
    C:\WINDOWS\ervugl.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    C:\WINDOWS\DbgHlp32.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] HEUR/Malware:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<DbgHlp32>=sz:DbgHlp32.exe
    [INFO] The file was moved to '473d9c2a.qua'!
    C:\WINDOWS\DbgHlp32.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    C:\Program Files\NetMeeting\ravqqsgmon.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] HEUR/Malware:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<ravqqsgmon>=sz:ravqqsgmon.exe
    [INFO] The file was moved to '474c9c2c.qua'!
    C:\Program Files\NetMeeting\ravqqsgmon.exe
    [DETECTION] Contains suspicious code HEUR/Malware

    The registry was scanned ( '20' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\ie7.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '470d9c37.qua'!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Arnaud\Local Settings\Temporary Internet Files\Content.IE5\A5IJQXJZ\101[1].exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47079c12.qua'!
    C:\Documents and Settings\Arnaud\Local Settings\Temporary Internet Files\Content.IE5\VNOE8SG2\sms[1].exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47499c58.qua'!
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QIBT0AP5\101[1].exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47079c37.qua'!
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QIBT0AP5\101[2].exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '468c51e4.qua'!
    C:\Program Files\Internet Explorer\LSASS.DAT
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47179c9f.qua'!
    C:\Program Files\NetMeeting\ravqqsgmon.dat
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '474c9ce9.qua'!
    C:\WINDOWS\bymrzk.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47439d28.qua'!
    C:\WINDOWS\jhmjuc.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47439d18.qua'!
    C:\WINDOWS\video.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '473a9d1d.qua'!
    C:\WINDOWS\system32\101.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47079d69.qua'!
    C:\WINDOWS\system32\ayvxas.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '474c9db4.qua'!
    C:\WINDOWS\system32\DbgHlp32.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '473d9da1.qua'!
    C:\WINDOWS\system32\DiskMan32.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47499da9.qua'!
    C:\WINDOWS\system32\evbbnp.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47389db8.qua'!
    C:\WINDOWS\system32\ie7.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '470d9da9.qua'!
    C:\WINDOWS\system32\jzipri.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\myfpri.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\NVDispDrv.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '471a9df8.qua'!
    C:\WINDOWS\system32\pgqmnj.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '47479e0d.qua'!
    C:\WINDOWS\system32\qhdpri.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\qhfins.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '473c9e1c.qua'!
    C:\WINDOWS\system32\qhfpri.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\qjgpri.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\wgfpri.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\wlhins.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '473e9e2e.qua'!
    C:\WINDOWS\system32\wlhpri.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    Begin scan in 'D:\'
    Search path D:\ could not be opened!
    Le périphérique n'est pas prêt.

    End of the scan: jeudi 30 août 2007 12:37
    Used time: 09:34 min

    The scan has been done completely.

    1598 Scanning directories
    58996 Files were scanned
    30 viruses and/or unwanted programs were found
    30 classified as suspicious:
    0 files were deleted
    0 files were repaired
    23 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    58936 Files not concerned
    753 Archives were scanned
    8 Warnings
    0 Notes
    0 Hidden objects were found

    Merci a toi!
    0
  4. O VertigO Messages postés 862 Statut Membre 32
     
    Salut,

    Faudrait un peu faire attention à ce que tu fais sur Internet !
    Tu es infecté par:
    - Troj/PWS-ANT
    - WORM_DLONLINEG.A
    - Beaucoup d'autres et c'est pas joli ! Ca va être plutôt long !

    Peux tu reposter un HiJackThis stp.

    Je vais te préparer une procédure. Patiente jusqu'à ce soir au moins.

    Bonne journée !
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. deicidenono
     
    Le truc, je t'explique. Cet ordi, portable, revien de reparation constructeur, la carte mere et le dur son logiquemen tou neuf!!!!
    Le probleme existe depui son retour, mercredi en l'occurence. Donc, je sai pa a quoi tu fai allusion en parlan de ma navigation internet, mai je pense pouvoir plaider non coupable!!

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 20:35:47, on 30/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Hotkey Management\FuncKey.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\Arnaud\Mes documents\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
    O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
    O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe
    O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe
    O4 - HKLM\..\Run: [RAVZXMON] C:\Program Files\Internet Explorer\LSASS.EXE
    O4 - HKLM\..\Run: [RAVDHMON] C:\Program Files\Internet Explorer\RAVDHMON.exe
    O4 - HKLM\..\Run: [RAV00B2] C:\WINDOWS\system32\RAV00B2.exe
    O4 - HKLM\..\Run: [RAV009B] C:\WINDOWS\system32\RAV009B.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKLM\..\Policies\Explorer\Run: [nmhly] 6.tmp.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O20 - AppInit_DLLs: qhdpri.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: FspadSvc - Unknown owner - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
    O23 - Service: Telepho (ie7) - Unknown owner - C:\WINDOWS\system32\ie7.exe (file missing)
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Win32 Debug Service (MSDebugsvc) - Unknown owner - C:\WINDOWS\system32\rundll32.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\system32\ntsokele.exe (file missing)
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Wireless Service (WZCSRVC) - Unknown owner - C:\WINDOWS\system32\rundll32.exe
    0
  7. O VertigO Messages postés 862 Statut Membre 32
     
    Salut,

    Désolé pour le retard aussi, mais j'ai eut un peu de mal. On va essayer de faire les choses dans l'ordre pour pas se planter en route.

    /!\ ATTENTION /!\: si tu n'arrives pas à faire une étape, signale le moi, mais ne poursuit pas sans mon avis !

    Fais ceci:
    1. Services:
    - Vas dans le menu Demarrer / executer / tape services.msc
    - Cherche ie7.exe dans la liste / Double cliques dessus / Positionne le type de démarrage sur Désactivé
    - Cherche ntsokele.exe dans la liste / Double cliques dessus / Positionne le type de démarrage sur Désactivé

    2. HiJackThis
    - Relance HiJackThis
    - Choisis l'option "Do a system scan only"
    - Coches les lignes suivantes:
    O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe 
    
    O20 - AppInit_DLLs: qhdpri.dll
    
    O23 - Service: Telepho (ie7) - Unknown owner - C:\WINDOWS\system32\ie7.exe (file missing)
    
    O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\system32\ntsokele.exe (file missing)

    - Cliques sur "Fix Checked"

    3. Combofix
    - Télécharge Combofix ici: http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton bureau ! Nulle part d'autre !
    - Il va te poser une question, réponds par 1 et enter pour valider.
    - Après le scan, un rapport sera généré, poste le ici.

    4. HiJackThis
    - Poste un nouveau rapport

    Bon courage,
    0
  8. deicidenono
     
    Salut a toi O vertigO !
    ET BIEN.....Je ne sui pa allé bien loin.
    Je ne voi pa de IE7.exe .
    0
  9. O VertigO Messages postés 862 Statut Membre 32
     
    Ok, ce n'est pas grave, je m'y attendais un peu. Continues la manipulation. Il est possible que tu ne trouve pas ntsokele.exe aussi.
    0
  10. deicidenono Messages postés 16 Statut Membre
     
    Alors alors... combo fix :

    ComboFix 07-08-30.3 - "Arnaud" 2007-08-31 14:17:25.1 - NTFSx86
    Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.1458 [GMT 2:00]
    * Created a new restore point

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\Autorun.inf
    C:\WINDOWS\system\7.exe
    C:\WINDOWS\system\system32.vxd
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\Packet.dll
    C:\WINDOWS\system32\WanPacket.dll
    C:\WINDOWS\system32\wpcap.dll

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\LEGACY_MSDEBUGSVC
    -------\LEGACY_NPF
    -------\LEGACY_REMOTEDBG
    -------\LEGACY_WIN32DDS
    -------\LEGACY_WZCSRVC
    -------\MSDebugsvc
    -------\NPF
    -------\WZCSRVC

    ((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))

    2007-08-31 14:16 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-08-30 12:21 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
    2007-08-30 12:08 <REP> d-------- C:\Program Files\MSN Messenger
    2007-08-29 22:08 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-08-29 22:08 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-08-29 22:08 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-08-29 22:08 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-08-29 22:08 <REP> d-------- C:\DOCUME~1\Arnaud\APPLIC~1\PC Tools
    2007-08-29 21:51 1,156 --a------ C:\WINDOWS\mozver.dat
    2007-08-29 21:36 64 --a------ C:\WINDOWS\system32\Deleteme.bat
    2007-08-29 21:35 <REP> d-------- C:\DOCUME~1\Arnaud\APPLIC~1\WinRAR
    2007-08-29 21:22 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-08-29 21:22 <REP> d-------- C:\Program Files\Spyware Doctor
    2007-08-29 20:00 <REP> d-------- C:\WINDOWS\pss
    2007-08-29 17:25 <REP> d-------- C:\DOCUME~1\Arnaud\APPLIC~1\Sony Corporation
    2007-08-29 14:28 53,248 --a------ C:\WINDOWS\system32\ipl.dll
    2007-08-29 14:28 2,981,888 --a------ C:\WINDOWS\system32\iplw7.dll
    2007-08-29 14:28 2,973,696 --a------ C:\WINDOWS\system32\ipla6.dll
    2007-08-29 14:28 2,785,280 --a------ C:\WINDOWS\system32\iplm6.dll
    2007-08-29 14:28 2,686,976 --a------ C:\WINDOWS\system32\iplm5.dll
    2007-08-29 14:28 2,531,328 --a------ C:\WINDOWS\system32\iplp6.dll
    2007-08-29 14:28 2,502,656 --a------ C:\WINDOWS\system32\iplpx.dll
    2007-08-29 14:28 19,968 --a------ C:\WINDOWS\system32\Cpuinf32.dll
    2007-08-29 14:27 <REP> d-------- C:\Program Files\Sony
    2007-08-29 14:27 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
    2007-08-29 14:20 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2007-08-29 14:20 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-08-29 14:19 <REP> d-------- C:\Program Files\Matrox Imaging
    2007-08-29 14:07 <REP> d-------- C:\WINDOWS\Internet Logs
    2007-08-29 13:48 43,352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-08-28 15:51 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-08-28 15:23 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
    2007-08-28 15:23 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2007-08-28 15:23 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2007-08-28 15:23 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-08-28 15:22 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2007-08-28 15:22 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2007-08-28 15:16 <REP> d---s---- C:\DOCUME~1\Arnaud\UserData
    2007-08-28 15:05 <REP> d-------- C:\VundoFix Backups
    2007-08-28 14:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    2007-08-28 14:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-08-28 13:54 0 --a------ C:\WINDOWS\nsreg.dat
    2007-08-28 13:22 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
    2007-08-28 13:22 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
    2007-08-28 13:22 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2007-08-28 13:22 <REP> d-------- C:\Program Files\Alwil Software
    2007-08-28 12:28 48 --a------ C:\WINDOWS\system32\tlrini.dll
    2007-08-28 12:28 48 --a------ C:\WINDOWS\system32\qhcini.dll
    2007-08-28 12:28 48 --a------ C:\WINDOWS\system32\myfini.dll
    2007-08-28 12:28 1,308 --a------ C:\WINDOWS\system\gjj.exe
    2007-08-28 12:28 1,308 --a------ C:\WINDOWS\system\21.exe
    2007-08-28 12:28 1,308 --a------ C:\WINDOWS\system\20.exe
    2007-08-28 12:27 48 --a------ C:\WINDOWS\system32\xyhini.dll
    2007-08-28 12:27 48 --a------ C:\WINDOWS\system32\wgeini.dll
    2007-08-28 12:27 48 --a------ C:\WINDOWS\system32\jhaini.dll
    2007-08-28 12:24 98 --a------ C:\WINDOWS\system32\wlgini.dll
    2007-08-28 12:24 58 --a------ C:\WINDOWS\system32\qheini.dll
    2007-08-28 12:23 50 --a------ C:\WINDOWS\system32\qjgini.dll
    2007-08-28 12:23 150 --a------ C:\WINDOWS\system32\jziini.dll
    2007-08-28 12:23 105 --a------ C:\WINDOWS\system32\wdcini.dll
    2007-08-28 12:23 102 --a------ C:\WINDOWS\system32\dhdini.dll
    2007-07-13 09:09 <REP> d-------- C:\WINDOWS\uninstall
    2007-07-13 09:03 45,056 -ra------ C:\WINDOWS\system32\unwlsdrv.exe
    2007-07-13 09:03 217,600 -ra------ C:\WINDOWS\system32\drivers\sis163u.sys
    2007-07-12 18:04 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
    2007-07-12 18:03 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
    2007-07-12 18:03 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2007-07-12 18:02 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
    2007-07-12 18:02 77,312 --a------ C:\WINDOWS\system32\usbui.dll
    2007-07-12 18:02 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
    2007-07-12 18:02 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
    2007-07-12 18:01 <REP> dr------- C:\DOCUME~1\DEFAUL~1\Menu D‚marrer
    2007-07-12 18:01 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Menu D‚marrer
    2007-07-12 18:01 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Documents
    2007-07-12 18:01 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage r‚seau
    2007-07-12 18:01 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage d'impression
    2007-07-12 18:01 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\ModŠles
    2007-07-12 18:01 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\ModŠles
    2007-07-12 18:01 <REP> d-------- C:\Program Files\Fichiers communs\SpeechEngines
    2007-07-12 18:01 <REP> d-------- C:\Program Files\Fichiers communs\ODBC
    2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Mes documents
    2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Favoris
    2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Bureau
    2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Favoris
    2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Bureau
    2007-07-12 18:00 <REP> d-------- C:\WINDOWS\system32\CatRoot2
    2007-07-12 18:00 <REP> d-------- C:\WINDOWS\system32\CatRoot
    2007-07-12 16:32 <REP> d-------- C:\WINDOWS\system32\Lang
    2007-07-12 16:30 481,280 --a------ C:\WINDOWS\unfspad.exe
    2007-07-12 16:30 22,912 --a------ C:\WINDOWS\system32\drivers\fspad.sys
    2007-07-12 16:30 18 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
    2007-07-12 16:30 176,128 --a------ C:\WINDOWS\system32\nvunrm.exe
    2007-07-12 16:30 101,888 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys
    2007-07-12 16:30 <REP> d--h----- C:\Program Files\InstallShield Installation Information
    2007-07-12 16:30 <REP> d-------- C:\WINDOWS\system32\localeFspadCpl
    2007-07-12 16:30 <REP> d-------- C:\Program Files\CONEXANT
    2007-07-12 16:30 <REP> d-------- C:\Program Files\AVC Finger-sensing Pad Driver
    2007-07-12 16:28 6,144 --a------ C:\WINDOWS\system32\WinIo.sys
    2007-07-12 16:28 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2007-07-12 16:28 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    2007-07-12 18:02 9388 --a------ C:\WINDOWS\system32\drivers\iaStor.PNF
    2007-07-12 18:02 7280 --a------ C:\WINDOWS\system32\drivers\viamraid.PNF
    2007-07-12 18:02 6984 --a------ C:\WINDOWS\system32\drivers\SiSRaid.PNF
    2007-07-12 18:02 63240 --a------ C:\WINDOWS\system32\drivers\Si3112r.PNF
    2007-07-12 18:02 20152 --a------ C:\WINDOWS\system32\drivers\INFCACHE.1
    2007-07-12 18:02 12432 --a------ C:\WINDOWS\system32\drivers\adpu320.PNF
    2007-07-12 18:02 12204 --a------ C:\WINDOWS\system32\drivers\nvraid.PNF
    2007-07-12 18:02 10828 --a------ C:\WINDOWS\system32\drivers\iaAHCI.PNF

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
    "PowerManager"="C:\Program Files\Power Manager\PM.exe" []
    "FuncKey"="C:\Program Files\Hotkey Management\FuncKey.exe" [2006-09-05 20:29]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 10:42]
    "nwiz"="nwiz.exe" [2006-08-16 10:42 C:\WINDOWS\system32\nwiz.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16:56 C:\WINDOWS\RTHDCPL.EXE]
    "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
    "fscp"="C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe" [2006-08-31 18:26]
    "TIMHost"="C:\WINDOWS\TIMHost.exe" []
    "RAVZXMON"="C:\Program Files\Internet Explorer\LSASS.EXE" []
    "RAVDHMON"="C:\Program Files\Internet Explorer\RAVDHMON.exe" []
    "RAV00B2"="C:\WINDOWS\system32\RAV00B2.exe" []
    "RAV009B"="C:\WINDOWS\system32\RAV009B.exe" []
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-06-14 17:05]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{12311A42-AC1B-158F-FD32-5674345F23A1}"= C:\WINDOWS\system32\dhapri.dll [ ]
    "{0EA66AD2-CF26-2E23-532B-B292E22F3266}"= C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll [ ]
    "{42311A42-AC1B-158F-FD32-5674345F23A4}"= C:\WINDOWS\system32\dhdpri.dll [ ]
    "{4F12545B-1212-1314-5679-4512ACEF8904}"= C:\WINDOWS\system32\wddpri.dll [ ]
    "{74123FF1-8371-9834-9021-184518451FA7}"= C:\WINDOWS\system32\qjgpri.dll [ ]
    "{959AFD5B-159F-ACD8-954C-ACD545FA6589}"= C:\WINDOWS\system32\jzipri.dll [ ]
    "{66368135-64FA-BC34-DA32-DCF4FD431C96}"= C:\WINDOWS\system32\qhfpri.dll [ ]
    "{5182C1EB-375C-573D-1F5E-234552345215}"= C:\WINDOWS\system32\wlhpri.dll [ ]
    "{252D2432-37A2-324F-2A54-21BF5CF2F1A2}"= C:\WINDOWS\system32\jhapri.dll [ ]
    "{625AB2F3-234A-7469-2F43-E341713ABFA6}"= C:\WINDOWS\system32\wgfpri.dll [ ]
    "{6562452F-FA36-BA4F-892A-FF5FBBAC5316}"= C:\WINDOWS\system32\myfpri.dll [ ]
    "{46368135-64FA-BC34-DA32-DCF4FD431C94}"= C:\WINDOWS\system32\qhdpri.dll [ ]
    "{A12BC423-3713-224D-3F55-32B35C62B11A}"= C:\WINDOWS\system32\tlupri.dll [ ]
    "{A13AF41A-21B1-131B-1BFC-D2A90DF4A2BA}"= C:\WINDOWS\system32\xyipri.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\my.exe]
    Debugger=C:\WINDOWS\system\2.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys
    R1 WINIO;WINIO;\??\C:\WINDOWS\system32\WinIo.sys
    R2 FspadSvc;FspadSvc;C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
    R3 fspad;AVC Finger-sensing Pad Driver for Windows 2000/XP;C:\WINDOWS\system32\DRIVERS\fspad.sys
    R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
    R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
    S2 ie7;Telepho;C:\WINDOWS\system32\ie7.exe
    S2 Rasautol;Remote Help Session Manager;C:\WINDOWS\system32\ntsokele.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-31 14:20:51
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    nmhly = 6.tmp.exe????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-31 14:23:05 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-08-31 14:23

    --- E O F ---

    Et Hijack :

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 14:24:31, on 31/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Hotkey Management\FuncKey.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Arnaud\Mes documents\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
    O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
    O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe
    O4 - HKLM\..\Run: [RAVZXMON] C:\Program Files\Internet Explorer\LSASS.EXE
    O4 - HKLM\..\Run: [RAVDHMON] C:\Program Files\Internet Explorer\RAVDHMON.exe
    O4 - HKLM\..\Run: [RAV00B2] C:\WINDOWS\system32\RAV00B2.exe
    O4 - HKLM\..\Run: [RAV009B] C:\WINDOWS\system32\RAV009B.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKLM\..\Policies\Explorer\Run: [nmhly] 6.tmp.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: FspadSvc - Unknown owner - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
    O23 - Service: Telepho (ie7) - Unknown owner - C:\WINDOWS\system32\ie7.exe (file missing)
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\system32\ntsokele.exe (file missing)
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    0
  11. O VertigO Messages postés 862 Statut Membre 32
     
    Es tu certain d'avoir coché tout ce que j'avais demandé dans HiJackThis ?
    O23 - Service: Telepho (ie7) - Unknown owner - C:\WINDOWS\system32\ie7.exe (file missing) 
    
    O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\system32\ntsokele.exe (file missing) 
    


    Par hasard, ton PC n'aurait il pas servi de nid de reproduction pour trojan en manque d'affection ? :lol:
    0
  12. O VertigO Messages postés 862 Statut Membre 32
     
    Après les avoir fixé, refais un rapport Combofix stp.
    0
  13. deicidenono Messages postés 16 Statut Membre
     
    Je peu t'assuré les avoir coché la premiere foi!
    Cette foi, combofix n'a pa redemarré l'ordi avan son rapport. Et entre temp, antivir m'a detecté deux autre virus. Je sui censé en faire
    koi? Quarantaine? supprimé? ...
    Enfin, voilà le rapport :

    ComboFix 07-08-30.3 - "Arnaud" 2007-08-31 16:08:28.2 - NTFSx86
    Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.1518 [GMT 2:00]

    ((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))

    2007-08-31 14:16 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-08-30 12:21 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
    2007-08-30 12:08 <REP> d-------- C:\Program Files\MSN Messenger
    2007-08-29 22:08 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-08-29 22:08 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-08-29 22:08 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-08-29 22:08 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-08-29 22:08 <REP> d-------- C:\DOCUME~1\Arnaud\APPLIC~1\PC Tools
    2007-08-29 21:51 1,156 --a------ C:\WINDOWS\mozver.dat
    2007-08-29 21:36 64 --a------ C:\WINDOWS\system32\Deleteme.bat
    2007-08-29 21:35 <REP> d-------- C:\DOCUME~1\Arnaud\APPLIC~1\WinRAR
    2007-08-29 21:22 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-08-29 21:22 <REP> d-------- C:\Program Files\Spyware Doctor
    2007-08-29 20:00 <REP> d-------- C:\WINDOWS\pss
    2007-08-29 17:25 <REP> d-------- C:\DOCUME~1\Arnaud\APPLIC~1\Sony Corporation
    2007-08-29 14:28 53,248 --a------ C:\WINDOWS\system32\ipl.dll
    2007-08-29 14:28 2,981,888 --a------ C:\WINDOWS\system32\iplw7.dll
    2007-08-29 14:28 2,973,696 --a------ C:\WINDOWS\system32\ipla6.dll
    2007-08-29 14:28 2,785,280 --a------ C:\WINDOWS\system32\iplm6.dll
    2007-08-29 14:28 2,686,976 --a------ C:\WINDOWS\system32\iplm5.dll
    2007-08-29 14:28 2,531,328 --a------ C:\WINDOWS\system32\iplp6.dll
    2007-08-29 14:28 2,502,656 --a------ C:\WINDOWS\system32\iplpx.dll
    2007-08-29 14:28 19,968 --a------ C:\WINDOWS\system32\Cpuinf32.dll
    2007-08-29 14:27 <REP> d-------- C:\Program Files\Sony
    2007-08-29 14:27 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
    2007-08-29 14:20 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2007-08-29 14:20 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-08-29 14:19 <REP> d-------- C:\Program Files\Matrox Imaging
    2007-08-29 14:07 <REP> d-------- C:\WINDOWS\Internet Logs
    2007-08-29 13:48 43,352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-08-28 15:51 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-08-28 15:23 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
    2007-08-28 15:23 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2007-08-28 15:23 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2007-08-28 15:23 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-08-28 15:22 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2007-08-28 15:22 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2007-08-28 15:16 <REP> d---s---- C:\DOCUME~1\Arnaud\UserData
    2007-08-28 15:05 <REP> d-------- C:\VundoFix Backups
    2007-08-28 14:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    2007-08-28 14:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-08-28 13:54 0 --a------ C:\WINDOWS\nsreg.dat
    2007-08-28 13:22 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
    2007-08-28 13:22 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
    2007-08-28 13:22 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2007-08-28 13:22 <REP> d-------- C:\Program Files\Alwil Software
    2007-08-28 12:28 48 --a------ C:\WINDOWS\system32\tlrini.dll
    2007-08-28 12:28 48 --a------ C:\WINDOWS\system32\qhcini.dll
    2007-08-28 12:28 48 --a------ C:\WINDOWS\system32\myfini.dll
    2007-08-28 12:28 1,308 --a------ C:\WINDOWS\system\gjj.exe
    2007-08-28 12:28 1,308 --a------ C:\WINDOWS\system\21.exe
    2007-08-28 12:28 1,308 --a------ C:\WINDOWS\system\20.exe
    2007-08-28 12:27 48 --a------ C:\WINDOWS\system32\xyhini.dll
    2007-08-28 12:27 48 --a------ C:\WINDOWS\system32\wgeini.dll
    2007-08-28 12:27 48 --a------ C:\WINDOWS\system32\jhaini.dll
    2007-08-28 12:24 98 --a------ C:\WINDOWS\system32\wlgini.dll
    2007-08-28 12:24 58 --a------ C:\WINDOWS\system32\qheini.dll
    2007-08-28 12:23 50 --a------ C:\WINDOWS\system32\qjgini.dll
    2007-08-28 12:23 150 --a------ C:\WINDOWS\system32\jziini.dll
    2007-08-28 12:23 105 --a------ C:\WINDOWS\system32\wdcini.dll
    2007-08-28 12:23 102 --a------ C:\WINDOWS\system32\dhdini.dll
    2007-07-13 09:09 <REP> d-------- C:\WINDOWS\uninstall
    2007-07-13 09:03 45,056 -ra------ C:\WINDOWS\system32\unwlsdrv.exe
    2007-07-13 09:03 217,600 -ra------ C:\WINDOWS\system32\drivers\sis163u.sys
    2007-07-12 18:04 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
    2007-07-12 18:03 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
    2007-07-12 18:03 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2007-07-12 18:02 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
    2007-07-12 18:02 77,312 --a------ C:\WINDOWS\system32\usbui.dll
    2007-07-12 18:02 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
    2007-07-12 18:02 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
    2007-07-12 18:01 <REP> dr------- C:\DOCUME~1\DEFAUL~1\Menu D‚marrer
    2007-07-12 18:01 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Menu D‚marrer
    2007-07-12 18:01 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Documents
    2007-07-12 18:01 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage r‚seau
    2007-07-12 18:01 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage d'impression
    2007-07-12 18:01 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\ModŠles
    2007-07-12 18:01 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\ModŠles
    2007-07-12 18:01 <REP> d-------- C:\Program Files\Fichiers communs\SpeechEngines
    2007-07-12 18:01 <REP> d-------- C:\Program Files\Fichiers communs\ODBC
    2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Mes documents
    2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Favoris
    2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Bureau
    2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Favoris
    2007-07-12 18:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Bureau
    2007-07-12 18:00 <REP> d-------- C:\WINDOWS\system32\CatRoot2
    2007-07-12 18:00 <REP> d-------- C:\WINDOWS\system32\CatRoot
    2007-07-12 16:32 <REP> d-------- C:\WINDOWS\system32\Lang
    2007-07-12 16:30 481,280 --a------ C:\WINDOWS\unfspad.exe
    2007-07-12 16:30 22,912 --a------ C:\WINDOWS\system32\drivers\fspad.sys
    2007-07-12 16:30 18 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
    2007-07-12 16:30 176,128 --a------ C:\WINDOWS\system32\nvunrm.exe
    2007-07-12 16:30 101,888 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys
    2007-07-12 16:30 <REP> d--h----- C:\Program Files\InstallShield Installation Information
    2007-07-12 16:30 <REP> d-------- C:\WINDOWS\system32\localeFspadCpl
    2007-07-12 16:30 <REP> d-------- C:\Program Files\CONEXANT
    2007-07-12 16:30 <REP> d-------- C:\Program Files\AVC Finger-sensing Pad Driver
    2007-07-12 16:28 6,144 --a------ C:\WINDOWS\system32\WinIo.sys
    2007-07-12 16:28 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2007-07-12 16:28 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    2007-07-12 18:02 9388 --a------ C:\WINDOWS\system32\drivers\iaStor.PNF
    2007-07-12 18:02 7280 --a------ C:\WINDOWS\system32\drivers\viamraid.PNF
    2007-07-12 18:02 6984 --a------ C:\WINDOWS\system32\drivers\SiSRaid.PNF
    2007-07-12 18:02 63240 --a------ C:\WINDOWS\system32\drivers\Si3112r.PNF
    2007-07-12 18:02 20152 --a------ C:\WINDOWS\system32\drivers\INFCACHE.1
    2007-07-12 18:02 12432 --a------ C:\WINDOWS\system32\drivers\adpu320.PNF
    2007-07-12 18:02 12204 --a------ C:\WINDOWS\system32\drivers\nvraid.PNF
    2007-07-12 18:02 10828 --a------ C:\WINDOWS\system32\drivers\iaAHCI.PNF

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
    "PowerManager"="C:\Program Files\Power Manager\PM.exe" []
    "FuncKey"="C:\Program Files\Hotkey Management\FuncKey.exe" [2006-09-05 20:29]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 10:42]
    "nwiz"="nwiz.exe" [2006-08-16 10:42 C:\WINDOWS\system32\nwiz.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16:56 C:\WINDOWS\RTHDCPL.EXE]
    "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
    "fscp"="C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe" [2006-08-31 18:26]
    "TIMHost"="C:\WINDOWS\TIMHost.exe" []
    "RAVZXMON"="C:\Program Files\Internet Explorer\LSASS.EXE" []
    "RAVDHMON"="C:\Program Files\Internet Explorer\RAVDHMON.exe" []
    "RAV00B2"="C:\WINDOWS\system32\RAV00B2.exe" []
    "RAV009B"="C:\WINDOWS\system32\RAV009B.exe" []
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-06-14 17:05]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{12311A42-AC1B-158F-FD32-5674345F23A1}"= C:\WINDOWS\system32\dhapri.dll [ ]
    "{0EA66AD2-CF26-2E23-532B-B292E22F3266}"= C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll [ ]
    "{42311A42-AC1B-158F-FD32-5674345F23A4}"= C:\WINDOWS\system32\dhdpri.dll [ ]
    "{4F12545B-1212-1314-5679-4512ACEF8904}"= C:\WINDOWS\system32\wddpri.dll [ ]
    "{74123FF1-8371-9834-9021-184518451FA7}"= C:\WINDOWS\system32\qjgpri.dll [ ]
    "{959AFD5B-159F-ACD8-954C-ACD545FA6589}"= C:\WINDOWS\system32\jzipri.dll [ ]
    "{66368135-64FA-BC34-DA32-DCF4FD431C96}"= C:\WINDOWS\system32\qhfpri.dll [ ]
    "{5182C1EB-375C-573D-1F5E-234552345215}"= C:\WINDOWS\system32\wlhpri.dll [ ]
    "{252D2432-37A2-324F-2A54-21BF5CF2F1A2}"= C:\WINDOWS\system32\jhapri.dll [ ]
    "{625AB2F3-234A-7469-2F43-E341713ABFA6}"= C:\WINDOWS\system32\wgfpri.dll [ ]
    "{6562452F-FA36-BA4F-892A-FF5FBBAC5316}"= C:\WINDOWS\system32\myfpri.dll [ ]
    "{46368135-64FA-BC34-DA32-DCF4FD431C94}"= C:\WINDOWS\system32\qhdpri.dll [ ]
    "{A12BC423-3713-224D-3F55-32B35C62B11A}"= C:\WINDOWS\system32\tlupri.dll [ ]
    "{A13AF41A-21B1-131B-1BFC-D2A90DF4A2BA}"= C:\WINDOWS\system32\xyipri.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\my.exe]
    Debugger=C:\WINDOWS\system\2.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys
    R1 WINIO;WINIO;\??\C:\WINDOWS\system32\WinIo.sys
    R2 FspadSvc;FspadSvc;C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
    R3 fspad;AVC Finger-sensing Pad Driver for Windows 2000/XP;C:\WINDOWS\system32\DRIVERS\fspad.sys
    R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
    R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
    S2 ie7;Telepho;C:\WINDOWS\system32\ie7.exe
    S2 Rasautol;Remote Help Session Manager;C:\WINDOWS\system32\ntsokele.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-31 16:10:19
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    nmhly = 6.tmp.exe????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-31 16:12:30
    C:\ComboFix-quarantined-files.txt ... 2007-08-31 16:12
    C:\ComboFix2.txt ... 2007-08-31 14:23

    --- E O F ---
    0
  14. O VertigO Messages postés 862 Statut Membre 32
     
    OK, on va dire... un de moins.
    Lorsqu' Antivir te détecte quelque chose, mets le en quarantaine ;)

    - Relance HiJackThis
    - Choisis l'option "Do a system scan only"
    - Coches les lignes suivantes:
    O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe 

    - Cliques sur "Fix Checked"
    - Poste ensuite un nouveau rapport.
    0
  15. deicidenono Messages postés 16 Statut Membre
     
    voili

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 16:25:12, on 31/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Hotkey Management\FuncKey.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Arnaud\Mes documents\HiJackThis_v2.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
    O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
    O4 - HKLM\..\Run: [RAVZXMON] C:\Program Files\Internet Explorer\LSASS.EXE
    O4 - HKLM\..\Run: [RAVDHMON] C:\Program Files\Internet Explorer\RAVDHMON.exe
    O4 - HKLM\..\Run: [RAV00B2] C:\WINDOWS\system32\RAV00B2.exe
    O4 - HKLM\..\Run: [RAV009B] C:\WINDOWS\system32\RAV009B.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKLM\..\Policies\Explorer\Run: [nmhly] 6.tmp.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: FspadSvc - Unknown owner - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
    O23 - Service: Telepho (ie7) - Unknown owner - C:\WINDOWS\system32\ie7.exe (file missing)
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\system32\ntsokele.exe (file missing)
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    0
  16. O VertigO Messages postés 862 Statut Membre 32
     
    Salut,

    Pourrais tu regarder dans tes services après ces deux ci: (démarrer / exécuter / services.msc):
    Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\system32\ntsokele.exe
    Service: Telepho (ie7) - Unknown owner - C:\WINDOWS\system32\ie7.exe


    Si tu les as, désactive-les.

    Ton PC va t il mieux au fait ?
    0
  17. deicidenono
     
    Bonjour a toi O vertigO !

    Alors, g un " Remote Help Session Manager " just, et un "Telepho £^*ù°"#&² .....", mai pas precisement comme toi tu di.

    Sinon oui le pc tourne bien mieu deja, au demarrage surtt. Ya pa photo! Mai antivir continu de detecter!
    0
  18. O VertigO Messages postés 862 Statut Membre 32
     
    Bonsoir !

    Vraiment désolé pour le retard, mais je suis extrêmement occupé ce week-end... Donc voici la suite:

    - Désactive la restauration système (pour ce faire, Panneau de configuration / Système / Restauration Système)
    - Désactive les services que tu as trouvé car ils sont néfastes.
    - Redémarre ton ordinateur
    - Vois s'il sont réapparus dans ta liste des services (Démarrer / Exécuter / services.msc). S'ils ne sont plus dans ta liste de services, coches-les à nouveau dans HiJackThis comme au poste 10. S'ils sont revenu, passe l'étape HiJackThis
    - Rends toi ensuite en mode sans échec (Après le bip d'allumage de l'ordinateur mais avant le logo Windows, tapotes sur la touche F8).
    - Fais une analyse avec Antivir et AVG Antispyware.
    - Poste leurs rapports ici, ainsi qu'un nouveau log HiJackThis.

    Content que çà soit déjà mieux !
    0
  19. deicidenono
     
    heu.... mai commen tu les desactive?!
    0
  20. O VertigO Messages postés 862 Statut Membre 32
     
    Double cliques dessus / Positionne le type de démarrage sur Désactivé
    0
  21. deicidenono
     
    mai en fait, j'ai pa le choix.J'ai uniquement " demarrer". Et il est en mode de demarrage automatique.
    0
  • 1
  • 2
  • 3